shixiong
/
okd


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
							---
# TODO: Much of this file is shared with container engine tasks
- set_fact:
    l_insecure_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}"

- name: Ensure container-selinux is installed
  package:
    name: container-selinux
    state: present
  when: not openshift.common.is_atomic | bool

# Used to pull and install the system container
- name: Ensure atomic is installed
  package:
    name: atomic
    state: present
  when: not openshift.common.is_atomic | bool

# At the time of writing the atomic command requires runc for it's own use. This
# task is here in the even that the atomic package ever removes the dependency.
- name: Ensure runc is installed
  package:
    name: runc
    state: present
  when: not openshift.common.is_atomic | bool

- block:

    - name: Add http_proxy to /etc/atomic.conf
      lineinfile:
        dest: /etc/atomic.conf
        regexp: "^#?http_proxy[:=]{1}"
        line: "http_proxy: {{ openshift.common.http_proxy | default('') }}"
      when:
        - openshift.common.http_proxy is defined
        - openshift.common.http_proxy != ''

    - name: Add https_proxy to /etc/atomic.conf
      lineinfile:
        dest: /etc/atomic.conf
        regexp: "^#?https_proxy[:=]{1}"
        line: "https_proxy: {{ openshift.common.https_proxy | default('') }}"
      when:
        - openshift.common.https_proxy is defined
        - openshift.common.https_proxy != ''

    - name: Add no_proxy to /etc/atomic.conf
      lineinfile:
        dest: /etc/atomic.conf
        regexp: "^#?no_proxy[:=]{1}"
        line: "no_proxy: {{ openshift.common.no_proxy | default('') }}"
      when:
        - openshift.common.no_proxy is defined
        - openshift.common.no_proxy != ''


- block:

    - name: Set to default prepend
      set_fact:
        l_crio_image_prepend: "gscrivano"

    - name: Use Red Hat Registry for image when distribution is Red Hat
      set_fact:
        l_crio_image_prepend: "registry.access.redhat.com/openshift3"
      when: ansible_distribution == 'RedHat'

    - name: Use Fedora Registry for image when distribution is Fedora
      set_fact:
        l_crio_image_prepend: "registry.fedoraproject.org/f25"
      when: ansible_distribution == 'Fedora'

    # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504
    - name: Use a testing registry if requested
      set_fact:
        l_crio_image_prepend: "{{ openshift_docker_systemcontainer_image_registry_override }}"
      when:
        - openshift_docker_systemcontainer_image_registry_override is defined
        - openshift_docker_systemcontainer_image_registry_override != ""

    - name: Set the full image name
      set_fact:
        l_crio_image: "{{ l_crio_image_prepend }}/{{ openshift.docker.service_name }}:latest"

# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull CRI-O System Container image
  command: "atomic pull --storage ostree {{ l_crio_image }}"
  changed_when: false
  environment:
    NO_PROXY: "{{ openshift.common.no_proxy | default('') }}"


- name: Install CRI-O System Container
  oc_atomic_container:
    name: "cri-o"
    image: "{{ l_crio_image }}"
    state: latest

- name: run CRI-O with overlay2
  replace:
    regexp: 'storage_driver = ""'
    replace: 'storage_driver = "overlay2"'
    name: /etc/crio/crio.conf
    backup: yes

- name: Add overlay2 storage opts for CRI-O
  lineinfile:
    dest: /etc/crio/crio.conf
    line: '"overlay2.override_kernel_check=1"'
    insertafter: 'storage_option = \['
    regexp: 'overlay2\.override_kernel_check=1'
    state: present
  when: ansible_distribution in ['RedHat', 'CentOS']

- name: Configure insecure registries for CRI-O
  lineinfile:
    dest: /etc/crio/crio.conf
    line: "{{ l_insecure_registries }}"
    insertafter: 'insecure_registries = \['
    regexp: "{{ l_insecure_registries }}"
    state: present
  when: openshift_docker_insecure_registries is defined

- name: Start the CRI-O service
  systemd:
    name: "cri-o"
    enabled: yes
    state: started
    daemon_reload: yes
  register: start_result

- meta: flush_handlers