From 6cda67c63ccc43b5ecfac2798ee59bca69b982b3 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 11 Jan 2022 10:13:16 +0100 Subject: [PATCH] Allow to choose container manager commands (#8380) This allow to workaround #8375 by using image_command_tool=crictl when containerd_registries is used for containerd. Also changes image_info_command_on_localhost for docker to return digests. (cherry picked from commit cfd9873bbcc71192e0c097b4b38c4a2800703c2e) The cherry-pick was adapted because nerdctl_extra_flags is not in the release-2.18 branch (#8339). --- roles/download/defaults/main.yml | 16 +++++++++++ roles/download/tasks/prep_download.yml | 38 -------------------------- 2 files changed, 16 insertions(+), 38 deletions(-) diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 738817e5a88..c991d354e3b 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -45,6 +45,22 @@ download_validate_certs: true # Use the first kube_control_plane if download_localhost is not set download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube_control_plane'][0] }}{% endif %}" +# The docker_image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing +docker_image_pull_command: "{{ docker_bin_dir }}/docker pull" +docker_image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','" +nerdctl_image_info_command: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','" +nerdctl_image_pull_command: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet" +crictl_image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" +crictl_image_pull_command: "{{ bin_dir }}/crictl pull" + +image_command_tool: "{%- if container_manager == 'containerd' -%}nerdctl{%- elif container_manager == 'crio' -%}crictl{%- else -%}{{ container_manager }}{%- endif -%}" +image_command_tool_on_localhost: "{{ image_command_tool }}" + +image_pull_command: "{{ lookup('vars', image_command_tool + '_image_pull_command') }}" +image_info_command: "{{ lookup('vars', image_command_tool + '_image_info_command') }}" +image_pull_command_on_localhost: "{{ lookup('vars', image_command_tool_on_localhost + '_image_pull_command') }}" +image_info_command_on_localhost: "{{ lookup('vars', image_command_tool_on_localhost + '_image_info_command') }}" + # Arch of Docker images and needed packages image_arch: "{{host_architecture | default('amd64')}}" diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml index 6fc84bc08c7..769d653dadd 100644 --- a/roles/download/tasks/prep_download.yml +++ b/roles/download/tasks/prep_download.yml @@ -5,44 +5,6 @@ tags: - facts -# The docker image_info_command might seems weird but we are using raw/endraw and `{{ `{{` }}` to manage the double jinja2 processing -# done here and when `image_info_command` is used (first the raw/endraw allow to store the command, then the second processing replace `{{` -- name: prep_download | Set image pull/info command for docker - set_fact: - image_pull_command: "{{ docker_bin_dir }}/docker pull" - image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs -i {{ '{{' }} docker_bin_dir }}/docker inspect -f {% raw %}'{{ '{{' }} if .RepoTags }}{{ '{{' }} join .RepoTags \",\" }}{{ '{{' }} end }}{{ '{{' }} if .RepoDigests }},{{ '{{' }} join .RepoDigests \",\" }}{{ '{{' }} end }}' {% endraw %} {} | tr '\n' ','" - when: container_manager == 'docker' - -- name: prep_download | Set image pull/info command for containerd - set_fact: - image_info_command: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','" - image_pull_command: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet" - when: container_manager == 'containerd' - -- name: prep_download | Set image pull/info command for crio - set_fact: - image_info_command: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" - image_pull_command: "{{ bin_dir }}/crictl pull" - when: container_manager == 'crio' - -- name: prep_download | Set image pull/info command for docker on localhost - set_fact: - image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull" - image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images" - when: container_manager_on_localhost == 'docker' - -- name: prep_download | Set image pull/info command for containerd on localhost - set_fact: - image_info_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io images --format '{% raw %}{{ '{{' }} .Repository {{ '}}' }}:{{ '{{' }} .Tag {{ '}}' }}{% endraw %}' 2>/dev/null | grep -v ^:$ | tr '\n' ','" - image_pull_command_on_localhost: "{{ bin_dir }}/nerdctl -n k8s.io pull --quiet" - when: container_manager_on_localhost == 'containerd' - -- name: prep_download | Set image pull/info command for crio on localhost - set_fact: - image_info_command_on_localhost: "{{ bin_dir }}/crictl images --verbose | awk -F ': ' '/RepoTags|RepoDigests/ {print $2}' | tr '\n' ','" - image_pull_command_on_localhost: "{{ bin_dir }}/crictl pull" - when: container_manager_on_localhost == 'crio' - - name: prep_download | On localhost, check if passwordless root is possible command: "true" delegate_to: localhost