Newer
Older
apt:
update_cache: yes
when: ansible_facts.os_family == 'Debian'
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
- block:
- name: Set firewall default policy
become: True
ufw:
state: disabled
policy: allow
when: ansible_facts.os_family == 'Debian'
ignore_errors: yes
- name: Check if firewalld is installed
command: rpm -q firewalld
register: firewalld_check
changed_when: false
failed_when: firewalld_check.rc > 1
args:
warn: false
when: ansible_facts.os_family == 'RedHat'
- name: Disable firewalld
become: True
service:
name: "{{ item }}"
enabled: false
state: stopped
with_items:
- firewalld
when:
- ansible_facts.os_family == 'RedHat'
- firewalld_check.rc == 0
when: disable_firewall | bool
# Upgrading docker engine may cause containers to stop. Take a snapshot of the
# running containers prior to a potential upgrade of Docker.
- name: Check which containers are running
command: docker ps -f 'status=running' -q
become: true
# If Docker is not installed this command may exit non-zero.
failed_when: false
changed_when: false
register: running_containers
# APT starts Docker engine right after installation, which creates
# iptables rules before we disable iptables in Docker config
- name: Check if docker systemd unit exists
stat:
path: /etc/systemd/system/docker.service
register: docker_unit_file
- name: Mask the docker systemd unit on Debian/Ubuntu
file:
src: /dev/null
dest: /etc/systemd/system/docker.service
owner: root
group: root
state: link
become: true
when:
- ansible_facts.os_family == 'Debian'
- not docker_unit_file.stat.exists
name: "{{ (debian_pkg_install | join(' ')).split() }}"
when: ansible_facts.os_family == 'Debian'
when: ansible_facts.os_family == 'RedHat'
name: "{{ (redhat_pkg_install | join(' ')).split() }}"
when: ansible_facts.os_family == 'RedHat'
# If any packages were updated, and any containers were running, wait for the
# daemon to come up and start all previously running containers.
- block:
# At some point (at least on CentOS 7) Docker CE stopped starting
# automatically after an upgrade from legacy docker . Start it manually.
- name: Start docker
name: docker
state: started
enabled: yes
masked: no
- name: Wait for Docker to start
command: docker info
become: true
changed_when: false
register: result
until: result is success
retries: 6
delay: 10
- name: Ensure containers are running after Docker upgrade
command: "docker start {{ running_containers.stdout }}"
become: true
when:
- install_result is changed
- running_containers.rc == 0
- running_containers.stdout != ''
vars:
install_result: "{{ rpm_install_result if ansible_facts.os_family == 'RedHat' else apt_install_result }}"
- name: Install latest pip in the virtualenv
pip:
# NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
name: pip>19.3
virtualenv: "{{ virtualenv }}"
virtualenv_site_packages: "{{ virtualenv_site_packages }}"
virtualenv_python: "python{{ host_python_version }}"
become: True
when: virtualenv is not none
# NOTE(hrw) docker 2.4.2 is in kolla-ansible requirements
# NOTE(mnasiadka): docker 5.0.0 lacks six in deps but requires it
name: docker>=2.4.2,<5.0.0
executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
virtualenv_python: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version) }}"
name: "{{ (ubuntu_pkg_removals | join(' ')).split() }}"
when: ansible_facts.os_family == 'Debian'
name: "{{ (redhat_pkg_removals | join(' ')).split() }}"
when: ansible_facts.os_family == 'RedHat'