e86a1c6f96
There are two major issues we are trying to address here. The first is that docker-compose (python implementation) is EOL and does not work with python3.12. Instead we need to use docker compose (golang implementation) on newer platforms like Noble. We're taking advantage of the clean break between distro releases to do a migration of the container management system rather than try and replace docker-compose with docker compose in place on existing servers. Second the docker runtime can only deal with mirrors for images hosted on docker hub. This impacts our ability to speculatively test images that are hosted on quay (or elsewhere) with docker since speculative image testing currently relies on mirror configuration to provide unreleased images to test environments. By switching the runtime to podman instead of docker behind docker compose we fix this second problem. Again the clean break between distro releases is a convenient time to make ths witch rather than doing it in place. Some design considerations include: * Not bothering with docker ce packaging and instead relying on packages in Ubuntu Noble * Configuring the podman service to listen on a socket located where docker's socket typically lives. This avoids needing environment overrides every time we run docker compose. * Not adding a special podman group for this. We effectively manage things as root or via sudo so we can keep this simple for now. Future updates may include installation of docker compose and/or podman from upstream sources. We could add a podman group. We may also switch to using user owner podman daemons and reduce some privilege. Change-Id: Ib0a9cdb38b99521bcd7e15c17f6175aea2c042eb
60 lines
1.8 KiB
YAML
60 lines
1.8 KiB
YAML
- name: Create docker directory
|
|
become: yes
|
|
file:
|
|
state: directory
|
|
path: /etc/docker
|
|
|
|
- name: Install docker-ce from upstream
|
|
include_tasks: upstream.yaml
|
|
when: use_upstream_docker|bool
|
|
|
|
- name: Install docker-engine from distro
|
|
include_tasks: distro.yaml
|
|
when: not use_upstream_docker|bool
|
|
|
|
- name: reset ssh connection to pick up docker group
|
|
meta: reset_connection
|
|
|
|
# We install docker-compose from pypi to get features like
|
|
# stop_grace_period.
|
|
|
|
# On arm64 we need build-essential, python3-dev, libffi-dev, and
|
|
# libssl-dev because wheels don't exist for all the things on arm64.
|
|
# Similarly for Xenial while we have it, some things (cffi) have
|
|
# stopped providing Python 3.5 wheels
|
|
- name: Install arm64 dev pacakges
|
|
when: >
|
|
ansible_architecture == 'aarch64' or
|
|
ansible_distribution_release == 'xenial'
|
|
package:
|
|
name:
|
|
- build-essential
|
|
- python3-dev
|
|
- libffi-dev
|
|
- libssl-dev
|
|
state: present
|
|
|
|
- name: Install python docker-compose if needed
|
|
when: with_python_compose|bool
|
|
block:
|
|
- name: ensure pip3 is installed
|
|
include_role:
|
|
name: pip3
|
|
|
|
- name: Install docker-compose
|
|
pip:
|
|
name:
|
|
# The explicit pin of requests is a temporary workaround to getting
|
|
# docker-compose functioning again after requests and urllib3 updates.
|
|
# Unfortunately python docker-compose is abandonware and we will need
|
|
# to migrate to the new docker plugin system or distro packages, but
|
|
# until then this is a quick workaround that will get things moving
|
|
# again.
|
|
# The explicit pin of docker is required as py docker 7.0 introduced
|
|
# incompatibilities with python docker-compose.
|
|
- requests<2.30.0
|
|
- docker<7.0.0
|
|
- docker-compose
|
|
state: present
|
|
executable: pip3
|