diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-09-16 14:45:46 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-09-16 14:45:46 +0200 |
commit | 77bc1bde857ee4b8fa9641849bf1a4f69ec5cf96 (patch) | |
tree | 67ae4f7e65549ff3bf9b4143650313128d4ef907 /roles | |
parent | kubernetes/kubeadm: add support for 1.22 (diff) | |
parent | docker and containerd: apt pinning vs package hold (diff) |
Merge branch 'topic/apt-hold-vs-pin'
Diffstat (limited to 'roles')
-rw-r--r-- | roles/containerd/tasks/main.yml | 25 | ||||
-rw-r--r-- | roles/docker/engine/tasks/main.yml | 25 | ||||
-rw-r--r-- | roles/kubernetes/base/tasks/main.yml | 24 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/base/tasks/main.yml | 20 | ||||
-rw-r--r-- | roles/kubernetes/test-pods.url | 1 | ||||
-rw-r--r-- | roles/streaming/blackmagic/desktopvideo/tasks/main.yml | 27 | ||||
-rw-r--r-- | roles/streaming/blackmagic/mediaexpress/tasks/main.yml | 25 |
7 files changed, 119 insertions, 28 deletions
diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index 26acea66..56970268 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -17,20 +17,35 @@ include_role: name: "apt-repo/{{ containerd_pkg_provider }}" +- name: generate apt pin file for containerd package + when: containerd_pkg_version is defined + copy: + dest: "/etc/apt/preferences.d/{{ containerd_pkg_name }}.pref" + content: | + Package: {{ containerd_pkg_name }} + Pin: version {{ containerd_pkg_version }} + Pin-Priority: 1001 + +- name: remove apt pin file for containerd package + when: containerd_pkg_version is not defined + file: + path: "/etc/apt/preferences.d/{{ containerd_pkg_name }}.pref" + state: absent + - name: install containerd apt: name: "{{ containerd_pkg_name }}{% if containerd_pkg_version is defined %}={{ containerd_pkg_version }}{% endif %}" state: present force: yes - ## TODO: remove force once the following changes are available - ## https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562 + # allow_downgrade: yes + ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0) ## https://github.com/ansible/ansible/pull/74852 -- name: disable automatic upgrades for containerd package - when: containerd_pkg_version is defined + ## TODO: remove this when all machines are migrated to use pin files +- name: unhold packages (we now use APT pinning) dpkg_selections: name: "{{ containerd_pkg_name }}" - selection: hold + selection: install - name: fetch containerd default config check_mode: no diff --git a/roles/docker/engine/tasks/main.yml b/roles/docker/engine/tasks/main.yml index b6f5bb12..d07d6d63 100644 --- a/roles/docker/engine/tasks/main.yml +++ b/roles/docker/engine/tasks/main.yml @@ -26,6 +26,21 @@ include_role: name: "apt-repo/{{ docker_pkg_provider }}" +- name: generate apt pin file for docker package + when: docker_pkg_version is defined + copy: + dest: "/etc/apt/preferences.d/{{ docker_pkg_name }}.pref" + content: | + Package: {{ docker_pkg_name }} + Pin: version {{ docker_pkg_version }} + Pin-Priority: 1001 + +- name: remove apt pin file for docker package + when: docker_pkg_version is not defined + file: + path: "/etc/apt/preferences.d/{{ docker_pkg_name }}.pref" + state: absent + - name: install docker apt: name: @@ -33,15 +48,15 @@ - "{{ python_basename }}-docker" state: present force: yes - ## TODO: remove force once the following changes are available - ## https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562 + # allow_downgrade: yes + ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0) ## https://github.com/ansible/ansible/pull/74852 -- name: disable automatic upgrades for docker package - when: docker_pkg_version is defined + ## TODO: remove this when all machines are migrated to use pin files +- name: unhold packages (we now use APT pinning) dpkg_selections: name: "{{ docker_pkg_name }}" - selection: hold + selection: install - name: start and enable docker service: diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index 70be0d3a..72cad066 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -17,6 +17,21 @@ include_role: name: apt-repo/kubic-project +- name: generate apt pin files for kubelet and cri-tools + loop: + - name: kubelet + version: "{{ kubernetes_version }}-00" + - name: cri-tools + version: "{{ kubernetes_cri_tools_pkg_version }}" + loop_control: + label: "{{ item.name }} == {{ item.version }}" + copy: + dest: "/etc/apt/preferences.d/{{ item.name }}.pref" + content: | + Package: {{ item.name }} + Pin: version {{ item.version }} + Pin-Priority: 1001 + - name: install kubelet and common packages apt: name: @@ -25,17 +40,18 @@ - "kubelet={{ kubernetes_version }}-00" state: present force: yes - ## TODO: remove force once the following changes are available - ## https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562 + # allow_downgrade: yes + ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0) ## https://github.com/ansible/ansible/pull/74852 -- name: disable automatic upgrades for kubelet and cri-tools + ## TODO: remove this when all machines are migrated to use pin files +- name: unhold packages (we now use APT pinning) loop: - kubelet - cri-tools dpkg_selections: name: "{{ item }}" - selection: hold + selection: install - name: configure endpoints for crictl copy: diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml index 0fab7845..abc0f3af 100644 --- a/roles/kubernetes/kubeadm/base/tasks/main.yml +++ b/roles/kubernetes/kubeadm/base/tasks/main.yml @@ -1,4 +1,15 @@ --- +- name: generate apt pin files for kubeadm and kubectl + loop: + - kubeadm + - kubectl + copy: + dest: "/etc/apt/preferences.d/{{ item }}.pref" + content: | + Package: {{ item }} + Pin: version {{ kubernetes_version }}-00 + Pin-Priority: 1001 + - name: install kubeadm packages apt: name: @@ -8,17 +19,18 @@ - "kubectl={{ kubernetes_version }}-00" state: present force: yes - ## TODO: remove force once the following changes are available - ## https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562 + # allow_downgrade: yes + ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0) ## https://github.com/ansible/ansible/pull/74852 -- name: disable automatic upgrades for kubeadm/kubectl + ## TODO: remove this when all machines are migrated to use pin files +- name: unhold packages (we now use APT pinning) loop: - kubeadm - kubectl dpkg_selections: name: "{{ item }}" - selection: hold + selection: install - name: set kubelet node-ip when: kubernetes_overlay_node_ip is defined diff --git a/roles/kubernetes/test-pods.url b/roles/kubernetes/test-pods.url new file mode 100644 index 00000000..59404701 --- /dev/null +++ b/roles/kubernetes/test-pods.url @@ -0,0 +1 @@ +https://k8s-examples.container-solutions.com/examples/Pod/Pod.html diff --git a/roles/streaming/blackmagic/desktopvideo/tasks/main.yml b/roles/streaming/blackmagic/desktopvideo/tasks/main.yml index 3ef7231e..98d2d28b 100644 --- a/roles/streaming/blackmagic/desktopvideo/tasks/main.yml +++ b/roles/streaming/blackmagic/desktopvideo/tasks/main.yml @@ -13,21 +13,38 @@ set_fact: blackmagic_desktopvideo_packages: "{{ ['desktopvideo'] | union(blackmagic_desktopvideo_include_gui | ternary(['desktopvideo-gui'], [])) }}" +- name: generate apt pin files for desktopvideo packages + when: blackmagic_desktopvideo_version is defined + loop: "{{ blackmagic_desktopvideo_packages }}" + copy: + dest: "/etc/apt/preferences.d/{{ item }}.pref" + content: | + Package: {{ item }} + Pin: version {{ blackmagic_desktopvideo_version }} + Pin-Priority: 1001 + +- name: remove apt pin files for desktopvideo packages + when: blackmagic_desktopvideo_version is not defined + loop: "{{ blackmagic_desktopvideo_packages }}" + file: + path: "/etc/apt/preferences.d/{{ item }}.pref" + state: absent + - name: install blackmagic desktopvideo packages apt: name: "{{ blackmagic_desktopvideo_packages | product(blackmagic_desktopvideo_version is defined | ternary(['=' + (blackmagic_desktopvideo_version | default(''))], [''])) | map('join') }}" state: present force: yes - ## TODO: remove force once the following changes are available - ## https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562 + # allow_downgrade: yes + ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0) ## https://github.com/ansible/ansible/pull/74852 -- name: disable automatic upgrades for desktopvideo packages - when: blackmagic_desktopvideo_version is defined + ## TODO: remove this when all machines are migrated to use pin files +- name: unhold packages (we now use APT pinning) loop: "{{ blackmagic_desktopvideo_packages }}" dpkg_selections: name: "{{ item }}" - selection: hold + selection: install - name: install improved kill mode for DesktopVideoHelper (1/2) file: diff --git a/roles/streaming/blackmagic/mediaexpress/tasks/main.yml b/roles/streaming/blackmagic/mediaexpress/tasks/main.yml index 3b99b8d3..9aa83c28 100644 --- a/roles/streaming/blackmagic/mediaexpress/tasks/main.yml +++ b/roles/streaming/blackmagic/mediaexpress/tasks/main.yml @@ -3,17 +3,32 @@ import_role: name: apt-repo/blackmagic +- name: generate apt pin file for blackmagic mediaexpress + when: blackmagic_mediaexpress_version is defined + copy: + dest: "/etc/apt/preferences.d/mediaexpress.pref" + content: | + Package: mediaexpress + Pin: version {{ blackmagic_mediaexpress_version }} + Pin-Priority: 1001 + +- name: remove apt pin file for blackmagic mediaexpress + when: blackmagic_mediaexpress_version is not defined + file: + path: "/etc/apt/preferences.d/mediaexpress.pref" + state: absent + - name: install blackmagic mediaexpress apt: name: "mediaexpress{% if blackmagic_mediaexpress_version is defined %}={{ blackmagic_mediaexpress_version }}{% endif %}" state: present force: yes - ## TODO: remove force once the following changes are available - ## https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562 + # allow_downgrade: yes + ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0) ## https://github.com/ansible/ansible/pull/74852 -- name: disable automatic upgrades for mediaexpress - when: blackmagic_mediaexpress_version is defined + ## TODO: remove this when all machines are migrated to use pin files +- name: unhold packages (we now use APT pinning) dpkg_selections: name: mediaexpress - selection: hold + selection: install |