--- - name: CRI-O setup block: - name: Include vars for {{ ansible_os_family }} ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" - name: Create thin volumes for containers community.general.lvol: vg: "{{ item.vg }}" lv: "{{ item.name }}" thinpool: kubernetes size: "{{ item.size }}" with_items: - { name: var_lib_containers, vg: vg_sys, size: "{{ lv_containers_size | default('10g') }}", mount_point: /var/lib/containers, mount_opts: "discard"} - name: create file system on containers lv community.general.filesystem: fstype: ext4 dev: "/dev/{{ item.vg }}/{{ item.name }}" with_items: - { name: var_lib_containers, vg: vg_sys, size: "{{ lv_containers_size | default('10g') }}", mount_point: /var/lib/containers, mount_opts: "discard"} - name: mount logical volumes ansible.posix.mount: name: "{{ item.mount_point }}" src: "/dev/{{ item.vg }}/{{ item.name }}" fstype: ext4 opts: "{{ item.mount_opts }}" state: mounted with_items: - { name: var_lib_containers, vg: vg_sys, size: "{{ lv_containers_size | default('10g') }}", mount_point: /var/lib/containers, mount_opts: "discard"} - name: Configuring kernel module to be load on boot ansible.builtin.template: src: "etc/modules-load.d/{{ item }}.conf.j2" dest: "/etc/modules-load.d/{{ item }}.conf" group: root owner: root mode: 0644 with_items: - "br_netfilter" - "overlay" - name: Load kernel module community.general.modprobe: name: "{{ item }}" state: present with_items: - br_netfilter - overlay - name: Configure sysctl ansible.posix.sysctl: name: "{{ item }}" value: "1" sysctl_file: /etc/sysctl.d/99-kubernetes-cri.conf reload: true with_items: - "net.bridge.bridge-nf-call-iptables" - "net.ipv4.ip_forward" - "net.bridge.bridge-nf-call-ip6tables" - name: Install dnf-plugins-core package ansible.builtin.package: name: dnf-plugins-core state: present - name: Add container-selinux repository ansible.builtin.command: cmd: dnf -y copr enable rhcontainerbot/container-selinux creates: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:rhcontainerbot:container-selinux.repo warn: false - name: Install container-selinux GPG key ansible.builtin.rpm_key: key: "https://download.copr.fedorainfracloud.org/results/rhcontainerbot/container-selinux/pubkey.gpg" state: present - name: Registering libcontainers repository ansible.builtin.get_url: url: "{{ crio_base_url }}/stable/CentOS_{{ ansible_distribution_major_version }}/devel:kubic:libcontainers:stable.repo" dest: /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo owner: root group: root mode: 0644 - name: Install libcontainers GPG key ansible.builtin.rpm_key: key: "{{ crio_base_url }}/stable/CentOS_{{ ansible_distribution_major_version }}/repodata/repomd.xml.key" state: present - name: Registering CRI-O {{ crio_version }} repository ansible.builtin.get_url: url: "{{ crio_base_url }}/stable:/cri-o:/{{ crio_version }}/CentOS_{{ ansible_distribution_major_version }}/devel:kubic:libcontainers:stable:cri-o:{{ crio_version }}.repo" dest: "/etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:{{ crio_version }}.repo" owner: root group: root mode: 0644 - name: Install CRI-O GPG key ansible.builtin.rpm_key: key: "{{ crio_base_url }}/stable:/cri-o:/{{ crio_version }}/CentOS_{{ ansible_distribution_major_version }}/repodata/repomd.xml.key" state: present - name: Update package manager list ansible.builtin.package: update_cache: true - name: Install cri-o package ansible.builtin.package: name: "{{ crio_package_name }}" state: present notify: Restart cri-o - name: Ensuring /etc/crio/crio.conf.d folder exists ansible.builtin.file: path: "/etc/crio/crio.conf.d" state: "directory" group: root owner: root mode: 0755 - name: Configuring cri-o ansible.builtin.template: src: "etc/crio/crio.conf.d/{{ item }}.j2" dest: "/etc/crio/crio.conf.d/{{ item }}" group: root owner: root mode: 0644 with_items: # - "01-crio-runtime.conf" # - "01-cgroup-manager.conf" - "01-log-level.conf" - "01-metrics.conf" # - "01-crio-network.conf" notify: Restart cri-o - name: Enable cri-o on boot ansible.builtin.service: name: crio state: restarted enabled: true tags: - crio