Skip to content
Snippets Groups Projects
Unverified Commit d315f730 authored by OwenTuz's avatar OwenTuz Committed by GitHub
Browse files

Ensure libseccomp is installed before starting containerd on CentOS 8 (#6922)

* Ensure libseccomp is installed before starting containerd on CentOS 8

* Simplify libseccomp install on CentOS 8

- Uses `package` module
- Replaces complex version check with 'state: latest'. The version must
  be > 2.3 when using with cri-o.
- Removes unnecessary `not is_ostree` condition as CentOS 8 does not use
  ostree
parent 06ec5393
No related branches found
No related tags found
No related merge requests found
......@@ -129,4 +129,13 @@
- not is_ostree
- not runc_stat.stat.exists
- name: Ensure latest version of libseccomp installed # noqa 403
package:
name: libseccomp
state: latest
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
notify: restart containerd
- include_tasks: crictl.yml
......@@ -83,19 +83,13 @@
retries: 4
delay: "{{ retry_stagger | d(3) }}"
- name: Gather the rpm package facts
package_facts:
manager: auto
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
- name: Ensure latest version of libseccom installed # noqa 303
command: "yum update -y libseccomp"
- name: Ensure latest version of libseccomp installed # noqa 403
package:
name: libseccomp
state: latest
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
- ansible_facts.packages['libseccomp'] | map(attribute='version') | map('regex_replace','^(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') | list | first == '2.3'
notify: restart crio
- name: Check if already installed
......
......@@ -211,6 +211,15 @@
selection: hold
when: ansible_os_family in ["Debian"]
- name: Ensure latest version of libseccomp installed # noqa 403
package:
name: libseccomp
state: latest
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "8"
notify: restart docker
- name: ensure docker started, remove our config if docker start failed and try again
block:
- name: ensure service is started if docker packages are already present
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment