Skip to content

Commit

Permalink
feat: allow not pulling images, continue if pull fails
Browse files Browse the repository at this point in the history
Feature: Add `podman_pull_image` - if `false`, do not pull the image before trying
to use it. Add `podman_continue_if_pull_fails` - continue with the role if the image
pull fails.

Reason: The managed node might be isolated and unable to pull images.  The managed
node might be pre-built with images already present.  Users need to have more control
about what happens in these situations.

Result: User can control when/how images are pulled by units.

Signed-off-by: Rich Megginson <[email protected]>
  • Loading branch information
richm committed Jul 24, 2023
1 parent 0704903 commit 53d34d4
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 2 deletions.
29 changes: 29 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,13 @@ except for the following:
* `activate_systemd_unit` - Whether or not to activate the systemd unit when it
is created. If you do not specify this, then the global default
`podman_activate_systemd_unit` will be used, which is `true` by default.
* `pull_image` - Ensure the image is pulled before use. If you do not specify
this, then the global default `podman_pull_image` will be used, which is
`true` by default.
* `continue_if_pull_fails` - If pulling the image, and the pull fails, do not
treat this as a fatal error, and continue with the role. If you do not
specify this, then the global default `podman_continue_if_pull_fails` will be
used, which is `false` by default.
* `kube_file_src` - This is the name of a file on the controller node which will
be copied to `kube_file` on the managed node. This is a file in Kubernetes
YAML format. Do not specify this if you specify `kube_file_content`.
Expand Down Expand Up @@ -274,6 +281,28 @@ specify per-container scope with `systemd_unit_scope` in `podman_kube_specs`. By
default, rootless containers will use `user` and root containers will use
`system`.

### podman_activate_systemd_units

Activate each systemd unit as soon as it is created. The default is `true`.
You can also do this on a per-unit basis by using `activate_systemd_units` in
the spec for each unit. For example, if you are deploying several specs, and you
only want the last one in the list to activate which will trigger the others to
activate via dependencies, then set `activate_systemd_unit: false` for each one
except the last one uses `activate_systemd_unit: true`

### podman_pull_image

Ensure that each image mentioned in a kube or quadlet spec is present by pulling
the image before it is used. The default is `true`. Use `false` if the managed
node already has the correct version, or is not able to pull images. You can also
specify this on a per-unit basis with `pull_image`.

### podman_continue_if_pull_fails

If the image pull attempt fails, do not treat this as a fatal error, and continue
with the role run. The default is `false` - a pull attempt failure is a fatal
error. You can set this on a per-unit basis with `continue_if_pull_fails`.

### podman_containers_conf

These are the containers.conf(5) settings, provided as a `dict`. These settings
Expand Down
11 changes: 11 additions & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,3 +93,14 @@ podman_secrets: []
# then set `activate_systemd_unit: false` for each one
# except the last one uses `activate_systemd_unit: true`
podman_activate_systemd_unit: true

# Ensure images used are present
# Look at the specs, and pull images that are specified there
# You can also do this on a per-spec basis using pull_images
podman_pull_image: true

# Continue if the image pull fails
# If pulling the image fails, do not fail the role - continue
# running the role.
# You can do this on a per-spec basis using continue_if_pull_fails
podman_continue_if_pull_fails: false
4 changes: 4 additions & 0 deletions tasks/create_update_kube_spec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@
username: "{{ container_image_user | default(omit) }}"
password: "{{ container_image_password | default(omit) }}"
register: __podman_image_updated
when: __podman_pull_image | bool
failed_when:
- __podman_image_updated is failed
- not __podman_continue_if_pull_fails
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
become: "{{ __podman_rootless | ternary(true, omit) }}"
Expand Down
4 changes: 4 additions & 0 deletions tasks/create_update_quadlet_spec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@
username: "{{ container_image_user | default(omit) }}"
password: "{{ container_image_password | default(omit) }}"
register: __podman_image_updated
when: __podman_pull_image | bool
failed_when:
- __podman_image_updated is failed
- not __podman_continue_if_pull_fails
environment:
XDG_RUNTIME_DIR: "{{ __podman_xdg_runtime_dir }}"
become: "{{ __podman_rootless | ternary(true, omit) }}"
Expand Down
8 changes: 7 additions & 1 deletion tasks/handle_kube_spec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@
else none }}"
vars:
__del_params: "^(kube_file_src|kube_file_content|run_as_user|run_as_group|\
systemd_unit_scope|activate_systemd_unit)$"
systemd_unit_scope|activate_systemd_unit|pull_image|\
continue_if_pull_fails)$"

- name: Set per-container variables part 1
set_fact:
Expand All @@ -47,6 +48,11 @@
__podman_kube_spec_item['systemd_unit_scope'] |
d(podman_systemd_unit_scope) }}"
__podman_state: "{{ __state }}"
__podman_pull_image: "{{ __podman_kube_spec_item['pull_image'] |
d(podman_pull_image) }}"
__podman_continue_if_pull_fails: "{{
__podman_kube_spec_item['continue_if_pull_fails'] |
d(podman_continue_if_pull_fails) }}"
vars:
__state: "{{ ((__podman_kube_spec_item['state'] | d('')) == 'absent') |
ternary('absent', 'created') }}"
Expand Down
8 changes: 7 additions & 1 deletion tasks/handle_quadlet_spec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@
else none }}"
vars:
__del_params: "^(file_src|file_content|file|run_as_user|run_as_group|\
systemd_unit_scope|name|type|state|activate_systemd_unit|template_src)$"
systemd_unit_scope|name|type|state|activate_systemd_unit|template_src\
pull_image|continue_if_pull_fails)$"

- name: Fail if no quadlet spec is given
fail:
Expand All @@ -56,6 +57,11 @@
__podman_quadlet_spec_item['systemd_unit_scope'] |
d(podman_systemd_unit_scope) }}"
__podman_state: "{{ __state }}"
__podman_pull_image: "{{ __podman_quadlet_spec_item['pull_image'] |
d(podman_pull_image) }}"
__podman_continue_if_pull_fails: "{{
__podman_quadlet_spec_item['continue_if_pull_fails'] |
d(podman_continue_if_pull_fails) }}"
vars:
__state: "{{ ((__podman_quadlet_spec_item['state'] | d('')) == 'absent') |
ternary('absent', 'created') }}"
Expand Down

0 comments on commit 53d34d4

Please sign in to comment.