Ensure libseccomp is installed before starting containerd on CentOS 8 (#6922)

* Ensure libseccomp is installed before starting containerd on CentOS 8 * Simplify libseccomp install on CentOS 8 - Uses `package` module - Replaces complex version check with 'state: latest'. The version must be > 2.3 when using with cri-o. - Removes unnecessary `not is_ostree` condition as CentOS 8 does not use ostree
4 years ago · d315f73080
3 changed files with 22 additions and 10 deletions
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@ -129,4 +129,13 @@
    - not is_ostree
    - not runc_stat.stat.exists

+- name: Ensure latest version of libseccomp installed  # noqa 403
+  package:
+    name: libseccomp
+    state: latest
+  when:
+    - ansible_distribution == "CentOS"
+    - ansible_distribution_major_version == "8"
+  notify: restart containerd
+
 - include_tasks: crictl.yml
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@ -83,19 +83,13 @@
  retries: 4
  delay: "{{ retry_stagger | d(3) }}"

- name: Gather the rpm package facts
-  package_facts:
-    manager: auto
-  when:
-    - ansible_distribution == "CentOS"
-    - ansible_distribution_major_version == "8"
-
- name: Ensure latest version of libseccom installed  # noqa 303
-  command: "yum update -y libseccomp"
+- name: Ensure latest version of libseccomp installed  # noqa 403
+  package:
+    name: libseccomp
+    state: latest
  when:
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "8"
-    - ansible_facts.packages['libseccomp'] | map(attribute='version') | map('regex_replace','^(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') | list | first == '2.3'
  notify: restart crio

 - name: Check if already installed
--- a/roles/container-engine/docker/tasks/main.yml
+++ b/roles/container-engine/docker/tasks/main.yml
@ -211,6 +211,15 @@
    selection: hold
  when: ansible_os_family in ["Debian"]

+- name: Ensure latest version of libseccomp installed  # noqa 403
+  package:
+    name: libseccomp
+    state: latest
+  when:
+    - ansible_distribution == "CentOS"
+    - ansible_distribution_major_version == "8"
+  notify: restart docker
+
 - name: ensure docker started, remove our config if docker start failed and try again
  block:
    - name: ensure service is started if docker packages are already present