dsk-iac/ansible/roles/security-settings/tasks/crictl.yml

---

#- name: Downloading and extracting {{ crictl_app }} {{ crictl_version }}
#  unarchive:
#    src: "{{ crictl_dl_url }}"
#    dest: "{{ crictl_bin_path }}"
#    owner: "{{ crictl_file_owner }}"
#    group: "{{ crictl_file_group }}"
#    extra_opts:
#      - crictl
#    remote_src: yes

- name: Change containerd config
  copy:
    src: containerd_dsk_config.toml
    dest: /etc/containerd/config.toml
    owner: root
    group: root
    mode: 0640

- name: Restart service containerd
  ansible.builtin.systemd:
    state: restarted
    daemon_reload: yes
    name: containerd

- name: remove all cronjobs for user root
  command: crontab -r -u root
  ignore_errors: true

- name: Crictl command crontab setting
  ansible.builtin.cron:
    name: "container container prune"
    minute: "0"
    hour: "3"
    user: root
    job: "for id in `crictl ps -a | grep -i exited | awk '{print $1}'`; do crictl rm $id ; done"

- name: Crictl command crontab setting
  ansible.builtin.cron:
    name: "container image prune"
    minute: "10"
    hour: "3"
    user: root
    job: "/usr/local/bin/crictl rmi --prune"