diff options
Diffstat (limited to 'roles/container_runtime/tasks')
-rw-r--r-- | roles/container_runtime/tasks/common/post.yml | 4 | ||||
-rw-r--r-- | roles/container_runtime/tasks/docker_upgrade_check.yml | 25 | ||||
-rw-r--r-- | roles/container_runtime/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/container_runtime/tasks/package_docker.yml | 11 | ||||
-rw-r--r-- | roles/container_runtime/tasks/registry_auth.yml | 2 | ||||
-rw-r--r-- | roles/container_runtime/tasks/systemcontainer_crio.yml | 15 | ||||
-rw-r--r-- | roles/container_runtime/tasks/systemcontainer_docker.yml | 6 |
7 files changed, 52 insertions, 13 deletions
diff --git a/roles/container_runtime/tasks/common/post.yml b/roles/container_runtime/tasks/common/post.yml index d790eb2c0..23fd8528a 100644 --- a/roles/container_runtime/tasks/common/post.yml +++ b/roles/container_runtime/tasks/common/post.yml @@ -11,7 +11,7 @@ - meta: flush_handlers # This needs to run after docker is restarted to account for proxy settings. -# registry_auth is called directly with include_role in some places, so we +# registry_auth is called directly with import_role in some places, so we # have to put it in the root of the tasks/ directory. - include_tasks: ../registry_auth.yml @@ -22,5 +22,5 @@ - include_tasks: setup_docker_symlink.yml when: - - openshift_use_crio + - openshift_use_crio | bool - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool) diff --git a/roles/container_runtime/tasks/docker_upgrade_check.yml b/roles/container_runtime/tasks/docker_upgrade_check.yml index 7831f4c7d..8dd916e79 100644 --- a/roles/container_runtime/tasks/docker_upgrade_check.yml +++ b/roles/container_runtime/tasks/docker_upgrade_check.yml @@ -21,6 +21,7 @@ retries: 4 until: curr_docker_version is succeeded changed_when: false + when: not openshift_is_atomic | bool - name: Get latest available version of Docker command: > @@ -29,7 +30,9 @@ retries: 4 until: avail_docker_version is succeeded # Don't expect docker rpm to be available on hosts that don't already have it installed: - when: pkg_check.rc == 0 + when: + - not openshift_is_atomic | bool + - pkg_check.rc == 0 failed_when: false changed_when: false @@ -37,9 +40,10 @@ msg: This playbook requires access to Docker 1.12 or later # Disable the 1.12 requirement if the user set a specific Docker version when: - - docker_version is not defined - - docker_upgrade is not defined or docker_upgrade | bool == True - - (pkg_check.rc == 0 and (avail_docker_version.stdout == "" or avail_docker_version.stdout is version_compare('1.12','<'))) + - not openshift_is_atomic | bool + - docker_version is not defined + - docker_upgrade is not defined or docker_upgrade | bool == True + - (pkg_check.rc == 0 and (avail_docker_version.stdout == "" or avail_docker_version.stdout is version_compare('1.12','<'))) # Default l_docker_upgrade to False, we'll set to True if an upgrade is required: - set_fact: @@ -48,14 +52,17 @@ # Make sure a docker_version is set if none was requested: - set_fact: docker_version: "{{ avail_docker_version.stdout }}" - when: pkg_check.rc == 0 and docker_version is not defined + when: + - not openshift_is_atomic | bool + - pkg_check.rc == 0 and docker_version is not defined - name: Flag for Docker upgrade if necessary set_fact: l_docker_upgrade: True when: - - pkg_check.rc == 0 - - curr_docker_version.stdout is version_compare(docker_version,'<') + - not openshift_is_atomic | bool + - pkg_check.rc == 0 + - curr_docker_version.stdout is version_compare(docker_version,'<') # Additional checks for Atomic hosts: - name: Determine available Docker @@ -70,5 +77,5 @@ - fail: msg: This playbook requires access to Docker 1.12 or later when: - - openshift_is_atomic | bool - - l_docker_version.avail_version | default(l_docker_version.curr_version, true) is version_compare('1.12','<') + - openshift_is_atomic | bool + - l_docker_version.avail_version | default(l_docker_version.curr_version, true) is version_compare('1.12','<') diff --git a/roles/container_runtime/tasks/main.yml b/roles/container_runtime/tasks/main.yml index 96d8606c6..07da831c4 100644 --- a/roles/container_runtime/tasks/main.yml +++ b/roles/container_runtime/tasks/main.yml @@ -1,2 +1,2 @@ --- -# This role is meant to be used with include_role and tasks_from. +# This role is meant to be used with import_role and tasks_from. diff --git a/roles/container_runtime/tasks/package_docker.yml b/roles/container_runtime/tasks/package_docker.yml index d6e7e7fed..ed9a2709b 100644 --- a/roles/container_runtime/tasks/package_docker.yml +++ b/roles/container_runtime/tasks/package_docker.yml @@ -1,6 +1,17 @@ --- - include_tasks: common/pre.yml +# In some cases, some services may be run as containers and docker may still +# be installed via rpm. +- include_tasks: common/atomic_proxy.yml + when: + - > + (openshift_use_system_containers | default(False)) | bool + or (openshift_use_etcd_system_container | default(False)) | bool + or (openshift_use_openvswitch_system_container | default(False)) | bool + or (openshift_use_node_system_container | default(False)) | bool + or (openshift_use_master_system_container | default(False)) | bool + - name: Get current installed Docker version command: "{{ repoquery_installed }} --qf '%{version}' docker" when: not openshift_is_atomic | bool diff --git a/roles/container_runtime/tasks/registry_auth.yml b/roles/container_runtime/tasks/registry_auth.yml index 2c7bc5711..4f1abd59a 100644 --- a/roles/container_runtime/tasks/registry_auth.yml +++ b/roles/container_runtime/tasks/registry_auth.yml @@ -15,6 +15,7 @@ - not openshift_docker_alternative_creds | bool - oreg_auth_user is defined - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + no_log: True # docker_creds is a custom module from lib_utils # 'docker login' requires a docker.service running on the local host, this is an @@ -30,3 +31,4 @@ - openshift_docker_alternative_creds | bool - oreg_auth_user is defined - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + no_log: True diff --git a/roles/container_runtime/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml index 6a195a938..f053bdea5 100644 --- a/roles/container_runtime/tasks/systemcontainer_crio.yml +++ b/roles/container_runtime/tasks/systemcontainer_crio.yml @@ -53,6 +53,8 @@ name: "cri-o" image: "{{ l_crio_image }}" state: latest + values: + - "ADDTL_MOUNTS={{ l_crio_additional_mounts }}" - name: Remove CRI-O default configuration files file: @@ -81,6 +83,17 @@ dest: /etc/cni/net.d/openshift-sdn.conf src: 80-openshift-sdn.conf.j2 +- name: Create /etc/sysconfig/crio-storage + copy: + content: "" + dest: /etc/sysconfig/crio-storage + force: no + +- name: Create /etc/sysconfig/crio-network + template: + dest: /etc/sysconfig/crio-network + src: crio-network.j2 + - name: Start the CRI-O service systemd: name: "cri-o" @@ -93,4 +106,4 @@ # 'docker login' - include_tasks: common/post.yml vars: - openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}" + openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}" diff --git a/roles/container_runtime/tasks/systemcontainer_docker.yml b/roles/container_runtime/tasks/systemcontainer_docker.yml index dc0452553..5f715cd21 100644 --- a/roles/container_runtime/tasks/systemcontainer_docker.yml +++ b/roles/container_runtime/tasks/systemcontainer_docker.yml @@ -42,6 +42,12 @@ - debug: var: l_docker_image +# Do the authentication before pulling the container engine system container +# as the pull might be from an authenticated registry. +- include_tasks: registry_auth.yml + vars: + openshift_docker_alternative_creds: True + # NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released - name: Pre-pull Container Engine System Container image command: "atomic pull --storage ostree {{ l_docker_image }}" |