summaryrefslogtreecommitdiffstats
path: root/roles/container_runtime/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/container_runtime/tasks')
-rw-r--r--roles/container_runtime/tasks/common/post.yml4
-rw-r--r--roles/container_runtime/tasks/docker_upgrade_check.yml25
-rw-r--r--roles/container_runtime/tasks/main.yml2
-rw-r--r--roles/container_runtime/tasks/package_docker.yml11
-rw-r--r--roles/container_runtime/tasks/registry_auth.yml2
-rw-r--r--roles/container_runtime/tasks/systemcontainer_crio.yml15
-rw-r--r--roles/container_runtime/tasks/systemcontainer_docker.yml6
7 files changed, 52 insertions, 13 deletions
diff --git a/roles/container_runtime/tasks/common/post.yml b/roles/container_runtime/tasks/common/post.yml
index d790eb2c0..23fd8528a 100644
--- a/roles/container_runtime/tasks/common/post.yml
+++ b/roles/container_runtime/tasks/common/post.yml
@@ -11,7 +11,7 @@
- meta: flush_handlers
# This needs to run after docker is restarted to account for proxy settings.
-# registry_auth is called directly with include_role in some places, so we
+# registry_auth is called directly with import_role in some places, so we
# have to put it in the root of the tasks/ directory.
- include_tasks: ../registry_auth.yml
@@ -22,5 +22,5 @@
- include_tasks: setup_docker_symlink.yml
when:
- - openshift_use_crio
+ - openshift_use_crio | bool
- dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool)
diff --git a/roles/container_runtime/tasks/docker_upgrade_check.yml b/roles/container_runtime/tasks/docker_upgrade_check.yml
index 7831f4c7d..8dd916e79 100644
--- a/roles/container_runtime/tasks/docker_upgrade_check.yml
+++ b/roles/container_runtime/tasks/docker_upgrade_check.yml
@@ -21,6 +21,7 @@
retries: 4
until: curr_docker_version is succeeded
changed_when: false
+ when: not openshift_is_atomic | bool
- name: Get latest available version of Docker
command: >
@@ -29,7 +30,9 @@
retries: 4
until: avail_docker_version is succeeded
# Don't expect docker rpm to be available on hosts that don't already have it installed:
- when: pkg_check.rc == 0
+ when:
+ - not openshift_is_atomic | bool
+ - pkg_check.rc == 0
failed_when: false
changed_when: false
@@ -37,9 +40,10 @@
msg: This playbook requires access to Docker 1.12 or later
# Disable the 1.12 requirement if the user set a specific Docker version
when:
- - docker_version is not defined
- - docker_upgrade is not defined or docker_upgrade | bool == True
- - (pkg_check.rc == 0 and (avail_docker_version.stdout == "" or avail_docker_version.stdout is version_compare('1.12','<')))
+ - not openshift_is_atomic | bool
+ - docker_version is not defined
+ - docker_upgrade is not defined or docker_upgrade | bool == True
+ - (pkg_check.rc == 0 and (avail_docker_version.stdout == "" or avail_docker_version.stdout is version_compare('1.12','<')))
# Default l_docker_upgrade to False, we'll set to True if an upgrade is required:
- set_fact:
@@ -48,14 +52,17 @@
# Make sure a docker_version is set if none was requested:
- set_fact:
docker_version: "{{ avail_docker_version.stdout }}"
- when: pkg_check.rc == 0 and docker_version is not defined
+ when:
+ - not openshift_is_atomic | bool
+ - pkg_check.rc == 0 and docker_version is not defined
- name: Flag for Docker upgrade if necessary
set_fact:
l_docker_upgrade: True
when:
- - pkg_check.rc == 0
- - curr_docker_version.stdout is version_compare(docker_version,'<')
+ - not openshift_is_atomic | bool
+ - pkg_check.rc == 0
+ - curr_docker_version.stdout is version_compare(docker_version,'<')
# Additional checks for Atomic hosts:
- name: Determine available Docker
@@ -70,5 +77,5 @@
- fail:
msg: This playbook requires access to Docker 1.12 or later
when:
- - openshift_is_atomic | bool
- - l_docker_version.avail_version | default(l_docker_version.curr_version, true) is version_compare('1.12','<')
+ - openshift_is_atomic | bool
+ - l_docker_version.avail_version | default(l_docker_version.curr_version, true) is version_compare('1.12','<')
diff --git a/roles/container_runtime/tasks/main.yml b/roles/container_runtime/tasks/main.yml
index 96d8606c6..07da831c4 100644
--- a/roles/container_runtime/tasks/main.yml
+++ b/roles/container_runtime/tasks/main.yml
@@ -1,2 +1,2 @@
---
-# This role is meant to be used with include_role and tasks_from.
+# This role is meant to be used with import_role and tasks_from.
diff --git a/roles/container_runtime/tasks/package_docker.yml b/roles/container_runtime/tasks/package_docker.yml
index d6e7e7fed..ed9a2709b 100644
--- a/roles/container_runtime/tasks/package_docker.yml
+++ b/roles/container_runtime/tasks/package_docker.yml
@@ -1,6 +1,17 @@
---
- include_tasks: common/pre.yml
+# In some cases, some services may be run as containers and docker may still
+# be installed via rpm.
+- include_tasks: common/atomic_proxy.yml
+ when:
+ - >
+ (openshift_use_system_containers | default(False)) | bool
+ or (openshift_use_etcd_system_container | default(False)) | bool
+ or (openshift_use_openvswitch_system_container | default(False)) | bool
+ or (openshift_use_node_system_container | default(False)) | bool
+ or (openshift_use_master_system_container | default(False)) | bool
+
- name: Get current installed Docker version
command: "{{ repoquery_installed }} --qf '%{version}' docker"
when: not openshift_is_atomic | bool
diff --git a/roles/container_runtime/tasks/registry_auth.yml b/roles/container_runtime/tasks/registry_auth.yml
index 2c7bc5711..4f1abd59a 100644
--- a/roles/container_runtime/tasks/registry_auth.yml
+++ b/roles/container_runtime/tasks/registry_auth.yml
@@ -15,6 +15,7 @@
- not openshift_docker_alternative_creds | bool
- oreg_auth_user is defined
- (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+ no_log: True
# docker_creds is a custom module from lib_utils
# 'docker login' requires a docker.service running on the local host, this is an
@@ -30,3 +31,4 @@
- openshift_docker_alternative_creds | bool
- oreg_auth_user is defined
- (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+ no_log: True
diff --git a/roles/container_runtime/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml
index 6a195a938..f053bdea5 100644
--- a/roles/container_runtime/tasks/systemcontainer_crio.yml
+++ b/roles/container_runtime/tasks/systemcontainer_crio.yml
@@ -53,6 +53,8 @@
name: "cri-o"
image: "{{ l_crio_image }}"
state: latest
+ values:
+ - "ADDTL_MOUNTS={{ l_crio_additional_mounts }}"
- name: Remove CRI-O default configuration files
file:
@@ -81,6 +83,17 @@
dest: /etc/cni/net.d/openshift-sdn.conf
src: 80-openshift-sdn.conf.j2
+- name: Create /etc/sysconfig/crio-storage
+ copy:
+ content: ""
+ dest: /etc/sysconfig/crio-storage
+ force: no
+
+- name: Create /etc/sysconfig/crio-network
+ template:
+ dest: /etc/sysconfig/crio-network
+ src: crio-network.j2
+
- name: Start the CRI-O service
systemd:
name: "cri-o"
@@ -93,4 +106,4 @@
# 'docker login'
- include_tasks: common/post.yml
vars:
- openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}"
+ openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"
diff --git a/roles/container_runtime/tasks/systemcontainer_docker.yml b/roles/container_runtime/tasks/systemcontainer_docker.yml
index dc0452553..5f715cd21 100644
--- a/roles/container_runtime/tasks/systemcontainer_docker.yml
+++ b/roles/container_runtime/tasks/systemcontainer_docker.yml
@@ -42,6 +42,12 @@
- debug:
var: l_docker_image
+# Do the authentication before pulling the container engine system container
+# as the pull might be from an authenticated registry.
+- include_tasks: registry_auth.yml
+ vars:
+ openshift_docker_alternative_creds: True
+
# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull Container Engine System Container image
command: "atomic pull --storage ostree {{ l_docker_image }}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 21:20:19 +0000