9 files changed, 60 insertions, 24 deletions
diff --git a/roles/container_runtime/tasks/common/post.yml b/roles/container_runtime/tasks/common/post.yml
index d790eb2c0..23fd8528a 100644
--- a/roles/container_runtime/tasks/common/post.yml
+++ b/roles/container_runtime/tasks/common/post.yml
@@ -11,7 +11,7 @@
 - meta: flush_handlers
 
 # This needs to run after docker is restarted to account for proxy settings.
-# registry_auth is called directly with include_role in some places, so we
+# registry_auth is called directly with import_role in some places, so we
 # have to put it in the root of the tasks/ directory.
 - include_tasks: ../registry_auth.yml
 
@@ -22,5 +22,5 @@
 
 - include_tasks: setup_docker_symlink.yml
   when:
-    - openshift_use_crio
+    - openshift_use_crio | bool
     - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool)
diff --git a/roles/container_runtime/tasks/common/syscontainer_packages.yml b/roles/container_runtime/tasks/common/syscontainer_packages.yml
index b41122880..d429047e6 100644
--- a/roles/container_runtime/tasks/common/syscontainer_packages.yml
+++ b/roles/container_runtime/tasks/common/syscontainer_packages.yml
@@ -4,7 +4,7 @@
   package:
     name: container-selinux
     state: present
-  when: not openshift.common.is_atomic | bool
+  when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
 
@@ -13,7 +13,7 @@
   package:
     name: atomic
     state: present
-  when: not openshift.common.is_atomic | bool
+  when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
 
@@ -23,6 +23,6 @@
   package:
     name: runc
     state: present
-  when: not openshift.common.is_atomic | bool
+  when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
diff --git a/roles/container_runtime/tasks/docker_storage_setup_overlay.yml b/roles/container_runtime/tasks/docker_storage_setup_overlay.yml
new file mode 100644
index 000000000..782c002e3
--- /dev/null
+++ b/roles/container_runtime/tasks/docker_storage_setup_overlay.yml
@@ -0,0 +1,10 @@
+---
+- name: Setup the docker-storage for overlay
+  template:
+    src: docker_storage_setup.j2
+    dest: /etc/sysconfig/docker-storage-setup
+    owner: root
+    group: root
+    mode: 0664
+  when:
+  - container_runtime_docker_storage_type == 'overlay2'
diff --git a/roles/container_runtime/tasks/docker_upgrade_check.yml b/roles/container_runtime/tasks/docker_upgrade_check.yml
index 6731963dd..8dd916e79 100644
--- a/roles/container_runtime/tasks/docker_upgrade_check.yml
+++ b/roles/container_runtime/tasks/docker_upgrade_check.yml
@@ -21,6 +21,7 @@
   retries: 4
   until: curr_docker_version is succeeded
   changed_when: false
+  when: not openshift_is_atomic | bool
 
 - name: Get latest available version of Docker
   command: >
@@ -29,7 +30,9 @@
   retries: 4
   until: avail_docker_version is succeeded
   # Don't expect docker rpm to be available on hosts that don't already have it installed:
-  when: pkg_check.rc == 0
+  when:
+    - not openshift_is_atomic | bool
+    - pkg_check.rc == 0
   failed_when: false
   changed_when: false
 
@@ -37,9 +40,10 @@
     msg: This playbook requires access to Docker 1.12 or later
   # Disable the 1.12 requirement if the user set a specific Docker version
   when:
-  - docker_version is not defined
-  - docker_upgrade is not defined or docker_upgrade | bool == True
-  - (pkg_check.rc == 0 and (avail_docker_version.stdout == "" or avail_docker_version.stdout is version_compare('1.12','<')))
+    - not openshift_is_atomic | bool
+    - docker_version is not defined
+    - docker_upgrade is not defined or docker_upgrade | bool == True
+    - (pkg_check.rc == 0 and (avail_docker_version.stdout == "" or avail_docker_version.stdout is version_compare('1.12','<')))
 
 # Default l_docker_upgrade to False, we'll set to True if an upgrade is required:
 - set_fact:
@@ -48,27 +52,30 @@
 # Make sure a docker_version is set if none was requested:
 - set_fact:
     docker_version: "{{ avail_docker_version.stdout }}"
-  when: pkg_check.rc == 0 and docker_version is not defined
+  when:
+    - not openshift_is_atomic | bool
+    - pkg_check.rc == 0 and docker_version is not defined
 
 - name: Flag for Docker upgrade if necessary
   set_fact:
     l_docker_upgrade: True
   when:
-  - pkg_check.rc == 0
-  - curr_docker_version.stdout is version_compare(docker_version,'<')
+    - not openshift_is_atomic | bool
+    - pkg_check.rc == 0
+    - curr_docker_version.stdout is version_compare(docker_version,'<')
 
 # Additional checks for Atomic hosts:
 - name: Determine available Docker
   shell: "rpm -q --queryformat '---\ncurr_version: %{VERSION}\navail_version: \n' docker"
   register: g_atomic_docker_version_result
-  when: openshift.common.is_atomic | bool
+  when: openshift_is_atomic | bool
 
 - set_fact:
     l_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}"
-  when: openshift.common.is_atomic | bool
+  when: openshift_is_atomic | bool
 
 - fail:
     msg: This playbook requires access to Docker 1.12 or later
   when:
-  - openshift.common.is_atomic | bool
-  - l_docker_version.avail_version | default(l_docker_version.curr_version, true) is version_compare('1.12','<')
+    - openshift_is_atomic | bool
+    - l_docker_version.avail_version | default(l_docker_version.curr_version, true) is version_compare('1.12','<')
diff --git a/roles/container_runtime/tasks/main.yml b/roles/container_runtime/tasks/main.yml
index 96d8606c6..07da831c4 100644
--- a/roles/container_runtime/tasks/main.yml
+++ b/roles/container_runtime/tasks/main.yml
@@ -1,2 +1,2 @@
 ---
-# This role is meant to be used with include_role and tasks_from.
+# This role is meant to be used with import_role and tasks_from.
diff --git a/roles/container_runtime/tasks/package_docker.yml b/roles/container_runtime/tasks/package_docker.yml
index d9d4037dd..d6e7e7fed 100644
--- a/roles/container_runtime/tasks/package_docker.yml
+++ b/roles/container_runtime/tasks/package_docker.yml
@@ -3,7 +3,7 @@
 
 - name: Get current installed Docker version
   command: "{{ repoquery_installed }} --qf '%{version}' docker"
-  when: not openshift.common.is_atomic | bool
+  when: not openshift_is_atomic | bool
   register: curr_docker_version
   retries: 4
   until: curr_docker_version is succeeded
@@ -20,7 +20,7 @@
     name: "docker{{ '-' + docker_version if docker_version is defined else '' }}"
     state: present
   when:
-  - not (openshift.common.is_atomic | bool)
+  - not (openshift_is_atomic | bool)
   - not (curr_docker_version is skipped)
   - not (curr_docker_version.stdout != '')
   register: result
@@ -48,7 +48,7 @@
   lineinfile:
     dest: /etc/sysconfig/docker
     regexp: '^{{ item.reg_conf_var }}=.*$'
-    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
+    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | lib_utils_oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
   when:
   - item.reg_fact_val != []
   - docker_check.stat.isreg is defined
@@ -101,7 +101,7 @@
     line: "OPTIONS='\
       {% if ansible_selinux.status | default(None) == 'enabled' and openshift_docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \
       {% if openshift_docker_log_driver | bool %} --log-driver {{ openshift_docker_log_driver }}{% endif %} \
-      {% if l2_docker_log_options != [] %} {{ l2_docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \
+      {% if l2_docker_log_options != [] %} {{ l2_docker_log_options |  lib_utils_oo_split() | lib_utils_oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \
       {% if openshift_docker_hosted_registry_insecure and (openshift_docker_hosted_registry_network | bool) %} --insecure-registry={{ openshift_docker_hosted_registry_network }} {% endif %} \
       {% if docker_options is defined %} {{ docker_options }}{% endif %} \
       {% if openshift_docker_options %} {{ openshift_docker_options }}{% endif %} \
diff --git a/roles/container_runtime/tasks/registry_auth.yml b/roles/container_runtime/tasks/registry_auth.yml
index 2c7bc5711..4f1abd59a 100644
--- a/roles/container_runtime/tasks/registry_auth.yml
+++ b/roles/container_runtime/tasks/registry_auth.yml
@@ -15,6 +15,7 @@
   - not openshift_docker_alternative_creds | bool
   - oreg_auth_user is defined
   - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+  no_log: True
 
 # docker_creds is a custom module from lib_utils
 # 'docker login' requires a docker.service running on the local host, this is an
@@ -30,3 +31,4 @@
   - openshift_docker_alternative_creds | bool
   - oreg_auth_user is defined
   - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+  no_log: True
diff --git a/roles/container_runtime/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml
index 61f122f3c..d588f2618 100644
--- a/roles/container_runtime/tasks/systemcontainer_crio.yml
+++ b/roles/container_runtime/tasks/systemcontainer_crio.yml
@@ -3,7 +3,7 @@
 - name: Check we are not using node as a Docker container with CRI-O
   fail: msg='Cannot use CRI-O with node configured as a Docker container'
   when:
-    - openshift.common.is_containerized | bool
+    - openshift_is_containerized | bool
     - not l_is_node_system_container | bool
 
 - include_tasks: common/pre.yml
@@ -81,6 +81,17 @@
     dest: /etc/cni/net.d/openshift-sdn.conf
     src: 80-openshift-sdn.conf.j2
 
+- name: Create /etc/sysconfig/crio-storage
+  copy:
+    content: ""
+    dest: /etc/sysconfig/crio-storage
+    force: no
+
+- name: Create /etc/sysconfig/crio-network
+  template:
+    dest: /etc/sysconfig/crio-network
+    src: crio-network.j2
+
 - name: Start the CRI-O service
   systemd:
     name: "cri-o"
@@ -93,4 +104,4 @@
 # 'docker login'
 - include_tasks: common/post.yml
   vars:
-    openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}"
+    openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"
diff --git a/roles/container_runtime/tasks/systemcontainer_docker.yml b/roles/container_runtime/tasks/systemcontainer_docker.yml
index 639585367..5f715cd21 100644
--- a/roles/container_runtime/tasks/systemcontainer_docker.yml
+++ b/roles/container_runtime/tasks/systemcontainer_docker.yml
@@ -18,7 +18,7 @@
 # Make sure Docker is installed so we are able to use the client
 - name: Install Docker so we can use the client
   package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
-  when: not openshift.common.is_atomic | bool
+  when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
 
@@ -42,6 +42,12 @@
 - debug:
     var: l_docker_image
 
+# Do the authentication before pulling the container engine system container
+# as the pull might be from an authenticated registry.
+- include_tasks: registry_auth.yml
+  vars:
+    openshift_docker_alternative_creds: True
+
 # NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
 - name: Pre-pull Container Engine System Container image
   command: "atomic pull --storage ostree {{ l_docker_image }}"