diff options
Diffstat (limited to 'roles/docker')
| -rw-r--r-- | roles/docker/defaults/main.yml | 4 | ||||
| -rw-r--r-- | roles/docker/tasks/main.yml | 54 | ||||
| -rw-r--r-- | roles/docker/tasks/package_docker.yml | 6 | ||||
| -rw-r--r-- | roles/docker/tasks/systemcontainer_crio.yml | 4 | ||||
| -rw-r--r-- | roles/docker/templates/crio.conf.j2 | 5 |
5 files changed, 67 insertions, 6 deletions
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index fe938e52b..c086c28df 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -20,6 +20,7 @@ l2_docker_additional_registries: "{% if openshift_docker_additional_registries i l2_docker_blocked_registries: "{% if openshift_docker_blocked_registries is string %}{% if openshift_docker_blocked_registries == '' %}[]{% elif ',' in openshift_docker_blocked_registries %}{{ openshift_docker_blocked_registries.split(',') | list }}{% else %}{{ [ openshift_docker_blocked_registries ] }}{% endif %}{% else %}{{ openshift_docker_blocked_registries }}{% endif %}" l2_docker_insecure_registries: "{% if openshift_docker_insecure_registries is string %}{% if openshift_docker_insecure_registries == '' %}[]{% elif ',' in openshift_docker_insecure_registries %}{{ openshift_docker_insecure_registries.split(',') | list }}{% else %}{{ [ openshift_docker_insecure_registries ] }}{% endif %}{% else %}{{ openshift_docker_insecure_registries }}{% endif %}" +openshift_docker_use_etc_containers: False containers_registries_conf_path: /etc/containers/registries.conf r_crio_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" @@ -32,3 +33,6 @@ r_crio_os_firewall_allow: openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['oo_masters_to_config']|default([])) or inventory_hostname in (groups['oo_nodes_to_config']|default([])) else False | bool }}" + +docker_alt_storage_path: /var/lib/containers/docker +docker_default_storage_path: /var/lib/docker diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1539af53f..3c814d8d8 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -25,6 +25,15 @@ - not l_use_system_container - not l_use_crio_only +- name: Ensure /var/lib/containers exists + file: + path: /var/lib/containers + state: directory + +- name: Fix SELinux Permissions on /var/lib/containers + command: "restorecon -R /var/lib/containers/" + changed_when: false + - name: Use System Container Docker if Requested include: systemcontainer_docker.yml when: @@ -36,3 +45,48 @@ when: - l_use_crio - openshift_docker_is_node_or_master | bool + +- name: stat the docker data dir + stat: + path: "{{ docker_default_storage_path }}" + register: dockerstat + +- when: + - l_use_crio + - dockerstat.stat.islink is defined and not (dockerstat.stat.islink | bool) + block: + - name: stop the current running docker + systemd: + state: stopped + name: "{{ openshift.docker.service_name }}" + + - name: "Ensure {{ docker_alt_storage_path }} exists" + file: + path: "{{ docker_alt_storage_path }}" + state: directory + + - name: "Set the selinux context on {{ docker_alt_storage_path }}" + command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc == 1 + - "'already exists' not in results.stderr" + + - name: "restorecon the {{ docker_alt_storage_path }}" + command: "restorecon -r {{ docker_alt_storage_path }}" + + - name: Remove the old docker location + file: + state: absent + path: "{{ docker_default_storage_path }}" + + - name: Setup the link + file: + state: link + src: "{{ docker_alt_storage_path }}" + path: "{{ docker_default_storage_path }}" + + - name: start docker + systemd: + state: started + name: "{{ openshift.docker.service_name }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index b16413f72..8121163a6 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -81,6 +81,7 @@ template: dest: "{{ containers_registries_conf_path }}" src: registries.conf + when: openshift_docker_use_etc_containers | bool notify: - restart docker @@ -153,6 +154,7 @@ - set_fact: docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}" -- include: registry_auth.yml - - meta: flush_handlers + +# This needs to run after docker is restarted to account for proxy settings. +- include: registry_auth.yml diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 67ede0d21..1e2d64293 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -170,10 +170,6 @@ dest: /etc/cni/net.d/openshift-sdn.conf src: 80-openshift-sdn.conf.j2 -- name: Fix SELinux Permissions on /var/lib/containers - command: "restorecon -R /var/lib/containers/" - changed_when: false - - name: Start the CRI-O service systemd: name: "cri-o" diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2 index 93014a80d..3f066a17f 100644 --- a/roles/docker/templates/crio.conf.j2 +++ b/roles/docker/templates/crio.conf.j2 @@ -103,6 +103,11 @@ cgroup_manager = "systemd" # hooks_dir_path is the oci hooks directory for automatically executed hooks hooks_dir_path = "/usr/share/containers/oci/hooks.d" +# default_mounts is the mounts list to be mounted for the container when created +default_mounts = [ + "/usr/share/rhel/secrets:/run/secrets", +] + # pids_limit is the number of processes allowed in a container pids_limit = 1024 |