| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, authenticated registry credentials
are requested before docker might be started in
the docker role.
This commit moves the relevant registry credential
tasks to after docker is started.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, a commit was added to migrate registires
from /etc/sysconfig/docker to /etc/containers/registries.conf
We are not currently enforcing a minimum version of docker
to consume from this new file, thus some installations
are not utilizing the correct repositories.
This commit duplicates the registires in both locations
to ensure additional/blocked/insecure registries are
honored.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the enterprise registry to forcefully added
in openshift_facts. Recently, the docker role has
been modified to consume registry variables directly,
bypassing openshift_facts.
This commit cleans up unused code in openshift_facts,
and migrates enterprise registry logic to the
docker role.
Fixes: https://github.com/openshift/openshift-ansible/issues/5557
|
|
|
|
|
|
|
|
| |
This commit moves additional/block/insecure registries to
/etc/containers/registries.conf and comments existing lines in
/etc/sysconfig/docker.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
|
| |
|
|\
| |
| | |
add retries on repoquery
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\
| |
| | |
openshift_checks/docker_storage: overlay/2 support
|
| |
| |
| |
| |
| | |
Document the option so that those who want to run on OverlayFS can find
it. Fix the task so that setting it to False isn't interpreted as true.
|
| | |
|
|/ |
|
|
|
|
| |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1457062
|
|
|
|
|
|
| |
We did this in 3.5 but never on master and we never came back to add
migration support. So we'll revert this on master and if/when we add
migration support we'll switch the default.
|
|
This change allows for the use of either the traditional package install
of docker OR a system container install of docker.
Two new inventory options, openshift_docker_use_system_container and
openshift_docker_systemcontainer_image_registry_override, have been
added which are be used to install with a system container. By default
this option is commented out.
One new fact has been added:
- docker.service_name: docker by default, container-engine-docker
for system container
|