summaryrefslogtreecommitdiffstats
path: root/roles/docker/tasks/package_docker.yml
Commit message (Collapse)AuthorAgeFilesLines
* Docker: make use of new etc/containers/registries.conf optionalMichael Gugino2017-10-311-0/+1
| | | | | | | Currently, not all versions of docker support using /etc/containers/registries.conf This commit makes the use of that file optional.
* Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgradesOpenShift Merge Robot2017-10-241-11/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Enable oreg_auth credential replace during upgrades Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| * Enable oreg_auth credential replace during upgradesMichael Gugino2017-10-191-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
* | docker: Move enterprise registry from pkg to mainSteve Milner2017-10-191-8/+0
|/ | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860 Signed-off-by: Steve Milner <smilner@redhat.com>
* Fix missing docker option signature-verificationMichael Gugino2017-10-161-5/+6
| | | | | | | | | | | | | | | | | | | Currently, docker 1.12 can be configured to use the run-time parameter of 'signature-verification' By default, rpm installation of docker results in '--signature-verification=false' being added to OPTIONS in /etc/sysconfig/docker Currently, openshift-ansible does not preserve that value. This can cause docker to be unable to pull images from a previously working source due to a change in configuration. This commit adds the option with the default as provided by the rpm installation. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
* Ensure docker service status actually changesMichael Gugino2017-10-111-1/+8
| | | | | | | | | | | | | | | | | | | | | Currently, docker is started during the docker role. If docker is started during the run of the role, the handler to restart docker is not triggered to prevent excess restarts of the docker service. The systemd docker that starts the docker service may report the result of the task as 'changed' even though docker is already running and the state of the service itself does not change. This commit checks the status of the docker service before starting it to ensure that docker was not in an 'active' state according to systemd. If the docker service is already in the 'active' state, the restart handler will trigger and restart docker at the end of the run of the role. Fixes: https://github.com/openshift/origin/issues/16709
* Ensure docker is restarted when iptables is restartedMichael Gugino2017-10-061-1/+3
| | | | | | | | | | | Currently, os_firewall role may run after docker role, and iptables.service may be restarted. When restarted, this negatively impacts docker's iptables rules. This commit ensures that if iptables is restarted, docker is restarted as well (by systemd) Fixes: https://github.com/openshift/origin/issues/16709
* Ensure docker service started prior to credentialsMichael Gugino2017-10-031-12/+12
| | | | | | | | | | | Currently, authenticated registry credentials are requested before docker might be started in the docker role. This commit moves the relevant registry credential tasks to after docker is started. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* Restore registires to /etc/sysconfig/dockerMichael Gugino2017-10-021-2/+12
| | | | | | | | | | | | | Previously, a commit was added to migrate registires from /etc/sysconfig/docker to /etc/containers/registries.conf We are not currently enforcing a minimum version of docker to consume from this new file, thus some installations are not utilizing the correct repositories. This commit duplicates the registires in both locations to ensure additional/blocked/insecure registries are honored.
* Fix typo in files (Docker registries)William Burton2017-09-291-1/+1
|
* Migrate enterprise registry logic to docker roleMichael Gugino2017-09-271-0/+8
| | | | | | | | | | | | | Currently, the enterprise registry to forcefully added in openshift_facts. Recently, the docker role has been modified to consume registry variables directly, bypassing openshift_facts. This commit cleans up unused code in openshift_facts, and migrates enterprise registry logic to the docker role. Fixes: https://github.com/openshift/openshift-ansible/issues/5557
* Move additional/block/insecure registires to /etc/containers/registries.confMichael Gugino2017-09-211-9/+9
| | | | | | | | This commit moves additional/block/insecure registries to /etc/containers/registries.conf and comments existing lines in /etc/sysconfig/docker. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
* more retries on repoquery_cmdLuke Meyer2017-09-191-1/+1
|
* Merge pull request #5401 from sosiouxme/20170913-retries-subsetLuke Meyer2017-09-141-0/+2
|\ | | | | add retries on repoquery
| * add retry on repoquery_cmdLuke Meyer2017-09-131-0/+2
| |
* | Fix: authenticated registry support for containerized hostsMichael Gugino2017-09-111-0/+12
|/ | | | | | | | | | | | | | | | | | | | | | | Currently, openshift-anisble supports authentication to container registries to pull down openshift container images. The openshift_verison role uses the docker cli to gather image information from container registries before authentication credentials are provided by openshift-ansible. This commit creates the necessary token to authenticate to private registries during openshift_version. The token is generated by the role 'docker' on all hosts where docker is installed/configured when oreg_auth_users is defined. This commit also adds a read-only mount into the openshift master and node container services. This mount is '/var/lib/origin/.docker:/root/.docker:ro'. This is because the container images do not currently read the values in '/var/lib/origin/.docker' as this may be a bug upstream. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* Merge pull request #4757 from sosiouxme/20170703-docker-storage-overlay2Scott Dodson2017-07-201-1/+1
|\ | | | | openshift_checks/docker_storage: overlay/2 support
| * docker: fix docker_selinux_enabledLuke Meyer2017-07-181-1/+1
| | | | | | | | | | Document the option so that those who want to run on OverlayFS can find it. Fix the task so that setting it to False isn't interpreted as true.
* | Ensure proper fact evaluationScott Dodson2017-07-181-1/+1
| |
* | Wrap additional service changes in retriesScott Dodson2017-07-181-2/+5
|/
* Add mtu setting to /etc/sysconfig/docker-networkScott Dodson2017-06-011-0/+15
| | | | Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1457062
* Default to iptables on masterScott Dodson2017-05-101-1/+1
| | | | | | We did this in 3.5 but never on master and we never came back to add migration support. So we'll revert this on master and if/when we add migration support we'll switch the default.
* System container dockerSteve Milner2017-05-031-0/+116
This change allows for the use of either the traditional package install of docker OR a system container install of docker. Two new inventory options, openshift_docker_use_system_container and openshift_docker_systemcontainer_image_registry_override, have been added which are be used to install with a system container. By default this option is commented out. One new fact has been added: - docker.service_name: docker by default, container-engine-docker for system container
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 16:42:23 +0000