| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, docker 1.12 can be configured to use the
run-time parameter of 'signature-verification'
By default, rpm installation of docker results in
'--signature-verification=false' being added to
OPTIONS in /etc/sysconfig/docker
Currently, openshift-ansible does not preserve that
value. This can cause docker to be unable to pull
images from a previously working source due to a
change in configuration.
This commit adds the option with the default
as provided by the rpm installation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, docker is started during the docker role. If
docker is started during the run of the role, the
handler to restart docker is not triggered to prevent
excess restarts of the docker service.
The systemd docker that starts the docker service may
report the result of the task as 'changed' even though
docker is already running and the state of the service
itself does not change.
This commit checks the status of the docker service
before starting it to ensure that docker was not in
an 'active' state according to systemd. If the
docker service is already in the 'active' state,
the restart handler will trigger and restart
docker at the end of the run of the role.
Fixes: https://github.com/openshift/origin/issues/16709
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, authenticated registry credentials
are requested before docker might be started in
the docker role.
This commit moves the relevant registry credential
tasks to after docker is started.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
CRI-O, Docker: set the tag to the OpenShift release on RHEL
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, a commit was added to migrate registires
from /etc/sysconfig/docker to /etc/containers/registries.conf
We are not currently enforcing a minimum version of docker
to consume from this new file, thus some installations
are not utilizing the correct repositories.
This commit duplicates the registires in both locations
to ensure additional/blocked/insecure registries are
honored.
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the enterprise registry to forcefully added
in openshift_facts. Recently, the docker role has
been modified to consume registry variables directly,
bypassing openshift_facts.
This commit cleans up unused code in openshift_facts,
and migrates enterprise registry logic to the
docker role.
Fixes: https://github.com/openshift/openshift-ansible/issues/5557
|
|\
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Detect the proper version of the images when using CRI-O
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494357
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Move additional/block/insecure registires to /etc/containers/...
Move additional/block/insecure registires to /etc/containers/registries.conf
This commit moves additional/block/insecure registries to
/etc/containers/registries.conf and comments existing lines in
/etc/sysconfig/docker.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
|
| |
| |
| |
| |
| |
| |
| |
| | |
This commit moves additional/block/insecure registries to
/etc/containers/registries.conf and comments existing lines in
/etc/sysconfig/docker.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue
crio: skip installation on lbs and nfs nodes
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494461
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494461
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue
cri-o: Allow full image override
``openshift_crio_systemcontainer_image_registry_override`` has been replaced
with ``openshift_crio_systemcontainer_image_override``. The difference is
``openshift_crio_systemcontainer_image_override`` takes a full image path
including the tag.
Example:
```
openshift_crio_systemcontainer_image_override=gscrivano/cri-o-centos:latest
```
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
openshift_crio_systemcontainer_image_registry_override has been replaced
with openshift_crio_systemcontainer_image_override. The difference is
openshift_crio_systemcontainer_image_override takes a full image path
including the tag.
Example:
openshift_crio_systemcontainer_image_override=gscrivano/cri-o-centos:latest
|
| |/
|/|
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
|
|\ \
| | |
| | | |
add retries on repoquery
|
| |/ |
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| |/
|/|
| |
| | |
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
openshift_docker_systemcontainer_image_registry_override has been replaced
with openshift_docker_systemcontainer_image_override. The difference is
openshift_docker_systemcontainer_image_override takes a full image path
including the tag.
Example:
openshift_docker_systemcontainer_image_override=gscrivano/container-engine:latest
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|\
| |
| | |
Merged by openshift-bot
|
| | |
|
|\ \
| |/
|/| |
Merged by openshift-bot
|
| |
| |
| |
| |
| |
| |
| | |
Support added to CRI-O with:
https://github.com/kubernetes-incubator/cri-o/commit/a35727c80bd2a26613aae21db00628045cb9be24
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
| |
Introduce a new variable that disable the installation of Docker. For
the time being we will still need Docker for building images, so by
default leave it installed.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
For the time being it won't be added to the Red Hat registry, so use
only what is available on Docker Hub.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
| |
If we had to drop the overlay file in /etc/modules-load.d/ then enable
the systemd-modules-load service and make sure it runs.
|
|
|
|
|
|
|
| |
Some distro releases may not have overlay loaded into the kernel. This
change looks for overlay via lsmod and, if it isn't already there,
uses modprobe to load it in and then drops a load config into
/etc/modules-load.d/overlay.conf.
|
| |
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
This change reuses the docker role to inject cri-o usage.
|
|\
| |
| | |
openshift_checks/docker_storage: overlay/2 support
|