| Age | Commit message (Collapse) | Author |
|---|
|
|
|
When a package install/update fails due to network blips or other spotty
availability, retry it. If the failure is a real failure (e.g. package
is really not there) it still fails after 3 tries (Ansible default).
|
|
giuseppe/fix-additional-and-insecure-registries-for-crio
cri-o: honor additional and insecure registries again
|
|
docker: copy Docker metadata to the alternative storage path
|
|
installed but excluded packages.
|
|
list the package with --installed.
|
|
Regression introduced with:
https://github.com/openshift/openshift-ansible/commit/ee6adf9e9a520cc5873bf9f36924ae9aa4c47c7c
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
Fixing docker crio installation.
|
|
mgugino-upstream-stage/syscontainers-docker-login-module
Automatic merge from submit-queue.
Alternative method to create docker registry auth creds
Currently, the command 'docker login' is run when using
oreg with authentication.
On some hosts, such as hosts configured to use system containers,
the docker service is not running. 'docker login' will fail
without the docker service running.
This commit adds a module to idempotently add credentials
to the registry credentials file without the use of
'docker login'
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
|
|
Currently, the command 'docker login' is run when using
oreg with authentication.
On some hosts, such as hosts configured to use system containers,
the docker service is not running. 'docker login' will fail
without the docker service running.
This commit adds a module to idempotently add credentials
to the registry credentials file without the use of
'docker login'
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
|
|
|
|
Currently, docker login may fail if a proxy is added to the config
but docker is already running.
This is due to the fact that 'docker login' must have a functioning
docker.service running (with valid network connection) to complete.
Currently, handlers restart the docker service at the end of
the role. This doesn't allow for updating proxy settings before
running docker login.
This commit moves 'docker login' command after flushing handlers.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
|
|
Automatic merge from submit-queue.
container-engine: ensure /var/lib/containers/ is properly labelled
we were doing it only when CRI-O is installed.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
we were doing it only when CRI-O is installed.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
Currently, not all versions of docker support using
/etc/containers/registries.conf
This commit makes the use of that file optional.
|
|
Automatic merge from submit-queue.
Add retry logic to docker auth credentials
This commit enables retry on docker login commands.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
|
|
This commit enables retry on docker login commands.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
|
|
This can be used in place of:
inventory_hostname in groups['oo_masters_to_config'] or \
inventory_hostname in groups['oo_nodes_to_config']
While the previous version works, this change helps with the tasks are
run during AMI creation.
Code written by Kenny Woodson @kwoodson.
|
|
cri-o: open port 10010
|
|
crio: Add failed_when to overlay check
|
|
crio: restorcon /var/lib/containers
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
When using the cri-o system container some items in /var/lib/containers
end up having incorrect labels. This runs restorecon -R
/var/lib/containers after the system container is installed.
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506399
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Automatic merge from submit-queue.
Enable oreg_auth credential replace during upgrades
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
|
Automatic merge from submit-queue.
docker: Move enterprise registry from pkg to main
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
|
A new openshift_atomic role has been created for atomic specific tasks.
The first task added is proxy which handles updating /etc/atomic.conf to
ensure the proper proxy configuration is configured. This task file is
then included (via include_role) in system container related task files.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
Fix missing docker option signature-verification
|
|
Currently, docker 1.12 can be configured to use the
run-time parameter of 'signature-verification'
By default, rpm installation of docker results in
'--signature-verification=false' being added to
OPTIONS in /etc/sysconfig/docker
Currently, openshift-ansible does not preserve that
value. This can cause docker to be unable to pull
images from a previously working source due to a
change in configuration.
This commit adds the option with the default
as provided by the rpm installation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
|
|
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1489555
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Currently, docker is started during the docker role. If
docker is started during the run of the role, the
handler to restart docker is not triggered to prevent
excess restarts of the docker service.
The systemd docker that starts the docker service may
report the result of the task as 'changed' even though
docker is already running and the state of the service
itself does not change.
This commit checks the status of the docker service
before starting it to ensure that docker was not in
an 'active' state according to systemd. If the
docker service is already in the 'active' state,
the restart handler will trigger and restart
docker at the end of the run of the role.
Fixes: https://github.com/openshift/origin/issues/16709
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|
|
Currently, authenticated registry credentials
are requested before docker might be started in
the docker role.
This commit moves the relevant registry credential
tasks to after docker is started.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|
Automatic merge from submit-queue.
CRI-O, Docker: set the tag to the OpenShift release on RHEL
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
|
|
Previously, a commit was added to migrate registires
from /etc/sysconfig/docker to /etc/containers/registries.conf
We are not currently enforcing a minimum version of docker
to consume from this new file, thus some installations
are not utilizing the correct repositories.
This commit duplicates the registires in both locations
to ensure additional/blocked/insecure registries are
honored.
|
|
|
|
Currently, the enterprise registry to forcefully added
in openshift_facts. Recently, the docker role has
been modified to consume registry variables directly,
bypassing openshift_facts.
This commit cleans up unused code in openshift_facts,
and migrates enterprise registry logic to the
docker role.
Fixes: https://github.com/openshift/openshift-ansible/issues/5557
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
