summaryrefslogtreecommitdiffstats
path: root/roles/docker/tasks
Commit message (Collapse)AuthorAgeFilesLines
* Implement container runtime roleMichael Gugino2017-12-017-729/+0
|
* retry package operationsLuke Meyer2017-11-303-0/+16
| | | | | | When a package install/update fails due to network blips or other spotty availability, retry it. If the failure is a real failure (e.g. package is really not there) it still fails after 3 tries (Ansible default).
* Merge pull request #6185 from ↵Michael Gugino2017-11-271-6/+0
|\ | | | | | | | | giuseppe/fix-additional-and-insecure-registries-for-crio cri-o: honor additional and insecure registries again
| * cri-o: honor additional and insecure registries againGiuseppe Scrivano2017-11-201-6/+0
| | | | | | | | | | | | | | | | Regression introduced with: https://github.com/openshift/openshift-ansible/commit/ee6adf9e9a520cc5873bf9f36924ae9aa4c47c7c Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6178 from giuseppe/copy-docker-to-alt-storage-pathMichael Gugino2017-11-271-4/+5
|\ \ | | | | | | docker: copy Docker metadata to the alternative storage path
| * | docker: copy Docker metadata to the alternative storage pathGiuseppe Scrivano2017-11-201-4/+5
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Workaround the fact that package state=present with dnf fails for already ↵Jan Pazdziora2017-11-221-1/+2
| | | | | | | | installed but excluded packages.
* | With dnf repoquery and excluded packages, --disableexcludes=all is needed to ↵Jan Pazdziora2017-11-221-1/+1
| | | | | | | | list the package with --installed.
* | Include Deprecation - Init Playbook PathsRussell Teague2017-11-164-8/+8
|/
* Merge pull request #6105 from kwoodson/docker_crio_fixScott Dodson2017-11-151-1/+1
|\ | | | | Fixing docker crio installation.
| * Fixing islnk.Kenny Woodson2017-11-131-1/+1
| |
* | Merge pull request #6094 from ↵OpenShift Merge Robot2017-11-153-2/+28
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mgugino-upstream-stage/syscontainers-docker-login-module Automatic merge from submit-queue. Alternative method to create docker registry auth creds Currently, the command 'docker login' is run when using oreg with authentication. On some hosts, such as hosts configured to use system containers, the docker service is not running. 'docker login' will fail without the docker service running. This commit adds a module to idempotently add credentials to the registry credentials file without the use of 'docker login' Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
| * | Alternative method to create docker registry auth credsMichael Gugino2017-11-143-2/+28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the command 'docker login' is run when using oreg with authentication. On some hosts, such as hosts configured to use system containers, the docker service is not running. 'docker login' will fail without the docker service running. This commit adds a module to idempotently add credentials to the registry credentials file without the use of 'docker login' Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
* / Run registry auth after docker restartMichael Gugino2017-11-131-2/+3
|/ | | | | | | | | | | | | | | | Currently, docker login may fail if a proxy is added to the config but docker is already running. This is due to the fact that 'docker login' must have a functioning docker.service running (with valid network connection) to complete. Currently, handlers restart the docker service at the end of the role. This doesn't allow for updating proxy settings before running docker login. This commit moves 'docker login' command after flushing handlers. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
* Merge pull request #6030 from giuseppe/fix-selinux-docker-tooOpenShift Merge Robot2017-11-062-4/+9
|\ | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. container-engine: ensure /var/lib/containers/ is properly labelled we were doing it only when CRI-O is installed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * container-engine: ensure /var/lib/containers/ is properly labelledGiuseppe Scrivano2017-11-062-4/+9
| | | | | | | | | | | | | | | | we were doing it only when CRI-O is installed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Moving docker location to share path with system containers.Kenny Woodson2017-11-061-0/+45
|/
* Docker: make use of new etc/containers/registries.conf optionalMichael Gugino2017-10-311-0/+1
| | | | | | | Currently, not all versions of docker support using /etc/containers/registries.conf This commit makes the use of that file optional.
* Merge pull request #5932 from mgugino-upstream-stage/retry-docker-credsOpenShift Merge Robot2017-10-311-0/+4
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add retry logic to docker auth credentials This commit enables retry on docker login commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
| * Add retry logic to docker auth credentialsMichael Gugino2017-10-301-0/+4
| | | | | | | | | | | | This commit enables retry on docker login commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
* | docker: Create openshift_docker_is_node_or_master variableSteve Milner2017-10-272-5/+5
|/ | | | | | | | | | | | This can be used in place of: inventory_hostname in groups['oo_masters_to_config'] or \ inventory_hostname in groups['oo_nodes_to_config'] While the previous version works, this change helps with the tasks are run during AMI creation. Code written by Kenny Woodson @kwoodson.
* Merge pull request #5911 from giuseppe/crio-open-port-10010Scott Dodson2017-10-272-0/+44
|\ | | | | cri-o: open port 10010
| * cri-o: open port 10010Giuseppe Scrivano2017-10-272-0/+44
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5901 from ashcrow/failed-whenScott Dodson2017-10-271-1/+1
|\ \ | | | | | | crio: Add failed_when to overlay check
| * | crio: Add failed_when to overlay checkSteve Milner2017-10-261-1/+1
| |/ | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506399 Signed-off-by: Steve Milner <smilner@redhat.com>
| * Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgradesOpenShift Merge Robot2017-10-242-11/+13
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Enable oreg_auth credential replace during upgrades Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| | * Enable oreg_auth credential replace during upgradesMichael Gugino2017-10-192-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
* | | Merge pull request #5905 from ashcrow/restorcon-for-crioScott Dodson2017-10-271-0/+4
|\ \ \ | | | | | | | | crio: restorcon /var/lib/containers
| * | | crio: restorcon /var/lib/containersSteve Milner2017-10-261-0/+4
| |/ / | | | | | | | | | | | | | | | When using the cri-o system container some items in /var/lib/containers end up having incorrect labels. This runs restorecon -R /var/lib/containers after the system container is installed.
* / / docker: set credentials when using system containerGiuseppe Scrivano2017-10-263-11/+15
|/ / | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5818 from ashcrow/1503860OpenShift Merge Robot2017-10-232-8/+9
|\ \ | | | | | | | | | | | | Automatic merge from submit-queue. docker: Move enterprise registry from pkg to main
| * | docker: Move enterprise registry from pkg to mainSteve Milner2017-10-192-8/+9
| |/ | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860 Signed-off-by: Steve Milner <smilner@redhat.com>
* / systemcontainers: Verify atomic.conf proxy is always configuredSteve Milner2017-10-192-62/+8
|/ | | | | | | | | | | A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903 Signed-off-by: Steve Milner <smilner@redhat.com>
* Merge pull request #5774 from mgugino-upstream-stage/docker-option-fixScott Dodson2017-10-181-5/+6
|\ | | | | Fix missing docker option signature-verification
| * Fix missing docker option signature-verificationMichael Gugino2017-10-161-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker 1.12 can be configured to use the run-time parameter of 'signature-verification' By default, rpm installation of docker results in '--signature-verification=false' being added to OPTIONS in /etc/sysconfig/docker Currently, openshift-ansible does not preserve that value. This can cause docker to be unable to pull images from a previously working source due to a change in configuration. This commit adds the option with the default as provided by the rpm installation. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
* | cri-o: error out when node is a Docker containerGiuseppe Scrivano2017-10-161-0/+6
|/ | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1489555 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Ensure docker service status actually changesMichael Gugino2017-10-111-1/+8
| | | | | | | | | | | | | | | | | | | | | Currently, docker is started during the docker role. If docker is started during the run of the role, the handler to restart docker is not triggered to prevent excess restarts of the docker service. The systemd docker that starts the docker service may report the result of the task as 'changed' even though docker is already running and the state of the service itself does not change. This commit checks the status of the docker service before starting it to ensure that docker was not in an 'active' state according to systemd. If the docker service is already in the 'active' state, the restart handler will trigger and restart docker at the end of the run of the role. Fixes: https://github.com/openshift/origin/issues/16709
* crio, docker: expect openshift_release to have 'v'Giuseppe Scrivano2017-10-102-2/+2
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* crio, docker: use openshift_release when openshift_image_tag is not usedGiuseppe Scrivano2017-10-093-12/+34
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* crio: fix typoGiuseppe Scrivano2017-10-091-1/+1
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Ensure docker is restarted when iptables is restartedMichael Gugino2017-10-061-1/+3
| | | | | | | | | | | Currently, os_firewall role may run after docker role, and iptables.service may be restarted. When restarted, this negatively impacts docker's iptables rules. This commit ensures that if iptables is restarted, docker is restarted as well (by systemd) Fixes: https://github.com/openshift/origin/issues/16709
* Ensure docker service started prior to credentialsMichael Gugino2017-10-031-12/+12
| | | | | | | | | | | Currently, authenticated registry credentials are requested before docker might be started in the docker role. This commit moves the relevant registry credential tasks to after docker is started. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* Merge pull request #5490 from giuseppe/set-crio-docker-tag-for-oseOpenShift Merge Robot2017-10-033-9/+35
|\ | | | | | | | | | | | | Automatic merge from submit-queue. CRI-O, Docker: set the tag to the OpenShift release on RHEL Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
| * docker: fix some tox warningsGiuseppe Scrivano2017-09-271-6/+6
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * Require openshift_image_tag in the inventory with openshift-enterpriseGiuseppe Scrivano2017-09-271-0/+8
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio: use the image_tag on RHELGiuseppe Scrivano2017-09-271-2/+11
| | | | | | | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * docker: use the image_tag on RHELGiuseppe Scrivano2017-09-271-1/+10
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Restore registires to /etc/sysconfig/dockerMichael Gugino2017-10-021-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, a commit was added to migrate registires from /etc/sysconfig/docker to /etc/containers/registries.conf We are not currently enforcing a minimum version of docker to consume from this new file, thus some installations are not utilizing the correct repositories. This commit duplicates the registires in both locations to ensure additional/blocked/insecure registries are honored.
* | Fix typo in files (Docker registries)William Burton2017-09-291-1/+1
| |
* | Migrate enterprise registry logic to docker roleMichael Gugino2017-09-273-9/+17
|/ | | | | | | | | | | | | Currently, the enterprise registry to forcefully added in openshift_facts. Recently, the docker role has been modified to consume registry variables directly, bypassing openshift_facts. This commit cleans up unused code in openshift_facts, and migrates enterprise registry logic to the docker role. Fixes: https://github.com/openshift/openshift-ansible/issues/5557
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 05:16:06 +0000