summaryrefslogtreecommitdiffstats
path: root/roles/docker
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #6102 from mgugino-upstream-stage/fix-docker-reg-auth-proxyOpenShift Merge Robot2017-11-141-2/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Run registry auth after docker restart Currently, docker login may fail if a proxy is added to the config but docker is already running. This is due to the fact that 'docker login' must have a functioning docker.service running (with valid network connection) to complete. Currently, handlers restart the docker service at the end of the role. This doesn't allow for updating proxy settings before running docker login. This commit moves 'docker login' command after flushing handlers. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
| * Run registry auth after docker restartMichael Gugino2017-11-131-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker login may fail if a proxy is added to the config but docker is already running. This is due to the fact that 'docker login' must have a functioning docker.service running (with valid network connection) to complete. Currently, handlers restart the docker service at the end of the role. This doesn't allow for updating proxy settings before running docker login. This commit moves 'docker login' command after flushing handlers. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
* | crio: sync crio.confGiuseppe Scrivano2017-11-141-0/+5
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6030 from giuseppe/fix-selinux-docker-tooOpenShift Merge Robot2017-11-062-4/+9
|\ | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. container-engine: ensure /var/lib/containers/ is properly labelled we were doing it only when CRI-O is installed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * container-engine: ensure /var/lib/containers/ is properly labelledGiuseppe Scrivano2017-11-062-4/+9
| | | | | | | | | | | | | | | | we were doing it only when CRI-O is installed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Moving docker location to share path with system containers.Kenny Woodson2017-11-062-0/+48
|/
* Docker: make use of new etc/containers/registries.conf optionalMichael Gugino2017-10-312-0/+2
| | | | | | | Currently, not all versions of docker support using /etc/containers/registries.conf This commit makes the use of that file optional.
* Merge pull request #5932 from mgugino-upstream-stage/retry-docker-credsOpenShift Merge Robot2017-10-311-0/+4
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add retry logic to docker auth credentials This commit enables retry on docker login commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
| * Add retry logic to docker auth credentialsMichael Gugino2017-10-301-0/+4
| | | | | | | | | | | | This commit enables retry on docker login commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
* | Merge pull request #5917 from ashcrow/kennys-patchScott Dodson2017-10-303-5/+8
|\ \ | |/ |/| docker: Create openshift_docker_is_node_or_master variable
| * docker: Create openshift_docker_is_node_or_master variableSteve Milner2017-10-273-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | This can be used in place of: inventory_hostname in groups['oo_masters_to_config'] or \ inventory_hostname in groups['oo_nodes_to_config'] While the previous version works, this change helps with the tasks are run during AMI creation. Code written by Kenny Woodson @kwoodson.
* | cri-o: Set max log size to 50 mbMrunal Patel2017-10-271-1/+1
|/ | | | Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
* Merge pull request #5911 from giuseppe/crio-open-port-10010Scott Dodson2017-10-274-0/+53
|\ | | | | cri-o: open port 10010
| * cri-o: open port 10010Giuseppe Scrivano2017-10-274-0/+53
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5901 from ashcrow/failed-whenScott Dodson2017-10-271-1/+1
|\ \ | | | | | | crio: Add failed_when to overlay check
| * | crio: Add failed_when to overlay checkSteve Milner2017-10-261-1/+1
| |/ | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506399 Signed-off-by: Steve Milner <smilner@redhat.com>
| * Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgradesOpenShift Merge Robot2017-10-242-11/+13
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Enable oreg_auth credential replace during upgrades Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| | * Enable oreg_auth credential replace during upgradesMichael Gugino2017-10-192-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
* | | Merge pull request #5905 from ashcrow/restorcon-for-crioScott Dodson2017-10-271-0/+4
|\ \ \ | | | | | | | | crio: restorcon /var/lib/containers
| * | | crio: restorcon /var/lib/containersSteve Milner2017-10-261-0/+4
| |/ / | | | | | | | | | | | | | | | When using the cri-o system container some items in /var/lib/containers end up having incorrect labels. This runs restorecon -R /var/lib/containers after the system container is installed.
* / / docker: set credentials when using system containerGiuseppe Scrivano2017-10-263-11/+15
|/ / | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5818 from ashcrow/1503860OpenShift Merge Robot2017-10-232-8/+9
|\ \ | | | | | | | | | | | | Automatic merge from submit-queue. docker: Move enterprise registry from pkg to main
| * | docker: Move enterprise registry from pkg to mainSteve Milner2017-10-192-8/+9
| |/ | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860 Signed-off-by: Steve Milner <smilner@redhat.com>
* / systemcontainers: Verify atomic.conf proxy is always configuredSteve Milner2017-10-192-62/+8
|/ | | | | | | | | | | A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903 Signed-off-by: Steve Milner <smilner@redhat.com>
* Merge pull request #5774 from mgugino-upstream-stage/docker-option-fixScott Dodson2017-10-182-5/+7
|\ | | | | Fix missing docker option signature-verification
| * Fix missing docker option signature-verificationMichael Gugino2017-10-162-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker 1.12 can be configured to use the run-time parameter of 'signature-verification' By default, rpm installation of docker results in '--signature-verification=false' being added to OPTIONS in /etc/sysconfig/docker Currently, openshift-ansible does not preserve that value. This can cause docker to be unable to pull images from a previously working source due to a change in configuration. This commit adds the option with the default as provided by the rpm installation. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
* | cri-o: error out when node is a Docker containerGiuseppe Scrivano2017-10-161-0/+6
|/ | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1489555 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Ensure docker service status actually changesMichael Gugino2017-10-111-1/+8
| | | | | | | | | | | | | | | | | | | | | Currently, docker is started during the docker role. If docker is started during the run of the role, the handler to restart docker is not triggered to prevent excess restarts of the docker service. The systemd docker that starts the docker service may report the result of the task as 'changed' even though docker is already running and the state of the service itself does not change. This commit checks the status of the docker service before starting it to ensure that docker was not in an 'active' state according to systemd. If the docker service is already in the 'active' state, the restart handler will trigger and restart docker at the end of the run of the role. Fixes: https://github.com/openshift/origin/issues/16709
* crio, docker: expect openshift_release to have 'v'Giuseppe Scrivano2017-10-102-2/+2
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5695 from giuseppe/image_tag_default_to_releaseOpenShift Merge Robot2017-10-093-13/+35
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. docker, CRI-O: openshift_image_tag defaults to openshift_release Replace: commit c2c4ba7ec62d4dfd87d746d20991e10f2bd1bddf Author: Giuseppe Scrivano <gscrivan@redhat.com> Date: Tue Sep 26 09:01:59 2017 +0200 Require openshift_image_tag in the inventory with openshift-enterprise Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> with using openshift_release for openshift_image_tag so we don't require users to include both in their inventory. Probably it is only a temporary solution until the openshift_image_tag vs openshift_release when using Docker/CRI-O is sorted out. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
| * crio, docker: use openshift_release when openshift_image_tag is not usedGiuseppe Scrivano2017-10-093-12/+34
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio: fix typoGiuseppe Scrivano2017-10-091-1/+1
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5705 from mgugino-upstream-stage/docker-partof-iptablesScott Dodson2017-10-091-0/+6
|\ \ | | | | | | Add PartOf to docker systemd service unit.
| * | Add PartOf to docker systemd service unit.Michael Gugino2017-10-091-0/+6
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if iptables service is restarted, existing iptables rules are removed. Docker adds iptables rules dyanmically upon startup and container creation. Restarting the iptables service results in a loss of these needed iptables rules. This commit ensures that if iptables service is restarted by anisble or the user, docker is also restarted. This ensures the proper dynamic iptables rules are in place for docker. Fixes: openshift/origin#16709
* / crio: use systemd managerGiuseppe Scrivano2017-10-091-1/+1
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5661 from giuseppe/crio-use-overlay-instead-of-overlay2OpenShift Merge Robot2017-10-071-3/+25
|\ | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. cri-o: use overlay instead of overlay2 overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio.conf.j2: sync from upstreamGiuseppe Scrivano2017-10-061-1/+23
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * cri-o: use overlay instead of overlay2Giuseppe Scrivano2017-10-061-2/+2
| | | | | | | | | | | | | | overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Ensure docker is restarted when iptables is restartedMichael Gugino2017-10-062-1/+4
|/ | | | | | | | | | | Currently, os_firewall role may run after docker role, and iptables.service may be restarted. When restarted, this negatively impacts docker's iptables rules. This commit ensures that if iptables is restarted, docker is restarted as well (by systemd) Fixes: https://github.com/openshift/origin/issues/16709
* Ensure docker service started prior to credentialsMichael Gugino2017-10-031-12/+12
| | | | | | | | | | | Currently, authenticated registry credentials are requested before docker might be started in the docker role. This commit moves the relevant registry credential tasks to after docker is started. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* Merge pull request #5490 from giuseppe/set-crio-docker-tag-for-oseOpenShift Merge Robot2017-10-033-9/+35
|\ | | | | | | | | | | | | Automatic merge from submit-queue. CRI-O, Docker: set the tag to the OpenShift release on RHEL Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
| * docker: fix some tox warningsGiuseppe Scrivano2017-09-271-6/+6
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * Require openshift_image_tag in the inventory with openshift-enterpriseGiuseppe Scrivano2017-09-271-0/+8
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio: use the image_tag on RHELGiuseppe Scrivano2017-09-271-2/+11
| | | | | | | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * docker: use the image_tag on RHELGiuseppe Scrivano2017-09-271-1/+10
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Restore registires to /etc/sysconfig/dockerMichael Gugino2017-10-021-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, a commit was added to migrate registires from /etc/sysconfig/docker to /etc/containers/registries.conf We are not currently enforcing a minimum version of docker to consume from this new file, thus some installations are not utilizing the correct repositories. This commit duplicates the registires in both locations to ensure additional/blocked/insecure registries are honored.
* | Fix typo in files (Docker registries)William Burton2017-09-292-2/+2
| |
* | Migrate enterprise registry logic to docker roleMichael Gugino2017-09-274-9/+19
|/ | | | | | | | | | | | | Currently, the enterprise registry to forcefully added in openshift_facts. Recently, the docker role has been modified to consume registry variables directly, bypassing openshift_facts. This commit cleans up unused code in openshift_facts, and migrates enterprise registry logic to the docker role. Fixes: https://github.com/openshift/openshift-ansible/issues/5557
* Merge pull request #5519 from giuseppe/crio-set-proper-tagOpenShift Merge Robot2017-09-261-1/+1
|\ | | | | | | | | | | | | Automatic merge from submit-queue Detect the proper version of the images when using CRI-O Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494357
| * crio: set the correct image name with OSEGiuseppe Scrivano2017-09-251-1/+1
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>