summaryrefslogtreecommitdiffstats
path: root/roles/docker
Commit message (Collapse)AuthorAgeFilesLines
* Implement container runtime roleMichael Gugino2017-12-0119-1115/+0
|
* retry package operationsLuke Meyer2017-11-303-0/+16
| | | | | | When a package install/update fails due to network blips or other spotty availability, retry it. If the failure is a real failure (e.g. package is really not there) it still fails after 3 tries (Ansible default).
* Merge pull request #6185 from ↵Michael Gugino2017-11-271-6/+0
|\ | | | | | | | | giuseppe/fix-additional-and-insecure-registries-for-crio cri-o: honor additional and insecure registries again
| * cri-o: honor additional and insecure registries againGiuseppe Scrivano2017-11-201-6/+0
| | | | | | | | | | | | | | | | Regression introduced with: https://github.com/openshift/openshift-ansible/commit/ee6adf9e9a520cc5873bf9f36924ae9aa4c47c7c Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6178 from giuseppe/copy-docker-to-alt-storage-pathMichael Gugino2017-11-271-4/+5
|\ \ | | | | | | docker: copy Docker metadata to the alternative storage path
| * | docker: copy Docker metadata to the alternative storage pathGiuseppe Scrivano2017-11-201-4/+5
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Workaround the fact that package state=present with dnf fails for already ↵Jan Pazdziora2017-11-221-1/+2
| | | | | | | | installed but excluded packages.
* | With dnf repoquery and excluded packages, --disableexcludes=all is needed to ↵Jan Pazdziora2017-11-221-1/+1
| | | | | | | | list the package with --installed.
* | Include Deprecation - Init Playbook PathsRussell Teague2017-11-164-8/+8
|/
* Merge pull request #6105 from kwoodson/docker_crio_fixScott Dodson2017-11-151-1/+1
|\ | | | | Fixing docker crio installation.
| * Fixing islnk.Kenny Woodson2017-11-131-1/+1
| |
* | Merge pull request #6094 from ↵OpenShift Merge Robot2017-11-155-2/+31
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mgugino-upstream-stage/syscontainers-docker-login-module Automatic merge from submit-queue. Alternative method to create docker registry auth creds Currently, the command 'docker login' is run when using oreg with authentication. On some hosts, such as hosts configured to use system containers, the docker service is not running. 'docker login' will fail without the docker service running. This commit adds a module to idempotently add credentials to the registry credentials file without the use of 'docker login' Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
| * | Alternative method to create docker registry auth credsMichael Gugino2017-11-145-2/+31
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the command 'docker login' is run when using oreg with authentication. On some hosts, such as hosts configured to use system containers, the docker service is not running. 'docker login' will fail without the docker service running. This commit adds a module to idempotently add credentials to the registry credentials file without the use of 'docker login' Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
* | Merge pull request #6102 from mgugino-upstream-stage/fix-docker-reg-auth-proxyOpenShift Merge Robot2017-11-141-2/+3
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Run registry auth after docker restart Currently, docker login may fail if a proxy is added to the config but docker is already running. This is due to the fact that 'docker login' must have a functioning docker.service running (with valid network connection) to complete. Currently, handlers restart the docker service at the end of the role. This doesn't allow for updating proxy settings before running docker login. This commit moves 'docker login' command after flushing handlers. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
| * | Run registry auth after docker restartMichael Gugino2017-11-131-2/+3
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker login may fail if a proxy is added to the config but docker is already running. This is due to the fact that 'docker login' must have a functioning docker.service running (with valid network connection) to complete. Currently, handlers restart the docker service at the end of the role. This doesn't allow for updating proxy settings before running docker login. This commit moves 'docker login' command after flushing handlers. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
* / crio: sync crio.confGiuseppe Scrivano2017-11-141-0/+5
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6030 from giuseppe/fix-selinux-docker-tooOpenShift Merge Robot2017-11-062-4/+9
|\ | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. container-engine: ensure /var/lib/containers/ is properly labelled we were doing it only when CRI-O is installed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * container-engine: ensure /var/lib/containers/ is properly labelledGiuseppe Scrivano2017-11-062-4/+9
| | | | | | | | | | | | | | | | we were doing it only when CRI-O is installed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Moving docker location to share path with system containers.Kenny Woodson2017-11-062-0/+48
|/
* Docker: make use of new etc/containers/registries.conf optionalMichael Gugino2017-10-312-0/+2
| | | | | | | Currently, not all versions of docker support using /etc/containers/registries.conf This commit makes the use of that file optional.
* Merge pull request #5932 from mgugino-upstream-stage/retry-docker-credsOpenShift Merge Robot2017-10-311-0/+4
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add retry logic to docker auth credentials This commit enables retry on docker login commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
| * Add retry logic to docker auth credentialsMichael Gugino2017-10-301-0/+4
| | | | | | | | | | | | This commit enables retry on docker login commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
* | Merge pull request #5917 from ashcrow/kennys-patchScott Dodson2017-10-303-5/+8
|\ \ | |/ |/| docker: Create openshift_docker_is_node_or_master variable
| * docker: Create openshift_docker_is_node_or_master variableSteve Milner2017-10-273-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | This can be used in place of: inventory_hostname in groups['oo_masters_to_config'] or \ inventory_hostname in groups['oo_nodes_to_config'] While the previous version works, this change helps with the tasks are run during AMI creation. Code written by Kenny Woodson @kwoodson.
* | cri-o: Set max log size to 50 mbMrunal Patel2017-10-271-1/+1
|/ | | | Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
* Merge pull request #5911 from giuseppe/crio-open-port-10010Scott Dodson2017-10-274-0/+53
|\ | | | | cri-o: open port 10010
| * cri-o: open port 10010Giuseppe Scrivano2017-10-274-0/+53
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5901 from ashcrow/failed-whenScott Dodson2017-10-271-1/+1
|\ \ | | | | | | crio: Add failed_when to overlay check
| * | crio: Add failed_when to overlay checkSteve Milner2017-10-261-1/+1
| |/ | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506399 Signed-off-by: Steve Milner <smilner@redhat.com>
| * Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgradesOpenShift Merge Robot2017-10-242-11/+13
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Enable oreg_auth credential replace during upgrades Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| | * Enable oreg_auth credential replace during upgradesMichael Gugino2017-10-192-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
* | | Merge pull request #5905 from ashcrow/restorcon-for-crioScott Dodson2017-10-271-0/+4
|\ \ \ | | | | | | | | crio: restorcon /var/lib/containers
| * | | crio: restorcon /var/lib/containersSteve Milner2017-10-261-0/+4
| |/ / | | | | | | | | | | | | | | | When using the cri-o system container some items in /var/lib/containers end up having incorrect labels. This runs restorecon -R /var/lib/containers after the system container is installed.
* / / docker: set credentials when using system containerGiuseppe Scrivano2017-10-263-11/+15
|/ / | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5818 from ashcrow/1503860OpenShift Merge Robot2017-10-232-8/+9
|\ \ | | | | | | | | | | | | Automatic merge from submit-queue. docker: Move enterprise registry from pkg to main
| * | docker: Move enterprise registry from pkg to mainSteve Milner2017-10-192-8/+9
| |/ | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860 Signed-off-by: Steve Milner <smilner@redhat.com>
* / systemcontainers: Verify atomic.conf proxy is always configuredSteve Milner2017-10-192-62/+8
|/ | | | | | | | | | | A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903 Signed-off-by: Steve Milner <smilner@redhat.com>
* Merge pull request #5774 from mgugino-upstream-stage/docker-option-fixScott Dodson2017-10-182-5/+7
|\ | | | | Fix missing docker option signature-verification
| * Fix missing docker option signature-verificationMichael Gugino2017-10-162-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker 1.12 can be configured to use the run-time parameter of 'signature-verification' By default, rpm installation of docker results in '--signature-verification=false' being added to OPTIONS in /etc/sysconfig/docker Currently, openshift-ansible does not preserve that value. This can cause docker to be unable to pull images from a previously working source due to a change in configuration. This commit adds the option with the default as provided by the rpm installation. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
* | cri-o: error out when node is a Docker containerGiuseppe Scrivano2017-10-161-0/+6
|/ | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1489555 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Ensure docker service status actually changesMichael Gugino2017-10-111-1/+8
| | | | | | | | | | | | | | | | | | | | | Currently, docker is started during the docker role. If docker is started during the run of the role, the handler to restart docker is not triggered to prevent excess restarts of the docker service. The systemd docker that starts the docker service may report the result of the task as 'changed' even though docker is already running and the state of the service itself does not change. This commit checks the status of the docker service before starting it to ensure that docker was not in an 'active' state according to systemd. If the docker service is already in the 'active' state, the restart handler will trigger and restart docker at the end of the run of the role. Fixes: https://github.com/openshift/origin/issues/16709
* crio, docker: expect openshift_release to have 'v'Giuseppe Scrivano2017-10-102-2/+2
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5695 from giuseppe/image_tag_default_to_releaseOpenShift Merge Robot2017-10-093-13/+35
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. docker, CRI-O: openshift_image_tag defaults to openshift_release Replace: commit c2c4ba7ec62d4dfd87d746d20991e10f2bd1bddf Author: Giuseppe Scrivano <gscrivan@redhat.com> Date: Tue Sep 26 09:01:59 2017 +0200 Require openshift_image_tag in the inventory with openshift-enterprise Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> with using openshift_release for openshift_image_tag so we don't require users to include both in their inventory. Probably it is only a temporary solution until the openshift_image_tag vs openshift_release when using Docker/CRI-O is sorted out. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
| * crio, docker: use openshift_release when openshift_image_tag is not usedGiuseppe Scrivano2017-10-093-12/+34
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio: fix typoGiuseppe Scrivano2017-10-091-1/+1
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5705 from mgugino-upstream-stage/docker-partof-iptablesScott Dodson2017-10-091-0/+6
|\ \ | | | | | | Add PartOf to docker systemd service unit.
| * | Add PartOf to docker systemd service unit.Michael Gugino2017-10-091-0/+6
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if iptables service is restarted, existing iptables rules are removed. Docker adds iptables rules dyanmically upon startup and container creation. Restarting the iptables service results in a loss of these needed iptables rules. This commit ensures that if iptables service is restarted by anisble or the user, docker is also restarted. This ensures the proper dynamic iptables rules are in place for docker. Fixes: openshift/origin#16709
* / crio: use systemd managerGiuseppe Scrivano2017-10-091-1/+1
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5661 from giuseppe/crio-use-overlay-instead-of-overlay2OpenShift Merge Robot2017-10-071-3/+25
|\ | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. cri-o: use overlay instead of overlay2 overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio.conf.j2: sync from upstreamGiuseppe Scrivano2017-10-061-1/+23
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>