| Age | Commit message (Collapse) | Author |
|---|
|
|
|
When a package install/update fails due to network blips or other spotty
availability, retry it. If the failure is a real failure (e.g. package
is really not there) it still fails after 3 tries (Ansible default).
|
|
giuseppe/fix-additional-and-insecure-registries-for-crio
cri-o: honor additional and insecure registries again
|
|
docker: copy Docker metadata to the alternative storage path
|
|
installed but excluded packages.
|
|
list the package with --installed.
|
|
Regression introduced with:
https://github.com/openshift/openshift-ansible/commit/ee6adf9e9a520cc5873bf9f36924ae9aa4c47c7c
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
Fixing docker crio installation.
|
|
mgugino-upstream-stage/syscontainers-docker-login-module
Automatic merge from submit-queue.
Alternative method to create docker registry auth creds
Currently, the command 'docker login' is run when using
oreg with authentication.
On some hosts, such as hosts configured to use system containers,
the docker service is not running. 'docker login' will fail
without the docker service running.
This commit adds a module to idempotently add credentials
to the registry credentials file without the use of
'docker login'
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
|
|
Automatic merge from submit-queue.
Run registry auth after docker restart
Currently, docker login may fail if a proxy is added to the config
but docker is already running.
This is due to the fact that 'docker login' must have a functioning
docker.service running (with valid network connection) to complete.
Currently, handlers restart the docker service at the end of
the role. This doesn't allow for updating proxy settings before
running docker login.
This commit moves 'docker login' command after flushing handlers.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
|
|
Currently, the command 'docker login' is run when using
oreg with authentication.
On some hosts, such as hosts configured to use system containers,
the docker service is not running. 'docker login' will fail
without the docker service running.
This commit adds a module to idempotently add credentials
to the registry credentials file without the use of
'docker login'
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
Currently, docker login may fail if a proxy is added to the config
but docker is already running.
This is due to the fact that 'docker login' must have a functioning
docker.service running (with valid network connection) to complete.
Currently, handlers restart the docker service at the end of
the role. This doesn't allow for updating proxy settings before
running docker login.
This commit moves 'docker login' command after flushing handlers.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511869
|
|
Automatic merge from submit-queue.
container-engine: ensure /var/lib/containers/ is properly labelled
we were doing it only when CRI-O is installed.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
we were doing it only when CRI-O is installed.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1509880
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
Currently, not all versions of docker support using
/etc/containers/registries.conf
This commit makes the use of that file optional.
|
|
Automatic merge from submit-queue.
Add retry logic to docker auth credentials
This commit enables retry on docker login commands.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
|
|
docker: Create openshift_docker_is_node_or_master variable
|
|
This commit enables retry on docker login commands.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
|
|
This can be used in place of:
inventory_hostname in groups['oo_masters_to_config'] or \
inventory_hostname in groups['oo_nodes_to_config']
While the previous version works, this change helps with the tasks are
run during AMI creation.
Code written by Kenny Woodson @kwoodson.
|
|
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
|
|
cri-o: open port 10010
|
|
crio: Add failed_when to overlay check
|
|
crio: restorcon /var/lib/containers
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
When using the cri-o system container some items in /var/lib/containers
end up having incorrect labels. This runs restorecon -R
/var/lib/containers after the system container is installed.
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506399
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Automatic merge from submit-queue.
Enable oreg_auth credential replace during upgrades
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
|
Automatic merge from submit-queue.
docker: Move enterprise registry from pkg to main
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
|
A new openshift_atomic role has been created for atomic specific tasks.
The first task added is proxy which handles updating /etc/atomic.conf to
ensure the proper proxy configuration is configured. This task file is
then included (via include_role) in system container related task files.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
Fix missing docker option signature-verification
|
|
Currently, docker 1.12 can be configured to use the
run-time parameter of 'signature-verification'
By default, rpm installation of docker results in
'--signature-verification=false' being added to
OPTIONS in /etc/sysconfig/docker
Currently, openshift-ansible does not preserve that
value. This can cause docker to be unable to pull
images from a previously working source due to a
change in configuration.
This commit adds the option with the default
as provided by the rpm installation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
|
|
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1489555
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Currently, docker is started during the docker role. If
docker is started during the run of the role, the
handler to restart docker is not triggered to prevent
excess restarts of the docker service.
The systemd docker that starts the docker service may
report the result of the task as 'changed' even though
docker is already running and the state of the service
itself does not change.
This commit checks the status of the docker service
before starting it to ensure that docker was not in
an 'active' state according to systemd. If the
docker service is already in the 'active' state,
the restart handler will trigger and restart
docker at the end of the run of the role.
Fixes: https://github.com/openshift/origin/issues/16709
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Automatic merge from submit-queue.
docker, CRI-O: openshift_image_tag defaults to openshift_release
Replace:
commit c2c4ba7ec62d4dfd87d746d20991e10f2bd1bddf
Author: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue Sep 26 09:01:59 2017 +0200
Require openshift_image_tag in the inventory with openshift-enterprise
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
with using openshift_release for openshift_image_tag so we don't require users to include both in their inventory. Probably it is only a temporary solution until the openshift_image_tag vs openshift_release when using Docker/CRI-O is sorted out.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
|
|
Add PartOf to docker systemd service unit.
|
|
Currently, if iptables service is restarted,
existing iptables rules are removed.
Docker adds iptables rules dyanmically upon
startup and container creation. Restarting
the iptables service results in a loss of these
needed iptables rules.
This commit ensures that if iptables service is
restarted by anisble or the user, docker is
also restarted. This ensures the proper dynamic
iptables rules are in place for docker.
Fixes: openshift/origin#16709
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Automatic merge from submit-queue.
cri-o: use overlay instead of overlay2
overlay2 and overlay are the same driver. Upstream CRI-O is going to
drop any reference to overlay2 and use only overlay.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
