From e781e4cb8be85e201ad6e20ddd70401318846323 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Fri, 14 Jul 2017 10:37:48 -0400 Subject: cri-o: Allow cri-o usage. This change reuses the docker role to inject cri-o usage. --- roles/docker/tasks/main.yml | 5 ++ roles/docker/tasks/systemcontainer_crio.yml | 105 ++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100644 roles/docker/tasks/systemcontainer_crio.yml (limited to 'roles/docker') diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 0c2b16acf..fab1ac57a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -7,6 +7,7 @@ - set_fact: l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}" + l_use_crio: "{{ openshift.docker.use_crio | default(False) }}" - name: Use Package Docker if Requested include: package_docker.yml @@ -15,3 +16,7 @@ - name: Use System Container Docker if Requested include: systemcontainer_docker.yml when: l_use_system_container + +- name: Add CRI-O usage Requested + include: systemcontainer_crio.yml + when: l_use_crio diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml new file mode 100644 index 000000000..c67904873 --- /dev/null +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -0,0 +1,105 @@ +--- +# TODO: Much of this file is shared with container engine tasks + +- name: Ensure container-selinux is installed + package: + name: container-selinux + state: present + when: not openshift.common.is_atomic | bool + +# Used to pull and install the system container +- name: Ensure atomic is installed + package: + name: atomic + state: present + when: not openshift.common.is_atomic | bool + +# At the time of writing the atomic command requires runc for it's own use. This +# task is here in the even that the atomic package ever removes the dependency. +- name: Ensure runc is installed + package: + name: runc + state: present + when: not openshift.common.is_atomic | bool + +- block: + + - name: Add http_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?http_proxy[:=]{1}" + line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" + when: + - openshift.common.http_proxy is defined + - openshift.common.http_proxy != '' + + - name: Add https_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?https_proxy[:=]{1}" + line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" + when: + - openshift.common.https_proxy is defined + - openshift.common.https_proxy != '' + + - name: Add no_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?no_proxy[:=]{1}" + line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" + when: + - openshift.common.no_proxy is defined + - openshift.common.no_proxy != '' + + +- block: + + - name: Set to default prepend + set_fact: + l_crio_image_prepend: "gscrivano" + + - name: Use Red Hat Registry for image when distribution is Red Hat + set_fact: + l_crio_image_prepend: "registry.access.redhat.com/openshift3" + when: ansible_distribution == 'RedHat' + + - name: Use Fedora Registry for image when distribution is Fedora + set_fact: + l_crio_image_prepend: "registry.fedoraproject.org/f25" + when: ansible_distribution == 'Fedora' + + # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504 + - name: Use a testing registry if requested + set_fact: + l_crio_image_prepend: "{{ openshift_docker_systemcontainer_image_registry_override }}" + when: + - openshift_docker_systemcontainer_image_registry_override is defined + - openshift_docker_systemcontainer_image_registry_override != "" + + - name: Set the full image name + set_fact: + l_crio_image: "{{ l_crio_image_prepend }}/{{ openshift.docker.service_name }}:latest" + +# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released +- name: Pre-pull CRI-O System Container image + command: "atomic pull --storage ostree {{ l_crio_image }}" + changed_when: false + environment: + NO_PROXY: "{{ openshift.common.no_proxy | default('') }}" + + +- name: Install CRI-O System Container + oc_atomic_container: + name: "cri-o" + image: "{{ l_crio_image }}" + state: latest + +- name: Start the CRI-O service + systemd: + name: "cri-o" + enabled: yes + state: started + daemon_reload: yes + register: start_result + +- meta: flush_handlers -- cgit v1.2.3 From ba71fba1dc64a05b9cc26b72263255a915601c84 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Sun, 16 Jul 2017 00:25:26 +0200 Subject: cri-o: configure storage and insecure registries Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/main.yml | 10 +++++++--- roles/docker/tasks/systemcontainer_crio.yml | 27 +++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index fab1ac57a..61230fa3d 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -7,7 +7,7 @@ - set_fact: l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}" - l_use_crio: "{{ openshift.docker.use_crio | default(False) }}" + l_use_crio: "{{ use_crio | default(False) }}" - name: Use Package Docker if Requested include: package_docker.yml @@ -15,8 +15,12 @@ - name: Use System Container Docker if Requested include: systemcontainer_docker.yml - when: l_use_system_container + when: + - l_use_system_container + - not l_use_crio - name: Add CRI-O usage Requested include: systemcontainer_crio.yml - when: l_use_crio + when: + - l_use_system_container + - l_use_crio diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index c67904873..f3c03df2c 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -1,5 +1,7 @@ --- # TODO: Much of this file is shared with container engine tasks +- set_fact: + l_insecure_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}" - name: Ensure container-selinux is installed package: @@ -94,6 +96,31 @@ image: "{{ l_crio_image }}" state: latest +- name: run CRI-O with overlay2 + replace: + regexp: 'storage_driver = ""' + replace: 'storage_driver = "overlay2"' + name: /etc/crio/crio.conf + backup: yes + +- name: Add overlay2 storage opts for CRI-O + lineinfile: + dest: /etc/crio/crio.conf + line: '"overlay2.override_kernel_check=1"' + insertafter: 'storage_option = \[' + regexp: 'overlay2\.override_kernel_check=1' + state: present + when: ansible_distribution in ['RedHat', 'CentOS'] + +- name: Configure insecure registries for CRI-O + lineinfile: + dest: /etc/crio/crio.conf + line: "{{ l_insecure_registries }}" + insertafter: 'insecure_registries = \[' + regexp: "{{ l_insecure_registries }}" + state: present + when: openshift_docker_insecure_registries is defined + - name: Start the CRI-O service systemd: name: "cri-o" -- cgit v1.2.3 From 0622da00a835fb431654cf997adc08e87b563efa Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Mon, 17 Jul 2017 17:10:50 -0400 Subject: cri-o: Hardcode image name to cri-o --- roles/docker/tasks/systemcontainer_crio.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index f3c03df2c..f88f167c7 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -80,7 +80,7 @@ - name: Set the full image name set_fact: - l_crio_image: "{{ l_crio_image_prepend }}/{{ openshift.docker.service_name }}:latest" + l_crio_image: "{{ l_crio_image_prepend }}/cri-o:latest" # NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released - name: Pre-pull CRI-O System Container image -- cgit v1.2.3 From d27fe5a5513649d34c7f208975b2ada5ea459d9b Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Tue, 18 Jul 2017 16:48:22 -0400 Subject: cri-o: Minor fixes for tasks --- roles/docker/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 61230fa3d..5f9e4cf8a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -7,7 +7,7 @@ - set_fact: l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}" - l_use_crio: "{{ use_crio | default(False) }}" + l_use_crio: "{{ openshift.docker.use_crio | default(False) }}" - name: Use Package Docker if Requested include: package_docker.yml @@ -22,5 +22,4 @@ - name: Add CRI-O usage Requested include: systemcontainer_crio.yml when: - - l_use_system_container - l_use_crio -- cgit v1.2.3 From 3003a54811227f5434a8a3d7c8d54c3accafd1e3 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 19 Jul 2017 11:48:48 +0200 Subject: crio: use a template for the configuration Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/systemcontainer_crio.yml | 29 ++---- roles/docker/templates/crio.conf.j2 | 132 ++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+), 24 deletions(-) create mode 100644 roles/docker/templates/crio.conf.j2 (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index f88f167c7..7c3ed90d8 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -1,7 +1,7 @@ --- # TODO: Much of this file is shared with container engine tasks - set_fact: - l_insecure_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}" + l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}" - name: Ensure container-selinux is installed package: @@ -96,30 +96,11 @@ image: "{{ l_crio_image }}" state: latest -- name: run CRI-O with overlay2 - replace: - regexp: 'storage_driver = ""' - replace: 'storage_driver = "overlay2"' - name: /etc/crio/crio.conf - backup: yes - -- name: Add overlay2 storage opts for CRI-O - lineinfile: +- name: Create the CRI-O configuration + template: dest: /etc/crio/crio.conf - line: '"overlay2.override_kernel_check=1"' - insertafter: 'storage_option = \[' - regexp: 'overlay2\.override_kernel_check=1' - state: present - when: ansible_distribution in ['RedHat', 'CentOS'] - -- name: Configure insecure registries for CRI-O - lineinfile: - dest: /etc/crio/crio.conf - line: "{{ l_insecure_registries }}" - insertafter: 'insecure_registries = \[' - regexp: "{{ l_insecure_registries }}" - state: present - when: openshift_docker_insecure_registries is defined + src: crio.conf.j2 + backup: yes - name: Start the CRI-O service systemd: diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2 new file mode 100644 index 000000000..f7049aa41 --- /dev/null +++ b/roles/docker/templates/crio.conf.j2 @@ -0,0 +1,132 @@ +# {{ ansible_managed }} + +# The "crio" table contains all of the server options. +[crio] + +# root is a path to the "root directory". CRIO stores all of its data, +# including container images, in this directory. +root = "/var/lib/containers/storage" + +# run is a path to the "run directory". CRIO stores all of its state +# in this directory. +runroot = "/var/run/containers/storage" + +# storage_driver select which storage driver is used to manage storage +# of images and containers. +storage_driver = "overlay2" + +# storage_option is used to pass an option to the storage driver. +storage_option = [ +{% if ansible_distribution in ['RedHat', 'CentOS'] %} + "overlay2.override_kernel_check=1" +{% endif %} +] + +# The "crio.api" table contains settings for the kubelet/gRPC +# interface (which is also used by crioctl). +[crio.api] + +# listen is the path to the AF_LOCAL socket on which crio will listen. +listen = "/var/run/crio.sock" + +# stream_address is the IP address on which the stream server will listen +stream_address = "" + +# stream_port is the port on which the stream server will listen +stream_port = "10010" + +# The "crio.runtime" table contains settings pertaining to the OCI +# runtime used and options for how to set up and manage the OCI runtime. +[crio.runtime] + +# runtime is the OCI compatible runtime used for trusted container workloads. +# This is a mandatory setting as this runtime will be the default one +# and will also be used for untrusted container workloads if +# runtime_untrusted_workload is not set. +runtime = "/usr/libexec/crio/runc" + +# runtime_untrusted_workload is the OCI compatible runtime used for untrusted +# container workloads. This is an optional setting, except if +# default_container_trust is set to "untrusted". +runtime_untrusted_workload = "" + +# default_workload_trust is the default level of trust crio puts in container +# workloads. It can either be "trusted" or "untrusted", and the default +# is "trusted". +# Containers can be run through different container runtimes, depending on +# the trust hints we receive from kubelet: +# - If kubelet tags a container workload as untrusted, crio will try first to +# run it through the untrusted container workload runtime. If it is not set, +# crio will use the trusted runtime. +# - If kubelet does not provide any information about the container workload trust +# level, the selected runtime will depend on the default_container_trust setting. +# If it is set to "untrusted", then all containers except for the host privileged +# ones, will be run by the runtime_untrusted_workload runtime. Host privileged +# containers are by definition trusted and will always use the trusted container +# runtime. If default_container_trust is set to "trusted", crio will use the trusted +# container runtime for all containers. +default_workload_trust = "trusted" + +# conmon is the path to conmon binary, used for managing the runtime. +conmon = "/usr/libexec/crio/conmon" + +# conmon_env is the environment variable list for conmon process, +# used for passing necessary environment variable to conmon or runtime. +conmon_env = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +] + +# selinux indicates whether or not SELinux will be used for pod +# separation on the host. If you enable this flag, SELinux must be running +# on the host. +selinux = true + +# seccomp_profile is the seccomp json profile path which is used as the +# default for the runtime. +seccomp_profile = "/etc/crio/seccomp.json" + +# apparmor_profile is the apparmor profile name which is used as the +# default for the runtime. +apparmor_profile = "crio-default" + +# cgroup_manager is the cgroup management implementation to be used +# for the runtime. +cgroup_manager = "systemd" + +# The "crio.image" table contains settings pertaining to the +# management of OCI images. +[crio.image] + +# default_transport is the prefix we try prepending to an image name if the +# image name as we receive it can't be parsed as a valid source reference +default_transport = "docker://" + +# pause_image is the image which we use to instantiate infra containers. +pause_image = "kubernetes/pause" + +# pause_command is the command to run in a pause_image to have a container just +# sit there. If the image contains the necessary information, this value need +# not be specified. +pause_command = "/pause" + +# signature_policy is the name of the file which decides what sort of policy we +# use when deciding whether or not to trust an image that we've pulled. +# Outside of testing situations, it is strongly advised that this be left +# unspecified so that the default system-wide policy will be used. +signature_policy = "" + +# insecure_registries is used to skip TLS verification when pulling images. +insecure_registries = [ +{{ l_insecure_crio_registries }} +] + +# The "crio.network" table contains settings pertaining to the +# management of CNI plugins. +[crio.network] + +# network_dir is is where CNI network configuration +# files are stored. +network_dir = "/etc/cni/net.d/" + +# plugin_dir is is where CNI plugin binaries are stored. +plugin_dir = "/opt/cni/bin/" -- cgit v1.2.3 From c66d51f519acf2958a378c109750b86620e32122 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Wed, 19 Jul 2017 09:55:59 -0400 Subject: cri-o: Default insecure registries to "" --- roles/docker/tasks/systemcontainer_crio.yml | 1 + roles/docker/templates/crio.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 7c3ed90d8..651a20ea2 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -2,6 +2,7 @@ # TODO: Much of this file is shared with container engine tasks - set_fact: l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}" + when: openshift.docker.insecure_registries - name: Ensure container-selinux is installed package: diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2 index f7049aa41..eae1759ab 100644 --- a/roles/docker/templates/crio.conf.j2 +++ b/roles/docker/templates/crio.conf.j2 @@ -117,7 +117,7 @@ signature_policy = "" # insecure_registries is used to skip TLS verification when pulling images. insecure_registries = [ -{{ l_insecure_crio_registries }} +{{ l_insecure_crio_registries|default("") }} ] # The "crio.network" table contains settings pertaining to the -- cgit v1.2.3 From 941b8905feb30f2537360b002ae4b9a457b0f3e2 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Wed, 19 Jul 2017 10:22:40 -0400 Subject: cri-o: Ensure overlay is available Some distro releases may not have overlay loaded into the kernel. This change looks for overlay via lsmod and, if it isn't already there, uses modprobe to load it in and then drops a load config into /etc/modules-load.d/overlay.conf. --- roles/docker/tasks/systemcontainer_crio.yml | 20 ++++++++++++++++++++ roles/docker/templates/overlay.conf.j2 | 2 ++ 2 files changed, 22 insertions(+) create mode 100644 roles/docker/templates/overlay.conf.j2 (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 651a20ea2..68f9d9649 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -25,6 +25,26 @@ state: present when: not openshift.common.is_atomic | bool + +- name: Check that overlay is in the kernel + shell: lsmod | grep overlay + register: l_has_overlay_in_kernel + ignore_errors: yes + + +- when: l_has_overlay_in_kernel.rc != 0 + block: + + - name: Add overlay to modprobe.d + template: + dest: /etc/modules-load.d/overlay.conf + src: overlay.conf.j2 + backup: yes + + - name: Manually modprobe overlay into the kernel + command: modprobe overlay + + - block: - name: Add http_proxy to /etc/atomic.conf diff --git a/roles/docker/templates/overlay.conf.j2 b/roles/docker/templates/overlay.conf.j2 new file mode 100644 index 000000000..782f46c2e --- /dev/null +++ b/roles/docker/templates/overlay.conf.j2 @@ -0,0 +1,2 @@ +### {{ ansible_managed }} +overlay -- cgit v1.2.3 From 5e218e1a1df44897b46f5467e14c97d0155bae97 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Thu, 20 Jul 2017 12:38:56 -0400 Subject: cri-o: Enable systemd-modules-load if required If we had to drop the overlay file in /etc/modules-load.d/ then enable the systemd-modules-load service and make sure it runs. --- roles/docker/tasks/systemcontainer_crio.yml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 68f9d9649..21fc703fe 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -44,6 +44,12 @@ - name: Manually modprobe overlay into the kernel command: modprobe overlay + - name: Enable and start systemd-modules-load + service: + name: systemd-modules-load + enabled: yes + state: restarted + - block: -- cgit v1.2.3 From 72eaf22e58299e6584b026afb609266835177175 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 27 Jul 2017 09:20:10 +0200 Subject: cri-o: use only images from Docker Hub For the time being it won't be added to the Red Hat registry, so use only what is available on Docker Hub. Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/systemcontainer_crio.yml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 21fc703fe..cfc9157cc 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -85,17 +85,13 @@ - name: Set to default prepend set_fact: - l_crio_image_prepend: "gscrivano" + l_crio_image_prepend: "docker.io/gscrivano" + l_crio_image_name: "crio-o-fedora" - - name: Use Red Hat Registry for image when distribution is Red Hat + - name: Use Centos based image when distribution is Red Hat or CentOS set_fact: - l_crio_image_prepend: "registry.access.redhat.com/openshift3" - when: ansible_distribution == 'RedHat' - - - name: Use Fedora Registry for image when distribution is Fedora - set_fact: - l_crio_image_prepend: "registry.fedoraproject.org/f25" - when: ansible_distribution == 'Fedora' + l_crio_image_name: "cri-o-centos" + when: ansible_distribution in ['RedHat', 'CentOS'] # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504 - name: Use a testing registry if requested @@ -107,7 +103,7 @@ - name: Set the full image name set_fact: - l_crio_image: "{{ l_crio_image_prepend }}/cri-o:latest" + l_crio_image: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:latest" # NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released - name: Pre-pull CRI-O System Container image -- cgit v1.2.3 From 0898ff62d1b17c5102d394bf5fbf7ca54b266b75 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 28 Jul 2017 12:10:18 +0200 Subject: docker: skip Docker setup when using CRI-O Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 5f9e4cf8a..aecb289d5 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -11,7 +11,9 @@ - name: Use Package Docker if Requested include: package_docker.yml - when: not l_use_system_container + when: + - not l_use_system_container + - not l_use_crio - name: Use System Container Docker if Requested include: systemcontainer_docker.yml -- cgit v1.2.3 From f0a0e8466a917f0bf40c8b7f3076a1e8a2c8ed68 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 28 Jul 2017 18:37:58 +0200 Subject: docker: introduce use_crio_only Introduce a new variable that disable the installation of Docker. For the time being we will still need Docker for building images, so by default leave it installed. Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index aecb289d5..1f9ac5059 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -8,18 +8,19 @@ - set_fact: l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}" l_use_crio: "{{ openshift.docker.use_crio | default(False) }}" + l_use_crio_only: "{{ openshift.docker.use_crio_only | default(False) }}" - name: Use Package Docker if Requested include: package_docker.yml when: - not l_use_system_container - - not l_use_crio + - not l_use_crio_only - name: Use System Container Docker if Requested include: systemcontainer_docker.yml when: - l_use_system_container - - not l_use_crio + - not l_use_crio_only - name: Add CRI-O usage Requested include: systemcontainer_crio.yml -- cgit v1.2.3 From 59c9668c314518762cceb5845998bc9466fa5722 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 31 Jul 2017 08:29:40 +0200 Subject: cri-o: allow to override CRI-O image indipendently from Docker Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/systemcontainer_crio.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index cfc9157cc..f18a5b117 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -96,10 +96,10 @@ # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504 - name: Use a testing registry if requested set_fact: - l_crio_image_prepend: "{{ openshift_docker_systemcontainer_image_registry_override }}" + l_crio_image_prepend: "{{ openshift_crio_systemcontainer_image_registry_override }}" when: - - openshift_docker_systemcontainer_image_registry_override is defined - - openshift_docker_systemcontainer_image_registry_override != "" + - openshift_crio_systemcontainer_image_registry_override is defined + - openshift_crio_systemcontainer_image_registry_override != "" - name: Set the full image name set_fact: -- cgit v1.2.3 From 31e708a5d440a6ad13f81c4b94ad26e0b2d9587a Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 2 Aug 2017 18:44:08 +0200 Subject: cri-o: configure the CNI network Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/systemcontainer_crio.yml | 10 ++++++++++ roles/docker/templates/80-openshift-sdn.conf.j2 | 5 +++++ 2 files changed, 15 insertions(+) create mode 100644 roles/docker/templates/80-openshift-sdn.conf.j2 (limited to 'roles/docker') diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index f18a5b117..787f51f94 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -125,6 +125,16 @@ src: crio.conf.j2 backup: yes +- name: Ensure CNI configuration directory exists + file: + path: /etc/cni/net.d/ + state: directory + +- name: Configure the CNI network + template: + dest: /etc/cni/net.d/openshift-sdn.conf + src: 80-openshift-sdn.conf.j2 + - name: Start the CRI-O service systemd: name: "cri-o" diff --git a/roles/docker/templates/80-openshift-sdn.conf.j2 b/roles/docker/templates/80-openshift-sdn.conf.j2 new file mode 100644 index 000000000..a693aea5f --- /dev/null +++ b/roles/docker/templates/80-openshift-sdn.conf.j2 @@ -0,0 +1,5 @@ +{ + "cniVersion": "0.1.0", + "name": "openshift-sdn", + "type": "openshift-sdn" +} -- cgit v1.2.3