From 0c31d72be3bf32f848eedad9859a81ba858f8c8f Mon Sep 17 00:00:00 2001 From: Devan Goodwin Date: Wed, 1 Jun 2016 15:34:18 -0300 Subject: Docker 1.10 Upgrade Adds a separate playbook for Docker 1.10 upgrade that can be run standalone on a pre-existing 3.2 cluster. The upgrade will take each node out of rotation, and remove *all* containers and images on it, as this is reportedly faster and more storage efficient than performing the in place 1.10 upgrade. This process is integrated into the 3.1 to 3.2 upgrade process. Normal config playbooks now become 3.2 only, and require Docker 1.10. Users of older environments will have to use an appropriate openshift-ansible version. Config playbooks no longer are in the business of upgrading or downgrading docker. --- roles/docker/tasks/main.yml | 59 +++++++++++++++-------------- roles/etcd/tasks/main.yml | 12 +++--- roles/openshift_docker_facts/tasks/main.yml | 11 ------ roles/openshift_master/tasks/main.yml | 9 +---- 4 files changed, 38 insertions(+), 53 deletions(-) (limited to 'roles') diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index b9b2666fb..f002dbc01 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,41 +1,42 @@ --- -# tasks file for docker - -- name: Get current installed version if docker_version is specified +# Going forward we require Docker 1.10 or greater. If the user has a lesser version installed they must run a separate upgrade process. +- name: Get current installed Docker version command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" - when: not openshift.common.is_atomic | bool and docker_version != '' - register: docker_version_result + when: not openshift.common.is_atomic | bool + register: curr_docker_version changed_when: false -- stat: path=/etc/sysconfig/docker-storage - register: docker_storage_check +# TODO: The use of upgrading var will be removed in the coming upgrade refactor. This is a temporary +# fix to wory around the fact that right now, this role is called during upgrade, before we're +# ready to upgrade Docker. +- name: Fail if Docker upgrade is required + fail: + msg: "Docker {{ curr_docker_version.stdout }} must be upgraded to Docker 1.10 or greater" + when: not upgrading | bool and not curr_docker_version | skipped and curr_docker_version.stdout | default('0.0', True) | version_compare('1.10', '<') -- name: Remove deferred deletion for downgrades from 1.9 +- name: Get latest available version of Docker command: > - sed -i 's/--storage-opt dm.use_deferred_deletion=true//' /etc/sysconfig/docker-storage - when: docker_storage_check.stat.exists | bool and not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare('1.9', '>=') and docker_version | version_compare('1.9', '<') - -- name: Downgrade docker if necessary - command: "{{ ansible_pkg_mgr }} swap -y docker-* docker-*{{ docker_version }}" - register: docker_downgrade_result - when: not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare(docker_version, 'gt') + {{ repoquery_cmd }} --qf '%{version}' "docker" + register: avail_docker_version + failed_when: false + changed_when: false + when: not openshift.common.is_atomic | bool -- name: Install docker - action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined and docker_version != '' else '' }} state=present" - when: not openshift.common.is_atomic | bool and docker_downgrade_result | skipped +- name: Verify Docker >= 1.10 is available + fail: + msg: "Docker {{ avail_docker_version.stdout }} is available, but 1.10 or greater is required" + when: not avail_docker_version | skipped and avail_docker_version.stdout | default('0.0', True) | version_compare('1.10', '<') -# If docker were enabled and started before we downgraded it may have entered a -# failed state. Check for that and clear it if necessary. -- name: Check that docker hasn't entered failed state - command: systemctl show docker - register: docker_state - changed_when: False +- stat: path=/etc/sysconfig/docker-storage + register: docker_storage_check -- name: Reset docker service state - command: systemctl reset-failed docker.service - when: " 'ActiveState=failed' in docker_state.stdout " +# Make sure Docker is installed, but does not update a running version. +# Docker upgrades are handled by a separate playbook. +- name: Install Docker + action: "{{ ansible_pkg_mgr }} name=docker state=present" + when: not openshift.common.is_atomic | bool -- name: Start the docker service +- name: Start the Docker service service: name: docker enabled: yes @@ -86,7 +87,7 @@ notify: - restart docker -- name: Set various docker options +- name: Set various Docker options lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 71735dc25..a798dc973 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -28,18 +28,18 @@ state: directory mode: 0700 -- name: Check for etcd service presence - command: systemctl show etcd.service - register: etcd_show - changed_when: false - - name: Disable system etcd when containerized - when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout + when: etcd_is_containerized | bool service: name: etcd state: stopped enabled: no +- name: Check for etcd service presence + command: systemctl show etcd.service + register: etcd_show + changed_when: false + - name: Mask system etcd when containerized when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout command: systemctl mask etcd diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index 43359dcb5..cdea90413 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -57,14 +57,3 @@ l_common_version: "{{ common_version.stdout | default('0.0', True) }}" when: not openshift.common.is_containerized | bool -- name: Set docker version to be installed - set_fact: - docker_version: "{{ '1.8.2' }}" - when: " ( l_common_version | version_compare('3.2','<') and openshift.common.service_type in ['openshift', 'atomic-openshift'] ) or - ( l_common_version | version_compare('1.1.4','<') and openshift.common.service_type == 'origin' )" - -- name: Set docker version to be installed - set_fact: - docker_version: "{{ '1.9.1' }}" - when: " ( l_common_version | version_compare('3.2','>') and openshift.common.service_type == 'atomic-openshift' ) or - ( l_common_version | version_compare('1.2','>') and openshift.common.service_type == 'origin' )" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index f70eaf144..63a54a0d9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -164,14 +164,9 @@ register: start_result notify: Verify API Server -- name: Check for non-HA master service presence - command: systemctl show {{ openshift.common.service_type }}-master.service - register: master_svc_show - changed_when: false - -- name: Stop and disable non-HA master when running HA +- name: Stop and disable non HA master when running HA service: name={{ openshift.common.service_type }}-master enabled=no state=stopped - when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout + when: openshift_master_ha | bool - set_fact: master_service_status_changed: "{{ start_result | changed }}" -- cgit v1.2.3 From c45c5935df97bb4aa9e8e9067d868371b04a24bf Mon Sep 17 00:00:00 2001 From: Devan Goodwin Date: Mon, 6 Jun 2016 14:58:02 -0300 Subject: Fix Docker 1.10 problems with empty tags and trailing : Docker 1.10 is no longer tolerant of commands like "docker pull myimage:" when we do not have an image tag in play. Adjust all occurrences with one that only includes the : if a version is defined. Adjust the containerized CLI wrappers for a similar problem. --- roles/openshift_cli/tasks/main.yml | 2 +- roles/openshift_cli/templates/openshift.j2 | 10 +++++++--- roles/openshift_master/tasks/main.yml | 2 +- roles/openshift_node/tasks/main.yml | 4 ++-- 4 files changed, 11 insertions(+), 7 deletions(-) (limited to 'roles') diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index bfa60e5b0..c0a712513 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -5,7 +5,7 @@ - name: Pull CLI Image command: > - docker pull {{ openshift.common.cli_image }}:{{ openshift_version }} + docker pull {{ openshift.common.cli_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool - name: Create /usr/local/bin/openshift cli wrapper diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2 index 437e08aab..8a3f3a257 100644 --- a/roles/openshift_cli/templates/openshift.j2 +++ b/roles/openshift_cli/templates/openshift.j2 @@ -5,14 +5,14 @@ fi cmd=`basename $0` user=`id -u` group=`id -g` -image_tag={{ openshift_version }} +image_tag="{{ openshift_version }}" >&2 echo """ ================================================================================ ATTENTION: You are running ${cmd} via a wrapper around 'docker run {{ openshift.common.cli_image }}:${image_tag}'. This wrapper is intended only to be used to bootstrap an environment. Please install client tools on another host once you have granted cluster-admin -privileges to a user. +privileges to a user. {% if openshift.common.deployment_type in ['openshift-enterprise','atomic-enterprise'] %} See https://docs.openshift.com/enterprise/latest/cli_reference/get_started_cli.html {% else %} @@ -21,4 +21,8 @@ See https://docs.openshift.org/latest/cli_reference/get_started_cli.html ================================================================================= """ -docker run -i --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }}:${image_tag} "${@}" +if [ -n "$image_tag" ]; then + image_tag=":$image_tag" +fi + +docker run -i --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }}${image_tag} "${@}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 63a54a0d9..e9a9c4251 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -29,7 +29,7 @@ - name: Pull master image command: > - docker pull {{ openshift.master.master_image }}:{{ openshift_version }} + docker pull {{ openshift.master.master_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool - name: Create openshift.common.data_dir diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e8bd13855..657e99e87 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -39,12 +39,12 @@ - name: Pull node image command: > - docker pull {{ openshift.node.node_image }}:{{ openshift_version }} + docker pull {{ openshift.node.node_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool - name: Pull OpenVSwitch image command: > - docker pull {{ openshift.node.ovs_image }}:{{ openshift_version }} + docker pull {{ openshift.node.ovs_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - name: Install the systemd units -- cgit v1.2.3 From 4bec37c10f835902a42b62493c5df0de97db73f8 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Wed, 8 Jun 2016 09:37:19 -0400 Subject: Bug 1338726 - never abort install if the latest version of docker is already installed --- roles/docker/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles') diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index f002dbc01..cafbdee4c 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -20,7 +20,7 @@ register: avail_docker_version failed_when: false changed_when: false - when: not openshift.common.is_atomic | bool + when: not curr_docker_version.stdout | default('0.0', True) | version_compare('1.10', '>=') and not openshift.common.is_atomic | bool - name: Verify Docker >= 1.10 is available fail: -- cgit v1.2.3 From 2d015f6197162da0b851a888cce5813aa056269e Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Thu, 9 Jun 2016 10:26:58 +0200 Subject: Add lower case proxy variables Some applications expect the *_PROXY variables to be lower case. To support this too inject them in addition to the upper case ones. Signed-off-by: Pascal Bach Reviewed-by: Fabio Huser --- roles/openshift_builddefaults/vars/main.yml | 6 ++++++ roles/openshift_master_facts/vars/main.yml | 6 ++++++ 2 files changed, 12 insertions(+) (limited to 'roles') diff --git a/roles/openshift_builddefaults/vars/main.yml b/roles/openshift_builddefaults/vars/main.yml index 9727c73a5..bcdf68112 100644 --- a/roles/openshift_builddefaults/vars/main.yml +++ b/roles/openshift_builddefaults/vars/main.yml @@ -13,3 +13,9 @@ builddefaults_yaml: value: "{{ openshift.builddefaults.https_proxy | default('', true) }}" - name: NO_PROXY value: "{{ openshift.builddefaults.no_proxy | default('', true) | join(',') }}" + - name: http_proxy + value: "{{ openshift.builddefaults.http_proxy | default('', true) }}" + - name: https_proxy + value: "{{ openshift.builddefaults.https_proxy | default('', true) }}" + - name: no_proxy + value: "{{ openshift.builddefaults.no_proxy | default('', true) | join(',') }}" diff --git a/roles/openshift_master_facts/vars/main.yml b/roles/openshift_master_facts/vars/main.yml index 3b0ee2761..086d8340c 100644 --- a/roles/openshift_master_facts/vars/main.yml +++ b/roles/openshift_master_facts/vars/main.yml @@ -11,4 +11,10 @@ builddefaults_yaml: - name: HTTPS_PROXY value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}" - name: NO_PROXY + value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" + - name: http_proxy + value: "{{ openshift.master.builddefaults_http_proxy | default(omit, true) }}" + - name: https_proxy + value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}" + - name: no_proxy value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" \ No newline at end of file -- cgit v1.2.3 From dcff138a3230a0f23cb627901b2a28cc6bec2e6b Mon Sep 17 00:00:00 2001 From: Devan Goodwin Date: Thu, 9 Jun 2016 08:37:34 -0300 Subject: Restore mistakenly reverted code. --- roles/etcd/tasks/main.yml | 12 ++++++------ roles/openshift_master/tasks/main.yml | 9 +++++++-- 2 files changed, 13 insertions(+), 8 deletions(-) (limited to 'roles') diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index a798dc973..71735dc25 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -28,18 +28,18 @@ state: directory mode: 0700 +- name: Check for etcd service presence + command: systemctl show etcd.service + register: etcd_show + changed_when: false + - name: Disable system etcd when containerized - when: etcd_is_containerized | bool + when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout service: name: etcd state: stopped enabled: no -- name: Check for etcd service presence - command: systemctl show etcd.service - register: etcd_show - changed_when: false - - name: Mask system etcd when containerized when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout command: systemctl mask etcd diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index f12371c23..28faee155 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -172,9 +172,14 @@ register: start_result notify: Verify API Server -- name: Stop and disable non HA master when running HA +- name: Check for non-HA master service presence + command: systemctl show {{ openshift.common.service_type }}-master.service + register: master_svc_show + changed_when: false + +- name: Stop and disable non-HA master when running HA service: name={{ openshift.common.service_type }}-master enabled=no state=stopped - when: openshift_master_ha | bool + when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout - set_fact: master_service_status_changed: "{{ start_result | changed }}" -- cgit v1.2.3