diff options
Diffstat (limited to 'roles')
62 files changed, 157 insertions, 340 deletions
diff --git a/roles/calico/handlers/main.yml b/roles/calico/handlers/main.yml index 67fc0065f..9cc0604a3 100644 --- a/roles/calico/handlers/main.yml +++ b/roles/calico/handlers/main.yml @@ -3,10 +3,10 @@ become: yes systemd: name=calico state=restarted -- name: restart docker +- name: restart container runtime become: yes systemd: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" state: restarted register: l_docker_restart_docker_in_calico_result until: not l_docker_restart_docker_in_calico_result | failed diff --git a/roles/calico/templates/calico.service.j2 b/roles/calico/templates/calico.service.j2 index 7653e19b1..a7809b9f9 100644 --- a/roles/calico/templates/calico.service.j2 +++ b/roles/calico/templates/calico.service.j2 @@ -1,7 +1,7 @@ [Unit] Description=calico -After={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service +Requires={{ openshift_docker_service_name }}.service [Service] Restart=always diff --git a/roles/docker/README.md b/roles/container_runtime/README.md index 19908c036..e363c1714 100644 --- a/roles/docker/README.md +++ b/roles/container_runtime/README.md @@ -10,27 +10,23 @@ Requirements Ansible 2.2 -Role Variables +Mandator Role Variables -------------- -docker_conf_dir: location of the Docker configuration directory -docker_systemd_dir location of the systemd directory for Docker -docker_udev_workaround: raises udevd timeout to 5 minutes (https://bugzilla.redhat.com/show_bug.cgi?id=1272446) -udevw_udevd_dir: location of systemd config for systemd-udevd.service + Dependencies ------------ -Depends on the os_firewall role. +Depends on openshift_facts having already been run. Example Playbook ---------------- - hosts: servers roles: - - role: docker + - role: container_runtime docker_udev_workaround: "true" - docker_use_system_container: False License ------- diff --git a/roles/docker/defaults/main.yml b/roles/container_runtime/defaults/main.yml index 224844a06..62b3e141a 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/container_runtime/defaults/main.yml @@ -2,18 +2,34 @@ docker_cli_auth_config_path: '/root/.docker' openshift_docker_signature_verification: False +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" + openshift_docker_alternative_creds: False # oreg_url is defined by user input. oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" oreg_auth_credentials_replace: False +openshift_docker_use_system_container: False +openshift_docker_disable_push_dockerhub: False # bool +openshift_docker_selinux_enabled: True +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" + +openshift_docker_hosted_registry_insecure: False # bool + +openshift_docker_hosted_registry_network_default: "{{ openshift_portal_net | default(False) }}" +openshift_docker_hosted_registry_network: "{{ openshift_docker_hosted_registry_network_default }}" + openshift_docker_additional_registries: [] openshift_docker_blocked_registries: [] openshift_docker_insecure_registries: [] openshift_docker_ent_reg: 'registry.access.redhat.com' +openshift_docker_options: False # str +openshift_docker_log_driver: False # str +openshift_docker_log_options: [] + # The l2_docker_* variables convert csv strings to lists, if # necessary. These variables should be used in place of their respective # openshift_docker_* counterparts to ensure the properly formatted lists are @@ -21,6 +37,7 @@ openshift_docker_ent_reg: 'registry.access.redhat.com' l2_docker_additional_registries: "{% if openshift_docker_additional_registries is string %}{% if openshift_docker_additional_registries == '' %}[]{% elif ',' in openshift_docker_additional_registries %}{{ openshift_docker_additional_registries.split(',') | list }}{% else %}{{ [ openshift_docker_additional_registries ] }}{% endif %}{% else %}{{ openshift_docker_additional_registries }}{% endif %}" l2_docker_blocked_registries: "{% if openshift_docker_blocked_registries is string %}{% if openshift_docker_blocked_registries == '' %}[]{% elif ',' in openshift_docker_blocked_registries %}{{ openshift_docker_blocked_registries.split(',') | list }}{% else %}{{ [ openshift_docker_blocked_registries ] }}{% endif %}{% else %}{{ openshift_docker_blocked_registries }}{% endif %}" l2_docker_insecure_registries: "{% if openshift_docker_insecure_registries is string %}{% if openshift_docker_insecure_registries == '' %}[]{% elif ',' in openshift_docker_insecure_registries %}{{ openshift_docker_insecure_registries.split(',') | list }}{% else %}{{ [ openshift_docker_insecure_registries ] }}{% endif %}{% else %}{{ openshift_docker_insecure_registries }}{% endif %}" +l2_docker_log_options: "{% if openshift_docker_log_options is string %}{% if ',' in openshift_docker_log_options %}{{ openshift_docker_log_options.split(',') | list }}{% else %}{{ [ openshift_docker_log_options ] }}{% endif %}{% else %}{{ openshift_docker_log_options }}{% endif %}" openshift_docker_use_etc_containers: False containers_registries_conf_path: /etc/containers/registries.conf @@ -38,3 +55,26 @@ openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['o docker_alt_storage_path: /var/lib/containers/docker docker_default_storage_path: /var/lib/docker + +# Set local versions of facts that must be in json format for container-daemon.json +# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson +l_docker_log_options: "{{ l2_docker_log_options | to_json }}" +l_docker_additional_registries: "{{ l2_docker_additional_registries | to_json }}" +l_docker_blocked_registries: "{{ l2_docker_blocked_registries | to_json }}" +l_docker_insecure_registries: "{{ l2_docker_insecure_registries | to_json }}" +l_docker_selinux_enabled: "{{ openshift_docker_selinux_enabled | to_json }}" + +docker_http_proxy: "{{ openshift_http_proxy | default('') }}" +docker_https_proxy: "{{ openshift.common.https_proxy | default('') }}" +docker_no_proxy: "{{ openshift.common.no_proxy | default('') }}" + +openshift_use_crio: False +openshift_use_crio_only: False + + +l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" +l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" +l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" + +l_openshift_image_tag_default: "{{ openshift_release }}" +l_openshift_image_tag: "{{ openshift_image_tag | default(l_openshift_image_tag_default) | string}}" diff --git a/roles/docker/handlers/main.yml b/roles/container_runtime/handlers/main.yml index 866ed0452..67cd6d782 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/container_runtime/handlers/main.yml @@ -1,8 +1,8 @@ --- -- name: restart docker +- name: restart container runtime systemd: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" state: restarted daemon_reload: yes register: r_docker_restart_docker_result diff --git a/roles/docker/meta/main.yml b/roles/container_runtime/meta/main.yml index d5faae8df..02fceb745 100644 --- a/roles/docker/meta/main.yml +++ b/roles/container_runtime/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: OpenShift - description: docker package install + description: container runtime install and configure company: Red Hat, Inc license: ASL 2.0 min_ansible_version: 2.2 diff --git a/roles/docker/tasks/crio_firewall.yml b/roles/container_runtime/tasks/crio_firewall.yml index fbd1ff515..fbd1ff515 100644 --- a/roles/docker/tasks/crio_firewall.yml +++ b/roles/container_runtime/tasks/crio_firewall.yml diff --git a/roles/docker/tasks/main.yml b/roles/container_runtime/tasks/main.yml index b02a74711..6d68082b1 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/container_runtime/tasks/main.yml @@ -1,15 +1,7 @@ --- -# These tasks dispatch to the proper set of docker tasks based on the -# inventory:openshift_docker_use_system_container variable - - include_tasks: udev_workaround.yml when: docker_udev_workaround | default(False) | bool -- set_fact: - l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}" - l_use_crio: "{{ openshift_use_crio | default(False) }}" - l_use_crio_only: "{{ openshift_use_crio_only | default(False) }}" - - name: Add enterprise registry, if necessary set_fact: l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}" @@ -17,13 +9,13 @@ - openshift.common.deployment_type == 'openshift-enterprise' - openshift_docker_ent_reg != '' - openshift_docker_ent_reg not in l2_docker_additional_registries - - not l_use_crio_only + - not openshift_use_crio_only | bool - name: Use Package Docker if Requested include_tasks: package_docker.yml when: - - not l_use_system_container - - not l_use_crio_only + - not openshift_docker_use_system_container + - not openshift_use_crio_only - name: Ensure /var/lib/containers exists file: @@ -37,13 +29,13 @@ - name: Use System Container Docker if Requested include_tasks: systemcontainer_docker.yml when: - - l_use_system_container - - not l_use_crio_only + - openshift_docker_use_system_container + - not openshift_use_crio_only - name: Add CRI-O usage Requested include_tasks: systemcontainer_crio.yml when: - - l_use_crio + - openshift_use_crio - openshift_docker_is_node_or_master | bool - name: stat the docker data dir @@ -52,13 +44,13 @@ register: dockerstat - when: - - l_use_crio + - openshift_use_crio - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool) block: - name: stop the current running docker systemd: state: stopped - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}" command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" @@ -90,4 +82,4 @@ - name: start docker systemd: state: started - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/container_runtime/tasks/package_docker.yml index 044b04478..40ab75a25 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/container_runtime/tasks/package_docker.yml @@ -52,7 +52,7 @@ dest: "{{ docker_systemd_dir }}/custom.conf" src: custom.conf.j2 notify: - - restart docker + - restart container runtime when: not (os_firewall_use_firewalld | default(False)) | bool - stat: path=/etc/sysconfig/docker @@ -78,7 +78,7 @@ reg_fact_val: "{{ l2_docker_insecure_registries }}" reg_flag: --insecure-registry notify: - - restart docker + - restart container runtime - name: Place additional/blocked/insecure registries in /etc/containers/registries.conf template: @@ -86,7 +86,7 @@ src: registries.conf when: openshift_docker_use_etc_containers | bool notify: - - restart docker + - restart container runtime - name: Set Proxy Settings lineinfile: @@ -96,30 +96,34 @@ state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}" with_items: - reg_conf_var: HTTP_PROXY - reg_fact_val: "{{ docker_http_proxy | default('') }}" + reg_fact_val: "{{ docker_http_proxy }}" - reg_conf_var: HTTPS_PROXY - reg_fact_val: "{{ docker_https_proxy | default('') }}" + reg_fact_val: "{{ docker_https_proxy }}" - reg_conf_var: NO_PROXY - reg_fact_val: "{{ docker_no_proxy | default('') }}" + reg_fact_val: "{{ docker_no_proxy }}" notify: - - restart docker + - restart container runtime when: - - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common' + - docker_check.stat.isreg is defined + - docker_check.stat.isreg + - docker_http_proxy != '' or docker_https_proxy != '' - name: Set various Docker options lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='\ - {% if ansible_selinux.status | default(None) == 'enabled' and docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \ - {% if docker_log_driver is defined %} --log-driver {{ docker_log_driver }}{% endif %} \ - {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \ + {% if ansible_selinux.status | default(None) == 'enabled' and openshift_docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \ + {% if openshift_docker_log_driver | bool %} --log-driver {{ openshift_docker_log_driver }}{% endif %} \ + {% if l2_docker_log_options != [] %} {{ l2_docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \ + {% if openshift_docker_hosted_registry_insecure and (openshift_docker_hosted_registry_network | bool) %} --insecure-registry={{ openshift_docker_hosted_registry_network }} {% endif %} \ {% if docker_options is defined %} {{ docker_options }}{% endif %} \ - {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %} \ + {% if openshift_docker_options %} {{ openshift_docker_options }}{% endif %} \ + {% if openshift_docker_disable_push_dockerhub %} --confirm-def-push={{ openshift_docker_disable_push_dockerhub | bool }}{% endif %} \ --signature-verification={{ openshift_docker_signature_verification | bool }}'" when: docker_check.stat.isreg is defined and docker_check.stat.isreg notify: - - restart docker + - restart container runtime - stat: path=/etc/sysconfig/docker-network register: sysconfig_docker_network_check @@ -134,7 +138,7 @@ - sysconfig_docker_network_check.stat.isreg is defined - sysconfig_docker_network_check.stat.isreg notify: - - restart docker + - restart container runtime # The following task is needed as the systemd module may report a change in # state even though docker is already running. diff --git a/roles/docker/tasks/registry_auth.yml b/roles/container_runtime/tasks/registry_auth.yml index 2c7bc5711..2c7bc5711 100644 --- a/roles/docker/tasks/registry_auth.yml +++ b/roles/container_runtime/tasks/registry_auth.yml diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml index 3439aa353..8dcfe60ef 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/container_runtime/tasks/systemcontainer_crio.yml @@ -1,28 +1,5 @@ --- - # TODO: Much of this file is shared with container engine tasks -- set_fact: - l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" -- set_fact: - l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" -- set_fact: - l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" - -- set_fact: - l_openshift_image_tag: "{{ openshift_image_tag | string }}" - when: openshift_image_tag is defined - -- set_fact: - l_openshift_image_tag: "latest" - when: - - openshift_image_tag is not defined - - openshift_release == "latest" - -- set_fact: - l_openshift_image_tag: "{{ openshift_release | string }}" - when: - - openshift_image_tag is not defined - - openshift_release != "latest" - name: Ensure container-selinux is installed package: @@ -184,4 +161,4 @@ # 'docker login' - include_tasks: registry_auth.yml vars: - openshift_docker_alternative_creds: "{{ l_use_crio_only }}" + openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}" diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/container_runtime/tasks/systemcontainer_docker.yml index 881d83f50..84217e50c 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/container_runtime/tasks/systemcontainer_docker.yml @@ -1,28 +1,10 @@ --- - -- set_fact: - l_openshift_image_tag: "{{ openshift_image_tag | string }}" - when: openshift_image_tag is defined - -- set_fact: - l_openshift_image_tag: "latest" - when: - - openshift_image_tag is not defined - - openshift_release == "latest" - -- set_fact: - l_openshift_image_tag: "{{ openshift_release | string }}" - when: - - openshift_image_tag is not defined - - openshift_release != "latest" - # If docker_options are provided we should fail. We should not install docker and ignore # the users configuration. NOTE: docker_options == inventory:openshift_docker_options - name: Fail quickly if openshift_docker_options are set assert: that: - - docker_options is defined - - docker_options != "" + - "{% if not openshift_docker_options %}1{% else %}0{% endif %}" msg: | Docker via System Container does not allow for the use of the openshift_docker_options variable. If you want to use openshift_docker_options you will need to use the @@ -106,7 +88,7 @@ - name: Set the full image name set_fact: - l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:{{ l_docker_image_tag }}" + l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift_docker_service_name }}:{{ l_docker_image_tag }}" # For https://github.com/openshift/openshift-ansible/pull/5354#issuecomment-328552959 - name: Use a specific image if requested @@ -125,7 +107,7 @@ command: "atomic pull --storage ostree {{ l_docker_image }}" changed_when: false environment: - NO_PROXY: "{{ openshift.common.no_proxy | default('') }}" + NO_PROXY: "{{ docker_no_proxy }}" - name: Ensure container-engine.service.d directory exists @@ -140,7 +122,7 @@ - name: Install Container Engine System Container oc_atomic_container: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" image: "{{ l_docker_image }}" state: latest @@ -149,15 +131,6 @@ dest: "{{ container_engine_systemd_dir }}/custom.conf" src: systemcontainercustom.conf.j2 -# Set local versions of facts that must be in json format for container-daemon.json -# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson -- set_fact: - l_docker_insecure_registries: "{{ l2_docker_insecure_registries | default([]) | to_json }}" - l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}" - l_docker_additional_registries: "{{ l2_docker_additional_registries | default([]) | to_json }}" - l_docker_blocked_registries: "{{ l2_docker_blocked_registries | default([]) | to_json }}" - l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}" - # Configure container-engine using the container-daemon.json file # NOTE: daemon.json and container-daemon.json have been seperated to avoid # collision. @@ -169,7 +142,7 @@ # Enable and start the container-engine service - name: Start the Container Engine service systemd: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" enabled: yes state: started daemon_reload: yes diff --git a/roles/docker/tasks/udev_workaround.yml b/roles/container_runtime/tasks/udev_workaround.yml index 257c3123d..257c3123d 100644 --- a/roles/docker/tasks/udev_workaround.yml +++ b/roles/container_runtime/tasks/udev_workaround.yml diff --git a/roles/docker/templates/80-openshift-sdn.conf.j2 b/roles/container_runtime/templates/80-openshift-sdn.conf.j2 index a693aea5f..a693aea5f 100644 --- a/roles/docker/templates/80-openshift-sdn.conf.j2 +++ b/roles/container_runtime/templates/80-openshift-sdn.conf.j2 diff --git a/roles/docker/templates/crio.conf.j2 b/roles/container_runtime/templates/crio.conf.j2 index 3f066a17f..3f066a17f 100644 --- a/roles/docker/templates/crio.conf.j2 +++ b/roles/container_runtime/templates/crio.conf.j2 diff --git a/roles/docker/templates/custom.conf.j2 b/roles/container_runtime/templates/custom.conf.j2 index 713412473..713412473 100644 --- a/roles/docker/templates/custom.conf.j2 +++ b/roles/container_runtime/templates/custom.conf.j2 diff --git a/roles/docker/templates/daemon.json b/roles/container_runtime/templates/daemon.json index a41b7cdbd..383963bd3 100644 --- a/roles/docker/templates/daemon.json +++ b/roles/container_runtime/templates/daemon.json @@ -5,8 +5,8 @@ "disable-legacy-registry": false, "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries": {{ l_docker_insecure_registries }}, -{% if docker_log_driver is defined %} - "log-driver": "{{ docker_log_driver }}", +{% if openshift_docker_log_driver is defined %} + "log-driver": "{{ openshift_docker_log_driver }}", {%- endif %} "log-opts": {{ l_docker_log_options }}, "runtimes": { diff --git a/roles/docker/templates/overlay.conf.j2 b/roles/container_runtime/templates/overlay.conf.j2 index 782f46c2e..782f46c2e 100644 --- a/roles/docker/templates/overlay.conf.j2 +++ b/roles/container_runtime/templates/overlay.conf.j2 diff --git a/roles/docker/templates/registries.conf b/roles/container_runtime/templates/registries.conf index d379b2be0..d379b2be0 100644 --- a/roles/docker/templates/registries.conf +++ b/roles/container_runtime/templates/registries.conf diff --git a/roles/docker/templates/systemcontainercustom.conf.j2 b/roles/container_runtime/templates/systemcontainercustom.conf.j2 index 86eebfba6..86eebfba6 100644 --- a/roles/docker/templates/systemcontainercustom.conf.j2 +++ b/roles/container_runtime/templates/systemcontainercustom.conf.j2 diff --git a/roles/docker/vars/main.yml b/roles/container_runtime/vars/main.yml index 4e940b7f5..4e940b7f5 100644 --- a/roles/docker/vars/main.yml +++ b/roles/container_runtime/vars/main.yml diff --git a/roles/contiv/defaults/main.yml b/roles/contiv/defaults/main.yml index b5d2f7c6e..aa976d921 100644 --- a/roles/contiv/defaults/main.yml +++ b/roles/contiv/defaults/main.yml @@ -119,3 +119,5 @@ contiv_h1_gw_default: "10.129.0.1" # contiv default private subnet for ext access contiv_private_ext_subnet: "10.130.0.0/16" + +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" diff --git a/roles/contiv/tasks/netplugin.yml b/roles/contiv/tasks/netplugin.yml index 0b2f91bab..cf92a8cc0 100644 --- a/roles/contiv/tasks/netplugin.yml +++ b/roles/contiv/tasks/netplugin.yml @@ -105,7 +105,7 @@ - name: Docker | Restart docker service: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" state: restarted when: docker_updated|changed register: l_docker_restart_docker_in_contiv_result diff --git a/roles/contiv/templates/aci-gw.service b/roles/contiv/templates/aci-gw.service index 4506d2231..90bb98001 100644 --- a/roles/contiv/templates/aci-gw.service +++ b/roles/contiv/templates/aci-gw.service @@ -1,6 +1,6 @@ [Unit] Description=Contiv ACI gw -After=auditd.service systemd-user-sessions.service time-sync.target {{ openshift.docker.service_name }}.service +After=auditd.service systemd-user-sessions.service time-sync.target {{ openshift_docker_service_name }}.service [Service] ExecStart={{ bin_dir }}/aci_gw.sh start diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index a069e4d87..3038ed9f6 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -97,3 +97,5 @@ r_etcd_os_firewall_allow: # set the backend quota to 4GB by default etcd_quota_backend_bytes: 4294967296 + +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index 99ae37319..4c25a9955 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -1,8 +1,8 @@ [Unit] Description=The Etcd Server container -After={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service +Requires={{ openshift_docker_service_name }}.service +PartOf={{ openshift_docker_service_name }}.service [Service] EnvironmentFile={{ etcd_conf_file }} @@ -14,4 +14,4 @@ Restart=always RestartSec=5s [Install] -WantedBy={{ openshift.docker.service_name }}.service +WantedBy={{ openshift_docker_service_name }}.service diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml index 988731ef2..488b6b0bc 100644 --- a/roles/flannel/defaults/main.yaml +++ b/roles/flannel/defaults/main.yaml @@ -5,3 +5,5 @@ etcd_hosts: "{{ etcd_urls }}" etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/{{ 'ca' if (embedded_etcd | bool) else 'flannel.etcd-ca' }}.crt" etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.crt" etcd_peer_key_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.key" + +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml index 889069485..80e4d391d 100644 --- a/roles/flannel/handlers/main.yml +++ b/roles/flannel/handlers/main.yml @@ -6,7 +6,7 @@ - name: restart docker become: yes systemd: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" state: restarted register: l_docker_restart_docker_in_flannel_result until: not l_docker_restart_docker_in_flannel_result | failed diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml index 82da0639e..631a0455e 100644 --- a/roles/openshift_cli/defaults/main.yml +++ b/roles/openshift_cli/defaults/main.yml @@ -4,3 +4,8 @@ system_images_registry_dict: origin: "docker.io" system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" + +openshift_use_crio_only: False + +l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(False)) | bool }}" +l_use_cli_atomic_image: "{{ openshift_use_crio_only or l_is_system_container_image }}" diff --git a/roles/openshift_cli/meta/main.yml b/roles/openshift_cli/meta/main.yml index 29ed82783..5d2b6abed 100644 --- a/roles/openshift_cli/meta/main.yml +++ b/roles/openshift_cli/meta/main.yml @@ -12,6 +12,4 @@ galaxy_info: categories: - cloud dependencies: -- role: openshift_docker - when: not skip_docker_role | default(False) | bool - role: openshift_facts diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 7b046b2c4..140c6ea26 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -1,10 +1,4 @@ --- -- set_fact: - l_use_crio_only: "{{ openshift_use_crio_only | default(false) }}" - l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool }}" -- set_fact: - l_use_cli_atomic_image: "{{ l_use_crio_only or l_is_system_container_image }}" - - name: Install clients package: name={{ openshift.common.service_type }}-clients state=present when: not openshift.common.is_containerized | bool diff --git a/roles/openshift_docker/defaults/main.yml b/roles/openshift_docker/defaults/main.yml deleted file mode 100644 index ed97d539c..000000000 --- a/roles/openshift_docker/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml deleted file mode 100644 index 60efd4e45..000000000 --- a/roles/openshift_docker/meta/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -galaxy_info: - author: Jason DeTiberus - description: OpenShift Docker - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 1.9 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud -dependencies: -- role: openshift_docker_facts -- role: docker diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml deleted file mode 100644 index ed97d539c..000000000 --- a/roles/openshift_docker/tasks/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/openshift_docker_facts/defaults/main.yml b/roles/openshift_docker_facts/defaults/main.yml deleted file mode 100644 index ed97d539c..000000000 --- a/roles/openshift_docker_facts/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/openshift_docker_facts/meta/main.yml b/roles/openshift_docker_facts/meta/main.yml deleted file mode 100644 index 5b1be7a8d..000000000 --- a/roles/openshift_docker_facts/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -galaxy_info: - author: Jason DeTiberus - description: OpenShift Docker Facts - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 1.9 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud -dependencies: -- { role: openshift_facts } diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml deleted file mode 100644 index 5a3e50678..000000000 --- a/roles/openshift_docker_facts/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Set docker facts - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: docker - local_facts: - selinux_enabled: "{{ openshift_docker_selinux_enabled | default(None) }}" - log_driver: "{{ openshift_docker_log_driver | default(None) }}" - log_options: "{{ openshift_docker_log_options | default(None) }}" - options: "{{ openshift_docker_options | default(None) }}" - disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" - hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(openshift.docker.hosted_registry_insecure | default(False)) }}" - hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}" - use_system_container: "{{ openshift_docker_use_system_container | default(False) }}" - use_crio: "{{ openshift_use_crio | default(False) }}" - - role: node - local_facts: - sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" - -- set_fact: - docker_selinux_enabled: "{{ openshift.docker.selinux_enabled | default(omit) }}" - docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}" - docker_log_options: "{{ openshift.docker.log_options | default(omit) }}" - docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub - | default(omit) }}" - docker_http_proxy: "{{ openshift.common.http_proxy | default(omit) }}" - docker_https_proxy: "{{ openshift.common.https_proxy | default(omit) }}" - docker_no_proxy: "{{ openshift.common.no_proxy | default(omit) }}" - -- set_fact: - docker_options: "--insecure-registry={{ openshift.docker.hosted_registry_network }} {{ openshift.docker.options | default ('') }}" - when: openshift.docker.hosted_registry_insecure | default(False) | bool and openshift.docker.hosted_registry_network is defined - register: hosted_registry_options - -- set_fact: - docker_options: "{{ openshift.docker.options | default(omit) }}" - when: hosted_registry_options | skipped diff --git a/roles/openshift_docker_facts/vars/main.yml b/roles/openshift_docker_facts/vars/main.yml deleted file mode 100644 index 55c04b0c1..000000000 --- a/roles/openshift_docker_facts/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" diff --git a/roles/openshift_etcd/meta/main.yml b/roles/openshift_etcd/meta/main.yml index 7cc548f69..0e28fec03 100644 --- a/roles/openshift_etcd/meta/main.yml +++ b/roles/openshift_etcd/meta/main.yml @@ -13,6 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_etcd_facts -- role: openshift_docker - when: openshift.common.is_containerized | bool - role: etcd diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index bbcdbadd8..d72731a02 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -51,39 +51,6 @@ EXAMPLES = ''' ''' -def migrate_docker_facts(facts): - """ Apply migrations for docker facts """ - params = { - 'common': ( - 'options' - ), - 'node': ( - 'log_driver', - 'log_options' - ) - } - if 'docker' not in facts: - facts['docker'] = {} - # pylint: disable=consider-iterating-dictionary - for role in params.keys(): - if role in facts: - for param in params[role]: - old_param = 'docker_' + param - if old_param in facts[role]: - facts['docker'][param] = facts[role].pop(old_param) - - if 'node' in facts and 'portal_net' in facts['node']: - facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net') - - # log_options was originally meant to be a comma separated string, but - # we now prefer an actual list, with backward compatibility: - if 'log_options' in facts['docker'] and \ - isinstance(facts['docker']['log_options'], string_types): - facts['docker']['log_options'] = facts['docker']['log_options'].split(",") - - return facts - - # TODO: We should add a generic migration function that takes source and destination # paths and does the right thing rather than one function for common, one for node, etc. def migrate_common_facts(facts): @@ -156,7 +123,6 @@ def migrate_admission_plugin_facts(facts): def migrate_local_facts(facts): """ Apply migrations of local facts """ migrated_facts = copy.deepcopy(facts) - migrated_facts = migrate_docker_facts(migrated_facts) migrated_facts = migrate_common_facts(migrated_facts) migrated_facts = migrate_node_facts(migrated_facts) migrated_facts = migrate_hosted_facts(migrated_facts) @@ -1100,6 +1066,7 @@ def get_version_output(binary, version_cmd): return output +# We may need this in the future. def get_docker_version_info(): """ Parses and returns the docker version info """ result = None @@ -1113,25 +1080,6 @@ def get_docker_version_info(): return result -def get_hosted_registry_insecure(): - """ Parses OPTIONS from /etc/sysconfig/docker to determine if the - registry is currently insecure. - """ - hosted_registry_insecure = None - if os.path.exists('/etc/sysconfig/docker'): - try: - ini_str = text_type('[root]\n' + open('/etc/sysconfig/docker', 'r').read(), 'utf-8') - ini_fp = io.StringIO(ini_str) - config = configparser.RawConfigParser() - config.readfp(ini_fp) - options = config.get('root', 'OPTIONS') - if 'insecure-registry' in options: - hosted_registry_insecure = True - except Exception: # pylint: disable=broad-except - pass - return hosted_registry_insecure - - def get_openshift_version(facts): """ Get current version of openshift on the host. @@ -1583,13 +1531,6 @@ def set_container_facts_if_unset(facts): deployer_image = 'openshift/origin-deployer' facts['common']['is_atomic'] = os.path.isfile('/run/ostree-booted') - # If openshift_docker_use_system_container is set and is True .... - if 'use_system_container' in list(facts['docker'].keys()): - # use safe_get_bool as the inventory variable may not be a - # valid boolean on it's own. - if safe_get_bool(facts['docker']['use_system_container']): - # ... set the service name to container-engine - facts['docker']['service_name'] = 'container-engine' if 'is_containerized' not in facts['common']: facts['common']['is_containerized'] = facts['common']['is_atomic'] @@ -1684,7 +1625,6 @@ class OpenShiftFacts(object): 'buildoverrides', 'cloudprovider', 'common', - 'docker', 'etcd', 'hosted', 'master', @@ -1845,25 +1785,6 @@ class OpenShiftFacts(object): local_quota_per_fsgroup="", set_node_ip=False) - if 'docker' in roles: - docker = dict(disable_push_dockerhub=False, - options='--log-driver=journald') - # NOTE: This is a workaround for a dnf output racecondition that can occur in - # some situations. See https://bugzilla.redhat.com/show_bug.cgi?id=918184 - if self.system_facts['ansible_pkg_mgr'] == 'dnf': - rpm_rebuilddb() - - version_info = get_docker_version_info() - if version_info is not None: - docker['api_version'] = version_info['api_version'] - docker['version'] = version_info['version'] - docker['gte_1_10'] = LooseVersion(version_info['version']) >= LooseVersion('1.10') - hosted_registry_insecure = get_hosted_registry_insecure() - if hosted_registry_insecure is not None: - docker['hosted_registry_insecure'] = hosted_registry_insecure - docker['service_name'] = 'docker' - defaults['docker'] = docker - if 'cloudprovider' in roles: defaults['cloudprovider'] = dict(kind=None) @@ -2221,12 +2142,6 @@ class OpenShiftFacts(object): additive_facts_to_overwrite, protected_facts_to_overwrite) - if 'docker' in new_local_facts: - # Convert legacy log_options comma sep string to a list if present: - if 'log_options' in new_local_facts['docker'] and \ - isinstance(new_local_facts['docker']['log_options'], string_types): - new_local_facts['docker']['log_options'] = new_local_facts['docker']['log_options'].split(',') - new_local_facts = self.remove_empty_facts(new_local_facts) if new_local_facts != local_facts: diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index 9f2ef4e40..e2e06594b 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -101,7 +101,7 @@ static: no run_once: true when: - - not (openshift.docker.hosted_registry_insecure | default(false) | bool) + - not (openshift_docker_hosted_registry_insecure | default(False)) | bool - include: storage/object_storage.yml static: no diff --git a/roles/openshift_loadbalancer/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml index 239b16427..f9c16ba40 100644 --- a/roles/openshift_loadbalancer/defaults/main.yml +++ b/roles/openshift_loadbalancer/defaults/main.yml @@ -26,6 +26,8 @@ r_openshift_loadbalancer_os_firewall_allow: port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp" cond: "{{ r_openshift_lb_use_nuage | bool }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" + # NOTE # r_openshift_lb_use_nuage_default may be defined external to this role. # openshift_use_nuage, if defined, may affect other roles or play behavior. diff --git a/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 b/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 index 72182fcdd..57121447d 100644 --- a/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 +++ b/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 @@ -1,7 +1,7 @@ [Unit] -After={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service +Requires={{ openshift_docker_service_name }}.service +PartOf={{ openshift_docker_service_name }}.service [Service] ExecStartPre=-/usr/bin/docker rm -f openshift_loadbalancer @@ -14,4 +14,4 @@ Restart=always RestartSec=5s [Install] -WantedBy={{ openshift.docker.service_name }}.service +WantedBy={{ openshift_docker_service_name }}.service diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 8e4a46ebb..38b2fd8b8 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -52,6 +52,8 @@ openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | containerized_svc_dir: "/usr/lib/systemd/system" ha_svc_template_path: "native-cluster" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" + # NOTE # r_openshift_master_*_default may be defined external to this role. # openshift_use_*, if defined, may affect other roles or play behavior. diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 index 5d4a99c97..cec3d3fb1 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -4,9 +4,9 @@ Documentation=https://github.com/openshift/origin After=etcd_container.service Wants=etcd_container.service Before={{ openshift.common.service_type }}-node.service -After={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service +PartOf={{ openshift_docker_service_name }}.service +Requires={{ openshift_docker_service_name }}.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api @@ -33,5 +33,5 @@ Restart=always RestartSec=5s [Install] -WantedBy={{ openshift.docker.service_name }}.service +WantedBy={{ openshift_docker_service_name }}.service WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 index f93f3b565..a0248151d 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -3,9 +3,9 @@ Description=Atomic OpenShift Master Controllers Documentation=https://github.com/openshift/origin Wants={{ openshift.common.service_type }}-master-api.service After={{ openshift.common.service_type }}-master-api.service -After={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service +Requires={{ openshift_docker_service_name }}.service +PartOf={{ openshift_docker_service_name }}.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers @@ -32,4 +32,4 @@ Restart=always RestartSec=5s [Install] -WantedBy={{ openshift.docker.service_name }}.service +WantedBy={{ openshift_docker_service_name }}.service diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 5a0c09f5c..f3867fe4a 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -101,8 +101,11 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False +openshift_use_crio: False openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" + # NOTE # r_openshift_node_*_default may be defined external to this role. # openshift_use_*, if defined, may affect other roles or play behavior. diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 927d107c6..70057c7f3 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -17,7 +17,6 @@ dependencies: - role: lib_openshift - role: lib_os_firewall when: not (openshift_node_upgrade_in_progress | default(False)) -- role: openshift_docker - role: openshift_cloud_provider when: not (openshift_node_upgrade_in_progress | default(False)) - role: lib_utils diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index d46b1f9c3..e60d96760 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -4,7 +4,7 @@ when: - (not ansible_selinux or ansible_selinux.status != 'enabled') - deployment_type == 'openshift-enterprise' - - not openshift_use_crio | default(false) + - not openshift_use_crio - include: dnsmasq.yml @@ -49,7 +49,7 @@ name: cri-o enabled: yes state: restarted - when: openshift_use_crio | default(false) + when: openshift_use_crio - name: restart NetworkManager to ensure resolv.conf is present systemd: diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 73dc9e130..eb8d9a6a5 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -16,6 +16,6 @@ image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" values: - "DNS_DOMAIN={{ openshift.common.dns_domain }}" - - "DOCKER_SERVICE={{ openshift.docker.service_name }}.service" + - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service" - "MASTER_SERVICE={{ openshift.common.service_type }}.service" state: latest diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index 8c3548475..d33e172c1 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -1,14 +1,11 @@ --- - set_fact: - l_use_crio: "{{ openshift_use_crio | default(false) }}" - -- set_fact: l_service_name: "cri-o" - when: l_use_crio + when: openshift_use_crio - set_fact: - l_service_name: "{{ openshift.docker.service_name }}" - when: not l_use_crio + l_service_name: "{{ openshift_docker_service_name }}" + when: not openshift_use_crio - name: Ensure proxies are in the atomic.conf include_role: diff --git a/roles/openshift_node/tasks/upgrade/restart.yml b/roles/openshift_node/tasks/upgrade/restart.yml index a4fa51172..3f1abceab 100644 --- a/roles/openshift_node/tasks/upgrade/restart.yml +++ b/roles/openshift_node/tasks/upgrade/restart.yml @@ -13,19 +13,15 @@ - name: Reload systemd to ensure latest unit files command: systemctl daemon-reload -- name: Restart docker +- name: Restart container runtime service: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" state: started register: docker_start_result until: not docker_start_result | failed retries: 3 delay: 30 -- name: Update docker facts - openshift_facts: - role: docker - - name: Start services service: name={{ item }} state=started with_items: diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2 index 7602d8ee6..da751bd65 100644 --- a/roles/openshift_node/templates/node.service.j2 +++ b/roles/openshift_node/templates/node.service.j2 @@ -1,14 +1,14 @@ [Unit] Description=OpenShift Node -After={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service Wants=openvswitch.service After=ovsdb-server.service After=ovs-vswitchd.service -Wants={{ openshift.docker.service_name }}.service +Wants={{ openshift_docker_service_name }}.service Documentation=https://github.com/openshift/origin Requires=dnsmasq.service After=dnsmasq.service -{% if openshift_use_crio|default(false) %}Wants=cri-o.service{% endif %} +{% if openshift_use_crio %}Wants=cri-o.service{% endif %} [Service] Type=notify diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index d452cc45c..16fdde02e 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -16,7 +16,7 @@ imageConfig: latest: {{ openshift_node_image_config_latest }} kind: NodeConfig kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} -{% if openshift_use_crio | default(False) %} +{% if openshift_use_crio %} container-runtime: - remote container-runtime-endpoint: diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service index fa7238849..5964ac095 100644 --- a/roles/openshift_node/templates/openshift.docker.node.dep.service +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -1,9 +1,9 @@ [Unit] -Requires={{ openshift.docker.service_name }}.service -After={{ openshift.docker.service_name }}.service +Requires={{ openshift_docker_service_name }}.service +After={{ openshift_docker_service_name }}.service PartOf={{ openshift.common.service_type }}-node.service Before={{ openshift.common.service_type }}-node.service -{% if openshift_use_crio|default(false) %}Wants=cri-o.service{% endif %} +{% if openshift_use_crio %}Wants=cri-o.service{% endif %} [Service] ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro --volume=/etc/containers/registries:/etc/containers/registries:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index 561aa01f4..3b33ca542 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -1,9 +1,9 @@ [Unit] After={{ openshift.common.service_type }}-master.service -After={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service After=openvswitch.service -PartOf={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service +PartOf={{ openshift_docker_service_name }}.service +Requires={{ openshift_docker_service_name }}.service {% if openshift_node_use_openshift_sdn %} Wants=openvswitch.service PartOf=openvswitch.service @@ -26,7 +26,7 @@ ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \ --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node \ -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} \ -e HOST=/rootfs -e HOST_ETC=/host-etc \ - -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} \ + -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}:rslave \ -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node \ {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} \ -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro \ @@ -48,4 +48,4 @@ Restart=always RestartSec=5s [Install] -WantedBy={{ openshift.docker.service_name }}.service +WantedBy={{ openshift_docker_service_name }}.service diff --git a/roles/openshift_node/templates/openvswitch.docker.service b/roles/openshift_node/templates/openvswitch.docker.service index 34aaaabd6..37f091c76 100644 --- a/roles/openshift_node/templates/openvswitch.docker.service +++ b/roles/openshift_node/templates/openvswitch.docker.service @@ -1,7 +1,7 @@ [Unit] -After={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service +After={{ openshift_docker_service_name }}.service +Requires={{ openshift_docker_service_name }}.service +PartOf={{ openshift_docker_service_name }}.service [Service] EnvironmentFile=/etc/sysconfig/openvswitch @@ -14,4 +14,4 @@ Restart=always RestartSec=5s [Install] -WantedBy={{ openshift.docker.service_name }}.service +WantedBy={{ openshift_docker_service_name }}.service diff --git a/roles/openshift_node_certificates/defaults/main.yml b/roles/openshift_node_certificates/defaults/main.yml index 455f26f30..b42b75be9 100644 --- a/roles/openshift_node_certificates/defaults/main.yml +++ b/roles/openshift_node_certificates/defaults/main.yml @@ -1,3 +1,5 @@ --- openshift_node_cert_expire_days: 730 openshift_ca_host: '' + +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml index ef66bf9ca..0686ac101 100644 --- a/roles/openshift_node_certificates/handlers/main.yml +++ b/roles/openshift_node_certificates/handlers/main.yml @@ -6,7 +6,7 @@ - name: check for container runtime after updating ca trust command: > - systemctl -q is-active {{ openshift.docker.service_name }}.service + systemctl -q is-active {{ openshift_docker_service_name }}.service register: l_docker_installed # An rc of 0 indicates that the container runtime service is # running. We will restart it by notifying the restart handler since @@ -18,7 +18,7 @@ - name: restart container runtime after updating ca trust systemd: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" state: restarted when: not openshift_certificates_redeploy | default(false) | bool register: l_docker_restart_docker_in_cert_result diff --git a/roles/openshift_node_facts/tasks/main.yml b/roles/openshift_node_facts/tasks/main.yml index d33d09980..c234a3000 100644 --- a/roles/openshift_node_facts/tasks/main.yml +++ b/roles/openshift_node_facts/tasks/main.yml @@ -15,7 +15,6 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ openshift_node_labels | default(None) }}" registry_url: "{{ oreg_url_node | default(oreg_url) | default(None) }}" - sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" set_node_ip: "{{ openshift_set_node_ip | default(None) }}" node_image: "{{ osn_image | default(None) }}" diff --git a/roles/openshift_version/meta/main.yml b/roles/openshift_version/meta/main.yml index 38b398343..5d7683120 100644 --- a/roles/openshift_version/meta/main.yml +++ b/roles/openshift_version/meta/main.yml @@ -12,7 +12,4 @@ galaxy_info: categories: - cloud dependencies: -- role: openshift_docker_facts -- role: docker - when: openshift.common.is_containerized | default(False) | bool and not skip_docker_role | default(False) | bool - role: lib_utils diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index 574e89899..71f957b78 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -1,7 +1,4 @@ --- -- set_fact: - l_use_crio_only: "{{ openshift_use_crio_only | default(false) }}" - - name: Set containerized version to configure if openshift_image_tag specified set_fact: # Expects a leading "v" in inventory, strip it off here unless @@ -24,7 +21,7 @@ register: cli_image_version when: - openshift_version is not defined - - not l_use_crio_only + - not openshift_use_crio_only # Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a) - set_fact: @@ -33,7 +30,7 @@ - openshift_version is not defined - openshift.common.deployment_type == 'origin' - cli_image_version.stdout_lines[0].split('-') | length > 1 - - not l_use_crio_only + - not openshift_use_crio_only - set_fact: openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" @@ -48,14 +45,14 @@ when: - openshift_version is defined - openshift_version.split('.') | length == 2 - - not l_use_crio_only + - not openshift_use_crio_only - set_fact: openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" when: - openshift_version is defined - openshift_version.split('.') | length == 2 - - not l_use_crio_only + - not openshift_use_crio_only # TODO: figure out a way to check for the openshift_version when using CRI-O. # We should do that using the images in the ostree storage so we don't have |