summaryrefslogtreecommitdiffstats
path: root/roles/docker
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5705 from mgugino-upstream-stage/docker-partof-iptablesScott Dodson2017-10-091-0/+6
|\ | | | | Add PartOf to docker systemd service unit.
| * Add PartOf to docker systemd service unit.Michael Gugino2017-10-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if iptables service is restarted, existing iptables rules are removed. Docker adds iptables rules dyanmically upon startup and container creation. Restarting the iptables service results in a loss of these needed iptables rules. This commit ensures that if iptables service is restarted by anisble or the user, docker is also restarted. This ensures the proper dynamic iptables rules are in place for docker. Fixes: openshift/origin#16709
* | crio: use systemd managerGiuseppe Scrivano2017-10-091-1/+1
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5661 from giuseppe/crio-use-overlay-instead-of-overlay2OpenShift Merge Robot2017-10-071-3/+25
|\ | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. cri-o: use overlay instead of overlay2 overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio.conf.j2: sync from upstreamGiuseppe Scrivano2017-10-061-1/+23
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * cri-o: use overlay instead of overlay2Giuseppe Scrivano2017-10-061-2/+2
| | | | | | | | | | | | | | overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Ensure docker is restarted when iptables is restartedMichael Gugino2017-10-062-1/+4
|/ | | | | | | | | | | Currently, os_firewall role may run after docker role, and iptables.service may be restarted. When restarted, this negatively impacts docker's iptables rules. This commit ensures that if iptables is restarted, docker is restarted as well (by systemd) Fixes: https://github.com/openshift/origin/issues/16709
* Ensure docker service started prior to credentialsMichael Gugino2017-10-031-12/+12
| | | | | | | | | | | Currently, authenticated registry credentials are requested before docker might be started in the docker role. This commit moves the relevant registry credential tasks to after docker is started. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* Merge pull request #5490 from giuseppe/set-crio-docker-tag-for-oseOpenShift Merge Robot2017-10-033-9/+35
|\ | | | | | | | | | | | | Automatic merge from submit-queue. CRI-O, Docker: set the tag to the OpenShift release on RHEL Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
| * docker: fix some tox warningsGiuseppe Scrivano2017-09-271-6/+6
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * Require openshift_image_tag in the inventory with openshift-enterpriseGiuseppe Scrivano2017-09-271-0/+8
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * crio: use the image_tag on RHELGiuseppe Scrivano2017-09-271-2/+11
| | | | | | | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * docker: use the image_tag on RHELGiuseppe Scrivano2017-09-271-1/+10
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Restore registires to /etc/sysconfig/dockerMichael Gugino2017-10-021-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, a commit was added to migrate registires from /etc/sysconfig/docker to /etc/containers/registries.conf We are not currently enforcing a minimum version of docker to consume from this new file, thus some installations are not utilizing the correct repositories. This commit duplicates the registires in both locations to ensure additional/blocked/insecure registries are honored.
* | Fix typo in files (Docker registries)William Burton2017-09-292-2/+2
| |
* | Migrate enterprise registry logic to docker roleMichael Gugino2017-09-274-9/+19
|/ | | | | | | | | | | | | Currently, the enterprise registry to forcefully added in openshift_facts. Recently, the docker role has been modified to consume registry variables directly, bypassing openshift_facts. This commit cleans up unused code in openshift_facts, and migrates enterprise registry logic to the docker role. Fixes: https://github.com/openshift/openshift-ansible/issues/5557
* Merge pull request #5519 from giuseppe/crio-set-proper-tagOpenShift Merge Robot2017-09-261-1/+1
|\ | | | | | | | | | | | | Automatic merge from submit-queue Detect the proper version of the images when using CRI-O Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494357
| * crio: set the correct image name with OSEGiuseppe Scrivano2017-09-251-1/+1
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5205 from mgugino-upstream-stage/docker-etc-containers-regsOpenShift Merge Robot2017-09-253-9/+69
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Move additional/block/insecure registires to /etc/containers/... Move additional/block/insecure registires to /etc/containers/registries.conf This commit moves additional/block/insecure registries to /etc/containers/registries.conf and comments existing lines in /etc/sysconfig/docker. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
| * Move additional/block/insecure registires to /etc/containers/registries.confMichael Gugino2017-09-213-9/+69
| | | | | | | | | | | | | | | | This commit moves additional/block/insecure registries to /etc/containers/registries.conf and comments existing lines in /etc/sysconfig/docker. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
* | Merge pull request #5501 from giuseppe/crio-skip-nfs-and-lbOpenShift Merge Robot2017-09-241-0/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue crio: skip installation on lbs and nfs nodes Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494461 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | crio: skip installation on lbs and nfs nodesGiuseppe Scrivano2017-09-221-0/+1
| | | | | | | | | | | | | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494461 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5354 from ashcrow/crio-systemcontainer-image-overrideOpenShift Merge Robot2017-09-221-8/+12
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue cri-o: Allow full image override ``openshift_crio_systemcontainer_image_registry_override`` has been replaced with ``openshift_crio_systemcontainer_image_override``. The difference is ``openshift_crio_systemcontainer_image_override`` takes a full image path including the tag. Example: ``` openshift_crio_systemcontainer_image_override=gscrivano/cri-o-centos:latest ```
| * | | cri-o: Allow full image overrideSteve Milner2017-09-121-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | openshift_crio_systemcontainer_image_registry_override has been replaced with openshift_crio_systemcontainer_image_override. The difference is openshift_crio_systemcontainer_image_override takes a full image path including the tag. Example: openshift_crio_systemcontainer_image_override=gscrivano/cri-o-centos:latest
* | | | Merge pull request #5477 from mgugino-upstream-stage/hot-fix-oreg_urlOpenShift Merge Robot2017-09-211-2/+2
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Remove default value for oreg_url Due to some plays importing variables from roles directly, oreg_url was being set to a default value when it otherwise shouldn't be. This commit removes the default values for oreg_url to ensure existing logic works as desired. Fixes: https://github.com/openshift/openshift-ansible/issues/5455
| * | | Remove default value for oreg_urlMichael Gugino2017-09-201-2/+2
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to some plays importing variables from roles directly, oreg_url was being set to a default value when it otherwise shouldn't be. This commit removes the default values for oreg_url to ensure existing logic works as desired. Fixes: https://github.com/openshift/openshift-ansible/issues/5455
* / | crio: ensure no default CNI configuration files are leftGiuseppe Scrivano2017-09-201-0/+8
|/ / | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | more retries on repoquery_cmdLuke Meyer2017-09-191-1/+1
| |
* | Merge pull request #5401 from sosiouxme/20170913-retries-subsetLuke Meyer2017-09-141-0/+2
|\ \ | | | | | | add retries on repoquery
| * | add retry on repoquery_cmdLuke Meyer2017-09-131-0/+2
| |/
* | Merge pull request #5359 from mgugino-upstream-stage/version-docker-auth-configOpenShift Bot2017-09-132-0/+17
|\ \ | | | | | | Merged by openshift-bot
| * | Fix: authenticated registry support for containerized hostsMichael Gugino2017-09-112-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, openshift-anisble supports authentication to container registries to pull down openshift container images. The openshift_verison role uses the docker cli to gather image information from container registries before authentication credentials are provided by openshift-ansible. This commit creates the necessary token to authenticate to private registries during openshift_version. The token is generated by the role 'docker' on all hosts where docker is installed/configured when oreg_auth_users is defined. This commit also adds a read-only mount into the openshift master and node container services. This mount is '/var/lib/origin/.docker:/root/.docker:ro'. This is because the container images do not currently read the values in '/var/lib/origin/.docker' as this may be a bug upstream. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* | | cri-o: Fix Fedora image nameSteve Milner2017-09-131-1/+1
| |/ |/| | | | | Signed-off-by: Steve Milner <smilner@redhat.com>
* | container-engine: Allow full image overrideSteve Milner2017-09-111-8/+12
|/ | | | | | | | | | | | | openshift_docker_systemcontainer_image_registry_override has been replaced with openshift_docker_systemcontainer_image_override. The difference is openshift_docker_systemcontainer_image_override takes a full image path including the tag. Example: openshift_docker_systemcontainer_image_override=gscrivano/container-engine:latest Signed-off-by: Steve Milner <smilner@redhat.com>
* Merge pull request #5310 from ashcrow/split-rhel-centos-crioOpenShift Bot2017-09-071-2/+8
|\ | | | | Merged by openshift-bot
| * cri-o: Split RHEL and CentOS imagesSteve Milner2017-09-061-2/+8
| |
* | Merge pull request #5202 from giuseppe/crio-additional-registriesOpenShift Bot2017-09-062-0/+14
|\ \ | |/ |/| Merged by openshift-bot
| * cri-o: add support for additional registriesGiuseppe Scrivano2017-08-242-0/+14
| | | | | | | | | | | | | | Support added to CRI-O with: https://github.com/kubernetes-incubator/cri-o/commit/a35727c80bd2a26613aae21db00628045cb9be24 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | roles: use openshift_use_crioGiuseppe Scrivano2017-08-251-2/+2
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | cri-o: change to system runcGiuseppe Scrivano2017-08-251-1/+1
|/ | | | | | | Newer versions of cri-o do not carry runc but use the one from the system. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* First attempt at refactor of os_firewallKenny Woodson2017-08-081-1/+0
|
* cri-o: configure the CNI networkGiuseppe Scrivano2017-08-042-0/+15
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cri-o: allow to override CRI-O image indipendently from DockerGiuseppe Scrivano2017-08-031-3/+3
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* docker: introduce use_crio_onlyGiuseppe Scrivano2017-08-031-2/+3
| | | | | | | | Introduce a new variable that disable the installation of Docker. For the time being we will still need Docker for building images, so by default leave it installed. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* docker: skip Docker setup when using CRI-OGiuseppe Scrivano2017-08-031-1/+3
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cri-o: use only images from Docker HubGiuseppe Scrivano2017-08-031-10/+6
| | | | | | | For the time being it won't be added to the Red Hat registry, so use only what is available on Docker Hub. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cri-o: Enable systemd-modules-load if requiredSteve Milner2017-08-031-0/+6
| | | | | If we had to drop the overlay file in /etc/modules-load.d/ then enable the systemd-modules-load service and make sure it runs.
* cri-o: Ensure overlay is availableSteve Milner2017-08-032-0/+22
| | | | | | | Some distro releases may not have overlay loaded into the kernel. This change looks for overlay via lsmod and, if it isn't already there, uses modprobe to load it in and then drops a load config into /etc/modules-load.d/overlay.conf.
* cri-o: Default insecure registries to ""Steve Milner2017-08-032-1/+2
|
* crio: use a template for the configurationGiuseppe Scrivano2017-08-032-24/+137
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>