| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
crio: restorcon /var/lib/containers
|
| |
| |
| |
| |
| |
| | |
When using the cri-o system container some items in /var/lib/containers
end up having incorrect labels. This runs restorecon -R
/var/lib/containers after the system container is installed.
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| |
| |
| | |
Automatic merge from submit-queue.
docker: Move enterprise registry from pkg to main
|
| |
| |
| |
| |
| |
| | |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
A new openshift_atomic role has been created for atomic specific tasks.
The first task added is proxy which handles updating /etc/atomic.conf to
ensure the proper proxy configuration is configured. This task file is
then included (via include_role) in system container related task files.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|\
| |
| | |
Fix missing docker option signature-verification
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, docker 1.12 can be configured to use the
run-time parameter of 'signature-verification'
By default, rpm installation of docker results in
'--signature-verification=false' being added to
OPTIONS in /etc/sysconfig/docker
Currently, openshift-ansible does not preserve that
value. This can cause docker to be unable to pull
images from a previously working source due to a
change in configuration.
This commit adds the option with the default
as provided by the rpm installation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1502560
|
|/
|
|
|
|
| |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1489555
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, docker is started during the docker role. If
docker is started during the run of the role, the
handler to restart docker is not triggered to prevent
excess restarts of the docker service.
The systemd docker that starts the docker service may
report the result of the task as 'changed' even though
docker is already running and the state of the service
itself does not change.
This commit checks the status of the docker service
before starting it to ensure that docker was not in
an 'active' state according to systemd. If the
docker service is already in the 'active' state,
the restart handler will trigger and restart
docker at the end of the run of the role.
Fixes: https://github.com/openshift/origin/issues/16709
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
docker, CRI-O: openshift_image_tag defaults to openshift_release
Replace:
commit c2c4ba7ec62d4dfd87d746d20991e10f2bd1bddf
Author: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue Sep 26 09:01:59 2017 +0200
Require openshift_image_tag in the inventory with openshift-enterprise
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
with using openshift_release for openshift_image_tag so we don't require users to include both in their inventory. Probably it is only a temporary solution until the openshift_image_tag vs openshift_release when using Docker/CRI-O is sorted out.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Add PartOf to docker systemd service unit.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, if iptables service is restarted,
existing iptables rules are removed.
Docker adds iptables rules dyanmically upon
startup and container creation. Restarting
the iptables service results in a loss of these
needed iptables rules.
This commit ensures that if iptables service is
restarted by anisble or the user, docker is
also restarted. This ensures the proper dynamic
iptables rules are in place for docker.
Fixes: openshift/origin#16709
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
cri-o: use overlay instead of overlay2
overlay2 and overlay are the same driver. Upstream CRI-O is going to
drop any reference to overlay2 and use only overlay.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
overlay2 and overlay are the same driver. Upstream CRI-O is going to
drop any reference to overlay2 and use only overlay.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, authenticated registry credentials
are requested before docker might be started in
the docker role.
This commit moves the relevant registry credential
tasks to after docker is started.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
CRI-O, Docker: set the tag to the OpenShift release on RHEL
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, a commit was added to migrate registires
from /etc/sysconfig/docker to /etc/containers/registries.conf
We are not currently enforcing a minimum version of docker
to consume from this new file, thus some installations
are not utilizing the correct repositories.
This commit duplicates the registires in both locations
to ensure additional/blocked/insecure registries are
honored.
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the enterprise registry to forcefully added
in openshift_facts. Recently, the docker role has
been modified to consume registry variables directly,
bypassing openshift_facts.
This commit cleans up unused code in openshift_facts,
and migrates enterprise registry logic to the
docker role.
Fixes: https://github.com/openshift/openshift-ansible/issues/5557
|
|\
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Detect the proper version of the images when using CRI-O
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494357
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Move additional/block/insecure registires to /etc/containers/...
Move additional/block/insecure registires to /etc/containers/registries.conf
This commit moves additional/block/insecure registries to
/etc/containers/registries.conf and comments existing lines in
/etc/sysconfig/docker.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
|
| |
| |
| |
| |
| |
| |
| |
| | |
This commit moves additional/block/insecure registries to
/etc/containers/registries.conf and comments existing lines in
/etc/sysconfig/docker.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue
crio: skip installation on lbs and nfs nodes
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494461
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1494461
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue
cri-o: Allow full image override
``openshift_crio_systemcontainer_image_registry_override`` has been replaced
with ``openshift_crio_systemcontainer_image_override``. The difference is
``openshift_crio_systemcontainer_image_override`` takes a full image path
including the tag.
Example:
```
openshift_crio_systemcontainer_image_override=gscrivano/cri-o-centos:latest
```
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
openshift_crio_systemcontainer_image_registry_override has been replaced
with openshift_crio_systemcontainer_image_override. The difference is
openshift_crio_systemcontainer_image_override takes a full image path
including the tag.
Example:
openshift_crio_systemcontainer_image_override=gscrivano/cri-o-centos:latest
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue
Remove default value for oreg_url
Due to some plays importing variables from roles
directly, oreg_url was being set to a default
value when it otherwise shouldn't be.
This commit removes the default values for oreg_url
to ensure existing logic works as desired.
Fixes: https://github.com/openshift/openshift-ansible/issues/5455
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Due to some plays importing variables from roles
directly, oreg_url was being set to a default
value when it otherwise shouldn't be.
This commit removes the default values for oreg_url
to ensure existing logic works as desired.
Fixes: https://github.com/openshift/openshift-ansible/issues/5455
|
|/ /
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
|
|\ \
| | |
| | | |
add retries on repoquery
|
| |/ |
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| |/
|/|
| |
| | |
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
openshift_docker_systemcontainer_image_registry_override has been replaced
with openshift_docker_systemcontainer_image_override. The difference is
openshift_docker_systemcontainer_image_override takes a full image path
including the tag.
Example:
openshift_docker_systemcontainer_image_override=gscrivano/container-engine:latest
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|\
| |
| | |
Merged by openshift-bot
|
| | |
|