From ba71fba1dc64a05b9cc26b72263255a915601c84 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Sun, 16 Jul 2017 00:25:26 +0200 Subject: cri-o: configure storage and insecure registries Signed-off-by: Giuseppe Scrivano --- roles/docker/tasks/main.yml | 10 +++++++--- roles/docker/tasks/systemcontainer_crio.yml | 27 +++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index fab1ac57a..61230fa3d 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -7,7 +7,7 @@ - set_fact: l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}" - l_use_crio: "{{ openshift.docker.use_crio | default(False) }}" + l_use_crio: "{{ use_crio | default(False) }}" - name: Use Package Docker if Requested include: package_docker.yml @@ -15,8 +15,12 @@ - name: Use System Container Docker if Requested include: systemcontainer_docker.yml - when: l_use_system_container + when: + - l_use_system_container + - not l_use_crio - name: Add CRI-O usage Requested include: systemcontainer_crio.yml - when: l_use_crio + when: + - l_use_system_container + - l_use_crio diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index c67904873..f3c03df2c 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -1,5 +1,7 @@ --- # TODO: Much of this file is shared with container engine tasks +- set_fact: + l_insecure_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}" - name: Ensure container-selinux is installed package: @@ -94,6 +96,31 @@ image: "{{ l_crio_image }}" state: latest +- name: run CRI-O with overlay2 + replace: + regexp: 'storage_driver = ""' + replace: 'storage_driver = "overlay2"' + name: /etc/crio/crio.conf + backup: yes + +- name: Add overlay2 storage opts for CRI-O + lineinfile: + dest: /etc/crio/crio.conf + line: '"overlay2.override_kernel_check=1"' + insertafter: 'storage_option = \[' + regexp: 'overlay2\.override_kernel_check=1' + state: present + when: ansible_distribution in ['RedHat', 'CentOS'] + +- name: Configure insecure registries for CRI-O + lineinfile: + dest: /etc/crio/crio.conf + line: "{{ l_insecure_registries }}" + insertafter: 'insecure_registries = \[' + regexp: "{{ l_insecure_registries }}" + state: present + when: openshift_docker_insecure_registries is defined + - name: Start the CRI-O service systemd: name: "cri-o" -- cgit v1.2.3