diff options
Diffstat (limited to 'roles/docker/tasks')
-rw-r--r-- | roles/docker/tasks/main.yml | 15 | ||||
-rw-r--r-- | roles/docker/tasks/package_docker.yml | 9 | ||||
-rw-r--r-- | roles/docker/tasks/systemcontainer_crio.yml | 146 | ||||
-rw-r--r-- | roles/docker/tasks/systemcontainer_docker.yml | 20 |
4 files changed, 182 insertions, 8 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 0c2b16acf..1f9ac5059 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -7,11 +7,22 @@ - set_fact: l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}" + l_use_crio: "{{ openshift.docker.use_crio | default(False) }}" + l_use_crio_only: "{{ openshift.docker.use_crio_only | default(False) }}" - name: Use Package Docker if Requested include: package_docker.yml - when: not l_use_system_container + when: + - not l_use_system_container + - not l_use_crio_only - name: Use System Container Docker if Requested include: systemcontainer_docker.yml - when: l_use_system_container + when: + - l_use_system_container + - not l_use_crio_only + +- name: Add CRI-O usage Requested + include: systemcontainer_crio.yml + when: + - l_use_crio diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index c82d8659a..bc52ab60c 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -93,7 +93,7 @@ dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='\ - {% if ansible_selinux.status | default(None) == '''enabled''' and docker_selinux_enabled | default(true) %} --selinux-enabled {% endif %}\ + {% if ansible_selinux.status | default(None) == 'enabled' and docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %}\ {% if docker_log_driver is defined %} --log-driver {{ docker_log_driver }}{% endif %}\ {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ {% if docker_options is defined %} {{ docker_options }}{% endif %}\ @@ -123,9 +123,12 @@ enabled: yes state: started daemon_reload: yes - register: start_result + register: r_docker_package_docker_start_result + until: not r_docker_package_docker_start_result | failed + retries: 3 + delay: 30 - set_fact: - docker_service_status_changed: start_result | changed + docker_service_status_changed: "{{ r_docker_package_docker_start_result | changed }}" - meta: flush_handlers diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml new file mode 100644 index 000000000..787f51f94 --- /dev/null +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -0,0 +1,146 @@ +--- +# TODO: Much of this file is shared with container engine tasks +- set_fact: + l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}" + when: openshift.docker.insecure_registries + +- name: Ensure container-selinux is installed + package: + name: container-selinux + state: present + when: not openshift.common.is_atomic | bool + +# Used to pull and install the system container +- name: Ensure atomic is installed + package: + name: atomic + state: present + when: not openshift.common.is_atomic | bool + +# At the time of writing the atomic command requires runc for it's own use. This +# task is here in the even that the atomic package ever removes the dependency. +- name: Ensure runc is installed + package: + name: runc + state: present + when: not openshift.common.is_atomic | bool + + +- name: Check that overlay is in the kernel + shell: lsmod | grep overlay + register: l_has_overlay_in_kernel + ignore_errors: yes + + +- when: l_has_overlay_in_kernel.rc != 0 + block: + + - name: Add overlay to modprobe.d + template: + dest: /etc/modules-load.d/overlay.conf + src: overlay.conf.j2 + backup: yes + + - name: Manually modprobe overlay into the kernel + command: modprobe overlay + + - name: Enable and start systemd-modules-load + service: + name: systemd-modules-load + enabled: yes + state: restarted + + +- block: + + - name: Add http_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?http_proxy[:=]{1}" + line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" + when: + - openshift.common.http_proxy is defined + - openshift.common.http_proxy != '' + + - name: Add https_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?https_proxy[:=]{1}" + line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" + when: + - openshift.common.https_proxy is defined + - openshift.common.https_proxy != '' + + - name: Add no_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?no_proxy[:=]{1}" + line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" + when: + - openshift.common.no_proxy is defined + - openshift.common.no_proxy != '' + + +- block: + + - name: Set to default prepend + set_fact: + l_crio_image_prepend: "docker.io/gscrivano" + l_crio_image_name: "crio-o-fedora" + + - name: Use Centos based image when distribution is Red Hat or CentOS + set_fact: + l_crio_image_name: "cri-o-centos" + when: ansible_distribution in ['RedHat', 'CentOS'] + + # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504 + - name: Use a testing registry if requested + set_fact: + l_crio_image_prepend: "{{ openshift_crio_systemcontainer_image_registry_override }}" + when: + - openshift_crio_systemcontainer_image_registry_override is defined + - openshift_crio_systemcontainer_image_registry_override != "" + + - name: Set the full image name + set_fact: + l_crio_image: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:latest" + +# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released +- name: Pre-pull CRI-O System Container image + command: "atomic pull --storage ostree {{ l_crio_image }}" + changed_when: false + environment: + NO_PROXY: "{{ openshift.common.no_proxy | default('') }}" + + +- name: Install CRI-O System Container + oc_atomic_container: + name: "cri-o" + image: "{{ l_crio_image }}" + state: latest + +- name: Create the CRI-O configuration + template: + dest: /etc/crio/crio.conf + src: crio.conf.j2 + backup: yes + +- name: Ensure CNI configuration directory exists + file: + path: /etc/cni/net.d/ + state: directory + +- name: Configure the CNI network + template: + dest: /etc/cni/net.d/openshift-sdn.conf + src: 80-openshift-sdn.conf.j2 + +- name: Start the CRI-O service + systemd: + name: "cri-o" + enabled: yes + state: started + daemon_reload: yes + register: start_result + +- meta: flush_handlers diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index 650f06f86..57a84bc2c 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -12,6 +12,12 @@ traditional docker package install. Otherwise, comment out openshift_docker_options in your inventory file. +- name: Ensure container-selinux is installed + package: + name: container-selinux + state: present + when: not openshift.common.is_atomic | bool + # Used to pull and install the system container - name: Ensure atomic is installed package: @@ -40,6 +46,11 @@ state: stopped daemon_reload: yes ignore_errors: True + register: r_docker_systemcontainer_docker_stop_result + until: not r_docker_systemcontainer_docker_stop_result | failed + retries: 3 + delay: 30 + # Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf # regexp: the line starts with or without #, followed by the string @@ -86,7 +97,7 @@ - name: Use Fedora Registry for image when distribution is Fedora set_fact: - l_docker_image_prepend: "registry.fedoraproject.org" + l_docker_image_prepend: "registry.fedoraproject.org/f25" when: ansible_distribution == 'Fedora' # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504 @@ -154,9 +165,12 @@ enabled: yes state: started daemon_reload: yes - register: start_result + register: r_docker_systemcontainer_docker_start_result + until: not r_docker_systemcontainer_docker_start_result | failed + retries: 3 + delay: 30 - set_fact: - docker_service_status_changed: start_result | changed + docker_service_status_changed: "{{ r_docker_systemcontainer_docker_start_result | changed }}" - meta: flush_handlers |