diff options
Diffstat (limited to 'roles/docker')
| -rw-r--r-- | roles/docker/tasks/main.yml | 17 | ||||
| -rw-r--r-- | roles/docker/tasks/package_docker.yml | 9 | ||||
| -rw-r--r-- | roles/docker/tasks/systemcontainer_crio.yml | 16 | ||||
| -rw-r--r-- | roles/docker/tasks/systemcontainer_docker.yml | 10 |
4 files changed, 32 insertions, 20 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 69ee62790..b02a74711 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,7 +2,7 @@ # These tasks dispatch to the proper set of docker tasks based on the # inventory:openshift_docker_use_system_container variable -- include: udev_workaround.yml +- include_tasks: udev_workaround.yml when: docker_udev_workaround | default(False) | bool - set_fact: @@ -20,7 +20,7 @@ - not l_use_crio_only - name: Use Package Docker if Requested - include: package_docker.yml + include_tasks: package_docker.yml when: - not l_use_system_container - not l_use_crio_only @@ -35,13 +35,13 @@ changed_when: false - name: Use System Container Docker if Requested - include: systemcontainer_docker.yml + include_tasks: systemcontainer_docker.yml when: - l_use_system_container - not l_use_crio_only - name: Add CRI-O usage Requested - include: systemcontainer_crio.yml + include_tasks: systemcontainer_crio.yml when: - l_use_crio - openshift_docker_is_node_or_master | bool @@ -60,10 +60,11 @@ state: stopped name: "{{ openshift.docker.service_name }}" - - name: "Ensure {{ docker_alt_storage_path }} exists" - file: - path: "{{ docker_alt_storage_path }}" - state: directory + - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}" + command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc != 0 - name: "Set the selinux context on {{ docker_alt_storage_path }}" command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 8121163a6..044b04478 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -1,6 +1,6 @@ --- - name: Get current installed Docker version - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + command: "{{ repoquery_installed }} --qf '%{version}' docker" when: not openshift.common.is_atomic | bool register: curr_docker_version retries: 4 @@ -33,9 +33,12 @@ # Make sure Docker is installed, but does not update a running version. # Docker upgrades are handled by a separate playbook. +# Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed. - name: Install Docker package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present - when: not openshift.common.is_atomic | bool + when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != '' + register: result + until: result | success - block: # Extend the default Docker service unit file when using iptables-services @@ -157,4 +160,4 @@ - meta: flush_handlers # This needs to run after docker is restarted to account for proxy settings. -- include: registry_auth.yml +- include_tasks: registry_auth.yml diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 3fe10454d..3439aa353 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -3,16 +3,10 @@ # TODO: Much of this file is shared with container engine tasks - set_fact: l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" - when: l2_docker_insecure_registries | bool - set_fact: l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" - when: l2_docker_additional_registries | bool -- set_fact: - l_crio_registries: "{{ ['docker.io'] }}" - when: not (l2_docker_additional_registries | bool) - set_fact: l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" - when: l2_docker_additional_registries | bool - set_fact: l_openshift_image_tag: "{{ openshift_image_tag | string }}" @@ -35,6 +29,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check we are not using node as a Docker container with CRI-O fail: msg='Cannot use CRI-O with node configured as a Docker container' @@ -48,6 +44,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -56,6 +54,8 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check that overlay is in the kernel @@ -162,7 +162,7 @@ state: directory - name: setup firewall for CRI-O - include: crio_firewall.yml + include_tasks: crio_firewall.yml static: yes - name: Configure the CNI network @@ -182,6 +182,6 @@ # If we are using crio only, docker.service might not be available for # 'docker login' -- include: registry_auth.yml +- include_tasks: registry_auth.yml vars: openshift_docker_alternative_creds: "{{ l_use_crio_only }}" diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index 84220fa66..881d83f50 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -34,6 +34,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Used to pull and install the system container - name: Ensure atomic is installed @@ -41,6 +43,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -49,11 +53,15 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure Docker is installed so we are able to use the client - name: Install Docker so we can use the client package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure docker is disabled. Errors are ignored. - name: Disable Docker @@ -177,6 +185,6 @@ # Since docker is running as a system container, docker login will fail to create # credentials. Use alternate method if requiring authenticated registries. -- include: registry_auth.yml +- include_tasks: registry_auth.yml vars: openshift_docker_alternative_creds: True |