summaryrefslogtreecommitdiffstats
path: root/roles/docker/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/docker/tasks')
-rw-r--r--roles/docker/tasks/main.yml15
-rw-r--r--roles/docker/tasks/systemcontainer_crio.yml146
2 files changed, 159 insertions, 2 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 0c2b16acf..1f9ac5059 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -7,11 +7,22 @@
- set_fact:
l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}"
+ l_use_crio: "{{ openshift.docker.use_crio | default(False) }}"
+ l_use_crio_only: "{{ openshift.docker.use_crio_only | default(False) }}"
- name: Use Package Docker if Requested
include: package_docker.yml
- when: not l_use_system_container
+ when:
+ - not l_use_system_container
+ - not l_use_crio_only
- name: Use System Container Docker if Requested
include: systemcontainer_docker.yml
- when: l_use_system_container
+ when:
+ - l_use_system_container
+ - not l_use_crio_only
+
+- name: Add CRI-O usage Requested
+ include: systemcontainer_crio.yml
+ when:
+ - l_use_crio
diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml
new file mode 100644
index 000000000..787f51f94
--- /dev/null
+++ b/roles/docker/tasks/systemcontainer_crio.yml
@@ -0,0 +1,146 @@
+---
+# TODO: Much of this file is shared with container engine tasks
+- set_fact:
+ l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}"
+ when: openshift.docker.insecure_registries
+
+- name: Ensure container-selinux is installed
+ package:
+ name: container-selinux
+ state: present
+ when: not openshift.common.is_atomic | bool
+
+# Used to pull and install the system container
+- name: Ensure atomic is installed
+ package:
+ name: atomic
+ state: present
+ when: not openshift.common.is_atomic | bool
+
+# At the time of writing the atomic command requires runc for it's own use. This
+# task is here in the even that the atomic package ever removes the dependency.
+- name: Ensure runc is installed
+ package:
+ name: runc
+ state: present
+ when: not openshift.common.is_atomic | bool
+
+
+- name: Check that overlay is in the kernel
+ shell: lsmod | grep overlay
+ register: l_has_overlay_in_kernel
+ ignore_errors: yes
+
+
+- when: l_has_overlay_in_kernel.rc != 0
+ block:
+
+ - name: Add overlay to modprobe.d
+ template:
+ dest: /etc/modules-load.d/overlay.conf
+ src: overlay.conf.j2
+ backup: yes
+
+ - name: Manually modprobe overlay into the kernel
+ command: modprobe overlay
+
+ - name: Enable and start systemd-modules-load
+ service:
+ name: systemd-modules-load
+ enabled: yes
+ state: restarted
+
+
+- block:
+
+ - name: Add http_proxy to /etc/atomic.conf
+ lineinfile:
+ dest: /etc/atomic.conf
+ regexp: "^#?http_proxy[:=]{1}"
+ line: "http_proxy: {{ openshift.common.http_proxy | default('') }}"
+ when:
+ - openshift.common.http_proxy is defined
+ - openshift.common.http_proxy != ''
+
+ - name: Add https_proxy to /etc/atomic.conf
+ lineinfile:
+ dest: /etc/atomic.conf
+ regexp: "^#?https_proxy[:=]{1}"
+ line: "https_proxy: {{ openshift.common.https_proxy | default('') }}"
+ when:
+ - openshift.common.https_proxy is defined
+ - openshift.common.https_proxy != ''
+
+ - name: Add no_proxy to /etc/atomic.conf
+ lineinfile:
+ dest: /etc/atomic.conf
+ regexp: "^#?no_proxy[:=]{1}"
+ line: "no_proxy: {{ openshift.common.no_proxy | default('') }}"
+ when:
+ - openshift.common.no_proxy is defined
+ - openshift.common.no_proxy != ''
+
+
+- block:
+
+ - name: Set to default prepend
+ set_fact:
+ l_crio_image_prepend: "docker.io/gscrivano"
+ l_crio_image_name: "crio-o-fedora"
+
+ - name: Use Centos based image when distribution is Red Hat or CentOS
+ set_fact:
+ l_crio_image_name: "cri-o-centos"
+ when: ansible_distribution in ['RedHat', 'CentOS']
+
+ # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504
+ - name: Use a testing registry if requested
+ set_fact:
+ l_crio_image_prepend: "{{ openshift_crio_systemcontainer_image_registry_override }}"
+ when:
+ - openshift_crio_systemcontainer_image_registry_override is defined
+ - openshift_crio_systemcontainer_image_registry_override != ""
+
+ - name: Set the full image name
+ set_fact:
+ l_crio_image: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:latest"
+
+# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
+- name: Pre-pull CRI-O System Container image
+ command: "atomic pull --storage ostree {{ l_crio_image }}"
+ changed_when: false
+ environment:
+ NO_PROXY: "{{ openshift.common.no_proxy | default('') }}"
+
+
+- name: Install CRI-O System Container
+ oc_atomic_container:
+ name: "cri-o"
+ image: "{{ l_crio_image }}"
+ state: latest
+
+- name: Create the CRI-O configuration
+ template:
+ dest: /etc/crio/crio.conf
+ src: crio.conf.j2
+ backup: yes
+
+- name: Ensure CNI configuration directory exists
+ file:
+ path: /etc/cni/net.d/
+ state: directory
+
+- name: Configure the CNI network
+ template:
+ dest: /etc/cni/net.d/openshift-sdn.conf
+ src: 80-openshift-sdn.conf.j2
+
+- name: Start the CRI-O service
+ systemd:
+ name: "cri-o"
+ enabled: yes
+ state: started
+ daemon_reload: yes
+ register: start_result
+
+- meta: flush_handlers