Only nuke images when crossing the Docker 1.10 boundary in upgrade.

playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml

@@ -1,7 +1,7 @@
 ---
 # We need docker service up to remove all the images, but these services will keep
 # trying to re-start and thus re-pull the images we're trying to delete.
-- name: stop containerized services
+- name: Stop containerized services
   service: name={{ item }} state=stopped
   with_items:
     - "{{ openshift.common.service_type }}-master"
@@ -11,25 +11,18 @@
     - etcd_container
     - openvswitch
   failed_when: false
-  when: docker_upgrade is defined and docker_upgrade | bool and openshift.common.is_containerized | bool
+  when: docker_upgrade | bool and openshift.common.is_containerized | bool
 
-- name: remove all containers and images
+- name: Remove all containers and images
   script: nuke_images.sh docker
   register: nuke_images_result
-  when: docker_upgrade is defined and docker_upgrade | bool
+  when: docker_upgrade | bool and docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
 
-# todo: should we use the docker role to actually do the upgrade?
-- name: upgrade to specified docker version
+- name: Upgrade Docker
   action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version }} state=present"
-  register: docker_upgrade_result
-  when: docker_upgrade is defined and docker_upgrade | bool and docker_version is defined
+  when: docker_upgrade | bool
 
-- name: upgrade to latest docker version
-  action: "{{ ansible_pkg_mgr }} name=docker state=latest"
-  register: docker_upgrade_result
-  when: docker_upgrade is defined and docker_upgrade | bool and docker_version is not defined
-
-- name: restart containerized services
+- name: Restart containerized services
   service: name={{ item }} state=started
   with_items:
     - etcd_container
@@ -39,9 +32,9 @@
     - "{{ openshift.common.service_type }}-master-controllers"
     - "{{ openshift.common.service_type }}-node"
   failed_when: false
-  when: docker_upgrade is defined and docker_upgrade | bool and openshift.common.is_containerized | bool
+  when: docker_upgrade | bool and openshift.common.is_containerized | bool
 
-- name: wait for master api to come back online
+- name: Wait for master API to come back online
   become: no
   local_action:
     module: wait_for
@@ -49,4 +42,4 @@
       state=started
       delay=10
       port="{{ openshift.master.api_port }}"
-  when: docker_upgrade is defined and docker_upgrade | bool and inventory_hostname in groups.oo_masters_to_config
+  when: docker_upgrade | bool and inventory_hostname in groups.oo_masters_to_config

playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml

@@ -39,12 +39,17 @@
     docker_upgrade: False
   when: docker_upgrade is not defined or docker_upgrade | bool
 
-- name: Flag for upgrade if Docker version does not equal latest
-  set_fact:
-    docker_upgrade: true
-  when: docker_version is not defined and pkg_check.rc == 0 and curr_docker_version.stdout | version_compare(avail_docker_version.stdout,'<')
+# Make sure a docker_verison is set if none was requested:
+- set_fact:
+    docker_version: avail_docker_version.stdout
+  when: docker_version is not defined
 
-- name: Flag for upgrade if Docker version does not equal requested version
+- name: Flag for Docker upgrade if necessary
   set_fact:
-    docker_upgrade: true
+    docker_upgrade: True
   when: docker_version is defined and pkg_check.rc == 0 and curr_docker_version.stdout | version_compare(docker_version,'<')
+
+- name: Flag to delete all images prior to upgrade if crossing Docker 1.10 boundary
+  set_fact:
+      docker_upgrade_nuke_images: True
+  when: docker_upgrade_nuke_images is not defined and docker_upgrade | bool and curr_docker_version.stdout | version_compare('1.10','<') and docker_version | version_compare('1.10','>=')

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml

@@ -89,6 +89,10 @@
     # defined, and overriding the normal behavior of protecting the installed version
     openshift_release: "3.2"
     openshift_protect_installed_version: False
+    # Docker role (a dependency) should be told not to do anything to installed version
+    # of docker, we handle this separately during upgrade. (the inventory may have a
+    # docker_version defined, we don't want to actually do it until later)
+    docker_protect_installed_version: True
 
 - name: Verify master processes
   hosts: oo_masters_to_config

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml

@@ -86,7 +86,7 @@
     when: docker_upgrade is not defined or docker_upgrade | bool
 
   - include: ../docker/upgrade.yml
-    when: docker_upgrade is defined and docker_upgrade | bool
+    when: docker_upgrade | bool
 
   - include: rpm_upgrade.yml
     vars:

roles/docker/defaults/main.yml

@@ -1 +1,2 @@
 ---
+docker_protect_installed_version: False

roles/docker/tasks/main.yml

@@ -37,7 +37,7 @@
 # Make sure Docker is installed, but does not update a running version.
 # Docker upgrades are handled by a separate playbook.
 - name: Install Docker
-  action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present"
+  action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined and not docker_protect_installed_version | bool else '' }} state=present"
   when: not openshift.common.is_atomic | bool
 
 - name: Start the Docker service