Cleanup systemcontainer bits

This commit removes many systemcontainer tuneables,
especially around container_runtime.

etcd system container tunables are left in place
in some files to aid in determining current installation
type for migration during upgrades.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1565078

inventory/hosts.example

@@ -80,18 +80,7 @@ debug_level=2
 # This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up.
 #openshift_pkg_version=-3.9.0
 
-# This enables all the system containers except for docker:
-#openshift_use_system_containers=False
-#
-# But you can choose separately each component that must be a
-# system container:
-#
-#openshift_use_openvswitch_system_container=False
-#openshift_use_node_system_container=False
-#openshift_use_master_system_container=False
-#openshift_use_etcd_system_container=False
-#
-# In either case, system_images_registry must be specified to be able to find the system images
+# If using Atomic Host, you may specify system container image registry for the nodes:
 #system_images_registry="docker.io"
 # when openshift_deployment_type=='openshift-enterprise'
 #system_images_registry="registry.access.redhat.com"
@@ -128,25 +117,8 @@ debug_level=2
 #openshift_docker_additional_registries=registry.example.com
 #openshift_docker_insecure_registries=registry.example.com
 #openshift_docker_blocked_registries=registry.hacker.com
-# Use Docker inside a System Container. Note that this is a tech preview and should
-# not be used to upgrade!
-# The following options for docker are ignored:
-# - docker_version
-# - docker_upgrade
-# The following options must not be used
-# - openshift_docker_options
-#openshift_docker_use_system_container=False
-# Install and run cri-o. By default this will install cri-o as a system container.
+# Install and run cri-o.
 #openshift_use_crio=False
-# You can install cri-o as an rpm by setting the following variable:
-#openshift_crio_use_rpm=False
-# NOTE: This uses openshift_docker_systemcontainer_image_registry_override as it's override
-# just as container-engine does.
-# Force the registry to use for the container-engine/crio system container. By default the registry
-# will be built off of the deployment type and ansible_distribution. Only
-# use this option if you are sure you know what you are doing!
-#openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest"
-#openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest"
 # The following two variables are used when openshift_use_crio is True
 # and cleans up after builds that pass through docker. When openshift_use_crio is True
 # these variables are set to the defaults shown. You may override them here.

playbooks/container-runtime/private/build_container_groups.yml

@@ -1,8 +0,0 @@
----
-# l_build_container_groups_hosts is passed in via prerequisites.yml during
-# etcd scaleup plays.
-- name: create oo_hosts_containerized_managed_true host group
-  hosts: "{{ l_build_container_groups_hosts | default('oo_all_hosts:!oo_nodes_to_config') }}"
-  tasks:
-  - group_by:
-      key: oo_hosts_containerized_managed_{{ (openshift_is_containerized | default(False)) | ternary('true','false') }}

playbooks/container-runtime/private/config.yml

@@ -1,13 +1,11 @@
 ---
 # l_scale_up_hosts may be passed in via prerequisites.yml during scaleup plays.
-# l_etcd_scale_up_hosts may be passed in via prerequisites.yml during etcd
+# l_etcd_scale_up_crt_hosts may be passed in via prerequisites.yml during etcd
 # scaleup plays.
 
-- import_playbook: build_container_groups.yml
-
-- hosts: "{{ l_etcd_scale_up_hosts | default(l_scale_up_hosts) | default(l_default_container_runtime_hosts) }}"
+- hosts: "{{ l_etcd_scale_up_crt_hosts | default(l_scale_up_hosts) | default(l_default_container_runtime_hosts) }}"
   vars:
-    l_default_container_runtime_hosts: "oo_nodes_to_config:oo_hosts_containerized_managed_true"
+    l_default_container_runtime_hosts: "oo_nodes_to_config"
   roles:
     - role: container_runtime
   tasks:
@@ -21,25 +19,10 @@
         name: container_runtime
         tasks_from: package_docker.yml
       when:
-        - not openshift_docker_use_system_container | bool
-        - not openshift_use_crio_only | bool
-    - import_role:
-        name: container_runtime
-        tasks_from: systemcontainer_docker.yml
-      when:
-        - openshift_docker_use_system_container | bool
         - not openshift_use_crio_only | bool
     - import_role:
         name: container_runtime
-        tasks_from: systemcontainer_crio.yml
-      when:
-        - openshift_use_crio | bool
-        - not openshift_crio_use_rpm | bool
-        - openshift_docker_is_node_or_master | bool
-    - import_role:
-        name: container_runtime
         tasks_from: package_crio.yml
       when:
         - openshift_use_crio | bool
-        - openshift_crio_use_rpm | bool
         - openshift_docker_is_node_or_master | bool

playbooks/container-runtime/private/setup_storage.yml

@@ -1,11 +1,9 @@
 ---
 # l_scale_up_hosts may be passed in via prerequisites.yml during scaleup plays.
-# l_etcd_scale_up_hosts may be passed in via prerequisites.yml during etcd
+# l_etcd_scale_up_crt_hosts may be passed in via prerequisites.yml during etcd
 # scaleup plays.
 
-- import_playbook: build_container_groups.yml
-
-- hosts: "{{ l_etcd_scale_up_hosts | default(l_scale_up_hosts) | default(l_default_container_storage_hosts) }}"
+- hosts: "{{ l_etcd_scale_up_crt_hosts | default(l_scale_up_hosts) | default(l_default_container_storage_hosts) }}"
   vars:
     l_default_container_storage_hosts: "oo_nodes_to_config:oo_hosts_containerized_managed_true"
     l_chg_temp: "{{ hostvars[groups['oo_first_master'][0]]['openshift_containerized_host_groups'] | default([]) }}"

playbooks/init/base_packages.yml

@@ -42,20 +42,3 @@
       when: item != ''
       register: result
       until: result is succeeded
-
-    - name: Ensure various deps for running system containers are installed
-      package:
-        name: "{{ item }}"
-        state: present
-      with_items:
-      - atomic
-      - ostree
-      - runc
-      when:
-      - >
-        (openshift_use_system_containers | default(False)) | bool
-        or (openshift_use_etcd_system_container | default(False)) | bool
-        or (openshift_use_node_system_container | default(False)) | bool
-        or (openshift_use_master_system_container | default(False)) | bool
-      register: result
-      until: result is succeeded

playbooks/openshift-etcd/scaleup.yml

@@ -27,10 +27,7 @@
 # re-run prerequisites
 - import_playbook: ../prerequisites.yml
   vars:
-    # We need to ensure container_runtime is only processed for containerized
-    # etcd hosts by setting l_build_container_groups_hosts and l_etcd_scale_up_hosts
-    l_build_container_groups_hosts: "oo_new_etcd_to_config"
-    l_etcd_scale_up_hosts: "oo_hosts_containerized_managed_true"
+    l_etcd_scale_up_crt_hosts: "all:!all"
     l_scale_up_hosts: "oo_new_etcd_to_config"
     l_base_packages_hosts: "oo_new_etcd_to_config"
     l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_new_etcd_to_config"

roles/container_runtime/defaults/main.yml

@@ -8,9 +8,8 @@ openshift_docker_alternative_creds: False
 oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
 oreg_auth_credentials_replace: False
 
-openshift_docker_use_system_container: False
 openshift_docker_selinux_enabled: True
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+openshift_docker_service_name: "docker"
 
 openshift_docker_hosted_registry_insecure: False  # bool
 
@@ -81,91 +80,7 @@ docker_https_proxy: "{{ openshift.common.https_proxy | default('') }}"
 docker_no_proxy: "{{ openshift.common.no_proxy | default('') }}"
 
 openshift_use_crio: False
-openshift_crio_use_rpm: False
-openshift_use_crio_only: False
-
-l_openshift_image_tag: "{{ openshift_image_tag | string }}"
 
 l_required_docker_version: '1.13'
 
-# --------------------- #
-# systemcontainers_crio #
-# --------------------- #
-l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}"
-l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}"
-l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}"
-
-# this is a list of dictionaries of mounts
-# container_runtime_crio_additional_mounts:
-# - destination: /test
-#   source: /var/test
-#   options:
-#   - rw
-#   - mode=755
-#   type: bind
-container_runtime_crio_additional_mounts: []
-
-l_crio_additional_mounts: "{{ ',' + (container_runtime_crio_additional_mounts | lib_utils_oo_l_of_d_to_csv) if container_runtime_crio_additional_mounts != [] else '' }}"
-
-# this is a list of dictionaries of mounts
-# container_runtime_docker_additional_mounts:
-# - destination: /test
-#   source: /var/test
-#   options:
-#   - rw
-#   - mode=755
-#   type: bind
-container_runtime_docker_additional_mounts: []
-
-l_docker_additional_mounts: "{{ ',' + (container_runtime_docker_additional_mounts | lib_utils_oo_l_of_d_to_csv) if container_runtime_docker_additional_mounts != [] else '' }}"
-
-openshift_crio_image_tag_default: "latest"
-
-l_crt_crio_image_tag_dict:
-  openshift-enterprise: "{{ l_openshift_image_tag }}"
-  origin: "{{ openshift_crio_image_tag | default(openshift_crio_image_tag_default) }}"
-
-l_crt_crio_image_dict:
-  Fedora: "registry.fedoraproject.org/latest/cri-o"
-  CentOS: "registry.centos.org/projectatomic/cri-o"
-  RedHat: "registry.access.redhat.com/openshift3/cri-o"
-
-l_crio_image_name: "{{ l_crt_crio_image_dict[ansible_distribution] }}"
-l_crio_image_tag: "{{ l_crt_crio_image_tag_dict[openshift_deployment_type] }}"
-
-l_crio_image_default: "{{ l_crio_image_name }}:{{ l_crio_image_tag }}"
-l_crio_image: "{{ openshift_crio_systemcontainer_image_override | default(l_crio_image_default) }}"
-
-l_crio_pause_images_dict:
-  origin: 'docker.io/openshift/origin-${component}:${version}'
-  openshift-enterprise: 'registry.access.redhat.com/openshift3/ose-${component}:${version}'
-l_pause_registry_url_default: "{{ l_crio_pause_images_dict[openshift_deployment_type] }}"
-l_os_registry_url: "{{ oreg_url_master | default(oreg_url) | default(l_pause_registry_url_default) | regex_replace('${version}' | regex_escape, l_openshift_image_tag | default('${version}')) }}"
-
-pause_image: "{{ l_os_registry_url | regex_replace('${component}' | regex_escape, 'pod') }}"
-
-# ----------------------- #
-# systemcontainers_docker #
-# ----------------------- #
-l_crt_docker_image_dict:
-  Fedora: "registry.fedoraproject.org/latest/docker"
-  CentOS: "registry.centos.org/projectatomic/docker"
-  RedHat: "registry.access.redhat.com/openshift3/container-engine"
-
-openshift_docker_image_tag_default: "latest"
-l_crt_docker_image_tag_dict:
-  openshift-enterprise: "{{ l_openshift_image_tag }}"
-  origin: "{{ openshift_docker_image_tag | default(openshift_docker_image_tag_default) }}"
-
-l_docker_image_prepend: "{{ l_crt_docker_image_dict[ansible_distribution] }}"
-l_docker_image_tag: "{{ l_crt_docker_image_tag_dict[openshift_deployment_type] }}"
-
-l_docker_image_default: "{{ l_docker_image_prepend }}:{{ l_docker_image_tag }}"
-l_docker_image: "{{ openshift_docker_systemcontainer_image_override | default(l_docker_image_default) }}"
-
 l_crio_var_sock: "/var/run/crio/crio.sock"
-
-container_runtime_oci_umounts:
-- '/var/lib/containers/storage/*'
-- '/run/containers/storage/*'
-- '/var/lib/origin/*'

roles/container_runtime/tasks/common/syscontainer_packages.yml

@@ -1,28 +0,0 @@
----
-
-- name: Ensure container-selinux is installed
-  package:
-    name: container-selinux
-    state: present
-  when: not openshift_is_atomic | bool
-  register: result
-  until: result is succeeded
-
-# Used to pull and install the system container
-- name: Ensure atomic is installed
-  package:
-    name: atomic
-    state: present
-  when: not openshift_is_atomic | bool
-  register: result
-  until: result is succeeded
-
-# At the time of writing the atomic command requires runc for it's own use. This
-# task is here in the even that the atomic package ever removes the dependency.
-- name: Ensure runc is installed
-  package:
-    name: runc
-    state: present
-  when: not openshift_is_atomic | bool
-  register: result
-  until: result is succeeded

roles/container_runtime/tasks/package_crio.yml

@@ -82,4 +82,4 @@
 # 'docker login'
 - import_tasks: common/post.yml
   vars:
-    openshift_docker_alternative_creds: "{{ (openshift_use_crio_only | bool) or (openshift_docker_use_system_container | bool) }}"
+    openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"

roles/container_runtime/tasks/package_docker.yml

@@ -4,12 +4,7 @@
 # In some cases, some services may be run as containers and docker may still
 # be installed via rpm.
 - import_tasks: common/atomic_proxy.yml
-  when:
-  - >
-    (openshift_use_system_containers | default(False)) | bool
-    or (openshift_use_etcd_system_container | default(False)) | bool
-    or (openshift_use_node_system_container | default(False)) | bool
-    or (openshift_use_master_system_container | default(False)) | bool
+  when: openshift_is_atomic
 
 - name: Get current installed Docker version
   command: "{{ repoquery_installed }} --qf '%{version}' docker"

roles/container_runtime/tasks/systemcontainer_crio.yml

@@ -1,109 +0,0 @@
----
-- import_tasks: common/pre.yml
-
-- import_tasks: common/syscontainer_packages.yml
-
-- name: Check that overlay is in the kernel
-  shell: lsmod | grep overlay
-  register: l_has_overlay_in_kernel
-  ignore_errors: yes
-  failed_when: false
-
-- when: l_has_overlay_in_kernel.rc != 0
-  block:
-
-    - name: Add overlay to modprobe.d
-      template:
-        dest: /etc/modules-load.d/overlay.conf
-        src: overlay.conf.j2
-        backup: yes
-
-    - name: Manually modprobe overlay into the kernel
-      command: modprobe overlay
-
-    - name: Enable and start systemd-modules-load
-      service:
-        name: systemd-modules-load
-        enabled: yes
-        state: restarted
-
-- name: Ensure proxies are in the atomic.conf
-  import_tasks: common/atomic_proxy.yml
-
-# Be nice and let the user see the variable result
-- debug:
-    var: l_crio_image
-
-# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
-- name: Pre-pull CRI-O System Container image
-  command: "atomic pull --storage ostree {{ l_crio_image }}"
-  changed_when: false
-  environment:
-    NO_PROXY: "{{ openshift.common.no_proxy | default('') }}"
-
-- name: Install CRI-O System Container
-  oc_atomic_container:
-    name: "cri-o"
-    image: "{{ l_crio_image }}"
-    state: latest
-    values:
-      - "ADDTL_MOUNTS={{ l_crio_additional_mounts }}"
-
-- name: Remove CRI-O default configuration files
-  file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - /etc/cni/net.d/200-loopback.conf
-    - /etc/cni/net.d/100-crio-bridge.conf
-
-- name: Create the CRI-O configuration
-  template:
-    dest: /etc/crio/crio.conf
-    src: crio.conf.j2
-    backup: yes
-
-- name: Ensure CNI configuration directory exists
-  file:
-    path: /etc/cni/net.d/
-    state: directory
-
-- name: setup firewall for CRI-O
-  import_tasks: crio_firewall.yml
-
-- name: Configure the CNI network
-  template:
-    dest: /etc/cni/net.d/openshift-sdn.conf
-    src: 80-openshift-sdn.conf.j2
-  when: r_crio_use_openshift_sdn | bool
-
-- name: Create /etc/sysconfig/crio-storage
-  copy:
-    content: ""
-    dest: /etc/sysconfig/crio-storage
-    force: no
-
-- name: Create /etc/sysconfig/crio-network
-  template:
-    dest: /etc/sysconfig/crio-network
-    src: crio-network.j2
-
-- name: Configure oci umount for CRI-O
-  lineinfile:
-    dest: /etc/oci-umount.conf
-    line: '{{ item }}'
-  with_items: "{{ container_runtime_oci_umounts }}"
-
-- name: Start the CRI-O service
-  systemd:
-    name: "cri-o"
-    enabled: yes
-    state: started
-    daemon_reload: yes
-  register: start_result
-
-# If we are using crio only, docker.service might not be available for
-# 'docker login'
-- import_tasks: common/post.yml
-  vars:
-    openshift_docker_alternative_creds: "{{ (openshift_use_crio_only | bool) or (openshift_docker_use_system_container | bool) }}"

roles/container_runtime/tasks/systemcontainer_docker.yml

@@ -1,110 +0,0 @@
----
-# If docker_options are provided we should fail. We should not install docker and ignore
-# the users configuration. NOTE: docker_options == inventory:openshift_docker_options
-- name: Fail quickly if openshift_docker_options are set
-  assert:
-    that:
-      - "{% if not openshift_docker_options %}1{% else %}0{% endif %}"
-    msg: |
-      Docker via System Container does not allow for the use of the openshift_docker_options
-      variable. If you want to use openshift_docker_options you will need to use the
-      traditional docker package install. Otherwise, comment out openshift_docker_options
-      in your inventory file.
-
-- import_tasks: common/pre.yml
-
-- import_tasks: common/syscontainer_packages.yml
-
-# Make sure Docker is installed so we are able to use the client
-- name: Install Docker so we can use the client
-  package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
-  when: not openshift_is_atomic | bool
-  register: result
-  until: result is succeeded
-
-# Make sure docker.service from docker rpm is disabled. Errors are ignored.
-# docker runs as a system container as 'container-engine' in a later task.
-- name: Disable Docker
-  systemd:
-    name: docker
-    enabled: no
-    state: stopped
-    daemon_reload: yes
-  ignore_errors: True
-  register: r_docker_systemcontainer_docker_stop_result
-  until: not (r_docker_systemcontainer_docker_stop_result is failed)
-  retries: 3
-  delay: 30
-
-- name: Ensure proxies are in the atomic.conf
-  import_tasks: common/atomic_proxy.yml
-
-# Be nice and let the user see the variable result
-- debug:
-    var: l_docker_image
-
-# Do the authentication before pulling the container engine system container
-# as the pull might be from an authenticated registry.
-- import_tasks: registry_auth.yml
-  vars:
-    openshift_docker_alternative_creds: True
-
-# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
-- name: Pre-pull Container Engine System Container image
-  command: "atomic pull --storage ostree {{ l_docker_image }}"
-  changed_when: false
-  environment:
-    NO_PROXY: "{{ docker_no_proxy }}"
-
-
-- name: Ensure container-engine.service.d directory exists
-  file:
-    path: "{{ container_engine_systemd_dir }}"
-    state: directory
-
-- name: Ensure /etc/docker directory exists
-  file:
-    path: "{{ docker_conf_dir }}"
-    state: directory
-
-- name: Install Container Engine System Container
-  oc_atomic_container:
-    name: "{{ openshift_docker_service_name }}"
-    image: "{{ l_docker_image }}"
-    state: latest
-    values:
-      - "ADDTL_MOUNTS={{ l_docker_additional_mounts }}"
-
-- name: Configure Container Engine Service File
-  template:
-    dest: "{{ container_engine_systemd_dir }}/custom.conf"
-    src: systemcontainercustom.conf.j2
-
-# Configure container-engine using the container-daemon.json file
-# NOTE: daemon.json and container-daemon.json have been seperated to avoid
-#       collision.
-- name: Configure Container Engine
-  template:
-    dest: "{{ docker_conf_dir }}/container-daemon.json"
-    src: daemon.json
-
-# Enable and start the container-engine service (docker as system container)
-- name: Start the container-engine service
-  systemd:
-    name: "{{ openshift_docker_service_name }}"
-    enabled: yes
-    state: started
-    daemon_reload: yes
-  register: r_docker_systemcontainer_docker_start_result
-  until: not (r_docker_systemcontainer_docker_start_result is failed)
-  retries: 3
-  delay: 30
-
-- set_fact:
-    docker_service_status_changed: "{{ r_docker_systemcontainer_docker_start_result is changed }}"
-
-# Since docker is running as a system container, docker login will fail to create
-# credentials.  Use alternate method if requiring authenticated registries.
-- import_tasks: common/post.yml
-  vars:
-    openshift_docker_alternative_creds: True

roles/contiv/defaults/main.yml

@@ -127,7 +127,7 @@ contiv_h1_gw_default: "10.129.0.1"
 # contiv default private subnet for ext access
 contiv_private_ext_subnet: "10.130.0.0/16"
 
-contiv_openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+contiv_openshift_docker_service_name: "docker"
 
 contiv_api_proxy_port: 10000
 contiv_api_proxy_port_proto: tcp

roles/etcd/defaults/main.yaml

@@ -4,8 +4,8 @@ r_etcd_common_backup_sufix_name: ''
 
 l_etcd_bootstrapped: '{{ openshift.node.bootstrapped }}'
 
+# TODO(michaelgugino): Remove these in 3.11
 l_is_etcd_system_container: "{{ (openshift_use_etcd_system_container | default(openshift_use_system_containers | default(false)) | bool) }}"
-
 l_etcd_static_pod: "{{ not (r_etcd_common_skip_command_shim is defined and r_etcd_common_skip_command_shim) or l_etcd_bootstrapped }}"
 
 # runc, docker, static pod, host
@@ -109,7 +109,7 @@ r_etcd_os_firewall_allow:
 # set the backend quota to 4GB by default
 etcd_quota_backend_bytes: 4294967296
 
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+openshift_docker_service_name: "docker"
 
 etcd_ca_host: "{{ groups['oo_etcd_to_config'].0 }}"
 

roles/flannel/defaults/main.yaml

@@ -6,4 +6,4 @@ etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/flannel.etcd-ca.crt"
 etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.crt"
 etcd_peer_key_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.key"
 
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+openshift_docker_service_name: "docker"

roles/openshift_cli/defaults/main.yml

@@ -14,7 +14,6 @@ openshift_image_default: "{{ l_os_registry_url | regex_replace('${component}' |
 openshift_cli_image: "{{ (system_images_registry == 'docker') | ternary(openshift_image_default, (openshift_image_default.split('/')|length==2) | ternary(system_images_registry + '/' + openshift_image_default, openshift_image_default)) }}"
 system_openshift_cli_image: "{{ (system_images_registry == 'docker') | ternary('docker:' + openshift_cli_image, openshift_cli_image) }}"
 
-openshift_use_crio_only: False
 openshift_crio_use_rpm: False
 
 l_use_cli_atomic_image: "{{ (openshift_use_crio_only | bool and not openshift_crio_use_rpm | bool) }}"

roles/openshift_control_plane/defaults/main.yml

@@ -69,12 +69,12 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur
 oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
 oreg_auth_credentials_replace: False
 l_bind_docker_reg_auth: False
-openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}"
+openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"
 
 containerized_svc_dir: "/usr/lib/systemd/system"
 ha_svc_template_path: "native-cluster"
 
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+openshift_docker_service_name: "docker"
 
 openshift_master_loopback_config: "/etc/origin/master/openshift-master.kubeconfig"
 loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}"

roles/openshift_facts/defaults/main.yml

@@ -9,6 +9,7 @@ repoquery_cmd: "{{ (ansible_pkg_mgr == 'dnf') | ternary('dnf repoquery --latest-
 repoquery_installed: "{{ (ansible_pkg_mgr == 'dnf') | ternary('dnf repoquery --latest-limit 1 -d 0 --disableexcludes=all --installed', 'repoquery --plugins --installed') }}"
 
 openshift_cli_image: "{{ osm_image | default(openshift_cli_image_dict[openshift_deployment_type]) }}"
+openshift_use_crio_only: False
 
 # osm_default_subdomain is an old migrated fact, can probably be removed.
 osm_default_subdomain: "router.default.svc.cluster.local"

roles/openshift_loadbalancer/defaults/main.yml

@@ -32,7 +32,7 @@ r_openshift_loadbalancer_os_firewall_allow:
   port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp"
   cond: "{{ r_openshift_lb_use_nuage | bool }}"
 
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+openshift_docker_service_name: "docker"
 
 # NOTE
 # r_openshift_lb_use_nuage_default may be defined external to this role.

roles/openshift_node/defaults/main.yml

@@ -176,9 +176,9 @@ oreg_auth_credentials_replace: False
 l_bind_docker_reg_auth: False
 openshift_use_crio: False
 l_crio_var_sock: "/var/run/crio/crio.sock"
-openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False) | bool) }}"
+openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"
 
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+openshift_docker_service_name: "docker"
 
 # These defaults assume forcing journald persistence, fsync to disk once
 # a second, rate-limiting to 10,000 logs a second, no forwarding to

roles/openshift_node_certificates/defaults/main.yml

@@ -1,4 +1,4 @@
 ---
 openshift_node_cert_expire_days: 730
 
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
+openshift_docker_service_name: "docker"