Implement container runtime role

playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml

@@ -6,10 +6,6 @@
   retries: 3
   delay: 30
 
-- name: Update docker facts
-  openshift_facts:
-    role: docker
-
 - name: Restart containerized services
   service: name={{ item }} state=started
   with_items:

playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml

@@ -6,7 +6,7 @@
 
 - name: Update oreg_auth docker login credentials if necessary
   include_role:
-    name: docker
+    name: container_runtime
     tasks_from: registry_auth.yml
   when: oreg_auth_user is defined
 

playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml

@@ -143,10 +143,6 @@
   roles:
   - { role: openshift_cli }
   vars:
-    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
-    # Another spot where we assume docker is running and do not want to accidentally trigger an unsafe
-    # restart.
-    skip_docker_role: True
     __master_shared_resource_viewer_file: "shared_resource_viewer_role.yaml"
   tasks:
   - name: Reconcile Cluster Roles

playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml

@@ -73,12 +73,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - include: ../../../../openshift-master/private/validate_restart.yml
   tags:
   - pre_upgrade

playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml

@@ -77,12 +77,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - include: ../../../../openshift-master/private/validate_restart.yml
   tags:
   - pre_upgrade

playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml

@@ -66,12 +66,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - name: Verify masters are already upgraded
   hosts: oo_masters_to_config
   tags:

playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml

@@ -77,12 +77,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - include: ../../../../openshift-master/private/validate_restart.yml
   tags:
   - pre_upgrade

playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml

@@ -81,12 +81,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - include: ../../../../openshift-master/private/validate_restart.yml
   tags:
   - pre_upgrade

playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml

@@ -66,12 +66,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - name: Verify masters are already upgraded
   hosts: oo_masters_to_config
   tags:

playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml

@@ -77,12 +77,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - include: ../../../../openshift-master/private/validate_restart.yml
   tags:
   - pre_upgrade

playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml

@@ -81,12 +81,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - include: ../../../../openshift-master/private/validate_restart.yml
   tags:
   - pre_upgrade

playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml

@@ -66,12 +66,6 @@
     openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
 
-    # We skip the docker role at this point in upgrade to prevent
-    # unintended package, container, or config upgrades which trigger
-    # docker restarts. At this early stage of upgrade we can assume
-    # docker is configured and running.
-    skip_docker_role: True
-
 - name: Verify masters are already upgraded
   hosts: oo_masters_to_config
   tags:

playbooks/init/facts.yml

@@ -135,11 +135,13 @@
     - openshift_http_proxy is defined or openshift_https_proxy is defined
     - openshift_generate_no_proxy_hosts | default(True) | bool
 
+  - name: Initialize openshift.node.sdn_mtu
+    openshift_facts:
+      role: node
+      local_facts:
+        sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
+
   - name: initialize_facts set_fact repoquery command
     set_fact:
       repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
       repoquery_installed: "{{ 'dnf repoquery --latest-limit 1 -d 0 --disableexcludes=all --installed' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins --installed' }}"
-
-  - name: initialize_facts set_fact on openshift_docker_hosted_registry_network
-    set_fact:
-      openshift_docker_hosted_registry_network: "{{ '' if 'oo_first_master' not in groups else hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"

playbooks/init/main.yml

@@ -24,6 +24,7 @@
 - import_playbook: repos.yml
 
 - import_playbook: version.yml
+  when: not (skip_verison | default(False))
 
 - name: Initialization Checkpoint End
   hosts: all

playbooks/openshift-hosted/private/cockpit-ui.yml

@@ -5,4 +5,4 @@
   - role: cockpit-ui
     when:
     - openshift_hosted_manage_registry | default(true) | bool
-    - not openshift.docker.hosted_registry_insecure | default(false) | bool
+    - not (openshift_docker_hosted_registry_insecure | default(false)) | bool

playbooks/openshift-loadbalancer/private/config.yml

@@ -11,14 +11,12 @@
           status: "In Progress"
           start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
 
-- name: Configure firewall and docker for load balancers
+- name: Configure firewall load balancers
   hosts: oo_lb_to_config:!oo_masters_to_config:!oo_nodes_to_config
   vars:
     openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag }}"
   roles:
   - role: os_firewall
-  - role: openshift_docker
-    when: openshift.common.is_containerized | default(False) | bool and not skip_docker_role | default(False) | bool
 
 - name: Configure load balancers
   hosts: oo_lb_to_config

playbooks/openshift-node/private/configure_nodes.yml

@@ -4,7 +4,6 @@
   vars:
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
     openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
-    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
     openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
                                                     | union(groups['oo_masters_to_config'])
                                                     | union(groups['oo_etcd_to_config'] | default([])))

playbooks/openshift-node/private/containerized_nodes.yml

@@ -5,7 +5,6 @@
   vars:
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
     openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
-    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
     openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
                                                     | union(groups['oo_masters_to_config'])
                                                     | union(groups['oo_etcd_to_config'] | default([])))

playbooks/openshift-node/private/restart.yml

@@ -16,10 +16,6 @@
     retries: 3
     delay: 30
 
-  - name: Update docker facts
-    openshift_facts:
-      role: docker
-
   - name: Restart containerized services
     service:
       name: "{{ item }}"

playbooks/prerequisites.yml

@@ -1,7 +1,12 @@
 ---
-- name: Place holder for prerequisites
-  hosts: localhost
-  gather_facts: false
+- include: init/main.yml
+  vars:
+    skip_verison: True
+
+- hosts: "{{ l_containerized_host_groups }}"
+  vars:
+    l_chg_temp: "{{ openshift_containerized_host_groups | default([]) }}"
+    l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}"
   tasks:
-  - name: Debug placeholder
-    debug: msg="Prerequisites ran."
+    - include_role:
+        name: container_runtime

playbooks/roles

@@ -0,0 +1 @@
+../roles

roles/calico/handlers/main.yml

@@ -3,10 +3,10 @@
   become: yes
   systemd: name=calico state=restarted
 
-- name: restart docker
+- name: restart container runtime
   become: yes
   systemd:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     state: restarted
   register: l_docker_restart_docker_in_calico_result
   until: not l_docker_restart_docker_in_calico_result | failed

roles/calico/templates/calico.service.j2

@@ -1,7 +1,7 @@
 [Unit]
 Description=calico
-After={{ openshift.docker.service_name }}.service
-Requires={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
 
 [Service]
 Restart=always

roles/docker/README.md

@@ -10,27 +10,23 @@ Requirements
 
 Ansible 2.2
 
-Role Variables
+Mandator Role Variables
 --------------
 
-docker_conf_dir: location of the Docker configuration directory
-docker_systemd_dir location of the systemd directory for Docker
-docker_udev_workaround: raises udevd timeout to 5 minutes (https://bugzilla.redhat.com/show_bug.cgi?id=1272446)
-udevw_udevd_dir: location of systemd config for systemd-udevd.service
+
 
 Dependencies
 ------------
 
-Depends on the os_firewall role.
+Depends on openshift_facts having already been run.
 
 Example Playbook
 ----------------
 
     - hosts: servers
       roles:
-      - role: docker
+      - role: container_runtime
         docker_udev_workaround: "true"
-        docker_use_system_container: False
 
 License
 -------

roles/docker/defaults/main.yml

@@ -2,18 +2,34 @@
 docker_cli_auth_config_path: '/root/.docker'
 openshift_docker_signature_verification: False
 
+repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
+
 openshift_docker_alternative_creds: False
 
 # oreg_url is defined by user input.
 oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
 oreg_auth_credentials_replace: False
 
+openshift_docker_use_system_container: False
+openshift_docker_disable_push_dockerhub: False  # bool
+openshift_docker_selinux_enabled: True
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"
+
+openshift_docker_hosted_registry_insecure: False  # bool
+
+openshift_docker_hosted_registry_network_default: "{{ openshift_portal_net | default(False) }}"
+openshift_docker_hosted_registry_network: "{{ openshift_docker_hosted_registry_network_default }}"
+
 openshift_docker_additional_registries: []
 openshift_docker_blocked_registries: []
 openshift_docker_insecure_registries: []
 
 openshift_docker_ent_reg: 'registry.access.redhat.com'
 
+openshift_docker_options: False  # str
+openshift_docker_log_driver: False  # str
+openshift_docker_log_options: []
+
 # The l2_docker_* variables convert csv strings to lists, if
 # necessary.  These variables should be used in place of their respective
 # openshift_docker_* counterparts to ensure the properly formatted lists are
@@ -21,6 +37,7 @@ openshift_docker_ent_reg: 'registry.access.redhat.com'
 l2_docker_additional_registries: "{% if openshift_docker_additional_registries is string %}{% if openshift_docker_additional_registries == '' %}[]{% elif ',' in openshift_docker_additional_registries %}{{ openshift_docker_additional_registries.split(',') | list }}{% else %}{{ [ openshift_docker_additional_registries ] }}{% endif %}{% else %}{{ openshift_docker_additional_registries }}{% endif %}"
 l2_docker_blocked_registries: "{% if openshift_docker_blocked_registries is string %}{% if openshift_docker_blocked_registries == '' %}[]{% elif ',' in openshift_docker_blocked_registries %}{{ openshift_docker_blocked_registries.split(',') | list }}{% else %}{{ [ openshift_docker_blocked_registries ] }}{% endif %}{% else %}{{ openshift_docker_blocked_registries }}{% endif %}"
 l2_docker_insecure_registries: "{% if openshift_docker_insecure_registries is string %}{% if openshift_docker_insecure_registries == '' %}[]{% elif ',' in openshift_docker_insecure_registries %}{{ openshift_docker_insecure_registries.split(',') | list }}{% else %}{{ [ openshift_docker_insecure_registries ] }}{% endif %}{% else %}{{ openshift_docker_insecure_registries }}{% endif %}"
+l2_docker_log_options: "{% if openshift_docker_log_options is string %}{% if ',' in openshift_docker_log_options %}{{ openshift_docker_log_options.split(',') | list }}{% else %}{{ [ openshift_docker_log_options ] }}{% endif %}{% else %}{{ openshift_docker_log_options }}{% endif %}"
 
 openshift_docker_use_etc_containers: False
 containers_registries_conf_path: /etc/containers/registries.conf
@@ -38,3 +55,26 @@ openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['o
 
 docker_alt_storage_path: /var/lib/containers/docker
 docker_default_storage_path: /var/lib/docker
+
+# Set local versions of facts that must be in json format for container-daemon.json
+# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson
+l_docker_log_options: "{{ l2_docker_log_options | to_json }}"
+l_docker_additional_registries: "{{ l2_docker_additional_registries | to_json }}"
+l_docker_blocked_registries: "{{ l2_docker_blocked_registries | to_json }}"
+l_docker_insecure_registries: "{{ l2_docker_insecure_registries | to_json }}"
+l_docker_selinux_enabled: "{{ openshift_docker_selinux_enabled | to_json }}"
+
+docker_http_proxy: "{{ openshift_http_proxy | default('') }}"
+docker_https_proxy: "{{ openshift.common.https_proxy | default('') }}"
+docker_no_proxy: "{{ openshift.common.no_proxy | default('') }}"
+
+openshift_use_crio: False
+openshift_use_crio_only: False
+
+
+l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}"
+l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}"
+l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}"
+
+l_openshift_image_tag_default: "{{ openshift_release }}"
+l_openshift_image_tag: "{{ openshift_image_tag | default(l_openshift_image_tag_default) | string}}"

roles/docker/handlers/main.yml

@@ -1,8 +1,8 @@
 ---
 
-- name: restart docker
+- name: restart container runtime
   systemd:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     state: restarted
     daemon_reload: yes
   register: r_docker_restart_docker_result

roles/docker/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: OpenShift
-  description: docker package install
+  description: container runtime install and configure
   company: Red Hat, Inc
   license: ASL 2.0
   min_ansible_version: 2.2

roles/docker/tasks/main.yml

@@ -1,15 +1,7 @@
 ---
-# These tasks dispatch to the proper set of docker tasks based on the
-# inventory:openshift_docker_use_system_container variable
-
 - include_tasks: udev_workaround.yml
   when: docker_udev_workaround | default(False) | bool
 
-- set_fact:
-    l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}"
-    l_use_crio: "{{ openshift_use_crio | default(False) }}"
-    l_use_crio_only: "{{ openshift_use_crio_only | default(False) }}"
-
 - name: Add enterprise registry, if necessary
   set_fact:
     l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}"
@@ -17,13 +9,13 @@
     - openshift.common.deployment_type == 'openshift-enterprise'
     - openshift_docker_ent_reg != ''
     - openshift_docker_ent_reg not in l2_docker_additional_registries
-    - not l_use_crio_only
+    - not openshift_use_crio_only | bool
 
 - name: Use Package Docker if Requested
   include_tasks: package_docker.yml
   when:
-    - not l_use_system_container
-    - not l_use_crio_only
+    - not openshift_docker_use_system_container
+    - not openshift_use_crio_only
 
 - name: Ensure /var/lib/containers exists
   file:
@@ -37,13 +29,13 @@
 - name: Use System Container Docker if Requested
   include_tasks: systemcontainer_docker.yml
   when:
-    - l_use_system_container
-    - not l_use_crio_only
+    - openshift_docker_use_system_container
+    - not openshift_use_crio_only
 
 - name: Add CRI-O usage Requested
   include_tasks: systemcontainer_crio.yml
   when:
-    - l_use_crio
+    - openshift_use_crio
     - openshift_docker_is_node_or_master | bool
 
 - name: stat the docker data dir
@@ -52,13 +44,13 @@
   register: dockerstat
 
 - when:
-    - l_use_crio
+    - openshift_use_crio
     - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool)
   block:
     - name: stop the current running docker
       systemd:
         state: stopped
-        name: "{{ openshift.docker.service_name }}"
+        name: "{{ openshift_docker_service_name }}"
 
     - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}"
       command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}"
@@ -90,4 +82,4 @@
     - name: start docker
       systemd:
         state: started
-        name: "{{ openshift.docker.service_name }}"
+        name: "{{ openshift_docker_service_name }}"

roles/docker/tasks/package_docker.yml

@@ -52,7 +52,7 @@
       dest: "{{ docker_systemd_dir }}/custom.conf"
       src: custom.conf.j2
     notify:
-    - restart docker
+    - restart container runtime
   when: not (os_firewall_use_firewalld | default(False)) | bool
 
 - stat: path=/etc/sysconfig/docker
@@ -78,7 +78,7 @@
     reg_fact_val: "{{ l2_docker_insecure_registries }}"
     reg_flag: --insecure-registry
   notify:
-  - restart docker
+  - restart container runtime
 
 - name: Place additional/blocked/insecure registries in /etc/containers/registries.conf
   template:
@@ -86,7 +86,7 @@
     src: registries.conf
   when: openshift_docker_use_etc_containers | bool
   notify:
-  - restart docker
+  - restart container runtime
 
 - name: Set Proxy Settings
   lineinfile:
@@ -96,30 +96,34 @@
     state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
   with_items:
   - reg_conf_var: HTTP_PROXY
-    reg_fact_val: "{{ docker_http_proxy | default('') }}"
+    reg_fact_val: "{{ docker_http_proxy }}"
   - reg_conf_var: HTTPS_PROXY
-    reg_fact_val: "{{ docker_https_proxy | default('') }}"
+    reg_fact_val: "{{ docker_https_proxy }}"
   - reg_conf_var: NO_PROXY
-    reg_fact_val: "{{ docker_no_proxy | default('') }}"
+    reg_fact_val: "{{ docker_no_proxy }}"
   notify:
-  - restart docker
+  - restart container runtime
   when:
-  - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common'
+  - docker_check.stat.isreg is defined
+  - docker_check.stat.isreg
+  - docker_http_proxy != '' or docker_https_proxy != ''
 
 - name: Set various Docker options
   lineinfile:
     dest: /etc/sysconfig/docker
     regexp: '^OPTIONS=.*$'
     line: "OPTIONS='\
-      {% if ansible_selinux.status | default(None) == 'enabled' and docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \
-      {% if docker_log_driver is defined  %} --log-driver {{ docker_log_driver }}{% endif %} \
-      {% if docker_log_options is defined %} {{ docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \
+      {% if ansible_selinux.status | default(None) == 'enabled' and openshift_docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \
+      {% if openshift_docker_log_driver | bool %} --log-driver {{ openshift_docker_log_driver }}{% endif %} \
+      {% if l2_docker_log_options != [] %} {{ l2_docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \
+      {% if openshift_docker_hosted_registry_insecure and (openshift_docker_hosted_registry_network | bool) %} --insecure-registry={{ openshift_docker_hosted_registry_network }} {% endif %} \
       {% if docker_options is defined %} {{ docker_options }}{% endif %} \
-      {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %} \
+      {% if openshift_docker_options %} {{ openshift_docker_options }}{% endif %} \
+      {% if openshift_docker_disable_push_dockerhub %} --confirm-def-push={{ openshift_docker_disable_push_dockerhub | bool }}{% endif %} \
       --signature-verification={{ openshift_docker_signature_verification | bool }}'"
   when: docker_check.stat.isreg is defined and docker_check.stat.isreg
   notify:
-  - restart docker
+  - restart container runtime
 
 - stat: path=/etc/sysconfig/docker-network
   register: sysconfig_docker_network_check
@@ -134,7 +138,7 @@
   - sysconfig_docker_network_check.stat.isreg is defined
   - sysconfig_docker_network_check.stat.isreg
   notify:
-  - restart docker
+  - restart container runtime
 
 # The following task is needed as the systemd module may report a change in
 # state even though docker is already running.

roles/docker/tasks/systemcontainer_crio.yml

@@ -1,28 +1,5 @@
 ---
-
 # TODO: Much of this file is shared with container engine tasks
-- set_fact:
-    l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}"
-- set_fact:
-    l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}"
-- set_fact:
-    l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}"
-
-- set_fact:
-    l_openshift_image_tag: "{{ openshift_image_tag | string }}"
-  when: openshift_image_tag is defined
-
-- set_fact:
-    l_openshift_image_tag: "latest"
-  when:
-    - openshift_image_tag is not defined
-    - openshift_release == "latest"
-
-- set_fact:
-    l_openshift_image_tag: "{{ openshift_release | string }}"
-  when:
-    - openshift_image_tag is not defined
-    - openshift_release != "latest"
 
 - name: Ensure container-selinux is installed
   package:
@@ -184,4 +161,4 @@
 # 'docker login'
 - include_tasks: registry_auth.yml
   vars:
-    openshift_docker_alternative_creds: "{{ l_use_crio_only }}"
+    openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}"

roles/docker/tasks/systemcontainer_docker.yml

@@ -1,28 +1,10 @@
 ---
-
-- set_fact:
-    l_openshift_image_tag: "{{ openshift_image_tag | string }}"
-  when: openshift_image_tag is defined
-
-- set_fact:
-    l_openshift_image_tag: "latest"
-  when:
-    - openshift_image_tag is not defined
-    - openshift_release == "latest"
-
-- set_fact:
-    l_openshift_image_tag: "{{ openshift_release | string }}"
-  when:
-    - openshift_image_tag is not defined
-    - openshift_release != "latest"
-
 # If docker_options are provided we should fail. We should not install docker and ignore
 # the users configuration. NOTE: docker_options == inventory:openshift_docker_options
 - name: Fail quickly if openshift_docker_options are set
   assert:
     that:
-      - docker_options is defined
-      - docker_options != ""
+      - "{% if not openshift_docker_options %}1{% else %}0{% endif %}"
     msg: |
       Docker via System Container does not allow for the use of the openshift_docker_options
       variable. If you want to use openshift_docker_options you will need to use the
@@ -106,7 +88,7 @@
 
     - name: Set the full image name
       set_fact:
-        l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:{{ l_docker_image_tag }}"
+        l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift_docker_service_name }}:{{ l_docker_image_tag }}"
 
     # For https://github.com/openshift/openshift-ansible/pull/5354#issuecomment-328552959
     - name: Use a specific image if requested
@@ -125,7 +107,7 @@
   command: "atomic pull --storage ostree {{ l_docker_image }}"
   changed_when: false
   environment:
-    NO_PROXY: "{{ openshift.common.no_proxy | default('') }}"
+    NO_PROXY: "{{ docker_no_proxy }}"
 
 
 - name: Ensure container-engine.service.d directory exists
@@ -140,7 +122,7 @@
 
 - name: Install Container Engine System Container
   oc_atomic_container:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     image: "{{ l_docker_image }}"
     state: latest
 
@@ -149,15 +131,6 @@
     dest: "{{ container_engine_systemd_dir }}/custom.conf"
     src: systemcontainercustom.conf.j2
 
-# Set local versions of facts that must be in json format for container-daemon.json
-# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson
-- set_fact:
-    l_docker_insecure_registries: "{{ l2_docker_insecure_registries | default([]) | to_json }}"
-    l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}"
-    l_docker_additional_registries: "{{ l2_docker_additional_registries | default([]) | to_json }}"
-    l_docker_blocked_registries: "{{ l2_docker_blocked_registries | default([]) | to_json }}"
-    l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}"
-
 # Configure container-engine using the container-daemon.json file
 # NOTE: daemon.json and container-daemon.json have been seperated to avoid
 #       collision.
@@ -169,7 +142,7 @@
 # Enable and start the container-engine service
 - name: Start the Container Engine service
   systemd:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     enabled: yes
     state: started
     daemon_reload: yes

roles/docker/templates/daemon.json

@@ -5,8 +5,8 @@
     "disable-legacy-registry": false,
     "exec-opts": ["native.cgroupdriver=systemd"],
     "insecure-registries": {{ l_docker_insecure_registries }},
-{% if docker_log_driver is defined  %}
-    "log-driver": "{{ docker_log_driver }}",
+{% if openshift_docker_log_driver is defined  %}
+    "log-driver": "{{ openshift_docker_log_driver }}",
 {%- endif %}
     "log-opts": {{ l_docker_log_options }},
     "runtimes": {

roles/contiv/defaults/main.yml

@@ -119,3 +119,5 @@ contiv_h1_gw_default: "10.129.0.1"
 
 # contiv default private subnet for ext access
 contiv_private_ext_subnet: "10.130.0.0/16"
+
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"

roles/contiv/tasks/netplugin.yml

@@ -105,7 +105,7 @@
 
 - name: Docker | Restart docker
   service:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     state: restarted
   when: docker_updated|changed
   register: l_docker_restart_docker_in_contiv_result

roles/contiv/templates/aci-gw.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Contiv ACI gw
-After=auditd.service systemd-user-sessions.service time-sync.target {{ openshift.docker.service_name }}.service
+After=auditd.service systemd-user-sessions.service time-sync.target {{ openshift_docker_service_name }}.service
 
 [Service]
 ExecStart={{ bin_dir }}/aci_gw.sh start

roles/etcd/defaults/main.yaml

@@ -97,3 +97,5 @@ r_etcd_os_firewall_allow:
 
 # set the backend quota to 4GB by default
 etcd_quota_backend_bytes: 4294967296
+
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"

roles/etcd/templates/etcd.docker.service

@@ -1,8 +1,8 @@
 [Unit]
 Description=The Etcd Server container
-After={{ openshift.docker.service_name }}.service
-Requires={{ openshift.docker.service_name }}.service
-PartOf={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
+PartOf={{ openshift_docker_service_name }}.service
 
 [Service]
 EnvironmentFile={{ etcd_conf_file }}
@@ -14,4 +14,4 @@ Restart=always
 RestartSec=5s
 
 [Install]
-WantedBy={{ openshift.docker.service_name }}.service
+WantedBy={{ openshift_docker_service_name }}.service

roles/flannel/defaults/main.yaml

@@ -5,3 +5,5 @@ etcd_hosts: "{{ etcd_urls }}"
 etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/{{ 'ca' if (embedded_etcd | bool) else 'flannel.etcd-ca' }}.crt"
 etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.crt"
 etcd_peer_key_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.key"
+
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"

roles/flannel/handlers/main.yml

@@ -6,7 +6,7 @@
 - name: restart docker
   become: yes
   systemd:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     state: restarted
   register: l_docker_restart_docker_in_flannel_result
   until: not l_docker_restart_docker_in_flannel_result | failed

roles/openshift_cli/defaults/main.yml

@@ -4,3 +4,8 @@ system_images_registry_dict:
   origin: "docker.io"
 
 system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}"
+
+openshift_use_crio_only: False
+
+l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(False)) | bool }}"
+l_use_cli_atomic_image: "{{ openshift_use_crio_only or l_is_system_container_image }}"

roles/openshift_cli/meta/main.yml

@@ -12,6 +12,4 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- role: openshift_docker
-  when: not skip_docker_role | default(False) | bool
 - role: openshift_facts

roles/openshift_cli/tasks/main.yml

@@ -1,10 +1,4 @@
 ---
-- set_fact:
-    l_use_crio_only: "{{ openshift_use_crio_only | default(false) }}"
-    l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool }}"
-- set_fact:
-    l_use_cli_atomic_image: "{{ l_use_crio_only or l_is_system_container_image }}"
-
 - name: Install clients
   package: name={{ openshift.common.service_type }}-clients state=present
   when: not openshift.common.is_containerized | bool

roles/openshift_docker/defaults/main.yml

@@ -1 +0,0 @@
----

roles/openshift_docker/meta/main.yml

@@ -1,16 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: OpenShift Docker
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 1.9
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-dependencies:
-- role: openshift_docker_facts
-- role: docker

roles/openshift_docker/tasks/main.yml

@@ -1 +0,0 @@
----

roles/openshift_docker_facts/defaults/main.yml

@@ -1 +0,0 @@
----

roles/openshift_docker_facts/meta/main.yml

@@ -1,15 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: OpenShift Docker Facts
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 1.9
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-dependencies:
-- { role: openshift_facts }

roles/openshift_docker_facts/tasks/main.yml

@@ -1,39 +0,0 @@
----
-- name: Set docker facts
-  openshift_facts:
-    role: "{{ item.role }}"
-    local_facts: "{{ item.local_facts }}"
-  with_items:
-  - role: docker
-    local_facts:
-      selinux_enabled: "{{ openshift_docker_selinux_enabled | default(None) }}"
-      log_driver: "{{ openshift_docker_log_driver | default(None) }}"
-      log_options: "{{ openshift_docker_log_options | default(None) }}"
-      options: "{{ openshift_docker_options | default(None) }}"
-      disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}"
-      hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(openshift.docker.hosted_registry_insecure | default(False)) }}"
-      hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}"
-      use_system_container: "{{ openshift_docker_use_system_container | default(False) }}"
-      use_crio: "{{ openshift_use_crio | default(False) }}"
-  - role: node
-    local_facts:
-      sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
-
-- set_fact:
-    docker_selinux_enabled: "{{ openshift.docker.selinux_enabled | default(omit) }}"
-    docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}"
-    docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
-    docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub
-                               | default(omit) }}"
-    docker_http_proxy: "{{ openshift.common.http_proxy | default(omit) }}"
-    docker_https_proxy: "{{ openshift.common.https_proxy | default(omit) }}"
-    docker_no_proxy: "{{ openshift.common.no_proxy | default(omit) }}"
-
-- set_fact:
-    docker_options: "--insecure-registry={{ openshift.docker.hosted_registry_network }} {{ openshift.docker.options | default ('') }}"
-  when: openshift.docker.hosted_registry_insecure | default(False) | bool and openshift.docker.hosted_registry_network is defined
-  register: hosted_registry_options
-
-- set_fact:
-    docker_options: "{{ openshift.docker.options | default(omit) }}"
-  when: hosted_registry_options | skipped

roles/openshift_docker_facts/vars/main.yml

@@ -1,2 +0,0 @@
----
-repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"

roles/openshift_etcd/meta/main.yml

@@ -13,6 +13,4 @@ galaxy_info:
   - cloud
 dependencies:
 - role: openshift_etcd_facts
-- role: openshift_docker
-  when: openshift.common.is_containerized | bool
 - role: etcd

roles/openshift_facts/library/openshift_facts.py

@@ -51,39 +51,6 @@ EXAMPLES = '''
 '''
 
 
-def migrate_docker_facts(facts):
-    """ Apply migrations for docker facts """
-    params = {
-        'common': (
-            'options'
-        ),
-        'node': (
-            'log_driver',
-            'log_options'
-        )
-    }
-    if 'docker' not in facts:
-        facts['docker'] = {}
-    # pylint: disable=consider-iterating-dictionary
-    for role in params.keys():
-        if role in facts:
-            for param in params[role]:
-                old_param = 'docker_' + param
-                if old_param in facts[role]:
-                    facts['docker'][param] = facts[role].pop(old_param)
-
-    if 'node' in facts and 'portal_net' in facts['node']:
-        facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net')
-
-    # log_options was originally meant to be a comma separated string, but
-    # we now prefer an actual list, with backward compatibility:
-    if 'log_options' in facts['docker'] and \
-            isinstance(facts['docker']['log_options'], string_types):
-        facts['docker']['log_options'] = facts['docker']['log_options'].split(",")
-
-    return facts
-
-
 # TODO: We should add a generic migration function that takes source and destination
 # paths and does the right thing rather than one function for common, one for node, etc.
 def migrate_common_facts(facts):
@@ -156,7 +123,6 @@ def migrate_admission_plugin_facts(facts):
 def migrate_local_facts(facts):
     """ Apply migrations of local facts """
     migrated_facts = copy.deepcopy(facts)
-    migrated_facts = migrate_docker_facts(migrated_facts)
     migrated_facts = migrate_common_facts(migrated_facts)
     migrated_facts = migrate_node_facts(migrated_facts)
     migrated_facts = migrate_hosted_facts(migrated_facts)
@@ -1100,6 +1066,7 @@ def get_version_output(binary, version_cmd):
     return output
 
 
+# We may need this in the future.
 def get_docker_version_info():
     """ Parses and returns the docker version info """
     result = None
@@ -1113,25 +1080,6 @@ def get_docker_version_info():
     return result
 
 
-def get_hosted_registry_insecure():
-    """ Parses OPTIONS from /etc/sysconfig/docker to determine if the
-        registry is currently insecure.
-    """
-    hosted_registry_insecure = None
-    if os.path.exists('/etc/sysconfig/docker'):
-        try:
-            ini_str = text_type('[root]\n' + open('/etc/sysconfig/docker', 'r').read(), 'utf-8')
-            ini_fp = io.StringIO(ini_str)
-            config = configparser.RawConfigParser()
-            config.readfp(ini_fp)
-            options = config.get('root', 'OPTIONS')
-            if 'insecure-registry' in options:
-                hosted_registry_insecure = True
-        except Exception:  # pylint: disable=broad-except
-            pass
-    return hosted_registry_insecure
-
-
 def get_openshift_version(facts):
     """ Get current version of openshift on the host.
 
@@ -1583,13 +1531,6 @@ def set_container_facts_if_unset(facts):
         deployer_image = 'openshift/origin-deployer'
 
     facts['common']['is_atomic'] = os.path.isfile('/run/ostree-booted')
-    # If openshift_docker_use_system_container is set and is True ....
-    if 'use_system_container' in list(facts['docker'].keys()):
-        # use safe_get_bool as the inventory variable may not be a
-        # valid boolean on it's own.
-        if safe_get_bool(facts['docker']['use_system_container']):
-            # ... set the service name to container-engine
-            facts['docker']['service_name'] = 'container-engine'
 
     if 'is_containerized' not in facts['common']:
         facts['common']['is_containerized'] = facts['common']['is_atomic']
@@ -1684,7 +1625,6 @@ class OpenShiftFacts(object):
                    'buildoverrides',
                    'cloudprovider',
                    'common',
-                   'docker',
                    'etcd',
                    'hosted',
                    'master',
@@ -1845,25 +1785,6 @@ class OpenShiftFacts(object):
                                     local_quota_per_fsgroup="",
                                     set_node_ip=False)
 
-        if 'docker' in roles:
-            docker = dict(disable_push_dockerhub=False,
-                          options='--log-driver=journald')
-            # NOTE: This is a workaround for a dnf output racecondition that can occur in
-            # some situations. See https://bugzilla.redhat.com/show_bug.cgi?id=918184
-            if self.system_facts['ansible_pkg_mgr'] == 'dnf':
-                rpm_rebuilddb()
-
-            version_info = get_docker_version_info()
-            if version_info is not None:
-                docker['api_version'] = version_info['api_version']
-                docker['version'] = version_info['version']
-                docker['gte_1_10'] = LooseVersion(version_info['version']) >= LooseVersion('1.10')
-            hosted_registry_insecure = get_hosted_registry_insecure()
-            if hosted_registry_insecure is not None:
-                docker['hosted_registry_insecure'] = hosted_registry_insecure
-            docker['service_name'] = 'docker'
-            defaults['docker'] = docker
-
         if 'cloudprovider' in roles:
             defaults['cloudprovider'] = dict(kind=None)
 
@@ -2221,12 +2142,6 @@ class OpenShiftFacts(object):
                                       additive_facts_to_overwrite,
                                       protected_facts_to_overwrite)
 
-        if 'docker' in new_local_facts:
-            # Convert legacy log_options comma sep string to a list if present:
-            if 'log_options' in new_local_facts['docker'] and \
-                    isinstance(new_local_facts['docker']['log_options'], string_types):
-                new_local_facts['docker']['log_options'] = new_local_facts['docker']['log_options'].split(',')
-
         new_local_facts = self.remove_empty_facts(new_local_facts)
 
         if new_local_facts != local_facts:

roles/openshift_hosted/tasks/registry.yml

@@ -101,7 +101,7 @@
   static: no
   run_once: true
   when:
-  - not (openshift.docker.hosted_registry_insecure | default(false) | bool)
+  - not (openshift_docker_hosted_registry_insecure | default(False)) | bool
 
 - include: storage/object_storage.yml
   static: no

roles/openshift_loadbalancer/defaults/main.yml

@@ -26,6 +26,8 @@ r_openshift_loadbalancer_os_firewall_allow:
   port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp"
   cond: "{{ r_openshift_lb_use_nuage | bool }}"
 
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"
+
 # NOTE
 # r_openshift_lb_use_nuage_default may be defined external to this role.
 # openshift_use_nuage, if defined, may affect other roles or play behavior.

roles/openshift_loadbalancer/templates/haproxy.docker.service.j2

@@ -1,7 +1,7 @@
 [Unit]
-After={{ openshift.docker.service_name }}.service
-Requires={{ openshift.docker.service_name }}.service
-PartOf={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
+PartOf={{ openshift_docker_service_name }}.service
 
 [Service]
 ExecStartPre=-/usr/bin/docker rm -f openshift_loadbalancer
@@ -14,4 +14,4 @@ Restart=always
 RestartSec=5s
 
 [Install]
-WantedBy={{ openshift.docker.service_name }}.service
+WantedBy={{ openshift_docker_service_name }}.service

roles/openshift_master/defaults/main.yml

@@ -52,6 +52,8 @@ openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container |
 containerized_svc_dir: "/usr/lib/systemd/system"
 ha_svc_template_path: "native-cluster"
 
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"
+
 # NOTE
 # r_openshift_master_*_default may be defined external to this role.
 # openshift_use_*, if defined, may affect other roles or play behavior.

roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2

@@ -4,9 +4,9 @@ Documentation=https://github.com/openshift/origin
 After=etcd_container.service
 Wants=etcd_container.service
 Before={{ openshift.common.service_type }}-node.service
-After={{ openshift.docker.service_name }}.service
-PartOf={{ openshift.docker.service_name }}.service
-Requires={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
+PartOf={{ openshift_docker_service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
 
 [Service]
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
@@ -33,5 +33,5 @@ Restart=always
 RestartSec=5s
 
 [Install]
-WantedBy={{ openshift.docker.service_name }}.service
+WantedBy={{ openshift_docker_service_name }}.service
 WantedBy={{ openshift.common.service_type }}-node.service

roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2

@@ -3,9 +3,9 @@ Description=Atomic OpenShift Master Controllers
 Documentation=https://github.com/openshift/origin
 Wants={{ openshift.common.service_type }}-master-api.service
 After={{ openshift.common.service_type }}-master-api.service
-After={{ openshift.docker.service_name }}.service
-Requires={{ openshift.docker.service_name }}.service
-PartOf={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
+PartOf={{ openshift_docker_service_name }}.service
 
 [Service]
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
@@ -32,4 +32,4 @@ Restart=always
 RestartSec=5s
 
 [Install]
-WantedBy={{ openshift.docker.service_name }}.service
+WantedBy={{ openshift_docker_service_name }}.service

roles/openshift_node/defaults/main.yml

@@ -101,8 +101,11 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur
 oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker"
 oreg_auth_credentials_replace: False
 l_bind_docker_reg_auth: False
+openshift_use_crio: False
 openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}"
 
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"
+
 # NOTE
 # r_openshift_node_*_default may be defined external to this role.
 # openshift_use_*, if defined, may affect other roles or play behavior.

roles/openshift_node/meta/main.yml

@@ -17,7 +17,6 @@ dependencies:
 - role: lib_openshift
 - role: lib_os_firewall
   when: not (openshift_node_upgrade_in_progress | default(False))
-- role: openshift_docker
 - role: openshift_cloud_provider
   when: not (openshift_node_upgrade_in_progress | default(False))
 - role: lib_utils

roles/openshift_node/tasks/main.yml

@@ -4,7 +4,7 @@
   when:
     - (not ansible_selinux or ansible_selinux.status != 'enabled')
     - deployment_type == 'openshift-enterprise'
-    - not openshift_use_crio | default(false)
+    - not openshift_use_crio
 
 - include: dnsmasq.yml
 
@@ -49,7 +49,7 @@
     name: cri-o
     enabled: yes
     state: restarted
-  when: openshift_use_crio | default(false)
+  when: openshift_use_crio
 
 - name: restart NetworkManager to ensure resolv.conf is present
   systemd:

roles/openshift_node/tasks/node_system_container.yml

@@ -16,6 +16,6 @@
     image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}"
     values:
     - "DNS_DOMAIN={{ openshift.common.dns_domain }}"
-    - "DOCKER_SERVICE={{ openshift.docker.service_name }}.service"
+    - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service"
     - "MASTER_SERVICE={{ openshift.common.service_type }}.service"
     state: latest

roles/openshift_node/tasks/openvswitch_system_container.yml

@@ -1,14 +1,11 @@
 ---
 - set_fact:
-    l_use_crio: "{{ openshift_use_crio | default(false) }}"
-
-- set_fact:
     l_service_name: "cri-o"
-  when: l_use_crio
+  when: openshift_use_crio
 
 - set_fact:
-    l_service_name: "{{ openshift.docker.service_name }}"
-  when: not l_use_crio
+    l_service_name: "{{ openshift_docker_service_name }}"
+  when: not openshift_use_crio
 
 - name: Ensure proxies are in the atomic.conf
   include_role:

roles/openshift_node/tasks/upgrade/restart.yml

@@ -13,19 +13,15 @@
 - name: Reload systemd to ensure latest unit files
   command: systemctl daemon-reload
 
-- name: Restart docker
+- name: Restart container runtime
   service:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     state: started
   register: docker_start_result
   until: not docker_start_result | failed
   retries: 3
   delay: 30
 
-- name: Update docker facts
-  openshift_facts:
-    role: docker
-
 - name: Start services
   service: name={{ item }} state=started
   with_items:

roles/openshift_node/templates/node.service.j2

@@ -1,14 +1,14 @@
 [Unit]
 Description=OpenShift Node
-After={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
 Wants=openvswitch.service
 After=ovsdb-server.service
 After=ovs-vswitchd.service
-Wants={{ openshift.docker.service_name }}.service
+Wants={{ openshift_docker_service_name }}.service
 Documentation=https://github.com/openshift/origin
 Requires=dnsmasq.service
 After=dnsmasq.service
-{% if openshift_use_crio|default(false) %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio %}Wants=cri-o.service{% endif %}
 
 [Service]
 Type=notify

roles/openshift_node/templates/node.yaml.v1.j2

@@ -16,7 +16,7 @@ imageConfig:
   latest: {{ openshift_node_image_config_latest }}
 kind: NodeConfig
 kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }}
-{% if openshift_use_crio | default(False) %}
+{% if openshift_use_crio %}
   container-runtime:
   - remote
   container-runtime-endpoint:

roles/openshift_node/templates/openshift.docker.node.dep.service

@@ -1,9 +1,9 @@
 [Unit]
-Requires={{ openshift.docker.service_name }}.service
-After={{ openshift.docker.service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
+After={{ openshift_docker_service_name }}.service
 PartOf={{ openshift.common.service_type }}-node.service
 Before={{ openshift.common.service_type }}-node.service
-{% if openshift_use_crio|default(false) %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio %}Wants=cri-o.service{% endif %}
 
 [Service]
 ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro --volume=/etc/containers/registries:/etc/containers/registries:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi"

roles/openshift_node/templates/openshift.docker.node.service

@@ -1,9 +1,9 @@
 [Unit]
 After={{ openshift.common.service_type }}-master.service
-After={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
 After=openvswitch.service
-PartOf={{ openshift.docker.service_name }}.service
-Requires={{ openshift.docker.service_name }}.service
+PartOf={{ openshift_docker_service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
 {% if openshift_node_use_openshift_sdn %}
 Wants=openvswitch.service
 PartOf=openvswitch.service
@@ -26,7 +26,7 @@ ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \
   --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node \
   -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} \
   -e HOST=/rootfs -e HOST_ETC=/host-etc \
-  -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} \
+  -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}:rslave \
   -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node \
   {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} \
   -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro \
@@ -48,4 +48,4 @@ Restart=always
 RestartSec=5s
 
 [Install]
-WantedBy={{ openshift.docker.service_name }}.service
+WantedBy={{ openshift_docker_service_name }}.service

roles/openshift_node/templates/openvswitch.docker.service

@@ -1,7 +1,7 @@
 [Unit]
-After={{ openshift.docker.service_name }}.service
-Requires={{ openshift.docker.service_name }}.service
-PartOf={{ openshift.docker.service_name }}.service
+After={{ openshift_docker_service_name }}.service
+Requires={{ openshift_docker_service_name }}.service
+PartOf={{ openshift_docker_service_name }}.service
 
 [Service]
 EnvironmentFile=/etc/sysconfig/openvswitch
@@ -14,4 +14,4 @@ Restart=always
 RestartSec=5s
 
 [Install]
-WantedBy={{ openshift.docker.service_name }}.service
+WantedBy={{ openshift_docker_service_name }}.service

roles/openshift_node_certificates/defaults/main.yml

@@ -1,3 +1,5 @@
 ---
 openshift_node_cert_expire_days: 730
 openshift_ca_host: ''
+
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"

roles/openshift_node_certificates/handlers/main.yml

@@ -6,7 +6,7 @@
 
 - name: check for container runtime after updating ca trust
   command: >
-    systemctl -q is-active {{ openshift.docker.service_name }}.service
+    systemctl -q is-active {{ openshift_docker_service_name }}.service
   register: l_docker_installed
   # An rc of 0 indicates that the container runtime service is
   # running. We will restart it by notifying the restart handler since
@@ -18,7 +18,7 @@
 
 - name: restart container runtime after updating ca trust
   systemd:
-    name: "{{ openshift.docker.service_name }}"
+    name: "{{ openshift_docker_service_name }}"
     state: restarted
   when: not openshift_certificates_redeploy | default(false) | bool
   register: l_docker_restart_docker_in_cert_result

roles/openshift_node_facts/tasks/main.yml

@@ -15,7 +15,6 @@
       kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
       labels: "{{ openshift_node_labels | default(None) }}"
       registry_url: "{{ oreg_url_node | default(oreg_url) | default(None) }}"
-      sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
       storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}"
       set_node_ip: "{{ openshift_set_node_ip | default(None) }}"
       node_image: "{{ osn_image | default(None) }}"

roles/openshift_version/meta/main.yml

@@ -12,7 +12,4 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- role: openshift_docker_facts
-- role: docker
-  when: openshift.common.is_containerized | default(False) | bool and not skip_docker_role | default(False) | bool
 - role: lib_utils

roles/openshift_version/tasks/set_version_containerized.yml

@@ -1,7 +1,4 @@
 ---
-- set_fact:
-    l_use_crio_only: "{{ openshift_use_crio_only | default(false) }}"
-
 - name: Set containerized version to configure if openshift_image_tag specified
   set_fact:
     # Expects a leading "v" in inventory, strip it off here unless
@@ -24,7 +21,7 @@
   register: cli_image_version
   when:
   - openshift_version is not defined
-  - not l_use_crio_only
+  - not openshift_use_crio_only
 
 # Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a)
 - set_fact:
@@ -33,7 +30,7 @@
   - openshift_version is not defined
   - openshift.common.deployment_type == 'origin'
   - cli_image_version.stdout_lines[0].split('-') | length > 1
-  - not l_use_crio_only
+  - not openshift_use_crio_only
 
 - set_fact:
     openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
@@ -48,14 +45,14 @@
   when:
   - openshift_version is defined
   - openshift_version.split('.') | length == 2
-  - not l_use_crio_only
+  - not openshift_use_crio_only
 
 - set_fact:
     openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
   when:
   - openshift_version is defined
   - openshift_version.split('.') | length == 2
-  - not l_use_crio_only
+  - not openshift_use_crio_only
 
 # TODO: figure out a way to check for the openshift_version when using CRI-O.
 # We should do that using the images in the ostree storage so we don't have