shixiong
/
okd


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
							---

- set_fact:
    l_openshift_image_tag: "{{ openshift_image_tag | string }}"
  when: openshift_image_tag is defined

- set_fact:
    l_openshift_image_tag: "latest"
  when:
    - openshift_image_tag is not defined
    - openshift_release == "latest"

- set_fact:
    l_openshift_image_tag: "{{ openshift_release | string }}"
  when:
    - openshift_image_tag is not defined
    - openshift_release != "latest"

# If docker_options are provided we should fail. We should not install docker and ignore
# the users configuration. NOTE: docker_options == inventory:openshift_docker_options
- name: Fail quickly if openshift_docker_options are set
  assert:
    that:
      - docker_options is defined
      - docker_options != ""
    msg: |
      Docker via System Container does not allow for the use of the openshift_docker_options
      variable. If you want to use openshift_docker_options you will need to use the
      traditional docker package install. Otherwise, comment out openshift_docker_options
      in your inventory file.

- name: Ensure container-selinux is installed
  package:
    name: container-selinux
    state: present
  when: not openshift.common.is_atomic | bool
  register: result
  until: result | success

# Used to pull and install the system container
- name: Ensure atomic is installed
  package:
    name: atomic
    state: present
  when: not openshift.common.is_atomic | bool
  register: result
  until: result | success

# At the time of writing the atomic command requires runc for it's own use. This
# task is here in the even that the atomic package ever removes the dependency.
- name: Ensure runc is installed
  package:
    name: runc
    state: present
  when: not openshift.common.is_atomic | bool
  register: result
  until: result | success

# Make sure Docker is installed so we are able to use the client
- name: Install Docker so we can use the client
  package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
  when: not openshift.common.is_atomic | bool
  register: result
  until: result | success

# Make sure docker is disabled. Errors are ignored.
- name: Disable Docker
  systemd:
    name: docker
    enabled: no
    state: stopped
    daemon_reload: yes
  ignore_errors: True
  register: r_docker_systemcontainer_docker_stop_result
  until: not r_docker_systemcontainer_docker_stop_result | failed
  retries: 3
  delay: 30

- name: Ensure proxies are in the atomic.conf
  include_role:
    name: openshift_atomic
    tasks_from: proxy

- block:

    - name: Set to default prepend
      set_fact:
        l_docker_image_prepend: "gscrivano"
        l_docker_image_tag: "latest"

    - name: Set container engine image tag
      set_fact:
        l_docker_image_tag: "{{ l_openshift_image_tag }}"
      when:
        - openshift_deployment_type == 'openshift-enterprise'

    - name: Use Red Hat Registry for image when distribution is Red Hat
      set_fact:
        l_docker_image_prepend: "registry.access.redhat.com/openshift3"
      when: ansible_distribution == 'RedHat'

    - name: Use Fedora Registry for image when distribution is Fedora
      set_fact:
        l_docker_image_prepend: "registry.fedoraproject.org/f25"
      when: ansible_distribution == 'Fedora'

    - name: Set the full image name
      set_fact:
        l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:{{ l_docker_image_tag }}"

    # For https://github.com/openshift/openshift-ansible/pull/5354#issuecomment-328552959
    - name: Use a specific image if requested
      set_fact:
        l_docker_image: "{{ openshift_docker_systemcontainer_image_override }}"
      when:
        - openshift_docker_systemcontainer_image_override is defined
        - openshift_docker_systemcontainer_image_override != ""

    # Be nice and let the user see the variable result
    - debug:
        var: l_docker_image

# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull Container Engine System Container image
  command: "atomic pull --storage ostree {{ l_docker_image }}"
  changed_when: false
  environment:
    NO_PROXY: "{{ openshift.common.no_proxy | default('') }}"


- name: Ensure container-engine.service.d directory exists
  file:
    path: "{{ container_engine_systemd_dir }}"
    state: directory

- name: Ensure /etc/docker directory exists
  file:
    path: "{{ docker_conf_dir }}"
    state: directory

- name: Install Container Engine System Container
  oc_atomic_container:
    name: "{{ openshift.docker.service_name }}"
    image: "{{ l_docker_image }}"
    state: latest

- name: Configure Container Engine Service File
  template:
    dest: "{{ container_engine_systemd_dir }}/custom.conf"
    src: systemcontainercustom.conf.j2

# Set local versions of facts that must be in json format for container-daemon.json
# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson
- set_fact:
    l_docker_insecure_registries: "{{ l2_docker_insecure_registries | default([]) | to_json }}"
    l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}"
    l_docker_additional_registries: "{{ l2_docker_additional_registries | default([]) | to_json }}"
    l_docker_blocked_registries: "{{ l2_docker_blocked_registries | default([]) | to_json }}"
    l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}"

# Configure container-engine using the container-daemon.json file
# NOTE: daemon.json and container-daemon.json have been seperated to avoid
#       collision.
- name: Configure Container Engine
  template:
    dest: "{{ docker_conf_dir }}/container-daemon.json"
    src: daemon.json

# Enable and start the container-engine service
- name: Start the Container Engine service
  systemd:
    name: "{{ openshift.docker.service_name }}"
    enabled: yes
    state: started
    daemon_reload: yes
  register: r_docker_systemcontainer_docker_start_result
  until: not r_docker_systemcontainer_docker_start_result | failed
  retries: 3
  delay: 30

- set_fact:
    docker_service_status_changed: "{{ r_docker_systemcontainer_docker_start_result | changed }}"

- meta: flush_handlers

# Since docker is running as a system container, docker login will fail to create
# credentials.  Use alternate method if requiring authenticated registries.
- include_tasks: registry_auth.yml
  vars:
    openshift_docker_alternative_creds: True