Browse Source

Support Docker CE in bootstrap-servers

Kolla Ansible's bootstrap-servers command provides support for
installing the Docker engine. This is currently done using the packages
at https://apt.dockerproject.org and https://yum.dockerproject.org.
These packages are outdated, with the most recent packages from May 2017
- docker-engine-17.05.

The source for up to date docker packages is
https://download.docker.com, which was introduced with the move to
Docker Community Edition (CE) and Docker Enterprise Edition (EE).

This change adds support to bootstrap-servers for Docker CE for CentOS
and Ubuntu.

It also adds a new variable, 'enable_docker_repo', which controls
whether a package repository for Docker will be enabled.

It also adds a new variable, 'docker_legacy_packages', which controls
whether the legacy packages at dockerproject.org will be used or the
newer packages at docker.com. The default value for this variable is
'false', meaning to use Docker CE.

Upgrading from docker-engine to docker-ce has been tested on CentOS 7.5
and Ubuntu 16.04, by running 'kolla-ansible bootstrap-servers' with
'docker_legacy_packages' set to 'false'. The upgrades were successful,
but result in all containers being stopped. For this reason, the
bootstrap-servers command checks running containers prior to upgrading
packages, and ensures they are running after the package upgrade is
complete.

As mentioned in the release note, care should be taken when upgrading
Docker with clustered services, which could lose quorum. To avoid this,
use --serial or --limit to apply the change in batches.

Change-Id: I6dfd375c868870f8646ef1a8f02c70812e8f6271
Implements: blueprint docker-ce
tags/8.0.0.0b1
Mark Goddard 10 months ago
parent
commit
48aea5637f

+ 2
- 1
ansible/kolla-host.yml View File

@@ -33,7 +33,8 @@
33 33
 
34 34
 - name: Apply role baremetal
35 35
   hosts: baremetal
36
-  gather_facts: no
36
+  serial: '{{ kolla_serial|default("0") }}'
37
+  gather_facts: false
37 38
   roles:
38 39
     - { role: baremetal,
39 40
         tags: baremetal }

+ 50
- 8
ansible/roles/baremetal/defaults/main.yml View File

@@ -1,10 +1,52 @@
1 1
 ---
2
-docker_apt_url: "{{ 'http://obs.linaro.org/ERP:/17.12/Debian_9' if ansible_architecture == 'aarch64' else 'https://apt.dockerproject.org' }}"
3
-docker_apt_key_file: "{{ 'Release.key' if ansible_architecture == 'aarch64' else 'gpg' }}"
4
-docker_apt_key_id: "{{ 'C32DA102AD89C2BE' if ansible_architecture == 'aarch64' else 'F76221572C52609D' }}"
5
-
6
-docker_yum_url: "https://yum.dockerproject.org"
7
-docker_gpg_fingerprint: "58118E89F3A912897C070ADBF76221572C52609D"
2
+# Whether to enable a package repository for Docker.
3
+enable_docker_repo: true
4
+
5
+# Whether to use the legacy Docker packages at dockerproject.org instead of the
6
+# newer packages at docker.com.
7
+docker_legacy_packages: false
8
+
9
+# Docker APT repository configuration.
10
+docker_apt_url: "{% if docker_legacy_packages | bool %}{{ docker_legacy_apt_url }}{% else %}{{ docker_new_apt_url }}{% endif %}"
11
+docker_apt_repo: "{% if docker_legacy_packages | bool %}{{ docker_legacy_apt_repo }}{% else %}{{ docker_new_apt_repo }}{% endif %}"
12
+docker_apt_key_file: "{% if docker_legacy_packages | bool %}{{ docker_legacy_apt_key_file }}{% else %}{{ docker_new_apt_key_file }}{% endif %}"
13
+docker_apt_key_id: "{% if docker_legacy_packages | bool %}{{ docker_legacy_apt_key_id }}{% else %}{{ docker_new_apt_key_id }}{% endif %}"
14
+docker_apt_package: "{% if docker_legacy_packages | bool %}{{ docker_legacy_apt_package }}{% else %}{{ docker_new_apt_package }}{% endif %}"
15
+
16
+# Docker APT repository configuration when docker_legacy_packages is false.
17
+docker_new_apt_url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}"
18
+docker_new_apt_repo: "deb {{ docker_new_apt_url }} {{ ansible_lsb.codename }} stable"
19
+docker_new_apt_key_file: "gpg"
20
+docker_new_apt_key_id: "0EBFCD88"
21
+docker_new_apt_package: "docker-ce"
22
+
23
+# Docker APT repository configuration when docker_legacy_packages is true.
24
+docker_legacy_apt_url: "{{ 'http://obs.linaro.org/ERP:/17.12/Debian_9' if ansible_architecture == 'aarch64' else 'https://apt.dockerproject.org' }}"
25
+docker_legacy_apt_repo: "{{ docker_legacy_apt_repo_aarch64 if ansible_architecture == 'aarch64' else docker_legacy_apt_repo_x86_64 }}"
26
+docker_legacy_apt_repo_x86_64: "deb {{ docker_apt_url }}/repo {{ ansible_distribution | lower }}-{{ ansible_distribution_release | lower }} main"
27
+docker_legacy_apt_repo_aarch64: "deb {{ docker_apt_url }} ./"
28
+docker_legacy_apt_key_file: "{{ 'Release.key' if ansible_architecture == 'aarch64' else 'gpg' }}"
29
+docker_legacy_apt_key_id: "{{ 'C32DA102AD89C2BE' if ansible_architecture == 'aarch64' else 'F76221572C52609D' }}"
30
+docker_legacy_apt_package: "{{ 'docker-ce' if ansible_architecture == 'aarch64' else 'docker-engine=1.12.*' }}"
31
+
32
+# Docker Yum repository configuration.
33
+docker_yum_url: "{% if docker_legacy_packages | bool %}{{ docker_legacy_yum_url }}{% else %}{{ docker_new_yum_url }}{% endif %}"
34
+docker_yum_baseurl: "{% if docker_legacy_packages | bool %}{{ docker_legacy_yum_baseurl }}{% else %}{{ docker_new_yum_baseurl }}{% endif %}"
35
+docker_yum_gpgkey: "{% if docker_legacy_packages | bool %}{{ docker_legacy_yum_gpgkey }}{% else %}{{ docker_new_yum_gpgkey }}{% endif %}"
36
+docker_yum_gpgcheck: true
37
+docker_yum_package: "{% if docker_legacy_packages | bool %}{{ docker_legacy_yum_package }}{% else %}{{ docker_new_yum_package }}{% endif %}"
38
+
39
+# Docker Yum repository configuration when docker_legacy_packages is false.
40
+docker_new_yum_url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}"
41
+docker_new_yum_baseurl: "{{ docker_yum_url }}/{{ ansible_distribution_major_version | lower }}/$basearch/stable"
42
+docker_new_yum_gpgkey: "{{ docker_yum_url }}/gpg"
43
+docker_new_yum_package: "docker-ce"
44
+
45
+# Docker Yum repository configuration when docker_legacy_packages is true.
46
+docker_legacy_yum_url: "https://yum.dockerproject.org"
47
+docker_legacy_yum_baseurl: "{{ docker_legacy_yum_url }}/repo/main/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version | lower }}"
48
+docker_legacy_yum_gpgkey: "{{ docker_legacy_yum_url }}/gpg"
49
+docker_legacy_yum_package: "docker-engine-1.12.0"
8 50
 
9 51
 customize_etc_hosts: True
10 52
 
@@ -27,14 +69,14 @@ docker_custom_option: ""
27 69
 docker_runtime_directory: ""
28 70
 
29 71
 debian_pkg_install:
30
- - "{{ 'docker-ce' if ansible_architecture == 'aarch64' else 'docker-engine=1.12.*' }}"
72
+ - "{{ docker_apt_package }}"
31 73
  - git
32 74
  - python-setuptools
33 75
  - ntp
34 76
 
35 77
 redhat_pkg_install:
36 78
  - epel-release
37
- - docker-engine-1.12.0
79
+ - "{{ docker_yum_package }}"
38 80
  - git
39 81
  - python-setuptools
40 82
  - ntp

+ 48
- 2
ansible/roles/baremetal/tasks/install.yml View File

@@ -5,6 +5,12 @@
5 5
   become: True
6 6
   when: ansible_os_family == 'Debian'
7 7
 
8
+- name: Update yum cache
9
+  yum:
10
+    update_cache: yes
11
+  become: True
12
+  when: ansible_os_family == 'RedHat'
13
+
8 14
 # TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
9 15
 - name: Set firewall default policy
10 16
   become: True
@@ -32,6 +38,17 @@
32 38
     - ansible_os_family == 'RedHat'
33 39
     - firewalld_check.rc == 0
34 40
 
41
+# Upgrading docker engine may cause containers to stop. Take a snapshot of the
42
+# running containers prior to a potential upgrade of Docker.
43
+
44
+- name: Check which containers are running
45
+  command: docker ps -f 'status=running' -q
46
+  become: true
47
+  # If Docker is not installed this command may exit non-zero.
48
+  failed_when: false
49
+  changed_when: false
50
+  register: running_containers
51
+
35 52
 - name: Install apt packages
36 53
   package:
37 54
     name: "{{ item }}"
@@ -39,6 +56,7 @@
39 56
   become: True
40 57
   with_items: "{{ debian_pkg_install }}"
41 58
   when: ansible_os_family == 'Debian'
59
+  register: apt_install_result
42 60
 
43 61
 - name: Install deltarpm packages
44 62
   package:
@@ -56,6 +74,30 @@
56 74
   become: True
57 75
   with_items: "{{ redhat_pkg_install }}"
58 76
   when: ansible_os_family == 'RedHat'
77
+  register: yum_install_result
78
+
79
+# If any packages were updated, and any containers were running, wait for the
80
+# daemon to come up and start all previously running containers.
81
+
82
+- block:
83
+    - name: Wait for Docker to start
84
+      command: docker info
85
+      become: true
86
+      changed_when: false
87
+      register: result
88
+      until: result is success
89
+      retries: 6
90
+      delay: 10
91
+
92
+    - name: Ensure containers are running after Docker upgrade
93
+      command: "docker start {{ running_containers.stdout }}"
94
+      become: true
95
+  when:
96
+    - install_result is changed
97
+    - running_containers.rc == 0
98
+    - running_containers.stdout != ''
99
+  vars:
100
+    install_result: "{{ yum_install_result if ansible_os_family == 'RedHat' else apt_install_result }}"
59 101
 
60 102
 - name: Install virtualenv packages
61 103
   package:
@@ -94,7 +136,9 @@
94 136
     state: absent
95 137
   with_items: "{{ ubuntu_pkg_removals }}"
96 138
   become: True
97
-  when: ansible_distribution|lower == "ubuntu"
139
+  when:
140
+    - ansible_distribution|lower == "ubuntu"
141
+    - item != ""
98 142
 
99 143
 - name: Remove packages
100 144
   package:
@@ -102,4 +146,6 @@
102 146
     state: absent
103 147
   with_items: "{{ redhat_pkg_removals }}"
104 148
   become: True
105
-  when: ansible_os_family == 'RedHat'
149
+  when:
150
+    - ansible_os_family == 'RedHat'
151
+    - item != ""

+ 55
- 54
ansible/roles/baremetal/tasks/pre-install.yml View File

@@ -47,64 +47,65 @@
47 47
   become: True
48 48
   when: create_kolla_user | bool
49 49
 
50
-- name: Install apt packages
51
-  apt:
52
-    update_cache: yes
53
-  become: True
54
-  when: ansible_os_family == 'Debian'
50
+- block:
51
+    - block:
52
+        - name: Install apt packages
53
+          apt:
54
+            update_cache: yes
55
+          become: True
55 56
 
56
-- name: Install ca certs
57
-  package:
58
-    name: "{{ item }}"
59
-    state: latest
60
-  become: True
61
-  with_items:
62
-    - ca-certificates
63
-    - apt-transport-https
64
-  when:
65
-    - ansible_os_family == 'Debian'
57
+        - name: Install ca certs
58
+          package:
59
+            name: "{{ item }}"
60
+            state: latest
61
+          become: True
62
+          with_items:
63
+            - ca-certificates
64
+            - apt-transport-https
66 65
 
67
-- name: Ensure apt sources list directory exists
68
-  file:
69
-    path: /etc/apt/sources.list.d
70
-    state: directory
71
-    recurse: yes
72
-  become: True
73
-  when: ansible_os_family == 'Debian'
66
+        - name: Ensure apt sources list directory exists
67
+          file:
68
+            path: /etc/apt/sources.list.d
69
+            state: directory
70
+            recurse: yes
71
+          become: True
74 72
 
75
-- name: Enable docker repo apt
76
-  template:
77
-    src: docker_apt_repo.j2
78
-    dest: /etc/apt/sources.list.d/docker.list
79
-  become: True
80
-  when: ansible_os_family == 'Debian'
73
+        - name: Install docker apt gpg key
74
+          apt_key:
75
+            url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}"
76
+            id: "{{ docker_apt_key_id }}"
77
+            state: present
78
+          become: True
81 79
 
82
-- name: Install docker apt gpg key
83
-  apt_key:
84
-    url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}"
85
-    id: "{{ docker_apt_key_id }}"
86
-    state: present
87
-  become: True
88
-  when: ansible_os_family == 'Debian'
80
+        - name: Enable docker apt repository
81
+          apt_repository:
82
+            repo: "{{ docker_apt_repo }}"
83
+            filename: docker
84
+          become: True
85
+      when: ansible_os_family == 'Debian'
89 86
 
90
-- name: Ensure yum repos directory exists
91
-  file:
92
-    path: /etc/yum.repos.d/
93
-    state: directory
94
-    recurse: yes
95
-  become: True
96
-  when: ansible_os_family == 'RedHat'
87
+    - block:
88
+        - name: Ensure yum repos directory exists
89
+          file:
90
+            path: /etc/yum.repos.d/
91
+            state: directory
92
+            recurse: yes
93
+          become: True
97 94
 
98
-- name: Enable docker repo yum
99
-  become: True
100
-  template:
101
-    src: docker_yum_repo.j2
102
-    dest: /etc/yum.repos.d/docker.repo
103
-  when: ansible_os_family == 'RedHat'
95
+        - name: Enable docker yum repository
96
+          yum_repository:
97
+            name: docker
98
+            description: Docker main Repository
99
+            baseurl: "{{ docker_yum_baseurl }}"
100
+            gpgcheck: "{{ docker_yum_gpgcheck | bool }}"
101
+            gpgkey: "{{ docker_yum_gpgkey }}"
102
+          become: True
104 103
 
105
-- name: Install docker rpm gpg key
106
-  rpm_key:
107
-    state: present
108
-    key: "{{ docker_yum_url }}/gpg"
109
-  become: True
110
-  when: ansible_os_family == 'RedHat'
104
+        - name: Install docker rpm gpg key
105
+          rpm_key:
106
+            state: present
107
+            key: "{{ docker_yum_url }}/gpg"
108
+          become: True
109
+          when: docker_yum_gpgcheck | bool
110
+      when: ansible_os_family == 'RedHat'
111
+  when: enable_docker_repo | bool

+ 0
- 6
ansible/roles/baremetal/templates/docker_apt_repo.j2 View File

@@ -1,6 +0,0 @@
1
-{% if ansible_architecture == 'aarch64' %}
2
-deb {{ docker_apt_url }} ./
3
-{% else %}
4
-# main docker repo
5
-deb {{ docker_apt_url }}/repo {{ ansible_distribution | lower }}-{{ ansible_distribution_release | lower }} main
6
-{% endif %}

+ 0
- 6
ansible/roles/baremetal/templates/docker_yum_repo.j2 View File

@@ -1,6 +0,0 @@
1
-[docker-repo]
2
-name=Docker main Repository
3
-baseurl={{ docker_yum_url }}/repo/main/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version | lower }}
4
-enabled=1
5
-gpgcheck=1
6
-gpgkey={{ docker_yum_url }}/gpg

+ 23
- 0
releasenotes/notes/docker-ce-722582da41cf6cd3.yaml View File

@@ -0,0 +1,23 @@
1
+---
2
+features:
3
+  - |
4
+    Adds support for installing Docker Community Edition (CE) using the
5
+    ``kolla-ansible bootstrap-servers`` command.  Existing support uses the
6
+    legacy packages from https://dockerproject.org.  New packages are
7
+    distributed via https://download.docker.com, and that location is now
8
+    supported and used by default.  Use of the legacy packages is enabled by
9
+    setting the variable ``docker_legacy_packages`` to ``true``.
10
+
11
+    It is also now possible to skip configuration of the Docker repository, by
12
+    setting the variable ``enable_docker_repo`` to ``false``.
13
+upgrade:
14
+  - |
15
+    The default value for ``docker_legacy_packages`` is ``false``, which means
16
+    that the Docker Community Edition (CE) should be installed. If the
17
+    ``kolla-ansible bootstrap-servers`` command is used on a previously
18
+    deployed host that is running a legacy Docker engine, it would result in
19
+    the Docker engine being upgraded to use the Docker Community Edition
20
+    packages, which will result in a restart of the Docker engine and the
21
+    containers running on that host.  Use the ``kolla-ansible`` ``--serial`` or
22
+    ``--limit`` arguments to avoid losing quorum in clustered services such as
23
+    MariaDB by restarting all containers at once.

+ 1
- 1
tests/run.yml View File

@@ -98,7 +98,7 @@
98 98
 
99 99
     - name: create deamon.json for nodepool cache
100 100
       vars:
101
-        infra_dockerhub_mirror: "http://{{ zuul_site_mirror_fqdn }}:8081/registry-1.docker/"
101
+        infra_dockerhub_mirror: "http://{{ zuul_site_mirror_fqdn }}:8082/"
102 102
       template:
103 103
         src: "{{ kolla_ansible_full_src_dir }}/tests/templates/docker_daemon.json.j2"
104 104
         dest: "/etc/docker/daemon.json"

Loading…
Cancel
Save