baremetal: Don't start Docker after install on Debian/Ubuntu
docker-ce on Debian/Ubuntu gets started just after installation, before
baremetal role configures daemon.json - which results in iptables rules
being implemented - but not removed on docker engine restart.
Closes-Bug: #1923203
Change-Id: Ib1faa092e0b8f0668d1752490a34d0c2165d58d2
(cherry picked from commit bc96179195)
This commit is contained in:
Michał Nasiadka
Michal Nasiadka
parent
189a4e54ee
commit
b882000e4a
|
|
@ -46,6 +46,26 @@
|
|||
changed_when: false
|
||||
register: running_containers
|
||||
|
||||
# APT starts Docker engine right after installation, which creates
|
||||
# iptables rules before we disable iptables in Docker config
|
||||
|
||||
- name: Check if docker systemd unit exists
|
||||
stat:
|
||||
path: /etc/systemd/system/docker.service
|
||||
register: docker_unit_file
|
||||
|
||||
- name: Mask the docker systemd unit on Debian/Ubuntu
|
||||
file:
|
||||
src: /dev/null
|
||||
dest: /etc/systemd/system/docker.service
|
||||
owner: root
|
||||
group: root
|
||||
state: link
|
||||
become: true
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
- not docker_unit_file.stat.exists
|
||||
|
||||
- name: Install apt packages
|
||||
package:
|
||||
name: "{{ (debian_pkg_install | join(' ')).split() }}"
|
||||
|
|
@ -73,6 +93,26 @@
|
|||
when: ansible_os_family == 'RedHat'
|
||||
register: rpm_install_result
|
||||
|
||||
# Workaround older Ansible that fails systemd tasks
|
||||
# when unit is masked
|
||||
|
||||
- name: Check if docker service is masked
|
||||
become: True
|
||||
stat:
|
||||
path: /etc/systemd/system/docker.service
|
||||
register: docker_unit_masked
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: Unmask docker service
|
||||
become: True
|
||||
file:
|
||||
path: /etc/systemd/system/docker.service
|
||||
state: absent
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
- docker_unit_masked.stat.islnk
|
||||
- docker_unit_masked.stat.lnk_source == '/dev/null'
|
||||
|
||||
# If any packages were updated, and any containers were running, wait for the
|
||||
# daemon to come up and start all previously running containers.
|
||||
|
||||
|
|
@ -80,10 +120,11 @@
|
|||
# At some point (at least on CentOS 7) Docker CE stopped starting
|
||||
# automatically after an upgrade from legacy docker . Start it manually.
|
||||
- name: Start docker
|
||||
service:
|
||||
systemd:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: yes
|
||||
masked: no
|
||||
become: True
|
||||
|
||||
- name: Wait for Docker to start
|
||||
|
|
|
|||
|
|
@ -189,22 +189,25 @@
|
|||
when: create_kolla_user | bool
|
||||
|
||||
- name: Start docker
|
||||
service:
|
||||
systemd:
|
||||
name: docker
|
||||
state: started
|
||||
masked: no
|
||||
become: True
|
||||
|
||||
- name: Restart docker
|
||||
service:
|
||||
systemd:
|
||||
name: docker
|
||||
state: restarted
|
||||
masked: no
|
||||
become: True
|
||||
when: docker_configured.changed or docker_reloaded.changed
|
||||
|
||||
- name: Enable docker
|
||||
service:
|
||||
systemd:
|
||||
name: docker
|
||||
enabled: yes
|
||||
masked: no
|
||||
become: True
|
||||
|
||||
- name: Stop time service
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixed an issue when Docker was configured after startup on Debian/Ubuntu,
|
||||
which resulted in iptables rules being created - before they were disabled.
|
||||
`LP#1923203 <https://launchpad.net/bugs/1923203>`__
|
||||
Loading…
Reference in New Issue