ensure-docker: ensure docker.socket is stopped

On Centos8, during the docker-ce installation, the docker.socket service is start with a bogus state: docker.socket: Socket unit configuration has changed while unit has been running, no open socket file descriptor left. The socket unit is not functional until restarted. Later, when the `Assure docker service is running` task tries to start the service, it fails with the following error: dockerd[29743]: failed to load listeners: no sockets found via socket activation: make sure the service was started by systemd Example: https://0c7366f2ce9149f2de0c-399b55a396b5093070500a70ecbf09b9.ssl.cf1.rackcdn.com/410/c233496b96c70cfc6204e75d10116a96b08d4663/check/ansible-test-sanity-docker/787388f/ara-report/index.html Another example: https://github.com/kata-containers/tests/issues/3103 Also: Remove use of kubectl --generator=run-pod/v1 This has been deprecated since 1.17 and removed since 1.20. run-pod wound up being the only generator that did anything, so this parameter became a no-op. This has to be squashed into this commit to unbreak the gate. Change-Id: I666046fe2a3aa079643092c71573803851a67be2
2021-04-20 13:09:43 -04:00 · 2021-04-20 13:09:43 -04:00 · 2bb9b4995a
parent 90c103eaad
commit 2bb9b4995a
4 changed files with 38 additions and 8 deletions
--- a/roles/ensure-docker/handlers/main.yaml
+++ b/roles/ensure-docker/handlers/main.yaml
@ -1,4 +1,11 @@
 ---
+- name: Stop docker.socket to avoid any conflict
+  become: true
+  service:
+    name: docker.socket
+    enabled: yes
+    state: stopped
+  listen: Restart docker

 - name: Assure docker service is running
  become: true
@ -8,6 +15,14 @@
    state: started
  listen: Restart docker

+- name: Assure docker.socket service is running
+  become: true
+  service:
+    name: docker.socket
+    enabled: yes
+    state: started
+  listen: Restart docker
+
 - name: Correct group ownership on docker sock
  become: true
  file:
--- a/roles/ensure-docker/tasks/docker-setup.yaml
+++ b/roles/ensure-docker/tasks/docker-setup.yaml
@ -36,13 +36,28 @@
      mtu: 1400
    update_json_file_become: true

+- name: Get the status of the docket.socket unit
+  command: systemctl is-failed docker.socket  # noqa command-instead-of-module
+  failed_when: false
+  become: true
+  register: _docker_socket_status
+
+- name: Get the status of the docket unit
+  command: systemctl is-failed docker  # noqa command-instead-of-module
+  failed_when: false
+  become: true
+  register: _docker_status
+
 - name: Restart docker
  when: >-
      (docker_userland_proxy is defined) or
-      (ansible_default_ipv4.mtu < 1500)
-  service:
-    name: docker
-    state: restarted
+      (ansible_default_ipv4.mtu < 1500) or
+      (_docker_socket_status.stdout != 'active') or
+      (_docker_socket_status.stdout != 'active')
+  debug:
+    msg: 'Trigger a Docker restart'
+  changed_when: true
+  notify: Restart docker

 - name: Reset ssh connection to pick up docker group
  meta: reset_connection
--- a/test-playbooks/registry/buildset-registry-k8s-crio.yaml
+++ b/test-playbooks/registry/buildset-registry-k8s-crio.yaml
@ -17,7 +17,7 @@
      retries: 5
      delay: 30
    - name: Run a local test pod
-      command: kubectl run --generator=run-pod/v1 --image=quay.io/zuul/quay-testimage quaytest
+      command: kubectl run --image=quay.io/zuul/quay-testimage quaytest
    - name: Wait for the pod to be ready
      command: kubectl wait --for=condition=Ready pod/quaytest --timeout=60s
    - name: Check the output of the pod
@ -26,7 +26,7 @@
        warn: false

    - name: Run a remote test pod
-      command: kubectl run --generator=run-pod/v1 --image=docker.io/debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity'
+      command: kubectl run --image=docker.io/debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity'
    - name: Wait for the pod to be ready
      command: kubectl wait --for=condition=Ready pod/upstream-dockertest --timeout=60s
    - name: Check the output of the pod
--- a/test-playbooks/registry/buildset-registry-k8s-docker.yaml
+++ b/test-playbooks/registry/buildset-registry-k8s-docker.yaml
@ -11,7 +11,7 @@
      retries: 5
      delay: 30
    - name: Run a local test pod
-      command: kubectl run --generator=run-pod/v1 --image=zuul/docker-testimage dockertest
+      command: kubectl run --image=zuul/docker-testimage dockertest
    - name: Wait for the pod to be ready
      command: kubectl wait --for=condition=Ready pod/dockertest --timeout=60s
    - name: Check the output of the pod
@ -20,7 +20,7 @@
        warn: false

    - name: Run a remote test pod
-      command: kubectl run --generator=run-pod/v1 --image=debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity'
+      command: kubectl run --image=debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity'
    - name: Wait for the pod to be ready
      command: kubectl wait --for=condition=Ready pod/upstream-dockertest --timeout=60s
    - name: Check the output of the pod