ensure-docker: < 1500 MTU workaround

As described inline, we should lower the MTU in the docker configuration when we see the interface has a MTU lower than 1500 so things "just work". This particularly affects the Linaro ARM64 cloud in OpenDev, but it is a generic issue. Change-Id: I338616c41a65b007d56648fdab6da2a6a6b909f4 Story: https://storyboard.openstack.org/#!/story/2008230
2020-08-20 10:02:04 +10:00 · 2020-08-20 10:02:04 +10:00 · 664d068ef7
parent a1742afb60
commit 664d068ef7
2 changed files with 31 additions and 22 deletions
--- a/roles/ensure-docker/tasks/docker-setup.yaml
+++ b/roles/ensure-docker/tasks/docker-setup.yaml
@ -12,17 +12,37 @@
      - "{{ docker_group }}"
    append: yes

- name: Update docker daemon configuration
+- name: Update docker daemon proxy configuration
  when: docker_userland_proxy is defined
-  block:
-    - name: Add proxy config
-      include_role:
-        name: update-json-file
-      vars:
-        update_json_file_name: /etc/docker/daemon.json
-        update_json_file_combine:
-          userland-proxy: "{{ docker_userland_proxy }}"
-        update_json_file_become: true
+  include_role:
+    name: update-json-file
+  vars:
+    update_json_file_name: /etc/docker/daemon.json
+    update_json_file_combine:
+      userland-proxy: "{{ docker_userland_proxy }}"
+    update_json_file_become: true
+
+# Docker defaults to a MTU of 1500, which causes problems when the
+# main interface has a MTU less than that.  Cloud environments often
+# have this, one good example is OpenDev's Linaro ARM64 cloud.
+# https://storyboard.openstack.org/#!/story/2008230
+- name: Lower default MTU
+  when: ansible_default_ipv4.mtu < 1500
+  include_role:
+    name: update-json-file
+  vars:
+    update_json_file_name: /etc/docker/daemon.json
+    update_json_file_combine:
+      mtu: 1400
+    update_json_file_become: true
+
+- name: Restart docker
+  when: >-
+      (docker_userland_proxy is defined) or
+      (ansible_default_ipv4.mtu < 1500)
+  service:
+    name: docker
+    state: restarted

 - name: Reset ssh connection to pick up docker group
  meta: reset_connection
--- a/test-playbooks/ensure-docker.yaml
+++ b/test-playbooks/ensure-docker.yaml
@ -13,18 +13,7 @@
      command: |
        docker run --rm --network=host curlimages/curl:latest --no-progress-meter https://httpbin.org/get

-    # Two task approach that ignores known partial failures on specific plaforms:
-    # https://storyboard.openstack.org/#!/story/2008215
-    - name: Validate docker default network containers have internet access
+    - name: Validate docker default bridge networking containers have internet access
      command: |
        docker run --rm curlimages/curl:latest --no-progress-meter https://httpbin.org/get
-      register: result
-      ignore_errors: true

-    - name: Fail if bug found on unknown platform
-      when:
-        - result.rc != 0
-        - ansible_distribution_release not in ['bionic', 'focal']
-        - ansible_architecture != 'aarch64'
-      fail:
-        msg: Bug 2008215 regression detected