openstack/kolla-ansible
Code Issues Proposed changes

baremetal: Don't start Docker after install on Debian/Ubuntu

Browse Source 
docker-ce on Debian/Ubuntu gets started just after installation, before
baremetal role configures daemon.json - which results in iptables rules
being implemented - but not removed on docker engine restart.

Closes-Bug: #1923203

Change-Id: Ib1faa092e0b8f0668d1752490a34d0c2165d58d2
This commit is contained in:
Michał Nasiadka
2021-04-23 12:41:43 +02:00
parent 058dd6828d
commit bc96179195
3 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ansible/roles/baremetal/tasks/install.yml
View File

@@ -46,6 +46,26 @@
changed_when: false changed_when: false
register: running_containers register: running_containers
# APT starts Docker engine right after installation, which creates
# iptables rules before we disable iptables in Docker config
- name: Check if docker systemd unit exists
stat:
path: /etc/systemd/system/docker.service
register: docker_unit_file
- name: Mask the docker systemd unit on Debian/Ubuntu
file:
src: /dev/null
dest: /etc/systemd/system/docker.service
owner: root
group: root
state: link
become: true
when:
- ansible_os_family == 'Debian'
- not docker_unit_file.stat.exists
- name: Install apt packages - name: Install apt packages
package: package:
name: "{{ (debian_pkg_install | join(' ')).split() }}" name: "{{ (debian_pkg_install | join(' ')).split() }}"
@@ -78,10 +98,11 @@
# At some point (at least on CentOS 7) Docker CE stopped starting # At some point (at least on CentOS 7) Docker CE stopped starting
# automatically after an upgrade from legacy docker . Start it manually. # automatically after an upgrade from legacy docker . Start it manually.
- name: Start docker - name: Start docker
service: systemd:
name: docker name: docker
state: started state: started
enabled: yes enabled: yes
masked: no
become: True become: True
- name: Wait for Docker to start - name: Wait for Docker to start

9
ansible/roles/baremetal/tasks/post-install.yml
View File

@@ -224,22 +224,25 @@
when: create_kolla_user | bool when: create_kolla_user | bool
- name: Start docker - name: Start docker
service: systemd:
name: docker name: docker
state: started state: started
masked: no
become: True become: True
- name: Restart docker - name: Restart docker
service: systemd:
name: docker name: docker
state: restarted state: restarted
masked: no
become: True become: True
when: docker_configured.changed or docker_reloaded.changed when: docker_configured.changed or docker_reloaded.changed
- name: Enable docker - name: Enable docker
service: systemd:
name: docker name: docker
enabled: yes enabled: yes
masked: no
become: True become: True
- name: Stop time service - name: Stop time service

6
releasenotes/notes/bug-1923203-f9ff247befc4bd75.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
fixes:
- |
Fixed an issue when Docker was configured after startup on Debian/Ubuntu,
which resulted in iptables rules being created - before they were disabled.
`LP#1923203 <https://launchpad.net/bugs/1923203>`__