Skip to content
Snippets Groups Projects
Commit aa447585 authored by Bogdan Dobrelya's avatar Bogdan Dobrelya
Browse files

Fix download dnsmasq image dependency on docker


When download_run_once with download_localhost is used, docker is
expected to be running on the delegate localhost. That may be not
the case for a non localhost delegate, which is the kube-master
otherwise. Then the dnsmasq role, had it been invoked early before
deployment starts, would fail because of the missing docker dependency.

* Fix that dependency on docker and do not pre download dnsmasq image
  for the dnsmasq role, if download_localhost is disabled.
* Remove become: false for docker CLI invocation because that's not
  the common pattern to allow users access docker CLI w/o sudo.
* Fix opt bin path hack for localhost delegate to ignore errors when
  it fails with "sudo password required" otherwise.
* Describe download_run_once with download_localhost use case in docs
  as well.

Signed-off-by: default avatarBogdan Dobrelya <bdobrelia@mirantis.com>
parent f6c32c3e
No related branches found
No related tags found
No related merge requests found
...@@ -8,8 +8,14 @@ For a large scaled deployments, consider the following configuration changes: ...@@ -8,8 +8,14 @@ For a large scaled deployments, consider the following configuration changes:
* Override containers' `foo_image_repo` vars to point to intranet registry. * Override containers' `foo_image_repo` vars to point to intranet registry.
* Override the ``download_run_once: true`` to download binaries and container * Override the ``download_run_once: true`` to download container images only once
images only once then push to nodes in batches. then push to cluster nodes in batches. The default delegate node
for pushing images is the first kube-master. Note, if you have passwordless sudo
and docker enabled on the separate admin node, you may want to define the
``download_localhost: true``, which makes that node a delegate for pushing images
while running the deployment with ansible. This maybe the case if cluster nodes
cannot access each over via ssh or you want to use local docker images as a cache
for multiple clusters.
* Adjust the `retry_stagger` global var as appropriate. It should provide sane * Adjust the `retry_stagger` global var as appropriate. It should provide sane
load on a delegate (the first K8s master node) then retrying failed load on a delegate (the first K8s master node) then retrying failed
......
...@@ -2,4 +2,4 @@ ...@@ -2,4 +2,4 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.dnsmasq }}" file: "{{ downloads.dnsmasq }}"
when: not skip_dnsmasq|default(false) when: not skip_dnsmasq|default(false) and download_localhost|default(false)
...@@ -55,6 +55,7 @@ ...@@ -55,6 +55,7 @@
raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python" raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python"
when: "{{ download_delegate == 'localhost' }}" when: "{{ download_delegate == 'localhost' }}"
delegate_to: localhost delegate_to: localhost
ignore_errors: true
run_once: true run_once: true
- name: Download | create local directory for saved/loaded container images - name: Download | create local directory for saved/loaded container images
...@@ -103,7 +104,6 @@ ...@@ -103,7 +104,6 @@
delegate_to: "{{ download_delegate }}" delegate_to: "{{ download_delegate }}"
register: saved register: saved
run_once: true run_once: true
become: false
when: (ansible_os_family != "CoreOS" or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists) when: (ansible_os_family != "CoreOS" or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists)
- name: Download | copy container images to ansible host - name: Download | copy container images to ansible host
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment