Bug 1497144 – docker role is run against a standalone nfs host.

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1497144 - docker role is run against a standalone nfs host.

Summary:	docker role is run against a standalone nfs host.

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer (Show other bugs)
Sub Component:
Version:	3.7.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	3.7.0
Assigned To:	Michael Gugino
QA Contact:	Johnny Liu
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-09-29 06:02 EDT by Johnny Liu
Modified:	2017-11-28 17:13 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-11-28 17:13:46 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
installation log (2.36 MB, text/plain) 2017-09-29 21:59 EDT, Johnny Liu	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3188	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-28 21:34:54 EST

Groups: None (edit)

Description Johnny Liu 2017-09-29 06:02:41 EDT

Description of problem:
docker role is run against a standalone nfs host, docker is installed and configured on this nfs host.
This is wasting installation time and easy to introduce some other bugs.

Version-Release number of the following components:
openshift-ansible-3.7.0-0.134.0.git.0.6f43fc3.el7.noarch

How reproducible:
Always

Steps to Reproduce:
1. Prepare inventory host file, and define a nfs host which does not take any other role
2. Trigger installation
3.

Actual results:
docker is installed on the standalone nfs host.

Expected results:
docker roles should not run against a standalone nfs host.

Additional info:
<--snip-->
TASK [docker : Install Docker] *************************************************
changed: [ec2-34-207-180-112.compute-1.amazonaws.com] => {"changed": true, "msg": "", "rc": 0, "results": ["Loaded plugins: amazon-id, search-disabled-
<--snip-->
TASK [docker : Ensure docker.service.d directory exists] ***********************
Friday 29 September 2017  06:54:33 +0000 (0:00:59.372)       0:03:56.495 ****** 
changed: [ec2-34-207-180-112.compute-1.amazonaws.com] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/etc/systemd/system/docker.service.d", "secontext": "unconfined_u:object_r:systemd_unit_file_t:s0", "size": 6, "state": "directory", "uid": 0}
changed: [ec2-54-161-162-99.compute-1.amazonaws.com] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/etc/systemd/system/docker.service.d", "secontext": "unconfined_u:object_r:systemd_unit_file_t:s0", "size": 6, "state": "directory", "uid": 0}
<--snip-->
TASK [docker : Configure Docker service unit file] *****************************
Friday 29 September 2017  06:54:33 +0000 (0:00:00.255)       0:03:56.750 ****** 

changed: [ec2-34-207-180-112.compute-1.amazonaws.com] => {"changed": true, "checksum": "826958f3ca5903648a9f3b494969dc6b8a99b90f", "dest": "/etc/systemd/system/docker.service.d/custom.conf", "gid": 0, "group": "root", "md5sum": "c94bda9104b9b567fde4c38670fee3f2", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:container_unit_file_t:s0", "size": 72, "src": "/root/.ansible/tmp/ansible-tmp-1506668073.76-220295548213436/source", "state": "file", "uid": 0}
changed: [ec2-54-161-162-99.compute-1.amazonaws.com] => {"changed": true, "checksum": "826958f3ca5903648a9f3b494969dc6b8a99b90f", "dest": "/etc/systemd/system/docker.service.d/custom.conf", "gid": 0, "group": "root", "md5sum": "c94bda9104b9b567fde4c38670fee3f2", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:container_unit_file_t:s0", "size": 72, "src": "/root/.ansible/tmp/ansible-tmp-1506668073.77-243753878149968/source", "state": "file", "uid": 0}
<--snip-->
TASK [docker : Comment old registry params in /etc/sysconfig/docker] ***********
Friday 29 September 2017  06:54:34 +0000 (0:00:00.413)       0:03:58.157 ****** 
changed: [ec2-34-207-180-112.compute-1.amazonaws.com] => (item={u'reg_conf_var': u'ADD_REGISTRY'}) => {"backup": "", "changed": true, "item": {"reg_conf_var": "ADD_REGISTRY"}, "msg": "line added"}
changed: [ec2-54-161-162-99.compute-1.amazonaws.com] => (item={u'reg_conf_var': u'ADD_REGISTRY'}) => {"backup": "", "changed": true, "item": {"reg_conf_var": "ADD_REGISTRY"}, "msg": "line added"}
changed: [ec2-34-207-180-112.compute-1.amazonaws.com] => (item={u'reg_conf_var': u'BLOCK_REGISTRY'}) => {"backup": "", "changed": true, "item": {"reg_conf_var": "BLOCK_REGISTRY"}, "msg": "line added"}
changed: [ec2-54-161-162-99.compute-1.amazonaws.com] => (item={u'reg_conf_var': u'BLOCK_REGISTRY'}) => {"backup": "", "changed": true, "item": {"reg_conf_var": "BLOCK_REGISTRY"}, "msg": "line added"}
changed: [ec2-34-207-180-112.compute-1.amazonaws.com] => (item={u'reg_conf_var': u'INSECURE_REGISTRY'}) => {"backup": "", "changed": true, "item": {"reg_conf_var": "INSECURE_REGISTRY"}, "msg": "line added"}
changed: [ec2-54-161-162-99.compute-1.amazonaws.com] => (item={u'reg_conf_var': u'INSECURE_REGISTRY'}) => {"backup": "", "changed": true, "item": {"reg_conf_var": "INSECURE_REGISTRY"}, "msg": "line added"}

TASK [docker : Place additional/blocked/insecure registies in /etc/containers/registries.conf] ***
Friday 29 September 2017  06:54:35 +0000 (0:00:00.643)       0:03:58.801 ****** 

changed: [ec2-34-207-180-112.compute-1.amazonaws.com] => {"changed": true, "checksum": "9ad6d5e65626c9e9d28792e41309e708605ca852", "dest": "/etc/containers/registries.conf", "gid": 0, "group": "root", "md5sum": "0cc566203d1e4c618902e48e2c677723", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 1170, "src": "/root/.ansible/tmp/ansible-tmp-1506668075.83-171289893544156/source", "state": "file", "uid": 0}
changed: [ec2-54-161-162-99.compute-1.amazonaws.com] => {"changed": true, "checksum": "9ad6d5e65626c9e9d28792e41309e708605ca852", "dest": "/etc/containers/registries.conf", "gid": 0, "group": "root", "md5sum": "0cc566203d1e4c618902e48e2c677723", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 1170, "src": "/root/.ansible/tmp/ansible-tmp-1506668075.85-1656278671845/source", "state": "file", "uid": 0}

Comment 2 Michael Gugino 2017-09-29 09:35:46 EDT

@jialiu

Can you paste the full output of the run?  That will make it easier to figure out what role/dependency path is triggering docker.

Comment 3 Johnny Liu 2017-09-29 21:59 EDT

Created attachment 1332570 [details]
installation log

Comment 4 Michael Gugino 2017-10-03 10:18:45 EDT

PR Created: https://github.com/openshift/openshift-ansible/pull/5636

Comment 5 Luke Meyer 2017-10-03 17:14:45 EDT

BTW this is not new, ref https://bugzilla.redhat.com/show_bug.cgi?id=1429371 for v3.4

For the health checks in https://bugzilla.redhat.com/show_bug.cgi?id=1496760 it would be nice if one of these roles could define whether to expect docker running on the host so the checks know whether to run or not.

Comment 6 Michael Gugino 2017-10-05 11:58:14 EDT

PR merged.

Comment 8 Johnny Liu 2017-10-12 05:33:08 EDT

Verified this bug with openshift-ansible-3.7.0-0.148.0.git.0.b35eb14.el7.noarch, and PASS.

Comment 9 Johnny Liu 2017-10-12 05:55:22 EDT

The testing env is a containerized install with global containerized=true in my inventory including 1 master + 1 node +  1 nfs.

Comment 13 errata-xmlrpc 2017-11-28 17:13:46 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.