diff --git a/releasenotes/notes/drop-docker-custom-option-6c8251c750473558.yaml b/releasenotes/notes/drop-docker-custom-option-6c8251c750473558.yaml new file mode 100644 index 0000000..c643e87 --- /dev/null +++ b/releasenotes/notes/drop-docker-custom-option-6c8251c750473558.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + Removes the deprecated ``docker_custom_option`` variable. diff --git a/roles/baremetal/defaults/main.yml b/roles/baremetal/defaults/main.yml index 278de0c..229ad15 100644 --- a/roles/baremetal/defaults/main.yml +++ b/roles/baremetal/defaults/main.yml @@ -1,21 +1,4 @@ --- -# Whether to enable a package repository for Docker. -enable_docker_repo: "{% if ansible_facts.distribution == 'openEuler' %}false{% else %}true{% endif %}" - -# Docker APT repository configuration. -docker_apt_url: "https://download.docker.com/linux/{{ ansible_facts.distribution | lower }}" -docker_apt_repo: "deb {{ docker_apt_url }} {{ ansible_facts.distribution_release }} stable" -docker_apt_key_file: "gpg" -docker_apt_key_id: "0EBFCD88" -docker_apt_package: "docker-ce" - -# Docker Yum repository configuration. -docker_yum_url: "https://download.docker.com/linux/centos" -docker_yum_baseurl: "{{ docker_yum_url }}/$releasever/$basearch/stable" -docker_yum_gpgkey: "{{ docker_yum_url }}/gpg" -docker_yum_gpgcheck: true -docker_yum_package: "docker-ce" - ceph_version: "pacific" epel_version: "8" ceph_url: "https://download.ceph.com" @@ -49,32 +32,19 @@ selinux_state: "permissive" # If true, the host firewall service (firewalld or ufw) will be disabled. disable_firewall: True -docker_storage_driver: "" -docker_custom_option: "" -docker_custom_config: "{% if ansible_facts.distribution == 'openEuler' %}{\"exec-opts\": [\"native.umask=normal\"]}{% else %}{}{% endif %}" - -docker_http_proxy: "" -docker_https_proxy: "" -docker_no_proxy: "" - git_http_proxy: "" git_https_proxy: "" debian_pkg_install: - - "{{ docker_apt_package }}" - git - "{% if enable_multipathd|bool %}sg3-utils-udev{% endif %}" - - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}" openeuler_pkg_install: - - docker - python3-docker redhat_pkg_install: - - "{{ docker_yum_package }}" - git - sudo - - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}" ubuntu_pkg_removals: - lxd @@ -87,17 +57,6 @@ redhat_pkg_removals: - "{% if enable_nova_libvirt_container | bool %}libvirt-daemon{% endif %}" - "{% if enable_nova_libvirt_container | bool %}iscsi-initiator-utils{% endif %}" -# From group_vars/all.yml: -docker_log_max_file: "5" -docker_log_max_size: "50m" - -# Docker networking options -docker_disable_default_iptables_rules: "yes" -docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}" -docker_disable_ip_forward: "{{ docker_disable_default_iptables_rules }}" - -docker_runtime_directory: "" - node_config_directory: "/etc/kolla" # Whether the nova_libvirt container is enabled. diff --git a/roles/baremetal/tasks/install.yml b/roles/baremetal/tasks/install.yml index 867443c..ef8877f 100644 --- a/roles/baremetal/tasks/install.yml +++ b/roles/baremetal/tasks/install.yml @@ -37,44 +37,12 @@ - firewalld_check.rc == 0 when: disable_firewall | bool -# Upgrading docker engine may cause containers to stop. Take a snapshot of the -# running containers prior to a potential upgrade of Docker. - -- name: Check which containers are running - command: docker ps -f 'status=running' -q - become: true - # If Docker is not installed this command may exit non-zero. - failed_when: false - changed_when: false - register: running_containers - -# APT starts Docker engine right after installation, which creates -# iptables rules before we disable iptables in Docker config - -- name: Check if docker systemd unit exists - stat: - path: /etc/systemd/system/docker.service - register: docker_unit_file - -- name: Mask the docker systemd unit on Debian/Ubuntu - file: - src: /dev/null - dest: /etc/systemd/system/docker.service - owner: root - group: root - state: link - become: true - when: - - ansible_facts.os_family == 'Debian' - - not docker_unit_file.stat.exists - - name: Install apt packages package: name: "{{ (debian_pkg_install | join(' ')).split() }}" state: present become: True when: ansible_facts.os_family == 'Debian' - register: apt_install_result - name: Install deltarpm packages package: @@ -93,7 +61,6 @@ when: - ansible_facts.os_family == 'RedHat' - ansible_facts.distribution != 'openEuler' - register: rpm_install_result - name: Install RPM packages for openEuler package: @@ -102,40 +69,9 @@ update_cache: yes become: True when: ansible_facts.distribution == 'openEuler' - register: rpm_install_result -# If any packages were updated, and any containers were running, wait for the -# daemon to come up and start all previously running containers. - -- block: - # At some point (at least on CentOS 7) Docker CE stopped starting - # automatically after an upgrade from legacy docker . Start it manually. - - name: Start docker - systemd: - name: docker - state: started - enabled: yes - masked: no - become: True - - - name: Wait for Docker to start - command: docker info - become: true - changed_when: false - register: result - until: result is success - retries: 6 - delay: 10 - - - name: Ensure containers are running after Docker upgrade - command: "docker start {{ running_containers.stdout }}" - become: true - when: - - install_result is changed - - running_containers.rc == 0 - - running_containers.stdout != '' - vars: - install_result: "{{ rpm_install_result if ansible_facts.os_family == 'RedHat' else apt_install_result }}" +- import_role: + name: openstack.kolla.docker - name: Remove packages package: diff --git a/roles/baremetal/tasks/main.yml b/roles/baremetal/tasks/main.yml index dfe37fe..db6c92f 100644 --- a/roles/baremetal/tasks/main.yml +++ b/roles/baremetal/tasks/main.yml @@ -5,11 +5,6 @@ - import_tasks: post-install.yml -- include_tasks: configure-containerd-for-zun.yml - when: - - containerd_configure_for_zun|bool - - "'zun-cni-daemon' in group_names" - - include_tasks: configure-ceph-for-zun.yml when: - zun_configure_for_cinder_ceph | bool diff --git a/roles/baremetal/tasks/post-install.yml b/roles/baremetal/tasks/post-install.yml index 446f5b5..e98b25c 100644 --- a/roles/baremetal/tasks/post-install.yml +++ b/roles/baremetal/tasks/post-install.yml @@ -15,139 +15,6 @@ mode: 0755 become: True -- name: Ensure docker config directory exists - file: - path: /etc/docker - state: directory - become: True - -- name: Merge Zun docker config - set_fact: - docker_config: "{{ docker_config | combine(docker_zun_config) }}" - when: - - docker_configure_for_zun | bool - - "'zun-compute' in group_names" - -- name: Warn about deprecations - debug: - msg: > - docker_custom_option is deprecated in favor of docker_custom_config - when: docker_custom_option | length > 0 - -- name: Setup docker insecure registries - vars: - registries: ["{{ docker_registry }}"] - set_fact: - docker_config: "{{ docker_config | combine({'insecure-registries': registries}) }}" - when: docker_registry_insecure | bool - -- name: Setup docker storage driver - set_fact: - docker_config: "{{ docker_config | combine({'storage-driver': docker_storage_driver}) }}" - when: docker_storage_driver | length > 0 - -- name: Setup docker runtime directory - set_fact: - docker_config: "{{ docker_config | combine({'data-root': docker_runtime_directory}) }}" - when: docker_runtime_directory | length > 0 - -- name: Warn about docker default iptables - debug: - msg: >- - Docker default iptables rules will be disabled by default from the Wallaby 12.0.0 - release. If you have any non-Kolla containers that need this functionality, you should - plan a migration for this change, or set docker_disable_default_iptables_rules to false. - when: not docker_disable_default_iptables_rules | bool - -- name: Disable docker default iptables rules - set_fact: - docker_config: "{{ docker_config | combine({'iptables': false}) }}" - when: docker_disable_default_iptables_rules | bool - -- name: Warn about docker default networking - debug: - msg: >- - Docker default network on docker0 will be disabled by default from the - Wallaby 12.0.0 release. If you have any non-Kolla containers that need - this functionality, you should plan a migration for this change, or set - docker_disable_default_network to false. - when: not docker_disable_default_network | bool - -- name: Disable docker default network on docker0 - set_fact: - docker_config: "{{ docker_config | combine({'bridge': 'none'}) }}" - when: docker_disable_default_network | bool - -- name: Warn about docker ip_forward - debug: - msg: >- - Docker ip_forward will be disabled by default from the - Wallaby 12.0.0 release. If you have any non-Kolla containers that need - this functionality, you should plan a migration for this change, or set - docker_disable_ip_forward to false. - when: not docker_disable_ip_forward | bool - -- name: Disable docker ip_forward - set_fact: - docker_config: "{{ docker_config | combine({'ip-forward': false}) }}" - when: docker_disable_ip_forward | bool - -- name: Merge custom docker config - set_fact: - docker_config: "{{ docker_config | combine(docker_custom_config) }}" - -- name: Write docker config - become: True - copy: - content: "{{ docker_config | to_nice_json }}" - dest: /etc/docker/daemon.json - mode: 0644 - register: docker_configured - -- name: Remove old docker options file - become: True - file: - path: /etc/systemd/system/docker.service.d/kolla.conf - state: absent - when: - - not docker_custom_option - - not docker_configure_for_zun | bool or 'zun-compute' not in group_names - - not docker_http_proxy - - not docker_https_proxy - - not docker_no_proxy - -- name: Ensure docker service directory exists - become: True - file: - path: /etc/systemd/system/docker.service.d - state: directory - recurse: yes - when: > - docker_custom_option | length > 0 or - (docker_configure_for_zun | bool and 'zun-compute' in group_names) or - docker_http_proxy | length > 0 or - docker_https_proxy | length > 0 or - docker_no_proxy | length > 0 - -- name: Configure docker service - become: True - template: - src: docker_systemd_service.j2 - dest: /etc/systemd/system/docker.service.d/kolla.conf - when: > - docker_custom_option | length > 0 or - (docker_configure_for_zun | bool and 'zun-compute' in group_names) or - docker_http_proxy | length > 0 or - docker_https_proxy | length > 0 or - docker_no_proxy | length > 0 - -- name: Reload docker service file - become: True - systemd: - name: docker - daemon_reload: yes - register: docker_reloaded - - block: - name: Get stat of libvirtd apparmor profile stat: @@ -173,28 +40,6 @@ - ansible_facts.distribution == "Ubuntu" - apparmor_remove_libvirt_profile | bool -- name: Start docker - systemd: - name: docker - state: started - masked: no - become: True - -- name: Restart docker - systemd: - name: docker - state: restarted - masked: no - become: True - when: docker_configured.changed or docker_reloaded.changed - -- name: Enable docker - systemd: - name: docker - enabled: yes - masked: no - become: True - - name: Change state of selinux selinux: policy: targeted diff --git a/roles/baremetal/tasks/pre-install.yml b/roles/baremetal/tasks/pre-install.yml index ad42268..4ed43dd 100644 --- a/roles/baremetal/tasks/pre-install.yml +++ b/roles/baremetal/tasks/pre-install.yml @@ -69,78 +69,3 @@ when: cloud_init.stat.exists become: True when: customize_etc_hosts | bool - -- block: - - block: - - name: Install apt packages - apt: - update_cache: yes - become: True - - - name: Install CA certificates and gnupg packages - package: - name: "{{ item }}" - state: latest - become: True - with_items: - - ca-certificates - - gnupg - - - name: Ensure apt sources list directory exists - file: - path: /etc/apt/sources.list.d - state: directory - recurse: yes - become: True - - - name: Install docker apt gpg key - apt_key: - url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}" - id: "{{ docker_apt_key_id }}" - state: present - become: True - - - name: Enable docker apt repository - apt_repository: - repo: "{{ docker_apt_repo }}" - filename: docker - become: True - when: ansible_facts.os_family == 'Debian' - - - block: - - name: Ensure yum repos directory exists - file: - path: /etc/yum.repos.d/ - state: directory - recurse: yes - become: True - - - name: Enable docker yum repository - yum_repository: - name: docker - description: Docker main Repository - baseurl: "{{ docker_yum_baseurl }}" - gpgcheck: "{{ docker_yum_gpgcheck | bool }}" - gpgkey: "{{ docker_yum_gpgkey }}" - become: True - - # NOTE(yoctozepto): above cannot set this but we require it - # to install containerd.io due to runc being a modular package - # in CentOS 8 - # see: https://bugzilla.redhat.com/show_bug.cgi?id=1734081 - - name: Ensure module_hotfixes enabled for docker - lineinfile: - dest: /etc/yum.repos.d/docker.repo - regexp: "^module_hotfixes" - line: "module_hotfixes = True" - state: present - become: True - - - name: Install docker rpm gpg key - rpm_key: - state: present - key: "{{ docker_yum_gpgkey }}" - become: True - when: docker_yum_gpgcheck | bool - when: ansible_facts.os_family == 'RedHat' - when: enable_docker_repo | bool diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 0000000..08e6849 --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,50 @@ +--- +# APT cache TTL in seconds. +apt_cache_valid_time: 3600 + +# Whether to enable a package repository for Docker. +enable_docker_repo: "{% if ansible_facts.distribution == 'openEuler' %}false{% else %}true{% endif %}" + +# Docker APT repository configuration. +docker_apt_url: "https://download.docker.com/linux/{{ ansible_facts.distribution | lower }}" +docker_apt_repo: "deb {{ docker_apt_url }} {{ ansible_facts.distribution_release }} stable" +docker_apt_key_file: "gpg" +docker_apt_key_id: "0EBFCD88" +docker_apt_package: "docker-ce" + +# Docker Yum repository configuration. +docker_yum_url: "https://download.docker.com/linux/centos" +docker_yum_baseurl: "{{ docker_yum_url }}/$releasever/$basearch/stable" +docker_yum_gpgkey: "{{ docker_yum_url }}/gpg" +docker_yum_gpgcheck: true +docker_yum_package: "{% if ansible_facts.distribution == 'openEuler' %}docker{% else %}docker-ce{% endif %}" + +# List of packages to install. +docker_packages: + - "{{ docker_apt_package if ansible_facts.os_family == 'Debian' else docker_yum_package }}" + - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}" + +docker_storage_driver: "" +docker_custom_config: "{% if ansible_facts.distribution == 'openEuler' %}{\"exec-opts\": [\"native.umask=normal\"]}{% else %}{}{% endif %}" + +docker_http_proxy: "" +docker_https_proxy: "" +docker_no_proxy: "" + +docker_log_max_file: "5" +docker_log_max_size: "50m" + +# Docker networking options +docker_disable_default_iptables_rules: "yes" +docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}" +docker_disable_ip_forward: "{{ docker_disable_default_iptables_rules }}" + +docker_runtime_directory: "" + +# URL of docker registry +docker_registry: +docker_registry_insecure: false + +# Whether to configure Docker and containerd for Zun. +docker_configure_for_zun: false +containerd_configure_for_zun: "{{ docker_configure_for_zun | bool }}" diff --git a/roles/docker/tasks/config.yml b/roles/docker/tasks/config.yml new file mode 100644 index 0000000..a43d7a5 --- /dev/null +++ b/roles/docker/tasks/config.yml @@ -0,0 +1,101 @@ +--- +- name: Ensure docker config directory exists + file: + path: /etc/docker + state: directory + become: True + +- name: Write docker config + become: True + vars: + docker_config_insecure_registries: + insecure-registries: + - "{{ docker_registry }}" + docker_config_storage_driver: + storage-driver: "{{ docker_storage_driver }}" + docker_config_runtime_directory: + data-root: "{{ docker_runtime_directory }}" + docker_config_iptables: + iptables: false + docker_config_bridge: + bridge: "none" + docker_config_ip_forward: + ip-forward: false + docker_config: >- + {{ {} + | combine(docker_zun_config if docker_configure_for_zun | bool and 'zun-compute' in group_names else {}) + | combine(docker_config_insecure_registries if docker_registry_insecure | bool else {}) + | combine(docker_config_storage_driver if docker_storage_driver | length > 0 else {}) + | combine(docker_config_runtime_directory if docker_runtime_directory | length > 0 else {}) + | combine(docker_config_iptables if docker_disable_default_iptables_rules | bool else {}) + | combine(docker_config_bridge if docker_disable_default_network | bool else {}) + | combine(docker_config_ip_forward if docker_disable_ip_forward | bool else {}) + | combine(docker_custom_config) }} + copy: + content: "{{ docker_config | to_nice_json }}" + dest: /etc/docker/daemon.json + mode: 0644 + register: docker_configured + +- name: Remove old docker options file + become: True + file: + path: /etc/systemd/system/docker.service.d/kolla.conf + state: absent + when: + - not docker_configure_for_zun | bool or 'zun-compute' not in group_names + - not docker_http_proxy + - not docker_https_proxy + - not docker_no_proxy + +- name: Ensure docker service directory exists + become: True + file: + path: /etc/systemd/system/docker.service.d + state: directory + recurse: yes + when: > + (docker_configure_for_zun | bool and 'zun-compute' in group_names) or + docker_http_proxy | length > 0 or + docker_https_proxy | length > 0 or + docker_no_proxy | length > 0 + +- name: Configure docker service + become: True + template: + src: docker_systemd_service.j2 + dest: /etc/systemd/system/docker.service.d/kolla.conf + when: > + (docker_configure_for_zun | bool and 'zun-compute' in group_names) or + docker_http_proxy | length > 0 or + docker_https_proxy | length > 0 or + docker_no_proxy | length > 0 + +- name: Reload docker service file + become: True + systemd: + name: docker + daemon_reload: yes + register: docker_reloaded + +- name: Start docker + systemd: + name: docker + state: started + masked: no + become: True + +- name: Restart docker + systemd: + name: docker + state: restarted + masked: no + become: True + when: docker_configured.changed or docker_reloaded.changed + +- name: Enable docker + systemd: + name: docker + enabled: yes + masked: no + become: True diff --git a/roles/baremetal/tasks/configure-containerd-for-zun.yml b/roles/docker/tasks/configure-containerd-for-zun.yml similarity index 100% rename from roles/baremetal/tasks/configure-containerd-for-zun.yml rename to roles/docker/tasks/configure-containerd-for-zun.yml diff --git a/roles/docker/tasks/install.yml b/roles/docker/tasks/install.yml new file mode 100644 index 0000000..213640c --- /dev/null +++ b/roles/docker/tasks/install.yml @@ -0,0 +1,71 @@ +--- +# Upgrading docker engine may cause containers to stop. Take a snapshot of the +# running containers prior to a potential upgrade of Docker. + +- name: Check which containers are running + command: docker ps -f 'status=running' -q + become: true + # If Docker is not installed this command may exit non-zero. + failed_when: false + changed_when: false + register: running_containers + +# APT starts Docker engine right after installation, which creates +# iptables rules before we disable iptables in Docker config + +- name: Check if docker systemd unit exists + stat: + path: /etc/systemd/system/docker.service + register: docker_unit_file + +- name: Mask the docker systemd unit on Debian/Ubuntu + file: + src: /dev/null + dest: /etc/systemd/system/docker.service + owner: root + group: root + state: link + become: true + when: + - ansible_facts.os_family == 'Debian' + - not docker_unit_file.stat.exists + +- name: Install packages + package: + name: "{{ docker_packages | select | list }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: true + state: present + become: True + register: docker_install_result + +# If any packages were updated, and any containers were running, wait for the +# daemon to come up and start all previously running containers. + +- block: + # At some point (at least on CentOS 7) Docker CE stopped starting + # automatically after an upgrade from legacy docker . Start it manually. + - name: Start docker + systemd: + name: docker + state: started + enabled: yes + masked: no + become: True + + - name: Wait for Docker to start + command: docker info + become: true + changed_when: false + register: result + until: result is success + retries: 6 + delay: 10 + + - name: Ensure containers are running after Docker upgrade + command: "docker start {{ running_containers.stdout }}" + become: true + when: + - docker_install_result is changed + - running_containers.rc == 0 + - running_containers.stdout != '' diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..21fdd8c --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,20 @@ +--- +# TODO(mgoddard): Remove this task in the A release. +- name: Fail if docker_custom_option is defined + fail: + msg: >- + The 'docker_custom_option' variable has been removed. Please use + 'docker_custom_config' instead. + when: docker_custom_option is defined + +- include_tasks: "repo-{{ ansible_facts.os_family }}.yml" + when: enable_docker_repo | bool + +- import_tasks: install.yml + +- import_tasks: config.yml + +- include_tasks: configure-containerd-for-zun.yml + when: + - containerd_configure_for_zun|bool + - "'zun-cni-daemon' in group_names" diff --git a/roles/docker/tasks/repo-Debian.yml b/roles/docker/tasks/repo-Debian.yml new file mode 100644 index 0000000..fac2656 --- /dev/null +++ b/roles/docker/tasks/repo-Debian.yml @@ -0,0 +1,30 @@ +--- +- name: Install CA certificates and gnupg packages + package: + name: + - ca-certificates + - gnupg + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" + state: present + become: True + +- name: Ensure apt sources list directory exists + file: + path: /etc/apt/sources.list.d + state: directory + recurse: yes + become: True + +- name: Install docker apt gpg key + apt_key: + url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}" + id: "{{ docker_apt_key_id }}" + state: present + become: True + +- name: Enable docker apt repository + apt_repository: + repo: "{{ docker_apt_repo }}" + filename: docker + become: True diff --git a/roles/docker/tasks/repo-RedHat.yml b/roles/docker/tasks/repo-RedHat.yml new file mode 100644 index 0000000..7e2eacb --- /dev/null +++ b/roles/docker/tasks/repo-RedHat.yml @@ -0,0 +1,27 @@ +--- +- name: Ensure yum repos directory exists + file: + path: /etc/yum.repos.d/ + state: directory + recurse: yes + become: True + +- name: Enable docker yum repository + yum_repository: + name: docker + description: Docker main Repository + baseurl: "{{ docker_yum_baseurl }}" + gpgcheck: "{{ docker_yum_gpgcheck | bool }}" + gpgkey: "{{ docker_yum_gpgkey }}" + # NOTE(yoctozepto): required to install containerd.io due to runc being a + # modular package in CentOS 8 see: + # https://bugzilla.redhat.com/show_bug.cgi?id=1734081 + module_hotfixes: true + become: True + +- name: Install docker rpm gpg key + rpm_key: + state: present + key: "{{ docker_yum_gpgkey }}" + become: True + when: docker_yum_gpgcheck | bool diff --git a/roles/baremetal/templates/10-zun-cni.conf.j2 b/roles/docker/templates/10-zun-cni.conf.j2 similarity index 100% rename from roles/baremetal/templates/10-zun-cni.conf.j2 rename to roles/docker/templates/10-zun-cni.conf.j2 diff --git a/roles/baremetal/templates/containerd_config.toml.j2 b/roles/docker/templates/containerd_config.toml.j2 similarity index 100% rename from roles/baremetal/templates/containerd_config.toml.j2 rename to roles/docker/templates/containerd_config.toml.j2 diff --git a/roles/baremetal/templates/docker_systemd_service.j2 b/roles/docker/templates/docker_systemd_service.j2 similarity index 71% rename from roles/baremetal/templates/docker_systemd_service.j2 rename to roles/docker/templates/docker_systemd_service.j2 index f10beaf..a02a1f1 100644 --- a/roles/baremetal/templates/docker_systemd_service.j2 +++ b/roles/docker/templates/docker_systemd_service.j2 @@ -10,4 +10,4 @@ Environment="NO_PROXY={{ docker_no_proxy }}" {% endif %} ExecStart= # ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems. -ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool and 'zun-compute' in group_names %} {{ docker_zun_options }}{% endif %} +ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_configure_for_zun|bool and 'zun-compute' in group_names %} {{ docker_zun_options }}{% endif %} diff --git a/roles/baremetal/templates/zun-cni.j2 b/roles/docker/templates/zun-cni.j2 similarity index 100% rename from roles/baremetal/templates/zun-cni.j2 rename to roles/docker/templates/zun-cni.j2 diff --git a/roles/baremetal/vars/main.yml b/roles/docker/vars/main.yml similarity index 100% rename from roles/baremetal/vars/main.yml rename to roles/docker/vars/main.yml