Stop using MountFlags=shared in Docker configuration

According to Docker upstream release notes [1] MountFlags should be
empty.

1. https://docs.docker.com/engine/release-notes/#18091

"Important notes about this release

In Docker versions prior to 18.09, containerd was managed by the Docker
engine daemon. In Docker Engine 18.09, containerd is managed by systemd.
Since containerd is managed by systemd, any custom configuration to the
docker.service systemd configuration which changes mount settings (for
example, MountFlags=slave) breaks interactions between the Docker Engine
daemon and containerd, and you will not be able to start containers.

Run the following command to get the current value of the MountFlags
property for the docker.service:

sudo systemctl show --property=MountFlags docker.service
MountFlags=

Update your configuration if this command prints a non-empty value for
MountFlags, and restart the docker service."

Closes-bug: #1833835

Change-Id: I4f4cbb09df752d00073a606463c62f0a6ca6c067
This commit is contained in:
Marcin Juszkiewicz 2019-08-05 14:18:06 +02:00 committed by Marcin Juszkiewicz
parent 3731da0b79
commit 35941738d5
2 changed files with 0 additions and 17 deletions

View File

@ -1,4 +1,3 @@
[Service] [Service]
MountFlags=shared
ExecStart= ExecStart=
ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }} ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }}

View File

@ -26,22 +26,6 @@
- groups['neutron-dhcp-agent'] | length < 2 - groups['neutron-dhcp-agent'] | length < 2
or groups['neutron-l3-agent'] | length < 2 or groups['neutron-l3-agent'] | length < 2
# When MountFlags is set to shared, a signal bit configured on 20th bit of a number
# We need to check the 20th bit. 2^20 = 1048576. So we are validating against it.
# In some systems MountFlags on the Docker service is set to 'shared', whereas
# in others it's set to the decimal value of the 20th bit. This now checks for both
# values. Either '1048576' or 'shared' will pass the precheck.
- name: Checking if 'MountFlags' for docker service is set to 'shared'
command: systemctl show docker
register: result
changed_when: false
failed_when: result.stdout.find('MountFlags=1048576') == -1 and result.stdout.find('MountFlags=shared') == -1
when:
- (inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- ansible_os_family == 'RedHat' or ansible_distribution == 'Ubuntu'
- name: Checking tenant network types - name: Checking tenant network types
vars: vars:
type_drivers: "{{ neutron_type_drivers.replace(' ', '').split(',') | reject('equalto', '') | list }}" type_drivers: "{{ neutron_type_drivers.replace(' ', '').split(',') | reject('equalto', '') | list }}"