From 2bb9b4995ab77da64a8dc90a149ecd620c2bcfb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Tue, 20 Apr 2021 13:09:43 -0400 Subject: [PATCH] ensure-docker: ensure docker.socket is stopped On Centos8, during the docker-ce installation, the docker.socket service is start with a bogus state: docker.socket: Socket unit configuration has changed while unit has been running, no open socket file descriptor left. The socket unit is not functional until restarted. Later, when the `Assure docker service is running` task tries to start the service, it fails with the following error: dockerd[29743]: failed to load listeners: no sockets found via socket activation: make sure the service was started by systemd Example: https://0c7366f2ce9149f2de0c-399b55a396b5093070500a70ecbf09b9.ssl.cf1.rackcdn.com/410/c233496b96c70cfc6204e75d10116a96b08d4663/check/ansible-test-sanity-docker/787388f/ara-report/index.html Another example: https://github.com/kata-containers/tests/issues/3103 Also: Remove use of kubectl --generator=run-pod/v1 This has been deprecated since 1.17 and removed since 1.20. run-pod wound up being the only generator that did anything, so this parameter became a no-op. This has to be squashed into this commit to unbreak the gate. Change-Id: I666046fe2a3aa079643092c71573803851a67be2 --- roles/ensure-docker/handlers/main.yaml | 15 ++++++++++++ roles/ensure-docker/tasks/docker-setup.yaml | 23 +++++++++++++++---- .../registry/buildset-registry-k8s-crio.yaml | 4 ++-- .../buildset-registry-k8s-docker.yaml | 4 ++-- 4 files changed, 38 insertions(+), 8 deletions(-) diff --git a/roles/ensure-docker/handlers/main.yaml b/roles/ensure-docker/handlers/main.yaml index 778e88bc9..d9cf03dcb 100644 --- a/roles/ensure-docker/handlers/main.yaml +++ b/roles/ensure-docker/handlers/main.yaml @@ -1,4 +1,11 @@ --- +- name: Stop docker.socket to avoid any conflict + become: true + service: + name: docker.socket + enabled: yes + state: stopped + listen: Restart docker - name: Assure docker service is running become: true @@ -8,6 +15,14 @@ state: started listen: Restart docker +- name: Assure docker.socket service is running + become: true + service: + name: docker.socket + enabled: yes + state: started + listen: Restart docker + - name: Correct group ownership on docker sock become: true file: diff --git a/roles/ensure-docker/tasks/docker-setup.yaml b/roles/ensure-docker/tasks/docker-setup.yaml index 70a884138..f31b623d0 100644 --- a/roles/ensure-docker/tasks/docker-setup.yaml +++ b/roles/ensure-docker/tasks/docker-setup.yaml @@ -36,13 +36,28 @@ mtu: 1400 update_json_file_become: true +- name: Get the status of the docket.socket unit + command: systemctl is-failed docker.socket # noqa command-instead-of-module + failed_when: false + become: true + register: _docker_socket_status + +- name: Get the status of the docket unit + command: systemctl is-failed docker # noqa command-instead-of-module + failed_when: false + become: true + register: _docker_status + - name: Restart docker when: >- (docker_userland_proxy is defined) or - (ansible_default_ipv4.mtu < 1500) - service: - name: docker - state: restarted + (ansible_default_ipv4.mtu < 1500) or + (_docker_socket_status.stdout != 'active') or + (_docker_socket_status.stdout != 'active') + debug: + msg: 'Trigger a Docker restart' + changed_when: true + notify: Restart docker - name: Reset ssh connection to pick up docker group meta: reset_connection diff --git a/test-playbooks/registry/buildset-registry-k8s-crio.yaml b/test-playbooks/registry/buildset-registry-k8s-crio.yaml index 17eea4fc0..035f69c20 100644 --- a/test-playbooks/registry/buildset-registry-k8s-crio.yaml +++ b/test-playbooks/registry/buildset-registry-k8s-crio.yaml @@ -17,7 +17,7 @@ retries: 5 delay: 30 - name: Run a local test pod - command: kubectl run --generator=run-pod/v1 --image=quay.io/zuul/quay-testimage quaytest + command: kubectl run --image=quay.io/zuul/quay-testimage quaytest - name: Wait for the pod to be ready command: kubectl wait --for=condition=Ready pod/quaytest --timeout=60s - name: Check the output of the pod @@ -26,7 +26,7 @@ warn: false - name: Run a remote test pod - command: kubectl run --generator=run-pod/v1 --image=docker.io/debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity' + command: kubectl run --image=docker.io/debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity' - name: Wait for the pod to be ready command: kubectl wait --for=condition=Ready pod/upstream-dockertest --timeout=60s - name: Check the output of the pod diff --git a/test-playbooks/registry/buildset-registry-k8s-docker.yaml b/test-playbooks/registry/buildset-registry-k8s-docker.yaml index 02939be6b..4793161f9 100644 --- a/test-playbooks/registry/buildset-registry-k8s-docker.yaml +++ b/test-playbooks/registry/buildset-registry-k8s-docker.yaml @@ -11,7 +11,7 @@ retries: 5 delay: 30 - name: Run a local test pod - command: kubectl run --generator=run-pod/v1 --image=zuul/docker-testimage dockertest + command: kubectl run --image=zuul/docker-testimage dockertest - name: Wait for the pod to be ready command: kubectl wait --for=condition=Ready pod/dockertest --timeout=60s - name: Check the output of the pod @@ -20,7 +20,7 @@ warn: false - name: Run a remote test pod - command: kubectl run --generator=run-pod/v1 --image=debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity' + command: kubectl run --image=debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity' - name: Wait for the pod to be ready command: kubectl wait --for=condition=Ready pod/upstream-dockertest --timeout=60s - name: Check the output of the pod