From 35941738d59002f8bbf55d25b3468619983dcea6 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Mon, 5 Aug 2019 14:18:06 +0200 Subject: [PATCH] Stop using MountFlags=shared in Docker configuration According to Docker upstream release notes [1] MountFlags should be empty. 1. https://docs.docker.com/engine/release-notes/#18091 "Important notes about this release In Docker versions prior to 18.09, containerd was managed by the Docker engine daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd is managed by systemd, any custom configuration to the docker.service systemd configuration which changes mount settings (for example, MountFlags=slave) breaks interactions between the Docker Engine daemon and containerd, and you will not be able to start containers. Run the following command to get the current value of the MountFlags property for the docker.service: sudo systemctl show --property=MountFlags docker.service MountFlags= Update your configuration if this command prints a non-empty value for MountFlags, and restart the docker service." Closes-bug: #1833835 Change-Id: I4f4cbb09df752d00073a606463c62f0a6ca6c067 --- .../templates/docker_systemd_service.j2 | 1 - ansible/roles/neutron/tasks/precheck.yml | 16 ---------------- 2 files changed, 17 deletions(-) diff --git a/ansible/roles/baremetal/templates/docker_systemd_service.j2 b/ansible/roles/baremetal/templates/docker_systemd_service.j2 index 1a5bc8d2aa..3d38d22335 100644 --- a/ansible/roles/baremetal/templates/docker_systemd_service.j2 +++ b/ansible/roles/baremetal/templates/docker_systemd_service.j2 @@ -1,4 +1,3 @@ [Service] -MountFlags=shared ExecStart= ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }} diff --git a/ansible/roles/neutron/tasks/precheck.yml b/ansible/roles/neutron/tasks/precheck.yml index c9983262ec..91bc8dd741 100644 --- a/ansible/roles/neutron/tasks/precheck.yml +++ b/ansible/roles/neutron/tasks/precheck.yml @@ -26,22 +26,6 @@ - groups['neutron-dhcp-agent'] | length < 2 or groups['neutron-l3-agent'] | length < 2 -# When MountFlags is set to shared, a signal bit configured on 20th bit of a number -# We need to check the 20th bit. 2^20 = 1048576. So we are validating against it. -# In some systems MountFlags on the Docker service is set to 'shared', whereas -# in others it's set to the decimal value of the 20th bit. This now checks for both -# values. Either '1048576' or 'shared' will pass the precheck. -- name: Checking if 'MountFlags' for docker service is set to 'shared' - command: systemctl show docker - register: result - changed_when: false - failed_when: result.stdout.find('MountFlags=1048576') == -1 and result.stdout.find('MountFlags=shared') == -1 - when: - - (inventory_hostname in groups['neutron-dhcp-agent'] - or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) - - ansible_os_family == 'RedHat' or ansible_distribution == 'Ubuntu' - - name: Checking tenant network types vars: type_drivers: "{{ neutron_type_drivers.replace(' ', '').split(',') | reject('equalto', '') | list }}"