Backport remove dockerproject (#5682)

* Remove dockerproject org (#5548)

* Change dockerproject.org to download.docker.com

dockerproject.org was deprecated in 2017 and has gone down.

* Restore yum repo for containerd

Change-Id: I883bb512a2164a85865b1bd4fb569af0358c8c2b

Co-authored-by: Craig Rodrigues <rodrigc@crodrigues.org>

* remove legacy docker repo in kubernetes/preinstall before any packages installed (#5640)

* Remove dockerproject_.+_repo_.+ variables (#5662)

This 38688a4486 change replaces the
value for dockerproject_.+_repo_.+ docker variables but their new
value was previously defined in other variables. This change removes
the dockerproject_.+_repo_.+ docker variables in favor of the older
ones.

* Remove stale legacy yum docker repo /etc/yum.repos.d/docker.repo (#5569)

* Remove stale legacy yum docker repo /etc/yum.repos.d/docker.repo

* move task 'Remove legacy docker repo file' to pre-upgrade.yml

* fix upgrade procedure when in playbook (#5695)

exists role kubernetes/preinstall and not exists role container-engine

 error 'yum_repo_dir' is undefined

Co-authored-by: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Co-authored-by: Craig Rodrigues <rodrigc@crodrigues.org>
Co-authored-by: Victor Morales <chipahuac@hotmail.com>

roles/container-engine/containerd/templates/rh_containerd.repo.j2

@@ -7,13 +7,3 @@ keepcache={{ docker_rpm_keepcache | default('1') }}
 gpgkey={{ docker_rh_repo_gpgkey }}
 {% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
 {% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int == 8 %}module_hotfixes=True{% endif %}
-
-[docker-engine]
-name=Docker-Engine Repository
-baseurl={{ dockerproject_rh_repo_base_url }}
-enabled=1
-gpgcheck=1
-keepcache={{ docker_rpm_keepcache | default('1') }}
-gpgkey={{ dockerproject_rh_repo_gpgkey }}
-{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
-{% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int == 8 %}module_hotfixes=True{% endif %}

roles/container-engine/containerd/templates/rh_docker.repo.j2

@@ -0,0 +1,9 @@
+[docker-ce]
+name=Docker-CE Repository
+baseurl={{ docker_rh_repo_base_url }}
+enabled=1
+gpgcheck=1
+keepcache={{ docker_rpm_keepcache | default('1') }}
+gpgkey={{ docker_rh_repo_gpgkey }}
+{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
+{% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int == 8 %}module_hotfixes=True{% endif %}

roles/container-engine/docker/defaults/main.yml

@@ -38,11 +38,6 @@ docker_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
 # Debian docker-ce repo
 docker_debian_repo_base_url: "https://download.docker.com/linux/debian"
 docker_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg'
-# dockerproject repo
-dockerproject_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/7'
-dockerproject_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg'
-dockerproject_apt_repo_base_url: 'https://apt.dockerproject.org/repo'
-dockerproject_apt_repo_gpgkey: 'https://apt.dockerproject.org/gpg'
 docker_bin_dir: "/usr/bin"
 # CentOS/RedHat Extras repo
 extras_rh_repo_base_url: "http://mirror.centos.org/centos/$releasever/extras/$basearch/"
@@ -67,4 +62,4 @@ docker_remove_packages_yum:
 docker_remove_packages_apt:
   - docker
   - docker-engine
-  - docker.io
+  - docker.io

roles/container-engine/docker/tasks/main.yml

@@ -27,9 +27,6 @@
   tags:
     - facts
 
-# https://yum.dockerproject.org/repo/main/opensuse/ contains packages for an EOL
-# openSUSE version so we can't use it. The only alternative is to use the docker
-# packages from the distribution repositories.
 - name: Warn about Docker version on SUSE
   debug:
     msg: "SUSE distributions always install Docker from the distro repos"
@@ -105,9 +102,14 @@
   when: ansible_distribution == "Fedora" and not is_atomic
 
 - name: Configure docker repository on RedHat/CentOS/Oracle Linux
-  template:
+  yum_repository:
-    src: "rh_docker.repo.j2"
+    name: docker-ce
-    dest: "{{ yum_repo_dir }}/docker.repo"
+    baseurl: "{{ docker_rh_repo_base_url }}"
+    description: "Docker CE Stable - $basearch"
+    gpgcheck: yes
+    gpgkey: "{{ docker_rh_repo_gpgkey }}"
+    keepcache: "{{ docker_rpm_keepcache | default('1') }}"
+    proxy: " {{ http_proxy | default('_none_') }}"
   when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_atomic
 
 - name: check if container-selinux is available

roles/container-engine/docker/tasks/pre-upgrade.yml

@@ -1,4 +1,12 @@
 ---
+- name: Remove legacy docker repo file
+  file:
+    path: "{{ yum_repo_dir }}/docker.repo"
+    state: absent
+  when:
+    - ansible_distribution in ["CentOS","RedHat","OracleLinux"]
+    - not is_atomic
+
 - name: Ensure old versions of Docker are not installed. | Debian
   apt:
     name: '{{ docker_remove_packages_apt }}'

roles/container-engine/docker/templates/rh_docker.repo.j2

@@ -1,19 +0,0 @@
-[docker-ce]
-name=Docker-CE Repository
-baseurl={{ docker_rh_repo_base_url }}
-enabled=1
-gpgcheck=1
-keepcache={{ docker_rpm_keepcache | default('1') }}
-gpgkey={{ docker_rh_repo_gpgkey }}
-{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
-{% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int == 8 %}module_hotfixes=True{% endif %}
-
-[docker-engine]
-name=Docker-Engine Repository
-baseurl={{ dockerproject_rh_repo_base_url }}
-enabled=1
-gpgcheck=1
-keepcache={{ docker_rpm_keepcache | default('1') }}
-gpgkey={{ dockerproject_rh_repo_gpgkey }}
-{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
-{% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int == 8 %}module_hotfixes=True{% endif %}

roles/container-engine/docker/vars/debian.yml

@@ -2,7 +2,6 @@
 docker_kernel_min_version: '3.10'
 
 # https://download.docker.com/linux/debian/
-# https://apt.dockerproject.org/repo/dists/debian-wheezy/main/filelist
 docker_versioned_pkg:
   'latest': docker-ce
   '1.13': docker-engine=1.13.1-0~debian-{{ ansible_distribution_release|lower }}
@@ -38,7 +37,7 @@ docker_repo_info:
 
 dockerproject_repo_key_info:
   pkg_key: apt_key
-  url: '{{ dockerproject_apt_repo_gpgkey }}'
+  url: '{{ docker_debian_repo_gpgkey }}'
   repo_keys:
     - 58118E89F3A912897C070ADBF76221572C52609D
 
@@ -46,6 +45,6 @@ dockerproject_repo_info:
   pkg_repo: apt_repository
   repos:
     - >
-       deb {{ dockerproject_apt_repo_base_url }}
+       deb {{ docker_debian_repo_base_url }}
        {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}
        main

roles/container-engine/docker/vars/redhat.yml

@@ -3,7 +3,6 @@ docker_kernel_min_version: '0'
 
 # https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
 # https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
-# https://yum.dockerproject.org/repo/main/centos/7
 # or do 'yum --showduplicates list docker-engine'
 docker_versioned_pkg:
   'latest': docker-ce

roles/container-engine/docker/vars/ubuntu-amd64.yml

@@ -37,7 +37,7 @@ docker_repo_info:
 
 dockerproject_repo_key_info:
   pkg_key: apt_key
-  url: '{{ dockerproject_apt_repo_gpgkey }}'
+  url: '{{ docker_debian_repo_gpgkey }}'
   repo_keys:
     - 58118E89F3A912897C070ADBF76221572C52609D
 
@@ -45,6 +45,6 @@ dockerproject_repo_info:
   pkg_repo: apt_repository
   repos:
     - >
-       deb {{ dockerproject_apt_repo_base_url }}
+       deb {{ docker_debian_repo_base_url }}
        {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}
        main

roles/container-engine/docker/vars/ubuntu-arm64.yml

@@ -33,7 +33,7 @@ docker_repo_info:
 
 dockerproject_repo_key_info:
   pkg_key: apt_key
-  url: '{{ dockerproject_apt_repo_gpgkey }}'
+  url: '{{ docker_debian_repo_gpgkey }}'
   repo_keys:
     - 58118E89F3A912897C070ADBF76221572C52609D
 
@@ -41,6 +41,6 @@ dockerproject_repo_info:
   pkg_repo: apt_repository
   repos:
     - >
-       deb {{ dockerproject_apt_repo_base_url }}
+       deb {{ docker_debian_repo_base_url }}
        {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}
        main

roles/kubernetes/kubeadm/tasks/main.yml

@@ -111,8 +111,8 @@
     | sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g'
     | {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
   run_once: true
+  delegate_to: "{{ groups['kube-master']|first }}"
   when:
-    - inventory_hostname == groups['kube-master']|first
     - kubeadm_config_api_fqdn is not defined
     - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
     - not kube_proxy_remove
@@ -129,8 +129,8 @@
 - name: Restart all kube-proxy pods to ensure that they load the new configmap
   shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
   run_once: true
+  delegate_to: "{{ groups['kube-master']|first }}"
   when:
-    - inventory_hostname == groups['kube-master']|first
     - kubeadm_config_api_fqdn is not defined
     - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
     - not kube_proxy_remove
@@ -153,8 +153,8 @@
 - name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
   shell: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete daemonset -n kube-system kube-proxy"
   run_once: true
+  delegate_to: "{{ groups['kube-master']|first }}"
   when:
-    - inventory_hostname == groups['kube-master']|first
     - kube_proxy_remove
     - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
   # When scaling/adding nodes in the existing k8s cluster, kube-proxy wouldn't be created, as `kubeadm init` wouldn't run.

roles/kubernetes/preinstall/defaults/main.yml

@@ -54,3 +54,5 @@ etc_hosts_localhost_entries:
 # Minimal memory requirement in MB for safety checks
 minimal_node_memory_mb: 1024
 minimal_master_memory_mb: 1500
+
+yum_repo_dir: /etc/yum.repos.d

roles/kubernetes/preinstall/tasks/0070-system-packages.yml

@@ -17,6 +17,14 @@
   tags:
     - bootstrap-os
 
+- name: Remove legacy docker repo file
+  file:
+    path: "{{ yum_repo_dir }}/docker.repo"
+    state: absent
+  when:
+    - ansible_distribution in ["CentOS","RedHat","OracleLinux"]
+    - not is_atomic
+
 - name: Install python-dnf for latest RedHat versions
   command: dnf install -y python-dnf yum
   register: dnf_task_result