Containers' IpcMode causes containers restart during reconfigure

Bug #1741018 reported by Mathieu Gaubert
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
kolla-ansible
New
High
Chason Chan

Bug Description

When doing a kolla-ansible reconfigure with docker-ce >= 17.09, almost every containers are restarted (except the one with docker HostConfig IpcMode = host), even if there no containers change nor configuration changes.

It seems that docker-ce changed their default behavior about IpcMode default configuration from "" to shareable (will be private in a future version) since docker-ce version 17.09 (https://github.com/docker/docker-ce/commit/eca24fb7b072592bd8ef9b12c368731229d91c1c#diff-4087a9c3e313fc318df0812e1d14a158).

When kolla-ansible compares the containers (Check *** containers task), the module kolla_docker.py compares the IpcMode required by kolla (in most of the case IpcMode is omitted) with the one returned by docker: IpcMode = shareable) and will return changed = true, notifying the Restart <container name> container handler.

This problem does not happen with docker-ce 17.06

This bug was tested on :
Centos 7.4.1708
Docker-ce 17.09 / 17.06
Kolla-Ansible 5.0.1
Kolla containers built from source (5.0.1 on Centos latest image)

The problem will certainly also affect Ubuntu 16.04

Changed in kolla-ansible:
importance: Undecided → High
Chason Chan (chen-xing)
Changed in kolla-ansible:
assignee: nobody → Chason Chan (chen-xing)
Revision history for this message
Simon Piette (simon.piette) wrote :

As a workaround, you can explicitly set ipc_mode in docker_common_options, for example:

docker_common_options:
  ipc_mode: "private"

Revision history for this message
Martin Chlumsky (martin-chlumsky) wrote :

I have a patch that we use internally to fix this.

We set ipc_mode to 'private' when the docker api version is >'1.32' and no ipc_mode is specified when the kolla_docker module is called.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.