From 579e646af0e3978f07c69a41b6226d461a9cf10f Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 6 Dec 2021 09:38:30 -0800 Subject: [PATCH] osbs: exclude docker* from upgrades Right now we are running a special docker on osbs nodes that allows it to actually work with f35+ containers. Without this glibc does a syscall that docker doesn't understand and just blocks, breaking (at least) dns resolution in the container. So, until we move these nodes from rhel7, we are going to have to deal with this. In addtion to excluding this, if it ever gets mistakenly upgraded, you need to downgrade and then: remove '--seccomp-profile=/etc/docker/seccomp.json \' from /usr/lib/systemd/system/docker.service do 'systemctl daemon-reload' do 'systemctl restart docker' Signed-off-by: Kevin Fenzi --- inventory/group_vars/osbs | 1 + 1 file changed, 1 insertion(+) diff --git a/inventory/group_vars/osbs b/inventory/group_vars/osbs index a69e42dd90..890d87e6c9 100644 --- a/inventory/group_vars/osbs +++ b/inventory/group_vars/osbs @@ -30,6 +30,7 @@ openshift_required_images: osbs_client_conf_path: /etc/osbs.conf osbs_koji_username: "kojibuilder" osbs_url: "osbs.fedoraproject.org" +package_excludes: "docker*" primary_auth_source: ipa source_registry: "registry.fedoraproject.org" sudoers: "{{ private }}/files/sudo/osbs-sudoers"