--- - name: Ensure docker config directory exists file: path: /etc/docker state: directory mode: "0755" become: true - name: Write docker config become: true vars: docker_config_insecure_registries: insecure-registries: - "{{ docker_registry }}" docker_config_registry_mirror: registry-mirrors: "{{ docker_registry_mirrors }}" docker_config_storage_driver: storage-driver: "{{ docker_storage_driver }}" docker_config_runtime_directory: data-root: "{{ docker_runtime_directory }}" docker_config_iptables: iptables: false docker_config_bridge: bridge: "none" docker_config_ip_forward: ip-forward: false docker_config_ulimit_nofile: default-ulimits: nofile: name: nofile hard: "{{ docker_ulimit_nofile_hard }}" soft: "{{ docker_ulimit_nofile_soft }}" docker_config_debug: debug: "{{ docker_debug }}" docker_config: >- {{ default_docker_config | combine(docker_zun_config if docker_configure_for_zun | bool and 'zun-compute' in group_names else {}) | combine(docker_config_insecure_registries if docker_registry_insecure | bool else {}) | combine(docker_config_registry_mirror if docker_registry_mirrors | length > 0 else {}) | combine(docker_config_storage_driver if docker_storage_driver | length > 0 else {}) | combine(docker_config_runtime_directory if docker_runtime_directory | length > 0 else {}) | combine(docker_config_iptables if docker_disable_default_iptables_rules | bool else {}) | combine(docker_config_bridge if docker_disable_default_network | bool else {}) | combine(docker_config_ip_forward if docker_disable_ip_forward | bool else {}) | combine(docker_config_ulimit_nofile if docker_ulimit_nofile | bool else {}) | combine(docker_config_debug if docker_debug | bool else {}) | combine(docker_custom_config) }} copy: content: "{{ docker_config | to_nice_json }}" dest: /etc/docker/daemon.json mode: "0644" notify: - Restart docker - name: Remove old docker options file become: true file: path: /etc/systemd/system/docker.service.d/kolla.conf state: absent when: - not docker_configure_for_zun | bool or 'zun-compute' not in group_names - not docker_http_proxy - not docker_https_proxy - not docker_no_proxy notify: - Reload docker service file - name: Ensure docker service directory exists become: true file: path: /etc/systemd/system/docker.service.d state: directory recurse: true when: > (docker_configure_for_zun | bool and 'zun-compute' in group_names) or docker_http_proxy | length > 0 or docker_https_proxy | length > 0 or docker_no_proxy | length > 0 - name: Configure docker service become: true template: src: docker_systemd_service.j2 dest: /etc/systemd/system/docker.service.d/kolla.conf mode: "0644" when: > (docker_configure_for_zun | bool and 'zun-compute' in group_names) or docker_http_proxy | length > 0 or docker_https_proxy | length > 0 or docker_no_proxy | length > 0 notify: - Reload docker service file - name: Ensure the path for CA file for private registry exists file: path: "/etc/docker/certs.d/{{ docker_registry }}" owner: root group: root mode: "0700" state: directory become: true when: > docker_registry is not none and docker_registry_ca is not none and not docker_registry_insecure | bool - name: Ensure the CA file for private registry exists copy: src: "{{ docker_registry_ca }}" dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt" owner: root group: root mode: "0600" become: true when: > docker_registry is not none and docker_registry_ca is not none and not docker_registry_insecure | bool notify: - Restart docker - name: Flush handlers meta: flush_handlers - name: Start and enable docker systemd: name: docker state: started enabled: true masked: false become: true