openstack
/
ansible-collection-kolla
Code Issues Proposed changes
ansible-collection-kolla/roles/docker/tasks/config.yml

126 lines
3.9 KiB
YAML
Raw Blame History

---
- name: Ensure docker config directory exists
file:
path: /etc/docker
state: directory
mode: 0755
become: True
- name: Write docker config
become: True
vars:
docker_config_insecure_registries:
insecure-registries:
- "{{ docker_registry }}"
docker_config_registry_mirror:
registry-mirrors: "{{ docker_registry_mirrors }}"
docker_config_storage_driver:
storage-driver: "{{ docker_storage_driver }}"
docker_config_runtime_directory:
data-root: "{{ docker_runtime_directory }}"
docker_config_iptables:
iptables: false
docker_config_bridge:
bridge: "none"
docker_config_ip_forward:
ip-forward: false
docker_config_ulimit_nofile:
default-ulimits:
nofile:
name: nofile
hard: "{{ docker_ulimit_nofile_hard }}"
soft: "{{ docker_ulimit_nofile_soft }}"
docker_config_debug:
debug: "{{ docker_debug }}"
docker_config: >-
{{ default_docker_config
| combine(docker_zun_config if docker_configure_for_zun | bool and 'zun-compute' in group_names else {})
| combine(docker_config_insecure_registries if docker_registry_insecure | bool else {})
| combine(docker_config_registry_mirror if docker_registry_mirrors | length > 0 else {})
| combine(docker_config_storage_driver if docker_storage_driver | length > 0 else {})
| combine(docker_config_runtime_directory if docker_runtime_directory | length > 0 else {})
| combine(docker_config_iptables if docker_disable_default_iptables_rules | bool else {})
| combine(docker_config_bridge if docker_disable_default_network | bool else {})
| combine(docker_config_ip_forward if docker_disable_ip_forward | bool else {})
| combine(docker_config_ulimit_nofile if docker_ulimit_nofile | bool else {})
| combine(docker_config_debug if docker_debug | bool else {})
| combine(docker_custom_config) }}
copy:
content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
notify:
- Restart docker
- name: Remove old docker options file
become: True
file:
path: /etc/systemd/system/docker.service.d/kolla.conf
state: absent
when:
- not docker_configure_for_zun | bool or 'zun-compute' not in group_names
- not docker_http_proxy
- not docker_https_proxy
- not docker_no_proxy
notify:
- Reload docker service file
- name: Ensure docker service directory exists
become: True
file:
path: /etc/systemd/system/docker.service.d
state: directory
recurse: yes
when: >
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
docker_http_proxy | length > 0 or
docker_https_proxy | length > 0 or
docker_no_proxy | length > 0
- name: Configure docker service
become: True
template:
src: docker_systemd_service.j2
dest: /etc/systemd/system/docker.service.d/kolla.conf
mode: 0644
when: >
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
docker_http_proxy | length > 0 or
docker_https_proxy | length > 0 or
docker_no_proxy | length > 0
notify:
- Reload docker service file
- name: Ensure the path for CA file for private registry exists
file:
path: "/etc/docker/certs.d/{{ docker_registry }}"
owner: root
group: root
mode: 0700
state: directory
become: True
when: docker_registry is not none and docker_registry_ca is not none
- name: Ensure the CA file for private registry exists
copy:
src: "{{ docker_registry_ca }}"
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
owner: root
group: root
mode: 0600
become: True
when: docker_registry is not none and docker_registry_ca is not none
notify:
- Restart docker
- name: Flush handlers
meta: flush_handlers
- name: Start and enable docker
systemd:
name: docker
state: started
enabled: yes
masked: no
become: True
View Git Blame Copy Permalink