ansible-collection-kolla/roles/docker/tasks/config.yml

---
- name: Ensure docker config directory exists
  file:
    path: /etc/docker
    state: directory
    mode: 0755
  become: True

- name: Write docker config
  become: True
  vars:
    docker_config_insecure_registries:
      insecure-registries:
        - "{{ docker_registry }}"
    docker_config_registry_mirror:
      registry-mirrors: "{{ docker_registry_mirrors }}"
    docker_config_storage_driver:
      storage-driver: "{{ docker_storage_driver }}"
    docker_config_runtime_directory:
      data-root: "{{ docker_runtime_directory }}"
    docker_config_iptables:
      iptables: false
    docker_config_bridge:
      bridge: "none"
    docker_config_ip_forward:
      ip-forward: false
    docker_config_ulimit_nofile:
      default-ulimits:
        nofile:
          name: nofile
          hard: "{{ docker_ulimit_nofile_hard }}"
          soft: "{{ docker_ulimit_nofile_soft }}"
    docker_config_debug:
      debug: "{{ docker_debug }}"
    docker_config: >-
      {{ default_docker_config
         | combine(docker_zun_config if docker_configure_for_zun | bool and 'zun-compute' in group_names else {})
         | combine(docker_config_insecure_registries if docker_registry_insecure | bool else {})
         | combine(docker_config_registry_mirror if docker_registry_mirrors | length > 0 else {})
         | combine(docker_config_storage_driver if docker_storage_driver | length > 0 else {})
         | combine(docker_config_runtime_directory if docker_runtime_directory | length > 0 else {})
         | combine(docker_config_iptables if docker_disable_default_iptables_rules | bool else {})
         | combine(docker_config_bridge if docker_disable_default_network | bool else {})
         | combine(docker_config_ip_forward if docker_disable_ip_forward | bool else {})
         | combine(docker_config_ulimit_nofile if docker_ulimit_nofile | bool else {})
         | combine(docker_config_debug if docker_debug | bool else {})
         | combine(docker_custom_config) }}
  copy:
    content: "{{ docker_config | to_nice_json }}"
    dest: /etc/docker/daemon.json
    mode: 0644
  notify:
    - Restart docker

- name: Remove old docker options file
  become: True
  file:
    path: /etc/systemd/system/docker.service.d/kolla.conf
    state: absent
  when:
    - not docker_configure_for_zun | bool or 'zun-compute' not in group_names
    - not docker_http_proxy
    - not docker_https_proxy
    - not docker_no_proxy
  notify:
    - Reload docker service file

- name: Ensure docker service directory exists
  become: True
  file:
    path: /etc/systemd/system/docker.service.d
    state: directory
    recurse: yes
  when: >
    (docker_configure_for_zun | bool and 'zun-compute' in group_names) or
    docker_http_proxy | length > 0 or
    docker_https_proxy | length > 0 or
    docker_no_proxy | length > 0

- name: Configure docker service
  become: True
  template:
    src: docker_systemd_service.j2
    dest: /etc/systemd/system/docker.service.d/kolla.conf
    mode: 0644
  when: >
    (docker_configure_for_zun | bool and 'zun-compute' in group_names) or
    docker_http_proxy | length > 0 or
    docker_https_proxy | length > 0 or
    docker_no_proxy | length > 0
  notify:
    - Reload docker service file

- name: Ensure the path for CA file for private registry exists
  file:
    path: "/etc/docker/certs.d/{{ docker_registry }}"
    owner: root
    group: root
    mode: 0700
    state: directory
  become: True
  when: docker_registry is not none and docker_registry_ca is not none

- name: Ensure the CA file for private registry exists
  copy:
    src: "{{ docker_registry_ca }}"
    dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
    owner: root
    group: root
    mode: 0600
  become: True
  when: docker_registry is not none and docker_registry_ca is not none
  notify:
    - Restart docker

- name: Flush handlers
  meta: flush_handlers

- name: Start and enable docker
  systemd:
    name: docker
    state: started
    enabled: yes
    masked: no
  become: True