From 933411899c9c7406c95ee1ff8317c8ff857a8524 Mon Sep 17 00:00:00 2001 From: Sam Doran Date: Mon, 16 Apr 2018 15:39:56 -0400 Subject: [PATCH] Make improvements to role - add prefix to role variable names to avoid name collisions - use ini_file rather than blockinfile for setting mount flags - use ansible_selinux fact rather than depending on variable in role - use role variables for setting values to be used in tasks rather than in line conditionals - use filters for creating JSON file rather than a template - remove '---' from YAML files since Ansible does not user YAML front matter - update meta/main.yml --- defaults/main.yml | 26 +++++---- handlers/main.yml | 1 - meta/main.yml | 59 ++++----------------- tasks/docker-distribution.yml | 3 +- tasks/docker.yml | 47 +++++++--------- tasks/main.yml | 5 +- templates/docker-daemon.json.j2 | 6 --- templates/docker-distribution-config.yml.j2 | 2 +- tests/test.yml | 1 - vars/main.yml | 6 ++- 10 files changed, 50 insertions(+), 106 deletions(-) delete mode 100644 templates/docker-daemon.json.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 4dd0a4a..b26ecaf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,16 +1,14 @@ ---- # defaults file for ansible-role-container-registry -debug: false -deploy_docker: true -deploy_docker_distribution: true -deployment_user: centos -docker_options: '--log-driver=journald --signature-verification=false --iptables=false --live-restore' -enable_container_images_build: true -insecure_registries: [] -network_options: '' -registry_host: localhost -registry_mirror: '' -registry_port: 8787 -selinux_enabled: false -storage_options: '-s overlay2' +container_registry_debug: false +container_registry_deploy_docker: true +container_registry_deploy_docker_distribution: true +container_registry_deployment_user: centos +container_registry_docker_options: '--log-driver=journald --signature-verification=false --iptables=false --live-restore' +container_registry_enable_container_images_build: true +container_registry_insecure_registries: [] +container_registry_network_options: '' +container_registry_host: localhost +container_registry_port: 8787 +container_registry_mirrors: [] +container_registry_storage_options: '-s overlay2' diff --git a/handlers/main.yml b/handlers/main.yml index 75471c4..d1b4d7f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,4 +1,3 @@ ---- # handlers file for ansible-role-container-registry - name: restart docker diff --git a/meta/main.yml b/meta/main.yml index 7223799..7fd3392 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,57 +1,18 @@ galaxy_info: - author: your name + author: Emilien Macchi description: your description - company: your company (optional) - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker + license: Apache 2.0 - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (GPLv2, CC-BY, etc) + min_ansible_version: 2.4 - min_ansible_version: 1.2 + platforms: + - name: EL + versions: + - 7 - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If Travis integration is configured, only notifications for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - #github_branch: - - # - # platforms is a list of platforms, and each platform has a name and a list of versions. - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. + galaxy_tags: + - docker + - registry dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. \ No newline at end of file diff --git a/tasks/docker-distribution.yml b/tasks/docker-distribution.yml index 6f958f0..a9c7293 100644 --- a/tasks/docker-distribution.yml +++ b/tasks/docker-distribution.yml @@ -1,4 +1,3 @@ ---- # tasks file for ansible-role-container-registry - name: ensure docker-distribution is installed @@ -10,7 +9,7 @@ yum: name: openstack-kolla state: latest - when: enable_container_images_build|bool + when: container_registry_enable_container_images_build|bool - name: manage /etc/docker-distribution/registry/config.yml template: diff --git a/tasks/docker.yml b/tasks/docker.yml index 259b213..12708dc 100644 --- a/tasks/docker.yml +++ b/tasks/docker.yml @@ -1,4 +1,3 @@ ---- # tasks file for ansible-role-container-registry # NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts @@ -20,48 +19,39 @@ file: path: /etc/systemd/system/docker.service.d state: directory + when: ansible_service_mgr == 'systemd' - name: unset mountflags - blockinfile: + ini_file: path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf - block: | - [Service] - MountFlags= + section: Service + option: MountFlags + value: "" create: yes notify: restart docker service - -- name: configure OPTIONS and enable selinux in /etc/sysconfig/docker - lineinfile: - path: /etc/sysconfig/docker - regexp: '^OPTIONS=' - line: "OPTIONS='--selinux-enabled {{ docker_options }}'" - create: yes - notify: restart docker service - when: selinux_enabled|bool + when: ansible_service_mgr == 'systemd' - name: configure OPTIONS in /etc/sysconfig/docker lineinfile: path: /etc/sysconfig/docker regexp: '^OPTIONS=' - line: "OPTIONS='{{ docker_options }}'" + line: "OPTIONS='{{ _full_docker_options }}'" create: yes notify: restart docker service - when: not selinux_enabled|bool - name: configure INSECURE_REGISTRY in /etc/sysconfig/docker lineinfile: path: /etc/sysconfig/docker regexp: '^INSECURE_REGISTRY=' line: "INSECURE_REGISTRY='{{ registry_flags }}'" - when: insecure_registries | length > 0 + when: container_registry_insecure_registries | length > 0 notify: restart docker service vars: - registry_flags: "{% for reg in insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}" + registry_flags: "{% for reg in container_registry_insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}" -# There is no native way to edit JSON so we use a template. - name: manage /etc/docker/daemon.json - template: - src: docker-daemon.json.j2 + copy: + content: "{{ _docker_daemon_config | from_yaml | to_nice_json }}" dest: /etc/docker/daemon.json notify: restart docker service @@ -69,18 +59,18 @@ lineinfile: path: /etc/sysconfig/docker-storage regexp: '^DOCKER_STORAGE_OPTIONS=' - line: "DOCKER_STORAGE_OPTIONS=' {{ storage_options }}'" + line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'" create: yes - when: storage_options != "" + when: container_registry_storage_options != "" notify: restart docker service - name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network lineinfile: path: /etc/sysconfig/docker-network regexp: '^DOCKER_NETWORK_OPTIONS=' - line: "DOCKER_NETWORK_OPTIONS=' {{ network_options }}'" + line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'" create: yes - when: storage_options != "" + when: container_registry_storage_options != "" notify: restart docker service - name: ensure docker group exists @@ -90,15 +80,18 @@ - name: add deployment user to docker group user: - name: "{{ deployment_user }}" + name: "{{ container_registry_deployment_user }}" groups: docker append: yes - name: force systemd to reread configs - systemd: daemon_reload=yes + systemd: + daemon_reload: yes + when: ansible_service_mgr == 'systemd' - name: enable and start docker systemd: enabled: true state: started name: docker + when: ansible_service_mgr == 'systemd' diff --git a/tasks/main.yml b/tasks/main.yml index 952db6f..74275b8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,8 +1,7 @@ ---- # tasks file for ansible-role-container-registry - include: docker.yml - when: deploy_docker|bool + when: container_registry_deploy_docker|bool - include: docker-distribution.yml - when: deploy_docker_distribution|bool + when: container_registry_deploy_docker_distribution|bool diff --git a/templates/docker-daemon.json.j2 b/templates/docker-daemon.json.j2 deleted file mode 100644 index c09269f..0000000 --- a/templates/docker-daemon.json.j2 +++ /dev/null @@ -1,6 +0,0 @@ -{ -{% if registry_mirror != "" %} -"registry-mirrors": ["{{ registry_mirror }}"], -{% endif %} - "debug": {{ debug|lower }} -} diff --git a/templates/docker-distribution-config.yml.j2 b/templates/docker-distribution-config.yml.j2 index d760a26..347984e 100644 --- a/templates/docker-distribution-config.yml.j2 +++ b/templates/docker-distribution-config.yml.j2 @@ -8,4 +8,4 @@ storage: filesystem: rootdirectory: /var/lib/registry http: - addr: {{ registry_host }}:{{ registry_port }} + addr: {{ container_registry_host }}:{{ container_registry_port }} diff --git a/tests/test.yml b/tests/test.yml index 6004e29..faee892 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,4 +1,3 @@ ---- - hosts: localhost become: true roles: diff --git a/vars/main.yml b/vars/main.yml index 8c43dfc..0239ba6 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,4 @@ ---- -# vars file for ansible-role-container-registry \ No newline at end of file +_full_docker_options: "{% if ansible_selinux.status == 'enabled' %}--selinux-enabled {% endif %}{{ container_registry_docker_options }}" +_docker_daemon_config: | + debug: {{ container_registry_debug }} + {% if container_registry_mirrors | length > 0 %}registry-mirrors: {{ container_registry_mirrors }}{% endif %}