--- # tasks file for ansible-role-container-registry # NOTE(mfedosin): In order to verify that we have already configured docker # we add a line `# Configured by Ansible container registry role` in # /etc/sysconfig/docker config file when initial configuration is done, # and check its existence later. - name: Check that the configuration mark exists in /etc/sysconfig/docker command: grep -Fq "# Configured by Ansible container registry role" /etc/sysconfig/docker register: is_configured check_mode: false failed_when: false changed_when: false - name: configure docker registry block when: not container_registry_skip_reconfiguration or is_configured.rc != 0 become: true block: # NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts # so lets set it before we install the package if we're managing it. - name: enable net.ipv4.ip_forward sysctl: name: net.ipv4.ip_forward value: 1 sysctl_set: yes state: present reload: yes # NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0 # volumes because other wise docker is very unhappy - name: Check if there are XFS volumes with ftype=0 shell: | for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1) do parseftype=$(xfs_info $dev | grep ftype=0); if [[ ! -z "$parseftype" ]]; then ftype="ftype=0"; break; fi done echo $ftype; register: ftype changed_when: false - name: Check ftype fail: msg: > XFS volumes formatted using ftype=0 are incompatible with the docker overlayfs driver. when: - not ansible_check_mode - ftype.stdout == 'ftype=0' - include_tasks: install-engine.yml - name: manage /etc/systemd/system/docker.service.d file: path: /etc/systemd/system/docker.service.d state: directory mode: '0755' when: ansible_service_mgr == 'systemd' - name: unset mountflags ini_file: path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf section: Service option: MountFlags value: "" create: yes mode: '0644' register: _cfg_flags when: ansible_service_mgr == 'systemd' - name: configure OPTIONS in /etc/sysconfig/docker lineinfile: path: /etc/sysconfig/docker regexp: '^OPTIONS=' line: "OPTIONS='{{ _full_docker_options }}'" create: yes mode: '0644' register: _cfg_options - name: configure INSECURE_REGISTRY in /etc/sysconfig/docker lineinfile: path: /etc/sysconfig/docker regexp: '^INSECURE_REGISTRY=' line: "INSECURE_REGISTRY='{{ registry_flags }}'" mode: '0644' when: container_registry_insecure_registries | length > 0 register: _cfg_insecure vars: registry_flags: --insecure-registry {{ container_registry_insecure_registries | join(' --insecure-registry ') }} - name: Create additional socket directories file: path: "{{ item | dirname }}" state: directory mode: '0755' register: _cfg_sockets with_items: "{{ container_registry_additional_sockets }}" when: container_registry_additional_sockets | length > 0 - name: manage /etc/docker/daemon.json template: src: docker-daemon.json.j2 dest: /etc/docker/daemon.json mode: '0644' register: _cfg_daemon - name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage lineinfile: path: /etc/sysconfig/docker-storage regexp: '^DOCKER_STORAGE_OPTIONS=' line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'" create: yes mode: '0644' when: container_registry_storage_options | length > 0 register: _cfg_storage - name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network lineinfile: path: /etc/sysconfig/docker-network regexp: '^DOCKER_NETWORK_OPTIONS=' line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'" create: yes mode: '0644' when: container_registry_network_options | length > 0 register: _cfg_network - name: ensure docker group exists group: name: docker state: present register: _cfg_group - name: add deployment user to docker group user: name: "{{ container_registry_deployment_user }}" groups: docker append: yes register: _cfg_user when: container_registry_deployment_user | length > 0 - name: reset ssh connection to pick up docker group meta: reset_connection when: _cfg_group is changed or _cfg_user is changed - name: Handle docker restart when: - (_cfg_flags is changed or _cfg_options is changed or _cfg_insecure is changed or _cfg_sockets is changed or _cfg_daemon is changed or _cfg_storage is changed or _cfg_network is changed or _cfg_group is changed or _cfg_user is changed) block: - name: Reload systemd systemd: daemon_reload: yes become: true when: - ansible_service_mgr == 'systemd' - _cfg_flags is changed - name: Reload docker service: name: docker enabled: true state: restarted become: true - name: Pause while Docker restarts shell: sleep 10 changed_when: false - name: Wait for docker command: /usr/bin/docker images register: docker_ready retries: 10 delay: 5 until: docker_ready.rc == 0 - name: mark docker configured lineinfile: path: /etc/sysconfig/docker line: "# Configured by Ansible container registry role" insertafter: "^# /etc/sysconfig/docker$" create: yes mode: '0644'