194 lines
6.0 KiB
YAML
194 lines
6.0 KiB
YAML
---
|
|
|
|
# tasks file for ansible-role-container-registry
|
|
|
|
# NOTE(mfedosin): In order to verify that we have already configured docker
|
|
# we add a line `# Configured by Ansible container registry role` in
|
|
# /etc/sysconfig/docker config file when initial configuration is done,
|
|
# and check its existence later.
|
|
- name: Check that the configuration mark exists in /etc/sysconfig/docker
|
|
command: grep -Fq "# Configured by Ansible container registry role" /etc/sysconfig/docker
|
|
register: is_configured
|
|
check_mode: false
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: configure docker registry block
|
|
when: not container_registry_skip_reconfiguration or is_configured.rc != 0
|
|
become: true
|
|
block:
|
|
# NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts
|
|
# so lets set it before we install the package if we're managing it.
|
|
- name: enable net.ipv4.ip_forward
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
# NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0
|
|
# volumes because other wise docker is very unhappy
|
|
- name: Check if there are XFS volumes with ftype=0
|
|
shell: |
|
|
for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1)
|
|
do
|
|
parseftype=$(xfs_info $dev | grep ftype=0);
|
|
if [[ ! -z "$parseftype" ]]; then
|
|
ftype="ftype=0";
|
|
break;
|
|
fi
|
|
done
|
|
echo $ftype;
|
|
register: ftype
|
|
changed_when: false
|
|
|
|
- name: Check ftype
|
|
fail:
|
|
msg: >
|
|
XFS volumes formatted using ftype=0 are incompatible
|
|
with the docker overlayfs driver.
|
|
when:
|
|
- not ansible_check_mode
|
|
- ftype.stdout == 'ftype=0'
|
|
|
|
- include_tasks: install-engine.yml
|
|
|
|
- name: manage /etc/systemd/system/docker.service.d
|
|
file:
|
|
path: /etc/systemd/system/docker.service.d
|
|
state: directory
|
|
mode: '0755'
|
|
when: ansible_facts['service_mgr'] == 'systemd'
|
|
|
|
- name: unset mountflags
|
|
ini_file:
|
|
path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf
|
|
section: Service
|
|
option: MountFlags
|
|
value: '""'
|
|
create: yes
|
|
mode: '0644'
|
|
register: _cfg_flags
|
|
when: ansible_facts['service_mgr'] == 'systemd'
|
|
|
|
- name: configure OPTIONS in /etc/sysconfig/docker
|
|
lineinfile:
|
|
path: /etc/sysconfig/docker
|
|
regexp: '^OPTIONS='
|
|
line: "OPTIONS='{{ _full_docker_options }}'"
|
|
create: yes
|
|
mode: '0644'
|
|
register: _cfg_options
|
|
|
|
- name: configure INSECURE_REGISTRY in /etc/sysconfig/docker
|
|
lineinfile:
|
|
path: /etc/sysconfig/docker
|
|
regexp: '^INSECURE_REGISTRY='
|
|
line: "INSECURE_REGISTRY='{{ registry_flags }}'"
|
|
mode: '0644'
|
|
when: container_registry_insecure_registries | length > 0
|
|
register: _cfg_insecure
|
|
vars:
|
|
registry_flags: --insecure-registry {{ container_registry_insecure_registries | join(' --insecure-registry ') }}
|
|
|
|
- name: Create additional socket directories
|
|
file:
|
|
path: "{{ item | dirname }}"
|
|
state: directory
|
|
mode: '0755'
|
|
register: _cfg_sockets
|
|
with_items: "{{ container_registry_additional_sockets }}"
|
|
when: container_registry_additional_sockets | length > 0
|
|
|
|
- name: manage /etc/docker/daemon.json
|
|
template:
|
|
src: docker-daemon.json.j2
|
|
dest: /etc/docker/daemon.json
|
|
mode: '0644'
|
|
register: _cfg_daemon
|
|
|
|
- name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage
|
|
lineinfile:
|
|
path: /etc/sysconfig/docker-storage
|
|
regexp: '^DOCKER_STORAGE_OPTIONS='
|
|
line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'"
|
|
create: yes
|
|
mode: '0644'
|
|
when: container_registry_storage_options | length > 0
|
|
register: _cfg_storage
|
|
|
|
- name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network
|
|
lineinfile:
|
|
path: /etc/sysconfig/docker-network
|
|
regexp: '^DOCKER_NETWORK_OPTIONS='
|
|
line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'"
|
|
create: yes
|
|
mode: '0644'
|
|
when: container_registry_network_options | length > 0
|
|
register: _cfg_network
|
|
|
|
- name: ensure docker group exists
|
|
group:
|
|
name: docker
|
|
state: present
|
|
register: _cfg_group
|
|
|
|
- name: add deployment user to docker group
|
|
user:
|
|
name: "{{ container_registry_deployment_user }}"
|
|
groups: docker
|
|
append: yes
|
|
register: _cfg_user
|
|
when: container_registry_deployment_user | length > 0
|
|
|
|
- name: reset ssh connection to pick up docker group
|
|
meta: reset_connection
|
|
when: _cfg_group is changed or _cfg_user is changed
|
|
|
|
- name: Handle docker restart
|
|
when:
|
|
- (_cfg_flags is changed
|
|
or _cfg_options is changed
|
|
or _cfg_insecure is changed
|
|
or _cfg_sockets is changed
|
|
or _cfg_daemon is changed
|
|
or _cfg_storage is changed
|
|
or _cfg_network is changed
|
|
or _cfg_group is changed
|
|
or _cfg_user is changed)
|
|
block:
|
|
- name: Reload systemd
|
|
systemd:
|
|
daemon_reload: yes
|
|
become: true
|
|
when:
|
|
- ansible_facts['service_mgr'] == 'systemd'
|
|
- _cfg_flags is changed
|
|
|
|
- name: Reload docker
|
|
service:
|
|
name: docker
|
|
enabled: true
|
|
state: restarted
|
|
become: true
|
|
|
|
- name: Pause while Docker restarts
|
|
shell: sleep 10
|
|
changed_when: false
|
|
|
|
- name: Wait for docker
|
|
command: /usr/bin/docker images
|
|
register: docker_ready
|
|
retries: 10
|
|
delay: 5
|
|
until: docker_ready.rc == 0
|
|
|
|
- name: mark docker configured
|
|
lineinfile:
|
|
path: /etc/sysconfig/docker
|
|
line: "# Configured by Ansible container registry role"
|
|
insertafter: "^# /etc/sysconfig/docker$"
|
|
create: yes
|
|
mode: '0644'
|