Deploy Docker via Ansible and not Puppet
Deploy Docker with Ansible instead of Puppet so later we will be able to prepare the registry before deploying any containerized service and do tasks in the middle like updating containers. Remove the Puppet run from update_tasks, we'll move these tasks later in ansible-role-container-registry. Change-Id: Iee0e08cd48f173a39a6f3a1ea54b29e370d4f334
This commit is contained in:
Emilien Macchi
parent
4815c8bd17
commit
00f5019ef2
|
|
@ -30,6 +30,13 @@ parameters:
|
||||||
default: {}
|
default: {}
|
||||||
description: Parameters specific to the role
|
description: Parameters specific to the role
|
||||||
type: json
|
type: json
|
||||||
|
LocalContainerRegistry:
|
||||||
|
default: ''
|
||||||
|
description: The IP address used to bind the local container registry
|
||||||
|
type: string
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
|
|
@ -37,21 +44,27 @@ outputs:
|
||||||
value:
|
value:
|
||||||
service_name: docker_registry
|
service_name: docker_registry
|
||||||
config_settings:
|
config_settings:
|
||||||
tripleo::profile::base::docker_registry::registry_host:
|
|
||||||
str_replace:
|
|
||||||
template:
|
|
||||||
"%{hiera('$NETWORK')}"
|
|
||||||
params:
|
|
||||||
$NETWORK: {get_param: [ServiceNetMap, DockerRegistryNetwork]}
|
|
||||||
tripleo::profile::base::docker_registry::registry_port:
|
|
||||||
{get_param: [EndpointMap, DockerRegistryInternal, port]}
|
|
||||||
tripleo.docker_registry.firewall_rules:
|
tripleo.docker_registry.firewall_rules:
|
||||||
'155 docker-registry':
|
'155 docker-registry':
|
||||||
dport:
|
dport:
|
||||||
- 8787
|
- 8787
|
||||||
- 13787
|
- 13787
|
||||||
step_config: |
|
step_config: ''
|
||||||
include ::tripleo::profile::base::docker_registry
|
host_prep_tasks: []
|
||||||
|
deploy_steps_tasks:
|
||||||
|
- name: Install, Configure and Run Docker Distribution
|
||||||
|
when: step|int == 1
|
||||||
|
vars:
|
||||||
|
container_registry_host:
|
||||||
|
if:
|
||||||
|
- local_container_registry_is_empty
|
||||||
|
- {get_param: [EndpointMap, DockerRegistryInternal, host]}
|
||||||
|
- {get_param: LocalContainerRegistry}
|
||||||
|
container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
|
||||||
|
block:
|
||||||
|
- include_role:
|
||||||
|
name: container-registry
|
||||||
|
tasks_from: docker-distribution
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Install docker packages on upgrade if missing
|
- name: Install docker packages on upgrade if missing
|
||||||
when: step|int == 3
|
when: step|int == 3
|
||||||
|
|
|
||||||
|
|
@ -66,92 +66,71 @@ parameters:
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
|
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
|
||||||
insecure_registry_mirror_is_empty: {equals : [{get_param: DockerRegistryMirror}, '']}
|
|
||||||
service_debug_unset: {equals : [{get_param: DockerDebug}, '']}
|
service_debug_unset: {equals : [{get_param: DockerDebug}, '']}
|
||||||
deployment_user_is_empty: {equals : [{get_param: DeploymentUser}, '']}
|
|
||||||
additional_sockets_is_empty: {equals : [{get_param: DockerAdditionalSockets}, []]}
|
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the docker service
|
description: Role data for the docker service
|
||||||
value:
|
value:
|
||||||
service_name: docker
|
service_name: docker
|
||||||
config_settings:
|
config_settings: {}
|
||||||
map_merge:
|
step_config: ''
|
||||||
- tripleo::profile::base::docker::configure_network: true
|
host_prep_tasks: []
|
||||||
tripleo::profile::base::docker::network_options: "--bip=172.31.0.1/24"
|
deploy_steps_tasks:
|
||||||
tripleo::profile::base::docker::docker_options: {get_param: DockerOptions}
|
- name: Install, Configure and Run Docker
|
||||||
tripleo::profile::base::docker::debug:
|
when: step|int == 1
|
||||||
|
vars:
|
||||||
|
container_registry_debug:
|
||||||
if:
|
if:
|
||||||
- service_debug_unset
|
- service_debug_unset
|
||||||
- {get_param: Debug }
|
- {get_param: Debug }
|
||||||
- {get_param: DockerDebug}
|
- {get_param: DockerDebug}
|
||||||
-
|
container_registry_deployment_user: {get_param: DeploymentUser}
|
||||||
if:
|
container_registry_docker_options: {get_param: DockerOptions}
|
||||||
- insecure_registry_is_empty
|
container_registry_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||||
- {}
|
container_registry_insecure_registries:
|
||||||
- tripleo::profile::base::docker::insecure_registries: {get_param: DockerInsecureRegistryAddress}
|
if:
|
||||||
-
|
- insecure_registry_is_empty
|
||||||
if:
|
- []
|
||||||
- insecure_registry_mirror_is_empty
|
- {get_param: DockerInsecureRegistryAddress}
|
||||||
- {}
|
container_registry_mirror: {get_param: DockerRegistryMirror}
|
||||||
- tripleo::profile::base::docker::registry_mirror: {get_param: DockerRegistryMirror}
|
container_registry_network_options: '--bip=172.31.0.1/24'
|
||||||
-
|
block:
|
||||||
if:
|
- include_role:
|
||||||
- deployment_user_is_empty
|
name: container-registry
|
||||||
- {}
|
tasks_from: docker
|
||||||
- tripleo::profile::base::docker::deployment_user: {get_param: DeploymentUser}
|
service_config_settings:
|
||||||
-
|
neutron_l3:
|
||||||
if:
|
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||||
- additional_sockets_is_empty
|
neutron_dhcp:
|
||||||
- {}
|
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||||
- tripleo::profile::base::docker::additional_sockets: {get_param: DockerAdditionalSockets}
|
|
||||||
step_config: |
|
|
||||||
include ::tripleo::profile::base::docker
|
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Install docker packages on upgrade if missing
|
- name: Install docker packages on upgrade if missing
|
||||||
when: step|int == 3
|
when: step|int == 3
|
||||||
yum: name=docker state=latest
|
yum: name=docker state=latest
|
||||||
update_tasks:
|
update_tasks:
|
||||||
block:
|
- name: Restart Docker when needed
|
||||||
- name: Detect if puppet on the docker profile would restart the service
|
when: step|int == 2
|
||||||
# Note that due to https://tickets.puppetlabs.com/browse/PUP-686 --noop
|
block:
|
||||||
# always exits 0, so we cannot rely on that to detect if puppet is going to change stuff
|
# TODO(emilien)
|
||||||
shell: |
|
# This block will move to ansible-role-container-registry
|
||||||
puppet apply --noop --summarize --detailed-exitcodes --verbose \
|
- name: Is docker going to be updated
|
||||||
--modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
|
shell: yum check-update docker
|
||||||
--color=false -e "class { 'tripleo::profile::base::docker': step => 1, }" 2>&1 | \
|
register: docker_check_update
|
||||||
awk -F ":" '/Out of sync:/ { print $2}'
|
failed_when: docker_check_update.rc not in [0, 100]
|
||||||
register: puppet_docker_noop_output
|
changed_when: docker_check_update.rc == 100
|
||||||
failed_when: false
|
- name: Set docker_rpm_needs_update fact
|
||||||
- name: Is docker going to be updated
|
set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }}
|
||||||
shell: yum check-update docker
|
- name: Stop all containers
|
||||||
register: docker_check_update
|
# xargs is preferable to docker stop $(docker ps -q) as that might generate a
|
||||||
failed_when: docker_check_update.rc not in [0, 100]
|
# a too long command line
|
||||||
changed_when: docker_check_update.rc == 100
|
shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop
|
||||||
- name: Set docker_rpm_needs_update fact
|
when: docker_rpm_needs_update
|
||||||
set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }}
|
- name: Stop docker
|
||||||
- name: Set puppet_docker_is_outofsync fact
|
service:
|
||||||
set_fact: puppet_docker_is_outofsync={{ puppet_docker_noop_output.stdout|trim|int >= 1 }}
|
name: docker
|
||||||
- name: Stop all containers
|
state: stopped
|
||||||
# xargs is preferable to docker stop $(docker ps -q) as that might generate a
|
when: docker_rpm_needs_update
|
||||||
# a too long command line
|
- name: Update the docker package
|
||||||
shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop
|
yum: name=docker state=latest update_cache=yes # cache for tripleo/+bug/1703830
|
||||||
when: puppet_docker_is_outofsync or docker_rpm_needs_update
|
when: docker_rpm_needs_update
|
||||||
- name: Stop docker
|
|
||||||
service:
|
|
||||||
name: docker
|
|
||||||
state: stopped
|
|
||||||
when: puppet_docker_is_outofsync or docker_rpm_needs_update
|
|
||||||
- name: Update the docker package
|
|
||||||
yum: name=docker state=latest update_cache=yes # cache for tripleo/+bug/1703830
|
|
||||||
when: docker_rpm_needs_update
|
|
||||||
- name: Apply puppet which will start the service again
|
|
||||||
shell: |
|
|
||||||
puppet apply --detailed-exitcodes --verbose \
|
|
||||||
--modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
|
|
||||||
-e "class { 'tripleo::profile::base::docker': step => 1, }"
|
|
||||||
register: puppet_docker_apply
|
|
||||||
failed_when: puppet_docker_apply.rc not in [0, 2]
|
|
||||||
changed_when: puppet_docker_apply.rc == 2
|
|
||||||
when: step|int == 2
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue