heat_template_version: rocky description: > Configures docker on the host parameters: DockerInsecureRegistryAddress: description: Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. The value can be multiple addresses separated by commas. type: comma_delimited_list default: [] DockerRegistryMirror: description: Optional. Mirror to use for registry docker.io default: '' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json Debug: type: boolean default: false description: Set to True to enable debugging on all services. DockerDebug: default: '' description: Set to True to enable debugging Docker services. type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] DockerOptions: default: '--log-driver=journald --signature-verification=false --iptables=false --live-restore' description: Options that are used to startup the docker service. type: string DockerAdditionalSockets: default: ['/var/lib/openstack/docker.sock'] description: Additional domain sockets for the docker daemon to bind to (useful for mounting into containers that launch other containers) type: comma_delimited_list DockerNetworkOptions: default: '--bip=172.31.0.1/24' description: More startup options, like CIDR for the default docker0 bridge (useful for the network configuration conflicts resolution) type: string DeploymentUser: default: '' description: User added to the docker group in order to use container commands. type: string DockerSkipUpdateReconfiguration: default: false type: boolean description: Flag to disable docker reconfiguration during stack update. tags: - role_specific parameter_groups: - label: deprecated description: | The following parameters are deprecated and will be removed. They should not be relied on for new deployments. If you have concerns regarding deprecated parameters, please contact the TripleO development team on IRC or the OpenStack mailing list. parameters: - DockerAdditionalSockets resources: # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - DockerSkipUpdateReconfiguration: DockerSkipUpdateReconfiguration - values: {get_param: [RoleParameters]} - values: DockerSkipUpdateReconfiguration: {get_param: DockerSkipUpdateReconfiguration} conditions: insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]} service_debug_unset: {equals : [{get_param: DockerDebug}, '']} outputs: role_data: description: Role data for the docker service value: service_name: docker config_settings: {} step_config: '' host_prep_tasks: - name: Install, Configure and Run Docker block: # NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621 - set_fact: &docker_vars container_registry_debug: if: - service_debug_unset - {get_param: Debug } - {get_param: DockerDebug} container_registry_deployment_user: {get_param: DeploymentUser} container_registry_docker_options: {get_param: DockerOptions} container_registry_additional_sockets: {get_param: DockerAdditionalSockets} container_registry_insecure_registries: if: - insecure_registry_is_empty - [] - {get_param: DockerInsecureRegistryAddress} container_registry_mirror: {get_param: DockerRegistryMirror} container_registry_network_options: {get_param: DockerNetworkOptions} container_registry_skip_reconfiguration: {get_attr: [RoleParametersValue, value, DockerSkipUpdateReconfiguration]} - include_role: name: container-registry tasks_from: docker service_config_settings: neutron_l3: docker_additional_sockets: {get_param: DockerAdditionalSockets} neutron_dhcp: docker_additional_sockets: {get_param: DockerAdditionalSockets} ovn_metadata: docker_additional_sockets: {get_param: DockerAdditionalSockets} upgrade_tasks: - name: Install docker packages on upgrade if missing when: step|int == 3 package: name=docker state=latest update_tasks: - name: Restart Docker when needed when: step|int == 2 block: - set_fact: *docker_vars - include_role: name: container-registry tasks_from: docker-update