heat_template_version: queens description: > Configures docker on the host parameters: DockerInsecureRegistryAddress: description: Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. The value can be multiple addresses separated by commas. type: comma_delimited_list default: [] DockerRegistryMirror: description: Optional. Configure a registry-mirror in the /etc/docker/daemon.json file. default: '' type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json Debug: type: boolean default: false description: Set to True to enable debugging on all services. DockerDebug: default: '' description: Set to True to enable debugging Docker services. type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] DockerOptions: default: '--log-driver=journald --signature-verification=false --iptables=false --live-restore' description: Options that are used to startup the docker service. type: string DockerAdditionalSockets: default: ['/var/lib/openstack/docker.sock'] description: Additional domain sockets for the docker daemon to bind to (useful for mounting into containers that launch other containers) type: comma_delimited_list DockerNetworkOptions: default: '--bip=172.31.0.1/24' description: More startup options, like CIDR for the default docker0 bridge (useful for the network configuration conflicts resolution) type: string DeploymentUser: default: '' description: User added to the docker group in order to use container commands. type: string ContainerImageRegistryLogin: type: boolean default: false description: Flag to enable container registry login actions during the deployment. Setting this to true will cause login calls to be performed during the deployment. ContainerImageRegistryCredentials: type: json hidden: true default: {} description: | Mapping of image registry hosts to login credentials. Must be in the following example format docker.io: username: pa55word '192.0.2.1:8787': registry_username: password conditions: insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]} insecure_registry_mirror_is_empty: {equals : [{get_param: DockerRegistryMirror}, '']} service_debug_unset: {equals : [{get_param: DockerDebug}, '']} deployment_user_is_empty: {equals : [{get_param: DeploymentUser}, '']} additional_sockets_is_empty: {equals : [{get_param: DockerAdditionalSockets}, []]} container_registry_login: {equals: [{get_param: ContainerImageRegistryLogin}, true]} outputs: role_data: description: Role data for the docker service value: service_name: docker config_settings: map_merge: - tripleo::profile::base::docker::configure_network: true tripleo::profile::base::docker::network_options: {get_param: DockerNetworkOptions} tripleo::profile::base::docker::docker_options: {get_param: DockerOptions} tripleo::profile::base::docker::debug: if: - service_debug_unset - {get_param: Debug } - {get_param: DockerDebug} - if: - insecure_registry_is_empty - {} - tripleo::profile::base::docker::insecure_registries: {get_param: DockerInsecureRegistryAddress} - if: - insecure_registry_mirror_is_empty - {} - tripleo::profile::base::docker::registry_mirror: {get_param: DockerRegistryMirror} - if: - deployment_user_is_empty - {} - tripleo::profile::base::docker::deployment_user: {get_param: DeploymentUser} - if: - additional_sockets_is_empty - {} - tripleo::profile::base::docker::additional_sockets: {get_param: DockerAdditionalSockets} - if: - container_registry_login - tripleo::profile::base::docker::registry_credentials: {get_param: ContainerImageRegistryCredentials } - {} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: - name: Install docker packages on upgrade if missing when: step|int == 3 yum: name=docker state=latest update_tasks: block: - name: Detect if puppet on the docker profile would restart the service # Note that due to https://tickets.puppetlabs.com/browse/PUP-686 --noop # always exits 0, so we cannot rely on that to detect if puppet is going to change stuff shell: | puppet apply --noop --summarize --detailed-exitcodes --verbose \ --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \ --color=false -e "class { 'tripleo::profile::base::docker': step => 1, }" 2>&1 | \ awk -F ":" '/Out of sync:/ { print $2}' register: puppet_docker_noop_output failed_when: false - name: Is docker going to be updated shell: yum check-update docker register: docker_check_update failed_when: docker_check_update.rc not in [0, 100] changed_when: docker_check_update.rc == 100 - name: Set docker_rpm_needs_update fact set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }} - name: Set puppet_docker_is_outofsync fact set_fact: puppet_docker_is_outofsync={{ puppet_docker_noop_output.stdout|trim|int >= 1 }} - name: Stop all containers # xargs is preferable to docker stop $(docker ps -q) as that might generate a # a too long command line shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop # If we ship a config change which requires docker restart, change the when condition: # when: puppet_docker_is_outofsync or docker_rpm_needs_update when: docker_rpm_needs_update - name: Stop docker service: name: docker state: stopped # If we ship a config change which requires docker restart, change the when condition: # when: puppet_docker_is_outofsync or docker_rpm_needs_update when: docker_rpm_needs_update - name: Update the docker package yum: name=docker state=latest update_cache=yes # cache for tripleo/+bug/1703830 when: docker_rpm_needs_update - name: Apply puppet which will start the service again shell: | puppet apply --detailed-exitcodes --verbose \ --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \ -e "class { 'tripleo::profile::base::docker': step => 1, }" register: puppet_docker_apply failed_when: puppet_docker_apply.rc not in [0, 2] changed_when: puppet_docker_apply.rc == 2 when: step|int == 2