tripleo-heat-templates/deployment/deprecated/docker/docker-baremetal-ansible.yaml

268 lines
10 KiB
YAML

heat_template_version: rocky
description: >
Configures docker on the host
parameters:
DockerInsecureRegistryAddress:
description: Optional. The IP Address and Port of an insecure docker
namespace that will be configured in /etc/sysconfig/docker.
The value can be multiple addresses separated by commas.
type: comma_delimited_list
default: []
DockerRegistryMirror:
description: Optional. Mirror to use for registry docker.io
default: ''
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
DockerDebug:
default: ''
description: Set to True to enable debugging Docker services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
DockerOptions:
default: '--log-driver=journald --signature-verification=false --iptables=false --live-restore'
description: Options that are used to startup the docker service.
type: string
DockerAdditionalSockets:
default: ['/var/lib/openstack/docker.sock']
description: Additional domain sockets for the docker daemon to bind to (useful for mounting
into containers that launch other containers)
type: comma_delimited_list
DockerNetworkOptions:
default: '--bip=172.31.0.1/24'
description: More startup options, like CIDR for the default docker0 bridge (useful for the
network configuration conflicts resolution)
type: string
DeploymentUser:
default: ''
description: User added to the docker group in order to use container commands.
type: string
DockerSkipUpdateReconfiguration:
default: false
type: boolean
description: Flag to disable docker reconfiguration during stack update.
tags:
- role_specific
ContainerImageRegistryLogin:
type: boolean
default: false
description: Flag to enable container registry login actions during the deployment.
Setting this to true will cause login calls to be performed during the
deployment.
ContainerImageRegistryCredentials:
type: json
hidden: true
default: {}
description: |
Mapping of image registry hosts to login credentials. Must be in the following example format
docker.io:
username: pa55word
'192.0.2.1:8787':
registry_username: password
SELinuxMode:
default: 'enforcing'
description: Configures SELinux mode
type: string
constraints:
- allowed_values: [ 'enforcing', 'permissive', 'disabled' ]
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- DockerAdditionalSockets
resources:
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- DockerSkipUpdateReconfiguration: DockerSkipUpdateReconfiguration
- values: {get_param: [RoleParameters]}
- values:
DockerSkipUpdateReconfiguration: {get_param: DockerSkipUpdateReconfiguration}
conditions:
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
service_debug_unset: {equals : [{get_param: DockerDebug}, '']}
selinux_enforcing: {equals : [{get_param: SELinuxMode}, 'enforcing']}
outputs:
role_data:
description: Role data for the docker service
value:
service_name: docker
config_settings: {}
step_config: ''
host_prep_tasks:
- name: Install, Configure and Run Docker
block:
# NOTE(bogdando): w/a https://github.com/ansible/ansible/issues/42621
- set_fact: &docker_vars
container_registry_debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: DockerDebug}
container_registry_deployment_user: {get_param: DeploymentUser}
container_registry_docker_options: {get_param: DockerOptions}
container_registry_additional_sockets: {get_param: DockerAdditionalSockets}
container_registry_insecure_registries:
if:
- insecure_registry_is_empty
- []
- {get_param: DockerInsecureRegistryAddress}
container_registry_mirror: {get_param: DockerRegistryMirror}
container_registry_network_options: {get_param: DockerNetworkOptions}
container_registry_skip_reconfiguration: {get_attr: [RoleParametersValue, value, DockerSkipUpdateReconfiguration]}
container_registry_selinux:
if:
- selinux_enforcing
- true
- false
container_registry_login: {get_param: ContainerImageRegistryLogin}
# default that is overwritten by the heat -> dict conversion
container_registry_logins: {}
container_registry_logins_json: {get_param: ContainerImageRegistryCredentials}
- name: Convert logins json to dict
set_fact:
container_registry_logins: "{{ container_registry_logins_json | from_json }}"
when:
- container_registry_logins_json is string
- container_registry_login | bool
- (container_registry_logins_json | length) > 0
- name: Set registry logins
set_fact:
container_registry_logins: "{{ container_registry_logins_json }}"
when:
- container_registry_logins_json is mapping
- container_registry_login | bool
- (container_registry_logins_json | length) > 0
- include_role:
name: container-registry
tasks_from: docker
- include_role:
name: container-registry
tasks_from: docker-login
when: container_registry_login|bool
deploy_steps_tasks:
- when:
- (step|int) == 1
block:
- name: Pre-fetch all the containers
become: true
shell: "docker pull {{ prefetch_image }}"
retries: 5
delay: 5
loop_control:
loop_var: prefetch_image
loop: "{{ lookup('file', tripleo_role_name + '/docker_config.yaml', errors='ignore') | default('{}', True) | from_yaml | recursive_get_key_from_dict(key='image') | unique }}"
service_config_settings:
neutron_l3:
docker_additional_sockets: {get_param: DockerAdditionalSockets}
neutron_dhcp:
docker_additional_sockets: {get_param: DockerAdditionalSockets}
ovn_metadata:
docker_additional_sockets: {get_param: DockerAdditionalSockets}
upgrade_tasks:
- block:
- name: Install docker packages on upgrade if missing
package: name=docker state=latest
- set_fact: *docker_vars
- name: Reconfigure Docker if needed
include_role:
name: container-registry
tasks_from: docker
when: step|int == 3
post_upgrade_tasks:
- name: Clean docker
when:
- step|int == 3
- container_cli == 'docker'
block:
- name: Check if docker has some data
stat:
path: /var/lib/docker
register: docker_path_stat
- name: Purge Docker
when: docker_path_stat.stat.exists
block:
- name: Ensure docker service is running
systemd:
name: docker
register: docker_service_state
- name: Run docker system prune
shell: docker system prune -a -f
when: docker_service_state.status['SubState'] == 'running'
update_tasks:
- name: Restart Docker when needed
when: step|int == 2
block:
- set_fact: *docker_vars
- include_role:
name: container-registry
tasks_from: docker-update
post_update_tasks:
- name: Clean docker
when:
- step|int == 3
- container_cli == 'docker'
block:
- name: Check if docker has some data
stat:
path: /var/lib/docker
register: docker_path_stat
- name: Purge Docker
when: docker_path_stat.stat.exists
block:
- name: Ensure docker service is running
systemd:
name: docker
register: docker_service_state
- name: Run docker image prune
shell: docker image prune -f
when: docker_service_state.status['SubState'] == 'running'
- name: Run docker volume prune
shell: docker volume prune -f
when: docker_service_state.status['SubState'] == 'running'