Add multi-distro support to install-docker

This change adds the ability for the zuul provided role for docker
installation to support multiple distros automatically. With this
change the role will dynamically load variables based on the
target operating system.

While the default to install from upstream reamains unchanged, the
role will now fall back to installing using the distro packages
in the event there's is a fault with the upstream tasks or if an
upstream task file has not been implemented.

> stubbs for upstream implementation task files have been created.

With this change the role will now support, debian (and family),
opensuse, and red hat (and family). The upstream installation process
is using the documented steps from upstream docker, as found here
[0].

The default "ubuntu_gpg_key" as renamed to "docker_gpg_key" as its
now used for more than one distro.

The daemon.json.j2 template has been removed. This template was
stored here but unused by this role.

[0] https://docs.docker.com/install/linux/docker-ce/fedora/

Change-Id: Ie52444f8c62d6e2f86ce9ba1c17795dd9a6471d2
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This commit is contained in:
Kevin Carter 2019-06-10 17:33:32 -05:00
parent 6d13ee475d
commit f1f609e09c
No known key found for this signature in database
GPG Key ID: CE94BD890A47B20A
18 changed files with 409 additions and 61 deletions

View File

@ -25,17 +25,40 @@ An ansible role to install docker and configure it to use mirrors if available.
``stable``, which is the default and updates quarterly, and ``edge``
which updates monthly.
.. zuul:rolevar:: docker_version
:default: undefined
Declare this with the version of the docker package to install.
Undefined will install the latest. This will look something like
``18.06.1~ce~3-0~ubuntu``. Only supported when using upstream
docker repos.
.. zuul:rolevar:: docker_insecure_registries
:default: undefined
Declare this with a list of insecure registries to define the
registries which are allowed to communicate with HTTP only or
HTTPS with no valid certificate.
.. zuul:rolevar:: docker_gpg_key
:default: string
The raw content of the upstream docker gpg key, as found here
https://download.docker.com/linux/fedora/gpg
.. zuul:rolevar:: docker_distro_packages
:default: list
List of packages to be installed when `use_upstream_docker` is set to
**false**. The package set is defined by default using distro specific
variables. If the package set needs to be changed this option can be
overridden as needed.
.. zuul:rolevar:: docker_upstream_distro_required_packages
:default: list
List of packages to be installed when `use_upstream_docker` is set to
**true**. The package set is defined by default using distro specific
variables and contains a list of supporting packages required to be
installed prior to installing docker-ce. If the package set needs to
be changed this option can be overridden as needed.
.. zuul:rolevar:: docker_upstream_distro_packages
:default: list
List of packages to be installed when `use_upstream_docker` is set to
**true**. The package set is defined by default using distro specific
variables. If the package set needs to be changed this option can be
overridden as needed.

View File

@ -1,7 +1,13 @@
use_upstream_docker: True
docker_group: docker
# NOTE(cloudnull): Packages are loaded through distro specific variables.
# The default option will return an empty list which
# allows folks to override these lists as they see fit.
docker_distro_packages: "{{ _docker_distro_packages | default([]) }}"
docker_upstream_distro_packages: "{{ _docker_upstream_distro_packages | default([]) }}"
docker_upstream_distro_required_packages: "{{ _docker_upstream_distro_required_packages | default([]) }}"
docker_update_channel: stable
ubuntu_gpg_key: |
docker_gpg_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth

View File

@ -0,0 +1,83 @@
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://download.docker.com/linux/centos/7/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://download.docker.com/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/centos/7/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://download.docker.com/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

View File

@ -0,0 +1,83 @@
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://download.docker.com/linux/fedora/$releasever/source/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/fedora/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg

View File

@ -0,0 +1,16 @@
---
- name: Assure docker service is running
become: yes
service:
name: docker
enabled: yes
state: started
listen: Restart docker
- name: Correct group ownership on docker sock
become: yes
file:
path: /var/run/docker.sock
group: "{{ docker_group }}"
listen: Restart docker

View File

@ -1,5 +0,0 @@
- name: Install docker
become: yes
package:
name: docker.io
state: present

View File

@ -1,5 +0,0 @@
- name: Install docker
become: yes
package:
name: docker
state: present

View File

@ -1,23 +1,82 @@
- name: Set up docker mirrors
include_role:
name: use-docker-mirror
---
- name: Install docker-ce from upstream
include: upstream.yaml
when: use_upstream_docker
- name: Install docker from distro
include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- skip: true
files:
- "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- distros
when: not use_upstream_docker
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yaml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yaml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yaml"
- "{{ ansible_distribution | lower }}.yaml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yaml"
- "{{ ansible_os_family | lower }}.yaml"
tags:
- always
- name: Sanity check for distro selection
fail:
msg: >-
This role is not known to be compatible with this distro. Check the inventory and deployment
target settings. Make sure facts are being gathered prior to executing this role.
when:
- not (docker_distro_vars_loaded | bool)
- name: Sanity check for distro install
fail:
msg: >-
The docker distro package list contains no packages and the variable `use_upstream_docker`
has been set to "{{ use_upstream_docker }}". To install docker at least one package will be
required. Please check your settings.
docker_distro_packages = {{ docker_distro_packages }}
when:
- (docker_distro_packages | length) < 1
- not (use_upstream_docker | bool)
- name: Sanity check for upstream install
fail:
msg: >-
The docker upstream package list contains no packages and the variable `use_upstream_docker`
has been set to "{{ use_upstream_docker }}". To install docker at least one package will be
required. Please check your settings.
docker_upstream_distro_packages = {{ docker_upstream_distro_packages }}
when:
- (docker_upstream_distro_packages | length) < 1
- use_upstream_docker | bool
- name: Upstream block
when:
- use_upstream_docker | bool
block:
- name: Set up docker mirrors
include_role:
name: use-docker-mirror
- name: Install docker-ce from upstream
include_tasks: "upstream-{{ ansible_pkg_mgr }}.yaml"
rescue:
- name: Notice
debug:
msg: >-
The upstream installation of docker has failed, falling back to the distro packages.
- name: Re-Set the use upstream flag
set_fact:
use_upstream_docker: false
- name: Install docker
become: yes
package:
name: "{{ docker_distro_packages }}"
state: present
when:
- not (use_upstream_docker | bool)
notify: Assure docker service is running
- name: Ensure "docker" group exists
group:
name: "{{ docker_group }}"
state: present
- name: Add user to docker group
become: yes
@ -27,23 +86,14 @@
- "{{ docker_group }}"
append: yes
- name: Assure docker service is running
become: yes
service:
name: docker
enabled: yes
state: started
- name: Correct group ownership on docker sock
become: yes
file:
path: /var/run/docker.sock
group: "{{ docker_group }}"
- name: Flush handlers before role exit
meta: flush_handlers
- name: Reset ssh connection to pick up docker group
meta: reset_connection
- name: Validate ability to talk with docker
command: docker ps
changed_when: false
args:
warn: no

View File

@ -1,18 +1,13 @@
- name: Install pre-reqs
package:
name: "{{ item }}"
name: "{{ _docker_upstream_distro_required_packages }}"
state: present
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
become: yes
- name: Add docker GPG key
become: yes
apt_key:
data: "{{ ubuntu_gpg_key }}"
data: "{{ docker_gpg_key }}"
# TODO(mordred) We should add a proxy cache mirror for this
- name: Add docker apt repo
@ -27,6 +22,7 @@
- name: Install docker
become: yes
apt:
name: "docker-ce{% if docker_version is defined %}={{ docker_version }}{% endif %}"
name: "{{ docker_upstream_distro_packages }}"
state: present
update_cache: yes
notify: Restart docker

View File

@ -0,0 +1 @@
upstream-yum.yaml

View File

@ -0,0 +1,34 @@
---
- name: Install pre-reqs
package:
name: "{{ _docker_upstream_distro_required_packages }}"
state: present
become: yes
- name: Create tmp gpg key file
copy:
content: "{{ docker_gpg_key }}"
dest: /tmp/key.gpg
- name: Import gpg key
rpm_key:
state: present
key: /tmp/key.gpg
# TODO(mordred) We should add a proxy cache mirror for this
- name: Add docker repo
become: yes
copy:
dest: /etc/yum.repos.d/docker-ce.repo
group: root
mode: 0644
owner: root
src: "{{ docker_repo_template }}"
- name: Install docker
become: yes
package:
name: "{{ docker_upstream_distro_packages }}"
state: present
notify: Restart docker

View File

@ -0,0 +1,6 @@
---
- name: Not Implemented
fail:
msg: >-
This set of tasks has not been implemented.

View File

@ -1,4 +0,0 @@
{
{% if docker_insecure_registries is defined -%}"insecure-registries": {{ docker_insecure_registries | to_json }},{% endif %}
"registry-mirrors": ["{{ docker_mirror }}"]
}

View File

@ -0,0 +1,17 @@
---
_docker_distro_packages:
- docker.io
_docker_upstream_distro_required_packages:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
_docker_upstream_distro_packages:
- docker-ce
- docker-ce-cli
- containerd.io
docker_distro_vars_loaded: true

View File

@ -0,0 +1,16 @@
---
_docker_distro_packages:
- docker
_docker_upstream_distro_required_packages:
- dnf-plugins-core
_docker_upstream_distro_packages:
- docker-ce
- docker-ce-cli
- containerd.io
docker_repo_template: docker-ce-centos.repo
docker_distro_vars_loaded: true

View File

@ -0,0 +1,3 @@
---
docker_distro_vars_loaded: false

View File

@ -0,0 +1,10 @@
---
_docker_distro_packages:
- docker
_docker_upstream_distro_required_packages: []
_docker_upstream_distro_packages: []
docker_distro_vars_loaded: true

View File

@ -0,0 +1,18 @@
---
_docker_distro_packages:
- docker
_docker_upstream_distro_required_packages:
- yum-utils
- device-mapper-persistent-data
- lvm2
_docker_upstream_distro_packages:
- docker-ce
- docker-ce-cli
- containerd.io
docker_repo_template: docker-ce-centos.repo
docker_distro_vars_loaded: true