blob: ed9a2709b7c21ea17c114f1d123d3e0523866003 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
---
- include_tasks: common/pre.yml
# In some cases, some services may be run as containers and docker may still
# be installed via rpm.
- include_tasks: common/atomic_proxy.yml
when:
- >
(openshift_use_system_containers | default(False)) | bool
or (openshift_use_etcd_system_container | default(False)) | bool
or (openshift_use_openvswitch_system_container | default(False)) | bool
or (openshift_use_node_system_container | default(False)) | bool
or (openshift_use_master_system_container | default(False)) | bool
- name: Get current installed Docker version
command: "{{ repoquery_installed }} --qf '%{version}' docker"
when: not openshift_is_atomic | bool
register: curr_docker_version
retries: 4
until: curr_docker_version is succeeded
changed_when: false
# Some basic checks to ensure the role will complete
- include_tasks: docker_sanity.yml
# Make sure Docker is installed, but does not update a running version.
# Docker upgrades are handled by a separate playbook.
# Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed.
- name: Install Docker
package:
name: "docker{{ '-' + docker_version if docker_version is defined else '' }}"
state: present
when:
- not (openshift_is_atomic | bool)
- not (curr_docker_version is skipped)
- not (curr_docker_version.stdout != '')
register: result
until: result is succeeded
- block:
# Extend the default Docker service unit file when using iptables-services
- name: Ensure docker.service.d directory exists
file:
path: "{{ docker_systemd_dir }}"
state: directory
- name: Configure Docker service unit file
template:
dest: "{{ docker_systemd_dir }}/custom.conf"
src: custom.conf.j2
notify:
- restart container runtime
when: not (os_firewall_use_firewalld | default(False)) | bool
- stat: path=/etc/sysconfig/docker
register: docker_check
- name: Set registry params
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^{{ item.reg_conf_var }}=.*$'
line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | lib_utils_oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
when:
- item.reg_fact_val != []
- docker_check.stat.isreg is defined
- docker_check.stat.isreg
with_items:
- reg_conf_var: ADD_REGISTRY
reg_fact_val: "{{ l2_docker_additional_registries }}"
reg_flag: --add-registry
- reg_conf_var: BLOCK_REGISTRY
reg_fact_val: "{{ l2_docker_blocked_registries }}"
reg_flag: --block-registry
- reg_conf_var: INSECURE_REGISTRY
reg_fact_val: "{{ l2_docker_insecure_registries }}"
reg_flag: --insecure-registry
notify:
- restart container runtime
- name: Place additional/blocked/insecure registries in /etc/containers/registries.conf
template:
dest: "{{ containers_registries_conf_path }}"
src: registries.conf
when: openshift_docker_use_etc_containers | bool
notify:
- restart container runtime
- name: Set Proxy Settings
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^{{ item.reg_conf_var }}=.*$'
line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
with_items:
- reg_conf_var: HTTP_PROXY
reg_fact_val: "{{ docker_http_proxy }}"
- reg_conf_var: HTTPS_PROXY
reg_fact_val: "{{ docker_https_proxy }}"
- reg_conf_var: NO_PROXY
reg_fact_val: "{{ docker_no_proxy }}"
notify:
- restart container runtime
when:
- docker_check.stat.isreg is defined
- docker_check.stat.isreg
- docker_http_proxy != '' or docker_https_proxy != ''
- name: Set various Docker options
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^OPTIONS=.*$'
line: "OPTIONS='\
{% if ansible_selinux.status | default(None) == 'enabled' and openshift_docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \
{% if openshift_docker_log_driver | bool %} --log-driver {{ openshift_docker_log_driver }}{% endif %} \
{% if l2_docker_log_options != [] %} {{ l2_docker_log_options | lib_utils_oo_split() | lib_utils_oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \
{% if openshift_docker_hosted_registry_insecure and (openshift_docker_hosted_registry_network | bool) %} --insecure-registry={{ openshift_docker_hosted_registry_network }} {% endif %} \
{% if docker_options is defined %} {{ docker_options }}{% endif %} \
{% if openshift_docker_options %} {{ openshift_docker_options }}{% endif %} \
{% if openshift_docker_disable_push_dockerhub %} --confirm-def-push={{ openshift_docker_disable_push_dockerhub | bool }}{% endif %} \
--signature-verification={{ openshift_docker_signature_verification | bool }}'"
when: docker_check.stat.isreg is defined and docker_check.stat.isreg
notify:
- restart container runtime
- stat: path=/etc/sysconfig/docker-network
register: sysconfig_docker_network_check
- name: Configure Docker Network OPTIONS
lineinfile:
dest: /etc/sysconfig/docker-network
regexp: '^DOCKER_NETWORK_OPTIONS=.*$'
line: "DOCKER_NETWORK_OPTIONS='\
{% if openshift.node is defined and openshift.node.sdn_mtu is defined %} --mtu={{ openshift.node.sdn_mtu }}{% endif %}'"
when:
- sysconfig_docker_network_check.stat.isreg is defined
- sysconfig_docker_network_check.stat.isreg
notify:
- restart container runtime
# The following task is needed as the systemd module may report a change in
# state even though docker is already running.
- name: Detect if docker is already started
command: "systemctl show docker -p ActiveState"
changed_when: False
register: r_docker_already_running_result
- name: Start the Docker service
systemd:
name: docker
enabled: yes
state: started
daemon_reload: yes
register: r_docker_package_docker_start_result
until: not (r_docker_package_docker_start_result is failed)
retries: 3
delay: 30
- set_fact:
docker_service_status_changed: "{{ (r_docker_package_docker_start_result is changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}"
- include_tasks: common/post.yml
|
