Allow to skip docker reconfiguration

This commit adds an option `container_registry_skip_reconfiguration`,
that, when enabled, disables the reconfiguration if docker has already
been configured once.

Change-Id: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2
Related-Bug: #1804790
This commit is contained in:
Mike Fedosin 2018-11-30 18:02:07 +01:00
parent eb5d61b601
commit 88c26d2cda
5 changed files with 180 additions and 152 deletions

View File

@ -54,6 +54,9 @@ Role Variables
* - `container_registry_additional_sockets`
- `[undefined]`
- Additional sockets for containers
* - `container_registry_skip_reconfiguration`
- `false`
- Do not perform container registry reconfiguration if it's already configured
Requirements
------------

View File

@ -13,3 +13,4 @@ container_registry_mirror: ''
container_registry_storage_options: '-s overlay2'
container_registry_selinux: false
container_registry_additional_sockets: []
container_registry_skip_reconfiguration: false

View File

@ -43,7 +43,7 @@
name: docker-distribution
state: restarted
# NOTE(bogdando): import caveates https://github.com/ansible/ansible/issues/42621
# NOTE(bogdando): import caveats https://github.com/ansible/ansible/issues/42621
- name: Docker | wait for registry
uri:
# Just checking API version should be fine

View File

@ -1,51 +1,54 @@
# tasks file for ansible-role-container-registry
# the tasks will ensure docker is up to date.
- name: set package manager to yum
set_fact:
registry_pkg_manager: yum
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version|int == 7
- block:
- name: set package manager to yum
set_fact:
registry_pkg_manager: yum
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version|int == 7
- name: set package manager to dnf
set_fact:
registry_pkg_manager: dnf
when: (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Fedora')
- name: set package manager to dnf
set_fact:
registry_pkg_manager: dnf
when: (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Fedora')
- name: can docker be updated
shell: "{{ registry_pkg_manager }} check-update docker"
register: docker_check_update
failed_when: docker_check_update.rc not in [0, 100]
changed_when: docker_check_update.rc == 100
- name: can docker be updated
shell: "{{ registry_pkg_manager }} check-update docker"
register: docker_check_update
failed_when: docker_check_update.rc not in [0, 100]
changed_when: docker_check_update.rc == 100
- name: set docker_rpm_needs_update fact
set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }}
- name: set docker_rpm_needs_update fact
set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }}
- name: stop all containers before update
# xargs is preferable to docker stop $(docker ps -q) as that might generate a
# a too long command line
shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop
when: docker_rpm_needs_update
- name: stop all containers before update
# xargs is preferable to docker stop $(docker ps -q) as that might generate a
# a too long command line
shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop
when: docker_rpm_needs_update
- name: ensure docker is installed
package:
name: docker
state: present
when: docker_rpm_needs_update
- name: ensure docker is installed
package:
name: docker
state: present
when: docker_rpm_needs_update
- name: update the docker package (yum)
yum: name=docker state=latest update_cache=yes # cache for https://bugs.launchpad.net/tripleo/+bug/1703830
notify: restart docker service
when:
- docker_rpm_needs_update
- registry_pkg_manager == 'yum'
- name: update the docker package (yum)
yum: name=docker state=latest update_cache=yes # cache for https://bugs.launchpad.net/tripleo/+bug/1703830
notify: restart docker service
when:
- docker_rpm_needs_update
- registry_pkg_manager == 'yum'
- name: update the docker package (dnf)
dnf: name=docker state=latest
notify: restart docker service
when:
- docker_rpm_needs_update
- registry_pkg_manager == 'dnf'
- name: update the docker package (dnf)
dnf: name=docker state=latest
notify: restart docker service
when:
- docker_rpm_needs_update
- registry_pkg_manager == 'dnf'
# Note(mfedosin): explicitly skip all preceding tasks if we don't need reconfiguration.
when: not container_registry_skip_reconfiguration

View File

@ -1,129 +1,150 @@
# tasks file for ansible-role-container-registry
# NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts
# so lets set it before we install the package if we're managing it.
- name: enable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
state: present
reload: yes
# NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0
# volumes because other wise docker is very unhappy
- name: Check if there are XFS volumes with ftype=0
become: true
shell: |
for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1)
do
parseftype=$(xfs_info $dev | grep ftype=0);
if [[ ! -z "$parseftype" ]]; then
ftype="ftype=0";
break;
fi
done
echo $ftype;
register: ftype
# NOTE(mfedosin): In order to verify that we have already configured docker
# we add a line `# Configured by Ansible container registry role` in
# /etc/sysconfig/docker config file when initial configuration is done,
# and check its existence later.
- name: Check that the configuration mark exists in /etc/sysconfig/docker
command: grep -Fq "# Configured by Ansible container registry role" /etc/sysconfig/docker
register: is_configured
check_mode: false
ignore_errors: true
changed_when: false
- name: Check ftype
fail:
msg: >
XFS volumes formatted using ftype=0 are incompatible
with the docker overlayfs driver.
when:
- ftype.stdout == 'ftype=0'
- block:
# NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts
# so lets set it before we install the package if we're managing it.
- name: enable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
state: present
reload: yes
- name: ensure docker is installed
package:
name: docker
state: present
# NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0
# volumes because other wise docker is very unhappy
- name: Check if there are XFS volumes with ftype=0
become: true
shell: |
for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1)
do
parseftype=$(xfs_info $dev | grep ftype=0);
if [[ ! -z "$parseftype" ]]; then
ftype="ftype=0";
break;
fi
done
echo $ftype;
register: ftype
changed_when: false
- name: manage /etc/systemd/system/docker.service.d
file:
path: /etc/systemd/system/docker.service.d
state: directory
when: ansible_service_mgr == 'systemd'
- name: Check ftype
fail:
msg: >
XFS volumes formatted using ftype=0 are incompatible
with the docker overlayfs driver.
when:
- ftype.stdout == 'ftype=0'
- name: unset mountflags
ini_file:
path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf
section: Service
option: MountFlags
value: ""
create: yes
notify: restart docker service
when: ansible_service_mgr == 'systemd'
- name: ensure docker is installed
package:
name: docker
state: present
- name: configure OPTIONS in /etc/sysconfig/docker
lineinfile:
path: /etc/sysconfig/docker
regexp: '^OPTIONS='
line: "OPTIONS='{{ _full_docker_options }}'"
create: yes
notify: restart docker service
- name: manage /etc/systemd/system/docker.service.d
file:
path: /etc/systemd/system/docker.service.d
state: directory
when: ansible_service_mgr == 'systemd'
- name: configure INSECURE_REGISTRY in /etc/sysconfig/docker
lineinfile:
path: /etc/sysconfig/docker
regexp: '^INSECURE_REGISTRY='
line: "INSECURE_REGISTRY='{{ registry_flags }}'"
when: container_registry_insecure_registries | length > 0
notify: restart docker service
vars:
registry_flags: "{% for reg in container_registry_insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}"
- name: unset mountflags
ini_file:
path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf
section: Service
option: MountFlags
value: ""
create: yes
notify: restart docker service
when: ansible_service_mgr == 'systemd'
- name: Create additional socket directories
file:
path: "{{ item | dirname }}"
state: directory
notify: restart docker service
with_items: "{{ container_registry_additional_sockets }}"
when: container_registry_additional_sockets | length > 0
- name: configure OPTIONS in /etc/sysconfig/docker
lineinfile:
path: /etc/sysconfig/docker
regexp: '^OPTIONS='
line: "OPTIONS='{{ _full_docker_options }}'"
create: yes
notify: restart docker service
- name: manage /etc/docker/daemon.json
template:
src: docker-daemon.json.j2
dest: /etc/docker/daemon.json
notify: restart docker service
- name: configure INSECURE_REGISTRY in /etc/sysconfig/docker
lineinfile:
path: /etc/sysconfig/docker
regexp: '^INSECURE_REGISTRY='
line: "INSECURE_REGISTRY='{{ registry_flags }}'"
when: container_registry_insecure_registries | length > 0
notify: restart docker service
vars:
registry_flags: "{% for reg in container_registry_insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}"
- name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage
lineinfile:
path: /etc/sysconfig/docker-storage
regexp: '^DOCKER_STORAGE_OPTIONS='
line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'"
create: yes
when: container_registry_storage_options != ""
notify: restart docker service
- name: Create additional socket directories
file:
path: "{{ item | dirname }}"
state: directory
notify: restart docker service
with_items: "{{ container_registry_additional_sockets }}"
when: container_registry_additional_sockets | length > 0
- name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network
lineinfile:
path: /etc/sysconfig/docker-network
regexp: '^DOCKER_NETWORK_OPTIONS='
line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'"
create: yes
when: container_registry_storage_options != ""
notify: restart docker service
- name: manage /etc/docker/daemon.json
template:
src: docker-daemon.json.j2
dest: /etc/docker/daemon.json
notify: restart docker service
- name: ensure docker group exists
group:
name: docker
state: present
- name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage
lineinfile:
path: /etc/sysconfig/docker-storage
regexp: '^DOCKER_STORAGE_OPTIONS='
line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'"
create: yes
when: container_registry_storage_options != ""
notify: restart docker service
- name: add deployment user to docker group
user:
name: "{{ container_registry_deployment_user }}"
groups: docker
append: yes
when: container_registry_deployment_user != ""
- name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network
lineinfile:
path: /etc/sysconfig/docker-network
regexp: '^DOCKER_NETWORK_OPTIONS='
line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'"
create: yes
when: container_registry_storage_options != ""
notify: restart docker service
- name: force systemd to reread configs
meta: flush_handlers
- name: ensure docker group exists
group:
name: docker
state: present
- name: enable and start docker
systemd:
enabled: true
state: started
name: docker
when: ansible_service_mgr == 'systemd'
- name: add deployment user to docker group
user:
name: "{{ container_registry_deployment_user }}"
groups: docker
append: yes
when: container_registry_deployment_user != ""
- name: force systemd to reread configs
meta: flush_handlers
- name: enable and start docker
systemd:
enabled: true
state: started
name: docker
when: ansible_service_mgr == 'systemd'
- name: mark docker configured
lineinfile:
path: /etc/sysconfig/docker
line: "# Configured by Ansible container registry role"
insertafter: "^# /etc/sysconfig/docker$"
create: yes
when: not container_registry_skip_reconfiguration or is_configured.rc != 0