Allow to skip docker reconfiguration
This commit adds an option `container_registry_skip_reconfiguration`, that, when enabled, disables the reconfiguration if docker has already been configured once. Change-Id: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2 Related-Bug: #1804790
This commit is contained in:
parent
eb5d61b601
commit
88c26d2cda
|
@ -54,6 +54,9 @@ Role Variables
|
|||
* - `container_registry_additional_sockets`
|
||||
- `[undefined]`
|
||||
- Additional sockets for containers
|
||||
* - `container_registry_skip_reconfiguration`
|
||||
- `false`
|
||||
- Do not perform container registry reconfiguration if it's already configured
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
|
|
@ -13,3 +13,4 @@ container_registry_mirror: ''
|
|||
container_registry_storage_options: '-s overlay2'
|
||||
container_registry_selinux: false
|
||||
container_registry_additional_sockets: []
|
||||
container_registry_skip_reconfiguration: false
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
name: docker-distribution
|
||||
state: restarted
|
||||
|
||||
# NOTE(bogdando): import caveates https://github.com/ansible/ansible/issues/42621
|
||||
# NOTE(bogdando): import caveats https://github.com/ansible/ansible/issues/42621
|
||||
- name: Docker | wait for registry
|
||||
uri:
|
||||
# Just checking API version should be fine
|
||||
|
|
|
@ -1,51 +1,54 @@
|
|||
# tasks file for ansible-role-container-registry
|
||||
# the tasks will ensure docker is up to date.
|
||||
|
||||
- name: set package manager to yum
|
||||
set_fact:
|
||||
registry_pkg_manager: yum
|
||||
when:
|
||||
- ansible_os_family == 'RedHat'
|
||||
- ansible_distribution_major_version|int == 7
|
||||
- block:
|
||||
- name: set package manager to yum
|
||||
set_fact:
|
||||
registry_pkg_manager: yum
|
||||
when:
|
||||
- ansible_os_family == 'RedHat'
|
||||
- ansible_distribution_major_version|int == 7
|
||||
|
||||
- name: set package manager to dnf
|
||||
set_fact:
|
||||
registry_pkg_manager: dnf
|
||||
when: (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Fedora')
|
||||
- name: set package manager to dnf
|
||||
set_fact:
|
||||
registry_pkg_manager: dnf
|
||||
when: (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Fedora')
|
||||
|
||||
|
||||
- name: can docker be updated
|
||||
shell: "{{ registry_pkg_manager }} check-update docker"
|
||||
register: docker_check_update
|
||||
failed_when: docker_check_update.rc not in [0, 100]
|
||||
changed_when: docker_check_update.rc == 100
|
||||
- name: can docker be updated
|
||||
shell: "{{ registry_pkg_manager }} check-update docker"
|
||||
register: docker_check_update
|
||||
failed_when: docker_check_update.rc not in [0, 100]
|
||||
changed_when: docker_check_update.rc == 100
|
||||
|
||||
- name: set docker_rpm_needs_update fact
|
||||
set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }}
|
||||
- name: set docker_rpm_needs_update fact
|
||||
set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }}
|
||||
|
||||
- name: stop all containers before update
|
||||
# xargs is preferable to docker stop $(docker ps -q) as that might generate a
|
||||
# a too long command line
|
||||
shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop
|
||||
when: docker_rpm_needs_update
|
||||
- name: stop all containers before update
|
||||
# xargs is preferable to docker stop $(docker ps -q) as that might generate a
|
||||
# a too long command line
|
||||
shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop
|
||||
when: docker_rpm_needs_update
|
||||
|
||||
- name: ensure docker is installed
|
||||
package:
|
||||
name: docker
|
||||
state: present
|
||||
when: docker_rpm_needs_update
|
||||
- name: ensure docker is installed
|
||||
package:
|
||||
name: docker
|
||||
state: present
|
||||
when: docker_rpm_needs_update
|
||||
|
||||
- name: update the docker package (yum)
|
||||
yum: name=docker state=latest update_cache=yes # cache for https://bugs.launchpad.net/tripleo/+bug/1703830
|
||||
notify: restart docker service
|
||||
when:
|
||||
- docker_rpm_needs_update
|
||||
- registry_pkg_manager == 'yum'
|
||||
- name: update the docker package (yum)
|
||||
yum: name=docker state=latest update_cache=yes # cache for https://bugs.launchpad.net/tripleo/+bug/1703830
|
||||
notify: restart docker service
|
||||
when:
|
||||
- docker_rpm_needs_update
|
||||
- registry_pkg_manager == 'yum'
|
||||
|
||||
- name: update the docker package (dnf)
|
||||
dnf: name=docker state=latest
|
||||
notify: restart docker service
|
||||
when:
|
||||
- docker_rpm_needs_update
|
||||
- registry_pkg_manager == 'dnf'
|
||||
- name: update the docker package (dnf)
|
||||
dnf: name=docker state=latest
|
||||
notify: restart docker service
|
||||
when:
|
||||
- docker_rpm_needs_update
|
||||
- registry_pkg_manager == 'dnf'
|
||||
|
||||
# Note(mfedosin): explicitly skip all preceding tasks if we don't need reconfiguration.
|
||||
when: not container_registry_skip_reconfiguration
|
||||
|
|
245
tasks/docker.yml
245
tasks/docker.yml
|
@ -1,129 +1,150 @@
|
|||
# tasks file for ansible-role-container-registry
|
||||
|
||||
# NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts
|
||||
# so lets set it before we install the package if we're managing it.
|
||||
- name: enable net.ipv4.ip_forward
|
||||
sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
# NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0
|
||||
# volumes because other wise docker is very unhappy
|
||||
- name: Check if there are XFS volumes with ftype=0
|
||||
become: true
|
||||
shell: |
|
||||
for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1)
|
||||
do
|
||||
parseftype=$(xfs_info $dev | grep ftype=0);
|
||||
if [[ ! -z "$parseftype" ]]; then
|
||||
ftype="ftype=0";
|
||||
break;
|
||||
fi
|
||||
done
|
||||
echo $ftype;
|
||||
register: ftype
|
||||
# NOTE(mfedosin): In order to verify that we have already configured docker
|
||||
# we add a line `# Configured by Ansible container registry role` in
|
||||
# /etc/sysconfig/docker config file when initial configuration is done,
|
||||
# and check its existence later.
|
||||
- name: Check that the configuration mark exists in /etc/sysconfig/docker
|
||||
command: grep -Fq "# Configured by Ansible container registry role" /etc/sysconfig/docker
|
||||
register: is_configured
|
||||
check_mode: false
|
||||
ignore_errors: true
|
||||
changed_when: false
|
||||
|
||||
- name: Check ftype
|
||||
fail:
|
||||
msg: >
|
||||
XFS volumes formatted using ftype=0 are incompatible
|
||||
with the docker overlayfs driver.
|
||||
when:
|
||||
- ftype.stdout == 'ftype=0'
|
||||
- block:
|
||||
# NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts
|
||||
# so lets set it before we install the package if we're managing it.
|
||||
- name: enable net.ipv4.ip_forward
|
||||
sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: ensure docker is installed
|
||||
package:
|
||||
name: docker
|
||||
state: present
|
||||
# NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0
|
||||
# volumes because other wise docker is very unhappy
|
||||
- name: Check if there are XFS volumes with ftype=0
|
||||
become: true
|
||||
shell: |
|
||||
for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1)
|
||||
do
|
||||
parseftype=$(xfs_info $dev | grep ftype=0);
|
||||
if [[ ! -z "$parseftype" ]]; then
|
||||
ftype="ftype=0";
|
||||
break;
|
||||
fi
|
||||
done
|
||||
echo $ftype;
|
||||
register: ftype
|
||||
changed_when: false
|
||||
|
||||
- name: manage /etc/systemd/system/docker.service.d
|
||||
file:
|
||||
path: /etc/systemd/system/docker.service.d
|
||||
state: directory
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
- name: Check ftype
|
||||
fail:
|
||||
msg: >
|
||||
XFS volumes formatted using ftype=0 are incompatible
|
||||
with the docker overlayfs driver.
|
||||
when:
|
||||
- ftype.stdout == 'ftype=0'
|
||||
|
||||
- name: unset mountflags
|
||||
ini_file:
|
||||
path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf
|
||||
section: Service
|
||||
option: MountFlags
|
||||
value: ""
|
||||
create: yes
|
||||
notify: restart docker service
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
- name: ensure docker is installed
|
||||
package:
|
||||
name: docker
|
||||
state: present
|
||||
|
||||
- name: configure OPTIONS in /etc/sysconfig/docker
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker
|
||||
regexp: '^OPTIONS='
|
||||
line: "OPTIONS='{{ _full_docker_options }}'"
|
||||
create: yes
|
||||
notify: restart docker service
|
||||
- name: manage /etc/systemd/system/docker.service.d
|
||||
file:
|
||||
path: /etc/systemd/system/docker.service.d
|
||||
state: directory
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
|
||||
- name: configure INSECURE_REGISTRY in /etc/sysconfig/docker
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker
|
||||
regexp: '^INSECURE_REGISTRY='
|
||||
line: "INSECURE_REGISTRY='{{ registry_flags }}'"
|
||||
when: container_registry_insecure_registries | length > 0
|
||||
notify: restart docker service
|
||||
vars:
|
||||
registry_flags: "{% for reg in container_registry_insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}"
|
||||
- name: unset mountflags
|
||||
ini_file:
|
||||
path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf
|
||||
section: Service
|
||||
option: MountFlags
|
||||
value: ""
|
||||
create: yes
|
||||
notify: restart docker service
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
|
||||
- name: Create additional socket directories
|
||||
file:
|
||||
path: "{{ item | dirname }}"
|
||||
state: directory
|
||||
notify: restart docker service
|
||||
with_items: "{{ container_registry_additional_sockets }}"
|
||||
when: container_registry_additional_sockets | length > 0
|
||||
- name: configure OPTIONS in /etc/sysconfig/docker
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker
|
||||
regexp: '^OPTIONS='
|
||||
line: "OPTIONS='{{ _full_docker_options }}'"
|
||||
create: yes
|
||||
notify: restart docker service
|
||||
|
||||
- name: manage /etc/docker/daemon.json
|
||||
template:
|
||||
src: docker-daemon.json.j2
|
||||
dest: /etc/docker/daemon.json
|
||||
notify: restart docker service
|
||||
- name: configure INSECURE_REGISTRY in /etc/sysconfig/docker
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker
|
||||
regexp: '^INSECURE_REGISTRY='
|
||||
line: "INSECURE_REGISTRY='{{ registry_flags }}'"
|
||||
when: container_registry_insecure_registries | length > 0
|
||||
notify: restart docker service
|
||||
vars:
|
||||
registry_flags: "{% for reg in container_registry_insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}"
|
||||
|
||||
- name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker-storage
|
||||
regexp: '^DOCKER_STORAGE_OPTIONS='
|
||||
line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'"
|
||||
create: yes
|
||||
when: container_registry_storage_options != ""
|
||||
notify: restart docker service
|
||||
- name: Create additional socket directories
|
||||
file:
|
||||
path: "{{ item | dirname }}"
|
||||
state: directory
|
||||
notify: restart docker service
|
||||
with_items: "{{ container_registry_additional_sockets }}"
|
||||
when: container_registry_additional_sockets | length > 0
|
||||
|
||||
- name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker-network
|
||||
regexp: '^DOCKER_NETWORK_OPTIONS='
|
||||
line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'"
|
||||
create: yes
|
||||
when: container_registry_storage_options != ""
|
||||
notify: restart docker service
|
||||
- name: manage /etc/docker/daemon.json
|
||||
template:
|
||||
src: docker-daemon.json.j2
|
||||
dest: /etc/docker/daemon.json
|
||||
notify: restart docker service
|
||||
|
||||
- name: ensure docker group exists
|
||||
group:
|
||||
name: docker
|
||||
state: present
|
||||
- name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker-storage
|
||||
regexp: '^DOCKER_STORAGE_OPTIONS='
|
||||
line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'"
|
||||
create: yes
|
||||
when: container_registry_storage_options != ""
|
||||
notify: restart docker service
|
||||
|
||||
- name: add deployment user to docker group
|
||||
user:
|
||||
name: "{{ container_registry_deployment_user }}"
|
||||
groups: docker
|
||||
append: yes
|
||||
when: container_registry_deployment_user != ""
|
||||
- name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker-network
|
||||
regexp: '^DOCKER_NETWORK_OPTIONS='
|
||||
line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'"
|
||||
create: yes
|
||||
when: container_registry_storage_options != ""
|
||||
notify: restart docker service
|
||||
|
||||
- name: force systemd to reread configs
|
||||
meta: flush_handlers
|
||||
- name: ensure docker group exists
|
||||
group:
|
||||
name: docker
|
||||
state: present
|
||||
|
||||
- name: enable and start docker
|
||||
systemd:
|
||||
enabled: true
|
||||
state: started
|
||||
name: docker
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
- name: add deployment user to docker group
|
||||
user:
|
||||
name: "{{ container_registry_deployment_user }}"
|
||||
groups: docker
|
||||
append: yes
|
||||
when: container_registry_deployment_user != ""
|
||||
|
||||
- name: force systemd to reread configs
|
||||
meta: flush_handlers
|
||||
|
||||
- name: enable and start docker
|
||||
systemd:
|
||||
enabled: true
|
||||
state: started
|
||||
name: docker
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
|
||||
- name: mark docker configured
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/docker
|
||||
line: "# Configured by Ansible container registry role"
|
||||
insertafter: "^# /etc/sysconfig/docker$"
|
||||
create: yes
|
||||
|
||||
when: not container_registry_skip_reconfiguration or is_configured.rc != 0
|
||||
|
|
Loading…
Reference in New Issue