From 88c26d2cdaeeaa74c01f4a417f9eb7d83f9f5263 Mon Sep 17 00:00:00 2001 From: Mike Fedosin Date: Fri, 30 Nov 2018 18:02:07 +0100 Subject: [PATCH] Allow to skip docker reconfiguration This commit adds an option `container_registry_skip_reconfiguration`, that, when enabled, disables the reconfiguration if docker has already been configured once. Change-Id: I0bcaeea9cd24ab35a81d8c3d6fc3a384c1e4c3c2 Related-Bug: #1804790 --- README.rst | 3 + defaults/main.yml | 1 + handlers/main.yml | 2 +- tasks/docker-update.yml | 81 ++++++------- tasks/docker.yml | 245 ++++++++++++++++++++++------------------ 5 files changed, 180 insertions(+), 152 deletions(-) diff --git a/README.rst b/README.rst index ca2adaf..18c0f86 100644 --- a/README.rst +++ b/README.rst @@ -54,6 +54,9 @@ Role Variables * - `container_registry_additional_sockets` - `[undefined]` - Additional sockets for containers + * - `container_registry_skip_reconfiguration` + - `false` + - Do not perform container registry reconfiguration if it's already configured Requirements ------------ diff --git a/defaults/main.yml b/defaults/main.yml index 96f630f..7584bfe 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,3 +13,4 @@ container_registry_mirror: '' container_registry_storage_options: '-s overlay2' container_registry_selinux: false container_registry_additional_sockets: [] +container_registry_skip_reconfiguration: false diff --git a/handlers/main.yml b/handlers/main.yml index 755e65d..60b9362 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -43,7 +43,7 @@ name: docker-distribution state: restarted -# NOTE(bogdando): import caveates https://github.com/ansible/ansible/issues/42621 +# NOTE(bogdando): import caveats https://github.com/ansible/ansible/issues/42621 - name: Docker | wait for registry uri: # Just checking API version should be fine diff --git a/tasks/docker-update.yml b/tasks/docker-update.yml index 48bd938..8c45e87 100644 --- a/tasks/docker-update.yml +++ b/tasks/docker-update.yml @@ -1,51 +1,54 @@ # tasks file for ansible-role-container-registry # the tasks will ensure docker is up to date. -- name: set package manager to yum - set_fact: - registry_pkg_manager: yum - when: - - ansible_os_family == 'RedHat' - - ansible_distribution_major_version|int == 7 +- block: + - name: set package manager to yum + set_fact: + registry_pkg_manager: yum + when: + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version|int == 7 -- name: set package manager to dnf - set_fact: - registry_pkg_manager: dnf - when: (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Fedora') + - name: set package manager to dnf + set_fact: + registry_pkg_manager: dnf + when: (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Fedora') -- name: can docker be updated - shell: "{{ registry_pkg_manager }} check-update docker" - register: docker_check_update - failed_when: docker_check_update.rc not in [0, 100] - changed_when: docker_check_update.rc == 100 + - name: can docker be updated + shell: "{{ registry_pkg_manager }} check-update docker" + register: docker_check_update + failed_when: docker_check_update.rc not in [0, 100] + changed_when: docker_check_update.rc == 100 -- name: set docker_rpm_needs_update fact - set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }} + - name: set docker_rpm_needs_update fact + set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }} -- name: stop all containers before update - # xargs is preferable to docker stop $(docker ps -q) as that might generate a - # a too long command line - shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop - when: docker_rpm_needs_update + - name: stop all containers before update + # xargs is preferable to docker stop $(docker ps -q) as that might generate a + # a too long command line + shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop + when: docker_rpm_needs_update -- name: ensure docker is installed - package: - name: docker - state: present - when: docker_rpm_needs_update + - name: ensure docker is installed + package: + name: docker + state: present + when: docker_rpm_needs_update -- name: update the docker package (yum) - yum: name=docker state=latest update_cache=yes # cache for https://bugs.launchpad.net/tripleo/+bug/1703830 - notify: restart docker service - when: - - docker_rpm_needs_update - - registry_pkg_manager == 'yum' + - name: update the docker package (yum) + yum: name=docker state=latest update_cache=yes # cache for https://bugs.launchpad.net/tripleo/+bug/1703830 + notify: restart docker service + when: + - docker_rpm_needs_update + - registry_pkg_manager == 'yum' -- name: update the docker package (dnf) - dnf: name=docker state=latest - notify: restart docker service - when: - - docker_rpm_needs_update - - registry_pkg_manager == 'dnf' + - name: update the docker package (dnf) + dnf: name=docker state=latest + notify: restart docker service + when: + - docker_rpm_needs_update + - registry_pkg_manager == 'dnf' + # Note(mfedosin): explicitly skip all preceding tasks if we don't need reconfiguration. + when: not container_registry_skip_reconfiguration diff --git a/tasks/docker.yml b/tasks/docker.yml index 46474a0..cf00073 100644 --- a/tasks/docker.yml +++ b/tasks/docker.yml @@ -1,129 +1,150 @@ # tasks file for ansible-role-container-registry -# NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts -# so lets set it before we install the package if we're managing it. -- name: enable net.ipv4.ip_forward - sysctl: - name: net.ipv4.ip_forward - value: 1 - sysctl_set: yes - state: present - reload: yes - -# NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0 -# volumes because other wise docker is very unhappy -- name: Check if there are XFS volumes with ftype=0 - become: true - shell: | - for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1) - do - parseftype=$(xfs_info $dev | grep ftype=0); - if [[ ! -z "$parseftype" ]]; then - ftype="ftype=0"; - break; - fi - done - echo $ftype; - register: ftype +# NOTE(mfedosin): In order to verify that we have already configured docker +# we add a line `# Configured by Ansible container registry role` in +# /etc/sysconfig/docker config file when initial configuration is done, +# and check its existence later. +- name: Check that the configuration mark exists in /etc/sysconfig/docker + command: grep -Fq "# Configured by Ansible container registry role" /etc/sysconfig/docker + register: is_configured + check_mode: false + ignore_errors: true changed_when: false -- name: Check ftype - fail: - msg: > - XFS volumes formatted using ftype=0 are incompatible - with the docker overlayfs driver. - when: - - ftype.stdout == 'ftype=0' +- block: + # NOTE(aschultz): LP#1750194 - need to set ip_forward before docker starts + # so lets set it before we install the package if we're managing it. + - name: enable net.ipv4.ip_forward + sysctl: + name: net.ipv4.ip_forward + value: 1 + sysctl_set: yes + state: present + reload: yes -- name: ensure docker is installed - package: - name: docker - state: present + # NOTE(aschultz): LP#1765121 - need to check that we don't have any ftype=0 + # volumes because other wise docker is very unhappy + - name: Check if there are XFS volumes with ftype=0 + become: true + shell: | + for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1) + do + parseftype=$(xfs_info $dev | grep ftype=0); + if [[ ! -z "$parseftype" ]]; then + ftype="ftype=0"; + break; + fi + done + echo $ftype; + register: ftype + changed_when: false -- name: manage /etc/systemd/system/docker.service.d - file: - path: /etc/systemd/system/docker.service.d - state: directory - when: ansible_service_mgr == 'systemd' + - name: Check ftype + fail: + msg: > + XFS volumes formatted using ftype=0 are incompatible + with the docker overlayfs driver. + when: + - ftype.stdout == 'ftype=0' -- name: unset mountflags - ini_file: - path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf - section: Service - option: MountFlags - value: "" - create: yes - notify: restart docker service - when: ansible_service_mgr == 'systemd' + - name: ensure docker is installed + package: + name: docker + state: present -- name: configure OPTIONS in /etc/sysconfig/docker - lineinfile: - path: /etc/sysconfig/docker - regexp: '^OPTIONS=' - line: "OPTIONS='{{ _full_docker_options }}'" - create: yes - notify: restart docker service + - name: manage /etc/systemd/system/docker.service.d + file: + path: /etc/systemd/system/docker.service.d + state: directory + when: ansible_service_mgr == 'systemd' -- name: configure INSECURE_REGISTRY in /etc/sysconfig/docker - lineinfile: - path: /etc/sysconfig/docker - regexp: '^INSECURE_REGISTRY=' - line: "INSECURE_REGISTRY='{{ registry_flags }}'" - when: container_registry_insecure_registries | length > 0 - notify: restart docker service - vars: - registry_flags: "{% for reg in container_registry_insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}" + - name: unset mountflags + ini_file: + path: /etc/systemd/system/docker.service.d/99-unset-mountflags.conf + section: Service + option: MountFlags + value: "" + create: yes + notify: restart docker service + when: ansible_service_mgr == 'systemd' -- name: Create additional socket directories - file: - path: "{{ item | dirname }}" - state: directory - notify: restart docker service - with_items: "{{ container_registry_additional_sockets }}" - when: container_registry_additional_sockets | length > 0 + - name: configure OPTIONS in /etc/sysconfig/docker + lineinfile: + path: /etc/sysconfig/docker + regexp: '^OPTIONS=' + line: "OPTIONS='{{ _full_docker_options }}'" + create: yes + notify: restart docker service -- name: manage /etc/docker/daemon.json - template: - src: docker-daemon.json.j2 - dest: /etc/docker/daemon.json - notify: restart docker service + - name: configure INSECURE_REGISTRY in /etc/sysconfig/docker + lineinfile: + path: /etc/sysconfig/docker + regexp: '^INSECURE_REGISTRY=' + line: "INSECURE_REGISTRY='{{ registry_flags }}'" + when: container_registry_insecure_registries | length > 0 + notify: restart docker service + vars: + registry_flags: "{% for reg in container_registry_insecure_registries %}--insecure-registry {{ reg }}{% if not loop.last %} {% endif %}{% endfor %}" -- name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage - lineinfile: - path: /etc/sysconfig/docker-storage - regexp: '^DOCKER_STORAGE_OPTIONS=' - line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'" - create: yes - when: container_registry_storage_options != "" - notify: restart docker service + - name: Create additional socket directories + file: + path: "{{ item | dirname }}" + state: directory + notify: restart docker service + with_items: "{{ container_registry_additional_sockets }}" + when: container_registry_additional_sockets | length > 0 -- name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network - lineinfile: - path: /etc/sysconfig/docker-network - regexp: '^DOCKER_NETWORK_OPTIONS=' - line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'" - create: yes - when: container_registry_storage_options != "" - notify: restart docker service + - name: manage /etc/docker/daemon.json + template: + src: docker-daemon.json.j2 + dest: /etc/docker/daemon.json + notify: restart docker service -- name: ensure docker group exists - group: - name: docker - state: present + - name: configure DOCKER_STORAGE_OPTIONS in /etc/sysconfig/docker-storage + lineinfile: + path: /etc/sysconfig/docker-storage + regexp: '^DOCKER_STORAGE_OPTIONS=' + line: "DOCKER_STORAGE_OPTIONS=' {{ container_registry_storage_options }}'" + create: yes + when: container_registry_storage_options != "" + notify: restart docker service -- name: add deployment user to docker group - user: - name: "{{ container_registry_deployment_user }}" - groups: docker - append: yes - when: container_registry_deployment_user != "" + - name: configure DOCKER_NETWORK_OPTIONS in /etc/sysconfig/docker-network + lineinfile: + path: /etc/sysconfig/docker-network + regexp: '^DOCKER_NETWORK_OPTIONS=' + line: "DOCKER_NETWORK_OPTIONS=' {{ container_registry_network_options }}'" + create: yes + when: container_registry_storage_options != "" + notify: restart docker service -- name: force systemd to reread configs - meta: flush_handlers + - name: ensure docker group exists + group: + name: docker + state: present -- name: enable and start docker - systemd: - enabled: true - state: started - name: docker - when: ansible_service_mgr == 'systemd' + - name: add deployment user to docker group + user: + name: "{{ container_registry_deployment_user }}" + groups: docker + append: yes + when: container_registry_deployment_user != "" + + - name: force systemd to reread configs + meta: flush_handlers + + - name: enable and start docker + systemd: + enabled: true + state: started + name: docker + when: ansible_service_mgr == 'systemd' + + - name: mark docker configured + lineinfile: + path: /etc/sysconfig/docker + line: "# Configured by Ansible container registry role" + insertafter: "^# /etc/sysconfig/docker$" + create: yes + + when: not container_registry_skip_reconfiguration or is_configured.rc != 0