diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2b0a8c0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.log +.vagrant +*.retry diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..8027a0e --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,30 @@ +--- +# Docker repository branch +docker_repo: main +# docker_repo: testing +# docker_repo: experimental +# By default we listen on the docker socket, if you want to listen on TCP just +# update this variable to add new entries such as "tcp://192.168.0.1:4738" +docker_hosts: "{{ docker_default_hosts[ansible_os_family] | list }}" +# Default IP when binding container ports +docker_ip: "0.0.0.0" +# The logging level of the daemon +docker_log_level: "info" +# Preferred Docker registry mirror +docker_registry_mirror: [] +# Add insecure registries +docker_insecure_registries: [] +# Setup TLS options +docker_tls: + enabled: false + verify: false + cacert: "" + cert: "" + key: "" +# Enable SELinux support +docker_selinux: false +# Cluster advertising +docker_cluster: + advertise: "" + store: "" + options: {} \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml index dbd1c27..2450f1f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,6 @@ --- -- name: Restart Docker +- name: Reload systemd + command: /bin/systemctl daemon-reload + +- name: Restart docker service: name=docker state=restarted enabled=yes sleep=5 diff --git a/meta/main.yml b/meta/main.yml index 5556f3e..8b35aa4 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,83 +1,18 @@ --- galaxy_info: - author: Jason Giedymin + author: Christophe Robin description: Ansible Docker Playbook Role - company: http://jasongiedymin.com - license: Apache 2 - min_ansible_version: 1.2 - # - # Below are all platforms currently available. Just uncomment - # the ones that apply to your role. If you don't see your - # platform on this list, let us know and we'll get it added! - # + company: Wizcorp K.K. + license: MIT + min_ansible_version: 2.0 platforms: - name: EL versions: - # - all - # - 5 - - 6 - - 7 - #- name: GenericUNIX - # versions: - # - all - # - any - #- name: Fedora - # versions: - # - all - # - 16 - # - 17 - # - 18 - # - 19 - # - 20 - #- name: opensuse - # versions: - # - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: GenericBSD - # versions: - # - all - # - any - #- name: FreeBSD - # versions: - # - all - # - 8.0 - # - 8.1 - # - 8.2 - # - 8.3 - # - 8.4 - # - 9.0 - # - 9.1 - # - 9.1 - # - 9.2 + - 7 - name: Ubuntu versions: - - all - - lucid - - maverick - - natty - - oneiric - - precise - - quantal - - raring - - saucy - - trusty - #- name: SLES - # versions: - # - all - # - 10SP3 - # - 10SP4 - # - 11 - # - 11SP1 - # - 11SP2 - # - 11SP3 - #- name: GenericLinux - # versions: - # - all - # - any + - xenial + - yakkety - name: Debian versions: - all @@ -85,28 +20,12 @@ galaxy_info: - lenny - squeeze - wheezy - - # Below are all categories currently available. Just as with - # the platforms above, uncomment those that apply to your role. - # categories: - cloud - #- cloud:ec2 - #- cloud:gce - #- cloud:rax - #- database - #- database:nosql - #- database:sql - #- development - #- monitoring - #- networking - #- packaging - system - #- web - platform -dependencies: [] - # List your role dependencies here, one per line. Only - # dependencies available via galaxy should be listed here. - # Be sure to remove the '[]' above if you add dependencies - # to this list. - +dependencies: + - role: AerisCloud.repos + repositories: + centos7: + - docker diff --git a/tasks/Debian.yml b/tasks/Debian.yml index ecd6bd1..1a515d6 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -1,36 +1,39 @@ -- name: Get uname - command: uname -r - register: os_uname - -# would rather have used ansible apt-key... -- name: Add specific key - command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys {{docker_repo_key}} - -- name: Add docker repo - command: sudo sh -c "echo deb {{docker_repo}} docker main > /etc/apt/sources.list.d/docker.list" - -- name: Install os packages - apt: pkg={{item}} state=present update_cache=yes - with_items: - - linux-image-extra-{{os_uname.stdout}} - - lxc-docker - -- name: Docker default config file - template: src=docker-defaults.j2 dest=/etc/default/docker - -- name: Docker init file - template: src=docker-init.j2 dest=/etc/init/docker.conf - notify: Restart Docker - -# consider seperate role here -- name: Change ufw forward policy to ACCEPT - command: sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw - when: docker_listen_tcp == True - -- name: Reload ufw - command: ufw reload - when: docker_listen_tcp == True - -- name: Allow incomming tcp traffic on {{docker_listen_port}} - command: ufw allow {{docker_listen_port}}/tcp - when: docker_listen_tcp == True +- name: "Import Docker APT public key." + apt_key: + keyserver: "{{ docker_pubkey_server }}" + id: "{{ docker_pubkey_id }}" + state: present + tags: + - docker + - package + +- name: "Install apt-transport-https if necessary." + apt: + name: "{{ item }}" + state: present + with_items: + - apt-transport-https + - ca-certificates + tags: + - docker + - package + +- name: "Add the APT Docker repository." + apt_repository: + repo: "{{ docker_apt_repo }}" + state: present + filename: 'docker' + tags: + - docker + - package + +- name: "Install Docker" + apt: + name: "{{ item }}" + state: present + with_items: + - docker-engine + - linux-image-extra-virtual + tags: + - docker + - package \ No newline at end of file diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml index 00ca270..8fdb6ab 100644 --- a/tasks/RedHat.yml +++ b/tasks/RedHat.yml @@ -1,12 +1,15 @@ -- include: rh6.yml +- name: "Check CentOS version" + fail: msg="The system is running a version of RedHat that is not supported by this playbook" when: ansible_distribution_major_version|int == 6 + tags: + - docker -- include: rh7.yml - when: ansible_distribution_major_version|int == 7 - -- name: "Change docker options" - lineinfile: > - line='other_args={{ docker_opts }}' - regexp='^other_args=' - dest=/etc/sysconfig/docker +- name: "Install docker" + yum: > + name=docker-engine + enablerepo=dockerrepo state=present + notify: Restart docker + tags: + - docker + - package diff --git a/tasks/main.yml b/tasks/main.yml index cdc35bb..e87745f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,12 +1,54 @@ --- - include: Debian.yml - when: ansible_os_family == "Debian" + static: no + when: ansible_os_family == 'Debian' + tags: + - docker - include: RedHat.yml + static: no when: ansible_os_family == "RedHat" + tags: + - docker + +- name: "Create drop-in folder" + file: path=/etc/systemd/system/docker.service.d state=directory mode=0755 + tags: + - docker + - service + - files + +# Not a big fan of this but the default package explicitly prevents defining the hosts +# option in the daemon config by adding a useless -H option on the dockerd start command, +# this service file removes it +- name: "Create drop-in systemd definition to allow for custom listen options" + template: src=docker.service.j2 dest=/etc/systemd/system/docker.service.d/docker.conf + notify: + - Reload systemd + tags: + - docker + - service + - files + +- name: "Ensure that /etc/docker exists" + file: path=/etc/docker state=directory mode=0755 + tags: + - docker + - files + +- name: "Docker default config file" + template: src=docker-config.json.j2 dest=/etc/docker/daemon.json + notify: + - Restart docker + tags: + - docker + - files - name: "Make sure docker is running" service: > name=docker state=started enabled=yes + tags: + - docker + - service \ No newline at end of file diff --git a/tasks/rh6.yml b/tasks/rh6.yml deleted file mode 100644 index e9b76bf..0000000 --- a/tasks/rh6.yml +++ /dev/null @@ -1,35 +0,0 @@ -- name: "Update the kernel" - yum: > - name=kernel - state=latest - register: kernel - when: update_kernel|bool - -- name: "Restart machine" - shell: | - shutdown -r now "Ansible updates triggered" - async: 0 - poll: 0 - ignore_errors: true - when: kernel|changed - -- name: "Waiting for server to come back" - local_action: > - wait_for host={{ inventory_hostname }} - state=started - sudo: false - when: kernel|changed - -- name: "Update the docker dependencies" - yum: > - name={{ item }} - state=latest - with_items: - - device-mapper - -- name: "Install docker" - yum: > - name=docker-io - enablerepo=epel - state=present - notify: Restart Docker diff --git a/tasks/rh7.yml b/tasks/rh7.yml deleted file mode 100644 index 1cbee37..0000000 --- a/tasks/rh7.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: "Install docker" - yum: > - name=docker - state=present - notify: Restart Docker diff --git a/templates/docker-config.json.j2 b/templates/docker-config.json.j2 new file mode 100644 index 0000000..4963a5c --- /dev/null +++ b/templates/docker-config.json.j2 @@ -0,0 +1,25 @@ +{ + "hosts": {{ docker_hosts | to_json }}, + "ip": {{ docker_ip | to_json }}, + "log-level": {{ docker_log_level | to_json }}, +{% if docker_log_driver is defined %} + "log-driver": {{ docker_log_driver | to_json }}, +{% if docker_log_opts is defined %} + "log-opts": {{ docker_log_opts | to_json }}, +{% endif %} +{% endif %} +{% if docker_labels is defined %} + "labels": {{ docker_labels | to_json }}, +{% endif %} +{% if docker_tls.enabled %} + "tls": {{ docker_tls.enabled | to_json }}, + "tlsverify": {{ docker_tls.verify | to_json }}, + "tlscacert": {{ docker_tls.cacert | to_json }}, + "tlscert": {{ docker_tls.cert | to_json }}, + "tlskey": {{ docker_tls.key | to_json }}, +{% endif %} +{% if docker_registry_mirror | length %} + "registry-mirror": {{ docker_registry_mirror | to_json }}, +{% endif %} + "insecure-registries": {{ docker_insecure_registries | to_json }} +} \ No newline at end of file diff --git a/templates/docker-defaults.j2 b/templates/docker-defaults.j2 deleted file mode 100644 index 38551d2..0000000 --- a/templates/docker-defaults.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# Generated by Ansible for {{ansible_fqdn}} - -DOCKER_OPTS={{docker_opts}} \ No newline at end of file diff --git a/templates/docker-init.j2 b/templates/docker-init.j2 deleted file mode 100644 index 71ce54e..0000000 --- a/templates/docker-init.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# Generated by Ansible for {{ansible_fqdn}} -description "Docker daemon" - -start on filesystem and started lxc-net -stop on runlevel [!2345] - -respawn - -script - [ ! -f /etc/default/docker ] || . /etc/default/docker - /usr/bin/docker -d $DOCKER_OPTS -end script \ No newline at end of file diff --git a/templates/docker.service.j2 b/templates/docker.service.j2 new file mode 100644 index 0000000..5bc171f --- /dev/null +++ b/templates/docker.service.j2 @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/default/docker +ExecStart= +ExecStart=/usr/bin/dockerd $DOCKER_OPTS \ No newline at end of file diff --git a/tests/.gitignore b/tests/.gitignore new file mode 100644 index 0000000..d16a8b8 --- /dev/null +++ b/tests/.gitignore @@ -0,0 +1 @@ +AerisCloud.* \ No newline at end of file diff --git a/tests/Vagrantfile b/tests/Vagrantfile new file mode 100644 index 0000000..a6f2ea7 --- /dev/null +++ b/tests/Vagrantfile @@ -0,0 +1,77 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Make sure that ansible is setup correctly +if ["up", "provision"].include? ARGV[0] then + puts "Syncing role data" + system "rsync -avc \ + --exclude=tests \ + --exclude=.git \ + '#{File.dirname(File.dirname(__FILE__))}/' \ + '#{File.dirname(__FILE__)}/ansible/AerisCloud.docker'" + + unless File.exist?("ansible/AerisCloud.repos") then + puts "Installing missing dependencies" + system "ansible-galaxy install -r ansible/dependencies.yml -p ansible" + end +end + +Vagrant.configure("2") do |config| + config.vm.box = "ubuntu/xenial64" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + config.vm.provider "virtualbox" do |vb| + # Customize the amount of memory on the VM: + vb.memory = "512" + end + + config.vm.define "ubuntu" do |ubuntu| + ubuntu.vm.box = "ubuntu/xenial64" + + # The base xenial box doesn't have python installed so we need to install it manually + ubuntu.vm.provision "shell", inline: <<-SHELL + if + [[ ! -f /usr/bin/python ]]; + then + apt-get update + apt-get install -y python-minimal + fi +SHELL + + # This bit is duplicated between each machines because the order is important on this one + # See the vagrant documentation about multi-machine and merging order + ubuntu.vm.provision "ansible" do |ansible| + ansible.playbook = "ansible/test-playbook.yml" + end + end + + config.vm.define "debian" do |debian| + debian.vm.box = "debian/jessie64" + + debian.vm.provision "ansible" do |ansible| + ansible.playbook = "ansible/test-playbook.yml" + end + end + + config.vm.define "centos" do |centos| + centos.vm.box = "centos/7" + + centos.vm.provision "ansible" do |ansible| + ansible.playbook = "ansible/test-playbook.yml" + end + end +end diff --git a/tests/ansible/dependencies.yml b/tests/ansible/dependencies.yml new file mode 100644 index 0000000..f787242 --- /dev/null +++ b/tests/ansible/dependencies.yml @@ -0,0 +1,2 @@ +- src: AerisCloud.repos + version: v1.1.2 diff --git a/tests/ansible/test-playbook.yml b/tests/ansible/test-playbook.yml new file mode 100644 index 0000000..082dd8b --- /dev/null +++ b/tests/ansible/test-playbook.yml @@ -0,0 +1,5 @@ +- hosts: all + gather_facts: true + become: true + roles: + - AerisCloud.docker \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 1bf4bbd..5f96f67 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,23 +1,10 @@ ---- -docker_playbook_version: "0.1.2" +docker_pubkey_id: "58118E89F3A912897C070ADBF76221572C52609D" +docker_pubkey_server: "hkp://ha.pool.sks-keyservers.net:80" -# replace with gist variant -docker_repo_key: "36A1D7869245C8950F966E92D8576A8BA88D21E9" -docker_repo: "http://get.docker.io/ubuntu" -docker_opts: '' +docker_apt_repo: "deb https://apt.dockerproject.org/repo {{ ansible_distribution | lower }}-{{ ansible_distribution_release }} {{ docker_repo }}" -##### --- -# Want to advertise the tcp port? Enable below. -# To enable tcp you must set : -# - `docker_listen_tcp = True` -# - uncomment `docker_opts` or provide it as a override -# -# Note: -# By setting `-H` opt for docker, it will no longer be listenting -# on the socket. You cannot have both. You must choose socket `-d` -# or tcp `-H`. -# -docker_listen_tcp: False -docker_listen_port: 4243 -# docker_opts: '"-H tcp://{{ansible_eth1.ipv4.address}}:{{docker_listen_port}}"' -##### --- +docker_default_hosts: + Debian: + - fd:// + RedHat: + - unix:///var/run/docker.sock \ No newline at end of file