From 43424fa750368dc4c097aa2cb484fdf0a6bdbfd2 Mon Sep 17 00:00:00 2001 From: Christophe Robin Date: Thu, 20 Oct 2016 12:01:16 +0900 Subject: [PATCH 1/4] Rewrote docker role for latest version --- .gitignore | 4 ++ defaults/main.yml | 31 ++++++++++ handlers/main.yml | 5 +- meta/main.yml | 105 ++++---------------------------- tasks/Debian.yml | 55 ++++++----------- tasks/RedHat.yml | 16 +++-- tasks/main.yml | 23 ++++++- tasks/rh6.yml | 35 ----------- tasks/rh7.yml | 5 -- templates/docker-config.json.j2 | 25 ++++++++ templates/docker-defaults.j2 | 3 - templates/docker-init.j2 | 12 ---- templates/docker.service.j2 | 31 ++++++++++ tests/Vagrantfile | 77 +++++++++++++++++++++++ tests/ansible/dependencies.yml | 2 + tests/ansible/test-playbook.yml | 5 ++ vars/main.yml | 25 +------- 17 files changed, 242 insertions(+), 217 deletions(-) create mode 100644 .gitignore create mode 100644 defaults/main.yml delete mode 100644 tasks/rh6.yml delete mode 100644 tasks/rh7.yml create mode 100644 templates/docker-config.json.j2 delete mode 100644 templates/docker-defaults.j2 delete mode 100644 templates/docker-init.j2 create mode 100644 templates/docker.service.j2 create mode 100644 tests/Vagrantfile create mode 100644 tests/ansible/dependencies.yml create mode 100644 tests/ansible/test-playbook.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ee196c0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +AerisCloud.* +*.log +.vagrant +*.retry diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..bb8cb3e --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,31 @@ +--- +# Docker repository branch +docker_repo: main +# docker_repo: testing +# docker_repo: experimental +# By default we listen on the docker socket, if you want to listen on TCP just +# update this variable to add new entries such as "tcp://192.168.0.1:4738" +docker_hosts: +- unix:///var/run/docker.sock +# Default IP when binding container ports +docker_ip: "0.0.0.0" +# The logging level of the daemon +docker_log_level: "info" +# Preferred Docker registry mirror +docker_registry_mirror: [] +# Add insecure registries +docker_insecure_registries: [] +# Setup TLS options +docker_tls: + enabled: false + verify: false + cacert: "" + cert: "" + key: "" +# Enable SELinux support +docker_selinux: false +# Cluster advertising +docker_cluster: + advertise: "" + store: "" + options: {} \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml index dbd1c27..2450f1f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,6 @@ --- -- name: Restart Docker +- name: Reload systemd + command: /bin/systemctl daemon-reload + +- name: Restart docker service: name=docker state=restarted enabled=yes sleep=5 diff --git a/meta/main.yml b/meta/main.yml index 5556f3e..8b35aa4 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,83 +1,18 @@ --- galaxy_info: - author: Jason Giedymin + author: Christophe Robin description: Ansible Docker Playbook Role - company: http://jasongiedymin.com - license: Apache 2 - min_ansible_version: 1.2 - # - # Below are all platforms currently available. Just uncomment - # the ones that apply to your role. If you don't see your - # platform on this list, let us know and we'll get it added! - # + company: Wizcorp K.K. + license: MIT + min_ansible_version: 2.0 platforms: - name: EL versions: - # - all - # - 5 - - 6 - - 7 - #- name: GenericUNIX - # versions: - # - all - # - any - #- name: Fedora - # versions: - # - all - # - 16 - # - 17 - # - 18 - # - 19 - # - 20 - #- name: opensuse - # versions: - # - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: GenericBSD - # versions: - # - all - # - any - #- name: FreeBSD - # versions: - # - all - # - 8.0 - # - 8.1 - # - 8.2 - # - 8.3 - # - 8.4 - # - 9.0 - # - 9.1 - # - 9.1 - # - 9.2 + - 7 - name: Ubuntu versions: - - all - - lucid - - maverick - - natty - - oneiric - - precise - - quantal - - raring - - saucy - - trusty - #- name: SLES - # versions: - # - all - # - 10SP3 - # - 10SP4 - # - 11 - # - 11SP1 - # - 11SP2 - # - 11SP3 - #- name: GenericLinux - # versions: - # - all - # - any + - xenial + - yakkety - name: Debian versions: - all @@ -85,28 +20,12 @@ galaxy_info: - lenny - squeeze - wheezy - - # Below are all categories currently available. Just as with - # the platforms above, uncomment those that apply to your role. - # categories: - cloud - #- cloud:ec2 - #- cloud:gce - #- cloud:rax - #- database - #- database:nosql - #- database:sql - #- development - #- monitoring - #- networking - #- packaging - system - #- web - platform -dependencies: [] - # List your role dependencies here, one per line. Only - # dependencies available via galaxy should be listed here. - # Be sure to remove the '[]' above if you add dependencies - # to this list. - +dependencies: + - role: AerisCloud.repos + repositories: + centos7: + - docker diff --git a/tasks/Debian.yml b/tasks/Debian.yml index ecd6bd1..4839864 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -1,36 +1,19 @@ -- name: Get uname - command: uname -r - register: os_uname - -# would rather have used ansible apt-key... -- name: Add specific key - command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys {{docker_repo_key}} - -- name: Add docker repo - command: sudo sh -c "echo deb {{docker_repo}} docker main > /etc/apt/sources.list.d/docker.list" - -- name: Install os packages - apt: pkg={{item}} state=present update_cache=yes - with_items: - - linux-image-extra-{{os_uname.stdout}} - - lxc-docker - -- name: Docker default config file - template: src=docker-defaults.j2 dest=/etc/default/docker - -- name: Docker init file - template: src=docker-init.j2 dest=/etc/init/docker.conf - notify: Restart Docker - -# consider seperate role here -- name: Change ufw forward policy to ACCEPT - command: sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw - when: docker_listen_tcp == True - -- name: Reload ufw - command: ufw reload - when: docker_listen_tcp == True - -- name: Allow incomming tcp traffic on {{docker_listen_port}} - command: ufw allow {{docker_listen_port}}/tcp - when: docker_listen_tcp == True +- name: Import Docker APT public key. + apt_key: + keyserver: "{{ docker_pubkey_server }}" + id: "{{ docker_pubkey_id }}" + state: present + +- name: Install apt-transport-https if necessary. + apt: + name: apt-transport-https + state: present + +- name: Add the APT Docker repository. + apt_repository: + repo: "{{ docker_apt_repo }}" + state: present + filename: 'docker' + +- name: Install Docker + apt: name=docker-engine state=present update_cache=yes diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml index 00ca270..281aef4 100644 --- a/tasks/RedHat.yml +++ b/tasks/RedHat.yml @@ -1,12 +1,10 @@ -- include: rh6.yml +- fail: msg="The system is running a version of RedHat that is not supported by this playbook" when: ansible_distribution_major_version|int == 6 -- include: rh7.yml - when: ansible_distribution_major_version|int == 7 - -- name: "Change docker options" - lineinfile: > - line='other_args={{ docker_opts }}' - regexp='^other_args=' - dest=/etc/sysconfig/docker +- name: "Install docker" + yum: > + name=docker-engine + enablerepo=dockerrepo state=present + notify: Restart docker + diff --git a/tasks/main.yml b/tasks/main.yml index cdc35bb..d31b5c4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,10 +1,31 @@ --- - include: Debian.yml - when: ansible_os_family == "Debian" + static: no + when: ansible_os_family == 'Debian' - include: RedHat.yml + static: no when: ansible_os_family == "RedHat" +# Not a big fan of this but the default package explicitly prevents defining the hosts +# option in the daemon config by adding a useless -H option on the dockerd start command, +# this service file removes it +- name: Update systemd definition to allow for custom listen options + template: src=docker.service.j2 dest=/lib/systemd/system/docker.service + register: systemd_service + +- name: Reload systemd + command: /bin/systemctl daemon-reload + when: systemd_service|changed + +- name: "Ensure that /etc/docker exists" + file: path=/etc/docker state=directory mode=0755 + +- name: Docker default config file + template: src=docker-config.json.j2 dest=/etc/docker/daemon.json + notify: + - Restart docker + - name: "Make sure docker is running" service: > name=docker diff --git a/tasks/rh6.yml b/tasks/rh6.yml deleted file mode 100644 index e9b76bf..0000000 --- a/tasks/rh6.yml +++ /dev/null @@ -1,35 +0,0 @@ -- name: "Update the kernel" - yum: > - name=kernel - state=latest - register: kernel - when: update_kernel|bool - -- name: "Restart machine" - shell: | - shutdown -r now "Ansible updates triggered" - async: 0 - poll: 0 - ignore_errors: true - when: kernel|changed - -- name: "Waiting for server to come back" - local_action: > - wait_for host={{ inventory_hostname }} - state=started - sudo: false - when: kernel|changed - -- name: "Update the docker dependencies" - yum: > - name={{ item }} - state=latest - with_items: - - device-mapper - -- name: "Install docker" - yum: > - name=docker-io - enablerepo=epel - state=present - notify: Restart Docker diff --git a/tasks/rh7.yml b/tasks/rh7.yml deleted file mode 100644 index 1cbee37..0000000 --- a/tasks/rh7.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: "Install docker" - yum: > - name=docker - state=present - notify: Restart Docker diff --git a/templates/docker-config.json.j2 b/templates/docker-config.json.j2 new file mode 100644 index 0000000..4963a5c --- /dev/null +++ b/templates/docker-config.json.j2 @@ -0,0 +1,25 @@ +{ + "hosts": {{ docker_hosts | to_json }}, + "ip": {{ docker_ip | to_json }}, + "log-level": {{ docker_log_level | to_json }}, +{% if docker_log_driver is defined %} + "log-driver": {{ docker_log_driver | to_json }}, +{% if docker_log_opts is defined %} + "log-opts": {{ docker_log_opts | to_json }}, +{% endif %} +{% endif %} +{% if docker_labels is defined %} + "labels": {{ docker_labels | to_json }}, +{% endif %} +{% if docker_tls.enabled %} + "tls": {{ docker_tls.enabled | to_json }}, + "tlsverify": {{ docker_tls.verify | to_json }}, + "tlscacert": {{ docker_tls.cacert | to_json }}, + "tlscert": {{ docker_tls.cert | to_json }}, + "tlskey": {{ docker_tls.key | to_json }}, +{% endif %} +{% if docker_registry_mirror | length %} + "registry-mirror": {{ docker_registry_mirror | to_json }}, +{% endif %} + "insecure-registries": {{ docker_insecure_registries | to_json }} +} \ No newline at end of file diff --git a/templates/docker-defaults.j2 b/templates/docker-defaults.j2 deleted file mode 100644 index 38551d2..0000000 --- a/templates/docker-defaults.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# Generated by Ansible for {{ansible_fqdn}} - -DOCKER_OPTS={{docker_opts}} \ No newline at end of file diff --git a/templates/docker-init.j2 b/templates/docker-init.j2 deleted file mode 100644 index 71ce54e..0000000 --- a/templates/docker-init.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# Generated by Ansible for {{ansible_fqdn}} -description "Docker daemon" - -start on filesystem and started lxc-net -stop on runlevel [!2345] - -respawn - -script - [ ! -f /etc/default/docker ] || . /etc/default/docker - /usr/bin/docker -d $DOCKER_OPTS -end script \ No newline at end of file diff --git a/templates/docker.service.j2 b/templates/docker.service.j2 new file mode 100644 index 0000000..10c25f9 --- /dev/null +++ b/templates/docker.service.j2 @@ -0,0 +1,31 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network.target{% if ansible_os_family != "RedHat" %} docker.socket +Requires=docker.socket +{% endif %} + +[Service] +Type=notify +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +EnvironmentFile=-/etc/default/docker +ExecStart=/usr/bin/dockerd $DOCKER_OPTS +ExecReload=/bin/kill -s HUP $MAINPID +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes +# kill only the docker process, not all processes in the cgroup +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/tests/Vagrantfile b/tests/Vagrantfile new file mode 100644 index 0000000..a6f2ea7 --- /dev/null +++ b/tests/Vagrantfile @@ -0,0 +1,77 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Make sure that ansible is setup correctly +if ["up", "provision"].include? ARGV[0] then + puts "Syncing role data" + system "rsync -avc \ + --exclude=tests \ + --exclude=.git \ + '#{File.dirname(File.dirname(__FILE__))}/' \ + '#{File.dirname(__FILE__)}/ansible/AerisCloud.docker'" + + unless File.exist?("ansible/AerisCloud.repos") then + puts "Installing missing dependencies" + system "ansible-galaxy install -r ansible/dependencies.yml -p ansible" + end +end + +Vagrant.configure("2") do |config| + config.vm.box = "ubuntu/xenial64" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + config.vm.provider "virtualbox" do |vb| + # Customize the amount of memory on the VM: + vb.memory = "512" + end + + config.vm.define "ubuntu" do |ubuntu| + ubuntu.vm.box = "ubuntu/xenial64" + + # The base xenial box doesn't have python installed so we need to install it manually + ubuntu.vm.provision "shell", inline: <<-SHELL + if + [[ ! -f /usr/bin/python ]]; + then + apt-get update + apt-get install -y python-minimal + fi +SHELL + + # This bit is duplicated between each machines because the order is important on this one + # See the vagrant documentation about multi-machine and merging order + ubuntu.vm.provision "ansible" do |ansible| + ansible.playbook = "ansible/test-playbook.yml" + end + end + + config.vm.define "debian" do |debian| + debian.vm.box = "debian/jessie64" + + debian.vm.provision "ansible" do |ansible| + ansible.playbook = "ansible/test-playbook.yml" + end + end + + config.vm.define "centos" do |centos| + centos.vm.box = "centos/7" + + centos.vm.provision "ansible" do |ansible| + ansible.playbook = "ansible/test-playbook.yml" + end + end +end diff --git a/tests/ansible/dependencies.yml b/tests/ansible/dependencies.yml new file mode 100644 index 0000000..f787242 --- /dev/null +++ b/tests/ansible/dependencies.yml @@ -0,0 +1,2 @@ +- src: AerisCloud.repos + version: v1.1.2 diff --git a/tests/ansible/test-playbook.yml b/tests/ansible/test-playbook.yml new file mode 100644 index 0000000..082dd8b --- /dev/null +++ b/tests/ansible/test-playbook.yml @@ -0,0 +1,5 @@ +- hosts: all + gather_facts: true + become: true + roles: + - AerisCloud.docker \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 1bf4bbd..dd3991c 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,23 +1,4 @@ ---- -docker_playbook_version: "0.1.2" +docker_pubkey_id: "58118E89F3A912897C070ADBF76221572C52609D" +docker_pubkey_server: "hkp://ha.pool.sks-keyservers.net:80" -# replace with gist variant -docker_repo_key: "36A1D7869245C8950F966E92D8576A8BA88D21E9" -docker_repo: "http://get.docker.io/ubuntu" -docker_opts: '' - -##### --- -# Want to advertise the tcp port? Enable below. -# To enable tcp you must set : -# - `docker_listen_tcp = True` -# - uncomment `docker_opts` or provide it as a override -# -# Note: -# By setting `-H` opt for docker, it will no longer be listenting -# on the socket. You cannot have both. You must choose socket `-d` -# or tcp `-H`. -# -docker_listen_tcp: False -docker_listen_port: 4243 -# docker_opts: '"-H tcp://{{ansible_eth1.ipv4.address}}:{{docker_listen_port}}"' -##### --- +docker_apt_repo: "deb https://apt.dockerproject.org/repo {{ ansible_distribution | lower }}-{{ ansible_distribution_release }} {{ docker_repo }}" \ No newline at end of file From c90dee6c6909dc92d3894d5bda169202d9bf657a Mon Sep 17 00:00:00 2001 From: Christophe Robin Date: Wed, 15 Feb 2017 12:33:23 +0900 Subject: [PATCH 2/4] Switch to drop-in config, set default host per os family --- .gitignore | 1 - defaults/main.yml | 3 +-- tasks/main.yml | 7 +++++-- templates/docker.service.j2 | 31 ++----------------------------- tests/.gitignore | 1 + vars/main.yml | 8 +++++++- 6 files changed, 16 insertions(+), 35 deletions(-) create mode 100644 tests/.gitignore diff --git a/.gitignore b/.gitignore index ee196c0..2b0a8c0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -AerisCloud.* *.log .vagrant *.retry diff --git a/defaults/main.yml b/defaults/main.yml index bb8cb3e..8027a0e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,8 +5,7 @@ docker_repo: main # docker_repo: experimental # By default we listen on the docker socket, if you want to listen on TCP just # update this variable to add new entries such as "tcp://192.168.0.1:4738" -docker_hosts: -- unix:///var/run/docker.sock +docker_hosts: "{{ docker_default_hosts[ansible_os_family] | list }}" # Default IP when binding container ports docker_ip: "0.0.0.0" # The logging level of the daemon diff --git a/tasks/main.yml b/tasks/main.yml index d31b5c4..35707ab 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -7,11 +7,14 @@ static: no when: ansible_os_family == "RedHat" +- name: Create drop-in folder + file: path=/etc/systemd/system/docker.service.d state=directory mode=0755 + # Not a big fan of this but the default package explicitly prevents defining the hosts # option in the daemon config by adding a useless -H option on the dockerd start command, # this service file removes it -- name: Update systemd definition to allow for custom listen options - template: src=docker.service.j2 dest=/lib/systemd/system/docker.service +- name: Create drop-in systemd definition to allow for custom listen options + template: src=docker.service.j2 dest=/etc/systemd/system/docker.service.d/docker.conf register: systemd_service - name: Reload systemd diff --git a/templates/docker.service.j2 b/templates/docker.service.j2 index 10c25f9..5bc171f 100644 --- a/templates/docker.service.j2 +++ b/templates/docker.service.j2 @@ -1,31 +1,4 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network.target{% if ansible_os_family != "RedHat" %} docker.socket -Requires=docker.socket -{% endif %} - [Service] -Type=notify -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker EnvironmentFile=-/etc/default/docker -ExecStart=/usr/bin/dockerd $DOCKER_OPTS -ExecReload=/bin/kill -s HUP $MAINPID -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity -# Uncomment TasksMax if your systemd version supports it. -# Only systemd 226 and above support this version. -TasksMax=infinity -TimeoutStartSec=0 -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes -# kill only the docker process, not all processes in the cgroup -KillMode=process - -[Install] -WantedBy=multi-user.target +ExecStart= +ExecStart=/usr/bin/dockerd $DOCKER_OPTS \ No newline at end of file diff --git a/tests/.gitignore b/tests/.gitignore new file mode 100644 index 0000000..d16a8b8 --- /dev/null +++ b/tests/.gitignore @@ -0,0 +1 @@ +AerisCloud.* \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index dd3991c..5f96f67 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,4 +1,10 @@ docker_pubkey_id: "58118E89F3A912897C070ADBF76221572C52609D" docker_pubkey_server: "hkp://ha.pool.sks-keyservers.net:80" -docker_apt_repo: "deb https://apt.dockerproject.org/repo {{ ansible_distribution | lower }}-{{ ansible_distribution_release }} {{ docker_repo }}" \ No newline at end of file +docker_apt_repo: "deb https://apt.dockerproject.org/repo {{ ansible_distribution | lower }}-{{ ansible_distribution_release }} {{ docker_repo }}" + +docker_default_hosts: + Debian: + - fd:// + RedHat: + - unix:///var/run/docker.sock \ No newline at end of file From 3dd47a3af5ce512ea52c42c521fb016f28e9555f Mon Sep 17 00:00:00 2001 From: Christophe Robin Date: Wed, 15 Feb 2017 13:16:07 +0900 Subject: [PATCH 3/4] Fix linting and missing tags --- handlers/main.yml | 6 ++++++ tasks/Debian.yml | 22 +++++++++++++++++----- tasks/RedHat.yml | 9 +++++++-- tasks/main.yml | 34 ++++++++++++++++++++++++++-------- 4 files changed, 56 insertions(+), 15 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 2450f1f..ce0435c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,6 +1,12 @@ --- - name: Reload systemd command: /bin/systemctl daemon-reload + tags: + - docker + - service - name: Restart docker service: name=docker state=restarted enabled=yes sleep=5 + tags: + - docker + - service diff --git a/tasks/Debian.yml b/tasks/Debian.yml index 4839864..00188a4 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -1,19 +1,31 @@ -- name: Import Docker APT public key. +- name: "Import Docker APT public key." apt_key: keyserver: "{{ docker_pubkey_server }}" id: "{{ docker_pubkey_id }}" state: present + tags: + - docker + - package -- name: Install apt-transport-https if necessary. +- name: "Install apt-transport-https if necessary." apt: - name: apt-transport-https + name: "apt-transport-https" state: present + tags: + - docker + - package -- name: Add the APT Docker repository. +- name: "Add the APT Docker repository." apt_repository: repo: "{{ docker_apt_repo }}" state: present filename: 'docker' + tags: + - docker + - package -- name: Install Docker +- name: "Install Docker" apt: name=docker-engine state=present update_cache=yes + tags: + - docker + - package \ No newline at end of file diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml index 281aef4..8fdb6ab 100644 --- a/tasks/RedHat.yml +++ b/tasks/RedHat.yml @@ -1,5 +1,8 @@ -- fail: msg="The system is running a version of RedHat that is not supported by this playbook" +- name: "Check CentOS version" + fail: msg="The system is running a version of RedHat that is not supported by this playbook" when: ansible_distribution_major_version|int == 6 + tags: + - docker - name: "Install docker" yum: > @@ -7,4 +10,6 @@ enablerepo=dockerrepo state=present notify: Restart docker - + tags: + - docker + - package diff --git a/tasks/main.yml b/tasks/main.yml index 35707ab..e87745f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,35 +2,53 @@ - include: Debian.yml static: no when: ansible_os_family == 'Debian' + tags: + - docker - include: RedHat.yml static: no when: ansible_os_family == "RedHat" + tags: + - docker -- name: Create drop-in folder +- name: "Create drop-in folder" file: path=/etc/systemd/system/docker.service.d state=directory mode=0755 + tags: + - docker + - service + - files # Not a big fan of this but the default package explicitly prevents defining the hosts # option in the daemon config by adding a useless -H option on the dockerd start command, # this service file removes it -- name: Create drop-in systemd definition to allow for custom listen options +- name: "Create drop-in systemd definition to allow for custom listen options" template: src=docker.service.j2 dest=/etc/systemd/system/docker.service.d/docker.conf - register: systemd_service - -- name: Reload systemd - command: /bin/systemctl daemon-reload - when: systemd_service|changed + notify: + - Reload systemd + tags: + - docker + - service + - files - name: "Ensure that /etc/docker exists" file: path=/etc/docker state=directory mode=0755 + tags: + - docker + - files -- name: Docker default config file +- name: "Docker default config file" template: src=docker-config.json.j2 dest=/etc/docker/daemon.json notify: - Restart docker + tags: + - docker + - files - name: "Make sure docker is running" service: > name=docker state=started enabled=yes + tags: + - docker + - service \ No newline at end of file From 347d9b1f9c19312d0b11ae2df33165cd69325166 Mon Sep 17 00:00:00 2001 From: Christophe Robin Date: Wed, 15 Feb 2017 15:34:37 +0900 Subject: [PATCH 4/4] Remove handler tags, install a couple extra pkgs on debian --- handlers/main.yml | 6 ------ tasks/Debian.yml | 12 ++++++++++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index ce0435c..2450f1f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,12 +1,6 @@ --- - name: Reload systemd command: /bin/systemctl daemon-reload - tags: - - docker - - service - name: Restart docker service: name=docker state=restarted enabled=yes sleep=5 - tags: - - docker - - service diff --git a/tasks/Debian.yml b/tasks/Debian.yml index 00188a4..1a515d6 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -9,8 +9,11 @@ - name: "Install apt-transport-https if necessary." apt: - name: "apt-transport-https" + name: "{{ item }}" state: present + with_items: + - apt-transport-https + - ca-certificates tags: - docker - package @@ -25,7 +28,12 @@ - package - name: "Install Docker" - apt: name=docker-engine state=present update_cache=yes + apt: + name: "{{ item }}" + state: present + with_items: + - docker-engine + - linux-image-extra-virtual tags: - docker - package \ No newline at end of file