From bf443e644162416a9a79bedd769f40bb509d2cfc Mon Sep 17 00:00:00 2001 From: Paul Smith Date: Tue, 18 Feb 2025 16:23:02 +0000 Subject: [PATCH 1/5] Add support for docker swarm mode --- .../xnat/inventory/group_vars/container_service.yml | 1 + .../xnat/inventory/group_vars/container_service_client.yml | 2 ++ roles/docker/README.md | 1 + roles/docker/defaults/main.yml | 3 +++ roles/docker/tasks/main.yml | 7 +++++++ roles/xnat_container_service/tasks/main.yml | 4 +++- 6 files changed, 17 insertions(+), 1 deletion(-) diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/container_service.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/container_service.yml index 8ed2d1eb..6dbf1e98 100644 --- a/playbooks/molecule/resources/xnat/inventory/group_vars/container_service.yml +++ b/playbooks/molecule/resources/xnat/inventory/group_vars/container_service.yml @@ -6,3 +6,4 @@ docker_client_certificate_cache_directory: docker_server_hostname: "{{ hostvars['xnat_cserv']['hostname'] }}" docker_server_ip: "{{ hostvars['xnat_cserv']['ansible_ip'] }}" docker_server_port: 2376 +docker_swarm_enabled: true diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml index 39c8cff2..29849c8b 100644 --- a/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml +++ b/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml @@ -13,3 +13,5 @@ xnat_container_service_certificate_cache_directory: xnat_container_service_path_translation_xnat_prefix: "{{ xnat_root_dir }}" xnat_container_service_path_translation_docker_prefix: /storage/xnat/data/xnat + +xnat_container_service_swarm_mode: "{{ docker_swarm_enabled }}" diff --git a/roles/docker/README.md b/roles/docker/README.md index ef28ced9..7a1b7f6c 100644 --- a/roles/docker/README.md +++ b/roles/docker/README.md @@ -15,6 +15,7 @@ on CentOS 7 or Rocky Linux 8. | `docker_rpm_gpg_key_url` | The url of the Docker repository GPG key. Defaults to `https://download.docker.com/linux/centos/gpg` | | `docker_repo_baseurl` | URL to the directory containing the repodata. Defaults to `https://download.docker.com/linux/centos` | | `docker_yum_package` | The name of the Docker package. Defaults to `docker` | +| `docker_swarm_enabled` | Initialise a [Docker Swarm](https://docs.docker.com/engine/swarm/). Defaults to `false`. | If you would like to [configure](https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index abd9bc68..70b54551 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -41,3 +41,6 @@ docker_client_certificate_directory: "{{ docker_certificate_directory }}/client_certs" docker_client_certificate_cache_directory: "{{ lookup('env', 'HOME') }}/ansible_persistent_files/docker_certificates" + +# Swarm mode +docker_swarm_enabled: false diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1fa109e0..be87e987 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -101,3 +101,10 @@ name: "{{ docker_service_name }}" state: started enabled: true + +- name: Initialize Docker Swarm + community.docker.docker_swarm: + state: present + advertise_addr: "{{ docker_server_ip }}:{{ docker_server_port }}" + listen_addr: "{{ docker_server_ip }}:{{ docker_server_port }}" + when: docker_swarm_enabled diff --git a/roles/xnat_container_service/tasks/main.yml b/roles/xnat_container_service/tasks/main.yml index 78f0ff33..b2c88f26 100644 --- a/roles/xnat_container_service/tasks/main.yml +++ b/roles/xnat_container_service/tasks/main.yml @@ -18,7 +18,9 @@ cert-path: "{{ xnat_container_service_certificate_directory if xnat_container_service_use_ssl else '' }}" - swarm-mode: false + backend: swarm if {{ xnat_container_service_swarm_mode }} else docker + swarm-mode: "{{ xnat_container_service_swarm_mode }}" + max-concurrent-finalizing-jobs: 1 path-translation-xnat-prefix: "{{ xnat_container_service_path_translation_xnat_prefix }}" path-translation-docker-prefix: From 7ea10115e60a2874ee05a34d1415959a35af7aa8 Mon Sep 17 00:00:00 2001 From: Paul Smith Date: Wed, 19 Feb 2025 14:08:11 +0000 Subject: [PATCH 2/5] Fix listen address for docker swarm --- .../molecule/resources/xnat/inventory/group_vars/centos7.yml | 1 + .../molecule/resources/xnat/inventory/group_vars/rocky9.yml | 1 + roles/docker/tasks/main.yml | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml index 8687ca6e..c8dd1783 100644 --- a/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml +++ b/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml @@ -10,3 +10,4 @@ install_python: - python-setuptools pip_packages: - cryptography + - requests diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml index 3c1a2daf..d427a6e5 100644 --- a/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml +++ b/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml @@ -10,3 +10,4 @@ install_python: - python3-setuptools pip_packages: - cryptography + - requests diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index be87e987..e1070a29 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -106,5 +106,5 @@ community.docker.docker_swarm: state: present advertise_addr: "{{ docker_server_ip }}:{{ docker_server_port }}" - listen_addr: "{{ docker_server_ip }}:{{ docker_server_port }}" + listen_addr: "{{ docker_server_ip }}" when: docker_swarm_enabled From 0439d85c09360b0c84adb675f561f7f7ec0711be Mon Sep 17 00:00:00 2001 From: Paul Smith Date: Wed, 19 Feb 2025 14:38:36 +0000 Subject: [PATCH 3/5] Install docker python library --- .../molecule/resources/xnat/inventory/group_vars/centos7.yml | 2 +- .../molecule/resources/xnat/inventory/group_vars/rocky9.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml index c8dd1783..57a0d9d1 100644 --- a/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml +++ b/playbooks/molecule/resources/xnat/inventory/group_vars/centos7.yml @@ -10,4 +10,4 @@ install_python: - python-setuptools pip_packages: - cryptography - - requests + - docker diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml index d427a6e5..73109b87 100644 --- a/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml +++ b/playbooks/molecule/resources/xnat/inventory/group_vars/rocky9.yml @@ -10,4 +10,4 @@ install_python: - python3-setuptools pip_packages: - cryptography - - requests + - docker From 4e59a2f133b80a53c38b682dd42ca8591c947d7f Mon Sep 17 00:00:00 2001 From: Paul Smith Date: Thu, 20 Feb 2025 08:48:34 +0000 Subject: [PATCH 4/5] Fix setting backend for container service --- .../xnat/inventory/group_vars/container_service_client.yml | 1 - roles/xnat_container_service/tasks/main.yml | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml index 29849c8b..ef679b12 100644 --- a/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml +++ b/playbooks/molecule/resources/xnat/inventory/group_vars/container_service_client.yml @@ -6,7 +6,6 @@ xnat_container_service_client_hostname: "{{ hostvars['xnat_web']['hostname'] }}" xnat_container_service_validate_certs: "{{ ssl.validate_certs }}" xnat_container_service_hostname: "{{ docker_server_hostname }}" -xnat_container_service_ip: "{{ docker_service_ip }}" xnat_container_service_port: "{{ docker_server_port }}" xnat_container_service_certificate_cache_directory: "{{ docker_client_certificate_cache_directory }}" diff --git a/roles/xnat_container_service/tasks/main.yml b/roles/xnat_container_service/tasks/main.yml index b2c88f26..c35b65d7 100644 --- a/roles/xnat_container_service/tasks/main.yml +++ b/roles/xnat_container_service/tasks/main.yml @@ -18,7 +18,8 @@ cert-path: "{{ xnat_container_service_certificate_directory if xnat_container_service_use_ssl else '' }}" - backend: swarm if {{ xnat_container_service_swarm_mode }} else docker + backend: + "{{ 'swarm' if xnat_container_service_swarm_mode else 'docker' }}" swarm-mode: "{{ xnat_container_service_swarm_mode }}" max-concurrent-finalizing-jobs: 1 path-translation-xnat-prefix: From 954fbdf617a33527b2f393279f8f476cd80207b1 Mon Sep 17 00:00:00 2001 From: Paul Smith Date: Thu, 20 Feb 2025 08:49:20 +0000 Subject: [PATCH 5/5] Use default advertise_addr and listen_addr for docker swarm --- roles/docker/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e1070a29..9c7a5cdb 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -105,6 +105,4 @@ - name: Initialize Docker Swarm community.docker.docker_swarm: state: present - advertise_addr: "{{ docker_server_ip }}:{{ docker_server_port }}" - listen_addr: "{{ docker_server_ip }}" when: docker_swarm_enabled