diff options
Diffstat (limited to 'roles/docker/tasks/systemcontainer_docker.yml')
-rw-r--r-- | roles/docker/tasks/systemcontainer_docker.yml | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml new file mode 100644 index 000000000..650f06f86 --- /dev/null +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -0,0 +1,162 @@ +--- +# If docker_options are provided we should fail. We should not install docker and ignore +# the users configuration. NOTE: docker_options == inventory:openshift_docker_options +- name: Fail quickly if openshift_docker_options are set + assert: + that: + - docker_options is defined + - docker_options != "" + msg: | + Docker via System Container does not allow for the use of the openshift_docker_options + variable. If you want to use openshift_docker_options you will need to use the + traditional docker package install. Otherwise, comment out openshift_docker_options + in your inventory file. + +# Used to pull and install the system container +- name: Ensure atomic is installed + package: + name: atomic + state: present + when: not openshift.common.is_atomic | bool + +# At the time of writing the atomic command requires runc for it's own use. This +# task is here in the even that the atomic package ever removes the dependency. +- name: Ensure runc is installed + package: + name: runc + state: present + when: not openshift.common.is_atomic | bool + +# Make sure Docker is installed so we are able to use the client +- name: Install Docker so we can use the client + package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present + when: not openshift.common.is_atomic | bool + +# Make sure docker is disabled. Errors are ignored. +- name: Disable Docker + systemd: + name: docker + enabled: no + state: stopped + daemon_reload: yes + ignore_errors: True + +# Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf +# regexp: the line starts with or without #, followed by the string +# http_proxy, then either : or = +- block: + + - name: Add http_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?http_proxy[:=]{1}" + line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" + when: + - openshift.common.http_proxy is defined + - openshift.common.http_proxy != '' + + - name: Add https_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?https_proxy[:=]{1}" + line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" + when: + - openshift.common.https_proxy is defined + - openshift.common.https_proxy != '' + + - name: Add no_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?no_proxy[:=]{1}" + line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" + when: + - openshift.common.no_proxy is defined + - openshift.common.no_proxy != '' + +- block: + + - name: Set to default prepend + set_fact: + l_docker_image_prepend: "gscrivano" + + - name: Use Red Hat Registry for image when distribution is Red Hat + set_fact: + l_docker_image_prepend: "registry.access.redhat.com/openshift3" + when: ansible_distribution == 'RedHat' + + - name: Use Fedora Registry for image when distribution is Fedora + set_fact: + l_docker_image_prepend: "registry.fedoraproject.org" + when: ansible_distribution == 'Fedora' + + # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504 + - name: Use a testing registry if requested + set_fact: + l_docker_image_prepend: "{{ openshift_docker_systemcontainer_image_registry_override }}" + when: + - openshift_docker_systemcontainer_image_registry_override is defined + - openshift_docker_systemcontainer_image_registry_override != "" + + - name: Set the full image name + set_fact: + l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:latest" + +# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released +- name: Pre-pull Container Engine System Container image + command: "atomic pull --storage ostree {{ l_docker_image }}" + changed_when: false + environment: + NO_PROXY: "{{ openshift.common.no_proxy | default('') }}" + + +- name: Ensure container-engine.service.d directory exists + file: + path: "{{ container_engine_systemd_dir }}" + state: directory + +- name: Ensure /etc/docker directory exists + file: + path: "{{ docker_conf_dir }}" + state: directory + +- name: Install Container Engine System Container + oc_atomic_container: + name: "{{ openshift.docker.service_name }}" + image: "{{ l_docker_image }}" + state: latest + +- name: Configure Container Engine Service File + template: + dest: "{{ container_engine_systemd_dir }}/custom.conf" + src: systemcontainercustom.conf.j2 + +# Set local versions of facts that must be in json format for container-daemon.json +# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson +- set_fact: + l_docker_insecure_registries: "{{ docker_insecure_registries | default([]) | to_json }}" + l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}" + l_docker_additional_registries: "{{ docker_additional_registries | default([]) | to_json }}" + l_docker_blocked_registries: "{{ docker_blocked_registries | default([]) | to_json }}" + l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}" + +# Configure container-engine using the container-daemon.json file +# NOTE: daemon.json and container-daemon.json have been seperated to avoid +# collision. +- name: Configure Container Engine + template: + dest: "{{ docker_conf_dir }}/container-daemon.json" + src: daemon.json + +# Enable and start the container-engine service +- name: Start the Container Engine service + systemd: + name: "{{ openshift.docker.service_name }}" + enabled: yes + state: started + daemon_reload: yes + register: start_result + +- set_fact: + docker_service_status_changed: start_result | changed + +- meta: flush_handlers |