1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
---
- name: Get current installed Docker version
command: "{{ repoquery_installed }} --qf '%{version}' docker"
when: not openshift.common.is_atomic | bool
register: curr_docker_version
retries: 4
until: curr_docker_version | succeeded
changed_when: false
- name: Error out if Docker pre-installed but too old
fail:
msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required."
when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined
- name: Error out if requested Docker is too old
fail:
msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required."
when: docker_version is defined and docker_version | version_compare('1.9.1', '<')
# If a docker_version was requested, sanity check that we can install or upgrade to it, and
# no downgrade is required.
- name: Fail if Docker version requested but downgrade is required
fail:
msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested."
when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>')
# This involves an extremely slow migration process, users should instead run the
# Docker 1.10 upgrade playbook to accomplish this.
- name: Error out if attempting to upgrade Docker across the 1.10 boundary
fail:
msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed."
when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=')
# Make sure Docker is installed, but does not update a running version.
# Docker upgrades are handled by a separate playbook.
# Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed.
- name: Install Docker
package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != ''
register: result
until: result | success
- block:
# Extend the default Docker service unit file when using iptables-services
- name: Ensure docker.service.d directory exists
file:
path: "{{ docker_systemd_dir }}"
state: directory
- name: Configure Docker service unit file
template:
dest: "{{ docker_systemd_dir }}/custom.conf"
src: custom.conf.j2
notify:
- restart container runtime
when: not (os_firewall_use_firewalld | default(False)) | bool
- stat: path=/etc/sysconfig/docker
register: docker_check
- name: Set registry params
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^{{ item.reg_conf_var }}=.*$'
line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
when:
- item.reg_fact_val != []
- docker_check.stat.isreg is defined
- docker_check.stat.isreg
with_items:
- reg_conf_var: ADD_REGISTRY
reg_fact_val: "{{ l2_docker_additional_registries }}"
reg_flag: --add-registry
- reg_conf_var: BLOCK_REGISTRY
reg_fact_val: "{{ l2_docker_blocked_registries }}"
reg_flag: --block-registry
- reg_conf_var: INSECURE_REGISTRY
reg_fact_val: "{{ l2_docker_insecure_registries }}"
reg_flag: --insecure-registry
notify:
- restart container runtime
- name: Place additional/blocked/insecure registries in /etc/containers/registries.conf
template:
dest: "{{ containers_registries_conf_path }}"
src: registries.conf
when: openshift_docker_use_etc_containers | bool
notify:
- restart container runtime
- name: Set Proxy Settings
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^{{ item.reg_conf_var }}=.*$'
line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
with_items:
- reg_conf_var: HTTP_PROXY
reg_fact_val: "{{ docker_http_proxy }}"
- reg_conf_var: HTTPS_PROXY
reg_fact_val: "{{ docker_https_proxy }}"
- reg_conf_var: NO_PROXY
reg_fact_val: "{{ docker_no_proxy }}"
notify:
- restart container runtime
when:
- docker_check.stat.isreg is defined
- docker_check.stat.isreg
- docker_http_proxy != '' or docker_https_proxy != ''
- name: Set various Docker options
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^OPTIONS=.*$'
line: "OPTIONS='\
{% if ansible_selinux.status | default(None) == 'enabled' and openshift_docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \
{% if openshift_docker_log_driver | bool %} --log-driver {{ openshift_docker_log_driver }}{% endif %} \
{% if l2_docker_log_options != [] %} {{ l2_docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \
{% if openshift_docker_hosted_registry_insecure and (openshift_docker_hosted_registry_network | bool) %} --insecure-registry={{ openshift_docker_hosted_registry_network }} {% endif %} \
{% if docker_options is defined %} {{ docker_options }}{% endif %} \
{% if openshift_docker_options %} {{ openshift_docker_options }}{% endif %} \
{% if openshift_docker_disable_push_dockerhub %} --confirm-def-push={{ openshift_docker_disable_push_dockerhub | bool }}{% endif %} \
--signature-verification={{ openshift_docker_signature_verification | bool }}'"
when: docker_check.stat.isreg is defined and docker_check.stat.isreg
notify:
- restart container runtime
- stat: path=/etc/sysconfig/docker-network
register: sysconfig_docker_network_check
- name: Configure Docker Network OPTIONS
lineinfile:
dest: /etc/sysconfig/docker-network
regexp: '^DOCKER_NETWORK_OPTIONS=.*$'
line: "DOCKER_NETWORK_OPTIONS='\
{% if openshift.node is defined and openshift.node.sdn_mtu is defined %} --mtu={{ openshift.node.sdn_mtu }}{% endif %}'"
when:
- sysconfig_docker_network_check.stat.isreg is defined
- sysconfig_docker_network_check.stat.isreg
notify:
- restart container runtime
# The following task is needed as the systemd module may report a change in
# state even though docker is already running.
- name: Detect if docker is already started
command: "systemctl show docker -p ActiveState"
changed_when: False
register: r_docker_already_running_result
- name: Start the Docker service
systemd:
name: docker
enabled: yes
state: started
daemon_reload: yes
register: r_docker_package_docker_start_result
until: not r_docker_package_docker_start_result | failed
retries: 3
delay: 30
- set_fact:
docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}"
- meta: flush_handlers
# This needs to run after docker is restarted to account for proxy settings.
- include_tasks: registry_auth.yml
|
