e86a1c6f96
There are two major issues we are trying to address here. The first is that docker-compose (python implementation) is EOL and does not work with python3.12. Instead we need to use docker compose (golang implementation) on newer platforms like Noble. We're taking advantage of the clean break between distro releases to do a migration of the container management system rather than try and replace docker-compose with docker compose in place on existing servers. Second the docker runtime can only deal with mirrors for images hosted on docker hub. This impacts our ability to speculatively test images that are hosted on quay (or elsewhere) with docker since speculative image testing currently relies on mirror configuration to provide unreleased images to test environments. By switching the runtime to podman instead of docker behind docker compose we fix this second problem. Again the clean break between distro releases is a convenient time to make ths witch rather than doing it in place. Some design considerations include: * Not bothering with docker ce packaging and instead relying on packages in Ubuntu Noble * Configuring the podman service to listen on a socket located where docker's socket typically lives. This avoids needing environment overrides every time we run docker compose. * Not adding a special podman group for this. We effectively manage things as root or via sudo so we can keep this simple for now. Future updates may include installation of docker compose and/or podman from upstream sources. We could add a podman group. We may also switch to using user owner podman daemons and reduce some privilege. Change-Id: Ib0a9cdb38b99521bcd7e15c17f6175aea2c042eb
39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
# We're taking a different approach with Noble and beyond.
|
|
# For these newer releases we're going to use `docker compose`
|
|
# with the podman service instead of `docker-compose` with the
|
|
# docker service. We'll use task file lookups to differentiate.
|
|
# TODO(clarkb) the noble behavior really probably deservices to be
|
|
# in a new role but to simplify our transition between container
|
|
# runtimes we continue to manage it in install-docker.
|
|
- name: Include OS-release specific tasks
|
|
include_tasks: "{{ lookup('first_found', file_list) }}"
|
|
vars:
|
|
file_list: "{{ distro_lookup_path }}"
|
|
|
|
- name: Install rsyslog redirector for container tags
|
|
copy:
|
|
src: '10-docker.conf'
|
|
dest: /etc/rsyslog.d/
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- Restart rsyslog
|
|
|
|
- name: Ensure rsyslog restarted now
|
|
meta: flush_handlers
|
|
|
|
- name: Create container log directories
|
|
file:
|
|
state: directory
|
|
path: /var/log/containers/
|
|
owner: syslog
|
|
group: adm
|
|
mode: 0775
|
|
|
|
- name: Install log rotation for container log files
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: '/var/log/containers/*.log'
|