From a5fe4b770203937e94b9cba29b78d63764873deb Mon Sep 17 00:00:00 2001 From: stack Date: Mon, 20 Mar 2017 22:02:45 +0000 Subject: [PATCH 1/4] Introduce 1450 MTU for Docker-encapsulated networking --- ansible/roles/docker/handlers/main.yml | 6 ++++++ ansible/roles/docker/tasks/config.yml | 8 ++++++++ ansible/roles/docker/tasks/main.yml | 13 +++++++++++++ ansible/roles/docker/tasks/storage.yml | 13 +------------ ansible/roles/docker/templates/daemon.json.j2 | 11 ++++++----- 5 files changed, 34 insertions(+), 17 deletions(-) create mode 100644 ansible/roles/docker/handlers/main.yml create mode 100644 ansible/roles/docker/tasks/config.yml diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml new file mode 100644 index 000000000..de4135375 --- /dev/null +++ b/ansible/roles/docker/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart docker service + service: + name: docker + state: restarted + become: True diff --git a/ansible/roles/docker/tasks/config.yml b/ansible/roles/docker/tasks/config.yml new file mode 100644 index 000000000..8284ccfc0 --- /dev/null +++ b/ansible/roles/docker/tasks/config.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure the docker daemon configuration file exists + template: + src: daemon.json.j2 + dest: /etc/docker/daemon.json + become: True + notify: restart docker service + diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index a0b7bf66e..d3d578b74 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -24,3 +24,16 @@ - include: storage.yml when: "{{ 'Data loop file' in docker_info.stdout }}" + +- name: Read Docker daemon config file + slurp: + src: /etc/docker/daemon.json + register: docker_daemon_conf + become: True + +- name: Parse Docker daemon config JSON + set_fact: + docker_daemon_json: "{{ docker_daemon_conf['content'] | b64decode | from_json }}" + +- include: config.yml + when: "{{ docker_daemon_json['mtu'] }} != 1450 or {{ docker_daemon_json['storage-driver'] }} != 'devicemapper'" diff --git a/ansible/roles/docker/tasks/storage.yml b/ansible/roles/docker/tasks/storage.yml index 09fda5fc4..030ac05f5 100644 --- a/ansible/roles/docker/tasks/storage.yml +++ b/ansible/roles/docker/tasks/storage.yml @@ -4,6 +4,7 @@ name: docker state: stopped become: True + notify: restart docker service - name: Ensure loopback storage state is absent file: @@ -47,15 +48,3 @@ lvchange --metadataprofile docker-thinpool {{ docker_storage_volume_group }}/{{ docker_storage_volume_thinpool }} become: True - -- name: Ensure the docker daemon configuration file exists - template: - src: daemon.json.j2 - dest: /etc/docker/daemon.json - become: True - -- name: Ensure the docker daemon is running - service: - name: docker - state: started - become: True diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2 index a02fc1a79..0da43abc7 100644 --- a/ansible/roles/docker/templates/daemon.json.j2 +++ b/ansible/roles/docker/templates/daemon.json.j2 @@ -1,8 +1,9 @@ { "storage-driver": "devicemapper", - "storage-opts": [ - "dm.thinpooldev=/dev/mapper/{{ docker_storage_volume_group | replace('-', '--') }}-{{ docker_storage_volume_thinpool | replace('-', '--') }}", - "dm.use_deferred_removal=true", - "dm.use_deferred_deletion=true" - ] + "mtu": 1450, + "storage-opts": [ + "dm.thinpooldev=/dev/mapper/{{ docker_storage_volume_group | replace('-', '--') }}-{{ docker_storage_volume_thinpool | replace('-', '--') }}", + "dm.use_deferred_removal=true", + "dm.use_deferred_deletion=true" + ] } From cf5db1d59c5d754bad6441f39c90d46a2975e7bf Mon Sep 17 00:00:00 2001 From: stack Date: Wed, 22 Mar 2017 09:30:59 +0000 Subject: [PATCH 2/4] Second pass at Docker MTU assignment --- ansible/roles/docker/tasks/config.yml | 1 - ansible/roles/docker/tasks/main.yml | 17 ++++++----------- ansible/roles/docker/templates/daemon.json.j2 | 2 +- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/ansible/roles/docker/tasks/config.yml b/ansible/roles/docker/tasks/config.yml index 8284ccfc0..af3704bda 100644 --- a/ansible/roles/docker/tasks/config.yml +++ b/ansible/roles/docker/tasks/config.yml @@ -5,4 +5,3 @@ dest: /etc/docker/daemon.json become: True notify: restart docker service - diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index d3d578b74..b44cb6d4e 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -6,6 +6,12 @@ append: yes become: True +- name: Check Docker state with systemd + service: + name: docker + state: started + become: True + - name: Check whether docker storage is in loopback mode command: docker info register: docker_info @@ -25,15 +31,4 @@ - include: storage.yml when: "{{ 'Data loop file' in docker_info.stdout }}" -- name: Read Docker daemon config file - slurp: - src: /etc/docker/daemon.json - register: docker_daemon_conf - become: True - -- name: Parse Docker daemon config JSON - set_fact: - docker_daemon_json: "{{ docker_daemon_conf['content'] | b64decode | from_json }}" - - include: config.yml - when: "{{ docker_daemon_json['mtu'] }} != 1450 or {{ docker_daemon_json['storage-driver'] }} != 'devicemapper'" diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2 index 0da43abc7..67eab7a81 100644 --- a/ansible/roles/docker/templates/daemon.json.j2 +++ b/ansible/roles/docker/templates/daemon.json.j2 @@ -1,6 +1,6 @@ { "storage-driver": "devicemapper", - "mtu": 1450, + "mtu": {{ external_net_name | net_mtu }}, "storage-opts": [ "dm.thinpooldev=/dev/mapper/{{ docker_storage_volume_group | replace('-', '--') }}-{{ docker_storage_volume_thinpool | replace('-', '--') }}", "dm.use_deferred_removal=true", From 01c3a83d38dae1bc5acdc0e5c8735b30206eeae4 Mon Sep 17 00:00:00 2001 From: Stig Telfer Date: Wed, 22 Mar 2017 09:52:20 +0000 Subject: [PATCH 3/4] Update main.yml --- ansible/roles/docker/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index b44cb6d4e..6892c8a26 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -6,7 +6,7 @@ append: yes become: True -- name: Check Docker state with systemd +- name: Ensure Docker daemon is started service: name: docker state: started From 2014888acc6766193d453c1130e454d00e4bb796 Mon Sep 17 00:00:00 2001 From: stack Date: Wed, 22 Mar 2017 11:54:10 +0000 Subject: [PATCH 4/4] Parameter encapsulation for Docker role --- ansible/docker.yml | 1 + ansible/roles/docker/defaults/main.yml | 3 +++ ansible/roles/docker/templates/daemon.json.j2 | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/docker.yml b/ansible/docker.yml index 698896042..1a55725f9 100644 --- a/ansible/docker.yml +++ b/ansible/docker.yml @@ -3,3 +3,4 @@ hosts: docker roles: - role: docker + docker_daemon_mtu: "{{ external_net_name | net_mtu }}" diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index 59c3bdaf9..c43413338 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -20,3 +20,6 @@ docker_storage_thinpool_autoextend_threshold: 80 # Percentage by which to extend thin-provisioned docker storage volumes. docker_storage_thinpool_autoextend_percent: 20 + +# MTU to pass through to containers not using net=host +docker_daemon_mtu: 1500 diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2 index 67eab7a81..4f229af35 100644 --- a/ansible/roles/docker/templates/daemon.json.j2 +++ b/ansible/roles/docker/templates/daemon.json.j2 @@ -1,6 +1,6 @@ { "storage-driver": "devicemapper", - "mtu": {{ external_net_name | net_mtu }}, + "mtu": {{ docker_daemon_mtu }}, "storage-opts": [ "dm.thinpooldev=/dev/mapper/{{ docker_storage_volume_group | replace('-', '--') }}-{{ docker_storage_volume_thinpool | replace('-', '--') }}", "dm.use_deferred_removal=true",