Modernize the way of configuring Docker daemon
Instead of changing Docker daemon command line let's change config for Docker instead. In /etc/docker/daemon.json file as it should be. Custom Docker options can be set with 'docker_custom_config' variable. Old 'docker_custom_option' is still present but should be avoided. Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com> Change-Id: I1215e04ec15b01c0b43bac8c0e81293f6724f278
This commit is contained in:
parent
8661599b9e
commit
a5808ad8ba
@ -97,8 +97,8 @@ docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
|
||||
docker_runtime_directory: ""
|
||||
|
||||
# Retention settings for Docker logs
|
||||
docker_log_max_file: 5
|
||||
docker_log_max_size: 50m
|
||||
docker_log_max_file: "5"
|
||||
docker_log_max_size: "50m"
|
||||
|
||||
# Valid options are [ no, on-failure, always, unless-stopped ]
|
||||
docker_restart_policy: "unless-stopped"
|
||||
@ -108,7 +108,9 @@ docker_restart_policy_retry: "10"
|
||||
|
||||
# Extra docker options for Zun
|
||||
docker_configure_for_zun: "no"
|
||||
docker_zun_options: -H fd:// -H tcp://{{ api_interface_address }}:2375 --cluster-store=etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
docker_zun_options: -H tcp://{{ api_interface_address }}:2375
|
||||
docker_zun_config:
|
||||
cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
# Timeout after Docker sends SIGTERM before sending SIGKILL.
|
||||
docker_graceful_timeout: 60
|
||||
|
@ -31,8 +31,8 @@ change_selinux: True
|
||||
selinux_state: "permissive"
|
||||
|
||||
docker_storage_driver: ""
|
||||
|
||||
docker_custom_option: ""
|
||||
docker_custom_config: {}
|
||||
|
||||
# Ubuntu 18+ does not have easy_install available due to
|
||||
# https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419.
|
||||
|
@ -55,35 +55,83 @@
|
||||
become: True
|
||||
when: not create_kolla_user | bool
|
||||
|
||||
- name: Ensure docker config directory exists
|
||||
file:
|
||||
path: /etc/docker
|
||||
state: directory
|
||||
become: True
|
||||
|
||||
- name: Merge Zun docker config
|
||||
set_fact:
|
||||
docker_config: "{{ docker_config | combine(docker_zun_config) }}"
|
||||
when:
|
||||
- docker_configure_for_zun | bool
|
||||
|
||||
- name: Warn about deprecations
|
||||
debug:
|
||||
msg: >
|
||||
docker_custom_option is deprecated in favor of docker_custom_config
|
||||
when: docker_custom_option
|
||||
|
||||
- name: Setup docker insecure registries
|
||||
vars:
|
||||
registries: ["{{ docker_registry }}"]
|
||||
set_fact:
|
||||
docker_config: "{{ docker_config | combine({'insecure-registries': registries}) }}"
|
||||
when: docker_registry_insecure | bool
|
||||
|
||||
- name: Setup docker storage driver
|
||||
set_fact:
|
||||
docker_config: "{{ docker_config | combine({'storage-driver': docker_storage_driver}) }}"
|
||||
when: docker_storage_driver
|
||||
|
||||
- name: Setup docker runtime directory
|
||||
set_fact:
|
||||
docker_config: "{{ docker_config | combine({'data-root': docker_runtime_directory}) }}"
|
||||
when: docker_runtime_directory
|
||||
|
||||
- name: Merge custom docker config
|
||||
set_fact:
|
||||
docker_config: "{{ docker_config | combine(docker_custom_config) }}"
|
||||
|
||||
- name: Write docker config
|
||||
become: True
|
||||
copy:
|
||||
content: "{{ docker_config | to_nice_json }}"
|
||||
dest: /etc/docker/daemon.json
|
||||
mode: 0644
|
||||
register: docker_configured
|
||||
|
||||
- name: Remove old docker options file
|
||||
become: True
|
||||
file:
|
||||
path: /etc/systemd/system/docker.service.d/kolla.conf
|
||||
state: absent
|
||||
when:
|
||||
- not docker_custom_option
|
||||
- not docker_configure_for_zun|bool
|
||||
|
||||
- name: Ensure docker service directory exists
|
||||
become: True
|
||||
file:
|
||||
path: /etc/systemd/system/docker.service.d
|
||||
state: directory
|
||||
recurse: yes
|
||||
become: True
|
||||
|
||||
- name: Check dockerd exists
|
||||
stat: path=/usr/bin/dockerd
|
||||
register: dockerd_exists
|
||||
|
||||
- name: Setting docker daemon name
|
||||
set_fact:
|
||||
docker_binary_name: "dockerd"
|
||||
when:
|
||||
dockerd_exists.stat.exists == True
|
||||
when: docker_custom_option or docker_configure_for_zun|bool
|
||||
|
||||
- name: Configure docker service
|
||||
become: True
|
||||
template:
|
||||
src: docker_systemd_service.j2
|
||||
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
||||
register: docker_configured
|
||||
when: docker_custom_option or docker_configure_for_zun|bool
|
||||
|
||||
- name: Reload docker service file
|
||||
become: True
|
||||
systemd:
|
||||
name: docker
|
||||
daemon_reload: yes
|
||||
register: docker_reloaded
|
||||
|
||||
- name: Get stat of libvirtd apparmor profile
|
||||
stat:
|
||||
@ -122,7 +170,7 @@
|
||||
name: docker
|
||||
state: restarted
|
||||
become: True
|
||||
when: docker_configured.changed
|
||||
when: docker_configured.changed or docker_reloaded.changed
|
||||
|
||||
- name: Enable docker
|
||||
service:
|
||||
|
@ -1,3 +1,4 @@
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }}
|
||||
# ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems.
|
||||
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %}
|
||||
|
5
ansible/roles/baremetal/vars/main.yml
Normal file
5
ansible/roles/baremetal/vars/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
docker_config:
|
||||
log-opts:
|
||||
max-file: "{{ docker_log_max_file }}"
|
||||
max-size: "{{ docker_log_max_size }}"
|
@ -162,7 +162,7 @@ The ``docker_storage_driver`` variable is optional. If set, it defines the
|
||||
use for Docker.
|
||||
|
||||
The ``docker_runtime_directory`` variable is optional. If set, it defines the
|
||||
runtime (``--graph``) directory for Docker.
|
||||
runtime (``data-root``) directory for Docker.
|
||||
|
||||
The ``docker_registry`` variable, which is not set by default, defines the
|
||||
address of the Docker registry. If the variable is not set, Dockerhub will be
|
||||
@ -178,8 +178,16 @@ maximum number of log files to retain per container. The
|
||||
``docker_log_max_size`` variable, which defaults to ``50m``, defines the
|
||||
maximum size of each rotated log file per container.
|
||||
|
||||
The ``docker_custom_option`` variable is optional. If set, it defines
|
||||
additional options to pass to the Docker engine via the Systemd unit file.
|
||||
Additional options for the Docker engine can be passed in
|
||||
``docker_custom_config`` variable. It will be stored in ``daemon.json`` config
|
||||
file. Example:
|
||||
|
||||
.. code-block:: json
|
||||
|
||||
{
|
||||
"experimental": false
|
||||
}
|
||||
|
||||
|
||||
Disabling firewalls
|
||||
~~~~~~~~~~~~~~~~~~~
|
||||
|
18
releasenotes/notes/docker-daemon.json-33d7618aa5a355a8.yaml
Normal file
18
releasenotes/notes/docker-daemon.json-33d7618aa5a355a8.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Add custom option for docker daemon by altering "docker_custom_config"
|
||||
variable (json formatted).
|
||||
|
||||
upgrade:
|
||||
- |
|
||||
Docker engine configuration changes are now done in
|
||||
"/etc/docker/daemon.json" file instead of altering systemd unit (which
|
||||
gets removed if present). Also "docker_custom_option" got replaced by
|
||||
"docker_custom_config" variable (json formatted).
|
||||
|
||||
deprecations:
|
||||
- |
|
||||
Configuring Docker daemon by "docker_custom_option" (used in systemd unit
|
||||
file) is deprecated in favour of "docker_custom_config" variable (stored in
|
||||
"daemon.json" config file.
|
@ -29,7 +29,6 @@ docker_namespace: "kolla"
|
||||
# will be the source of images during the upgrade.
|
||||
# NOTE(yoctozepto): this is required here for CI because we run templating
|
||||
# of docker systemd command only once, using the previous release when upgrading
|
||||
# also note: atm upgrade would conflict with the zun profile which uses this var
|
||||
docker_custom_option: "--insecure-registry {{ api_interface_address }}:4000"
|
||||
{% endif %}
|
||||
{% if not is_previous_release %}
|
||||
|
Loading…
Reference in New Issue
Block a user