Modernize the way of configuring Docker daemon

Instead of changing Docker daemon command line let's change config
for Docker instead. In /etc/docker/daemon.json file as it should be.

Custom Docker options can be set with 'docker_custom_config' variable.

Old 'docker_custom_option' is still present but should be avoided.

Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I1215e04ec15b01c0b43bac8c0e81293f6724f278
This commit is contained in:
Marcin Juszkiewicz 2019-07-25 11:24:53 +00:00
parent 8661599b9e
commit a5808ad8ba
8 changed files with 103 additions and 22 deletions

View File

@ -97,8 +97,8 @@ docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
docker_runtime_directory: ""
# Retention settings for Docker logs
docker_log_max_file: 5
docker_log_max_size: 50m
docker_log_max_file: "5"
docker_log_max_size: "50m"
# Valid options are [ no, on-failure, always, unless-stopped ]
docker_restart_policy: "unless-stopped"
@ -108,7 +108,9 @@ docker_restart_policy_retry: "10"
# Extra docker options for Zun
docker_configure_for_zun: "no"
docker_zun_options: -H fd:// -H tcp://{{ api_interface_address }}:2375 --cluster-store=etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
docker_zun_options: -H tcp://{{ api_interface_address }}:2375
docker_zun_config:
cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
# Timeout after Docker sends SIGTERM before sending SIGKILL.
docker_graceful_timeout: 60

View File

@ -31,8 +31,8 @@ change_selinux: True
selinux_state: "permissive"
docker_storage_driver: ""
docker_custom_option: ""
docker_custom_config: {}
# Ubuntu 18+ does not have easy_install available due to
# https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419.

View File

@ -55,35 +55,83 @@
become: True
when: not create_kolla_user | bool
- name: Ensure docker config directory exists
file:
path: /etc/docker
state: directory
become: True
- name: Merge Zun docker config
set_fact:
docker_config: "{{ docker_config | combine(docker_zun_config) }}"
when:
- docker_configure_for_zun | bool
- name: Warn about deprecations
debug:
msg: >
docker_custom_option is deprecated in favor of docker_custom_config
when: docker_custom_option
- name: Setup docker insecure registries
vars:
registries: ["{{ docker_registry }}"]
set_fact:
docker_config: "{{ docker_config | combine({'insecure-registries': registries}) }}"
when: docker_registry_insecure | bool
- name: Setup docker storage driver
set_fact:
docker_config: "{{ docker_config | combine({'storage-driver': docker_storage_driver}) }}"
when: docker_storage_driver
- name: Setup docker runtime directory
set_fact:
docker_config: "{{ docker_config | combine({'data-root': docker_runtime_directory}) }}"
when: docker_runtime_directory
- name: Merge custom docker config
set_fact:
docker_config: "{{ docker_config | combine(docker_custom_config) }}"
- name: Write docker config
become: True
copy:
content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
register: docker_configured
- name: Remove old docker options file
become: True
file:
path: /etc/systemd/system/docker.service.d/kolla.conf
state: absent
when:
- not docker_custom_option
- not docker_configure_for_zun|bool
- name: Ensure docker service directory exists
become: True
file:
path: /etc/systemd/system/docker.service.d
state: directory
recurse: yes
become: True
- name: Check dockerd exists
stat: path=/usr/bin/dockerd
register: dockerd_exists
- name: Setting docker daemon name
set_fact:
docker_binary_name: "dockerd"
when:
dockerd_exists.stat.exists == True
when: docker_custom_option or docker_configure_for_zun|bool
- name: Configure docker service
become: True
template:
src: docker_systemd_service.j2
dest: /etc/systemd/system/docker.service.d/kolla.conf
register: docker_configured
when: docker_custom_option or docker_configure_for_zun|bool
- name: Reload docker service file
become: True
systemd:
name: docker
daemon_reload: yes
register: docker_reloaded
- name: Get stat of libvirtd apparmor profile
stat:
@ -122,7 +170,7 @@
name: docker
state: restarted
become: True
when: docker_configured.changed
when: docker_configured.changed or docker_reloaded.changed
- name: Enable docker
service:

View File

@ -1,3 +1,4 @@
[Service]
ExecStart=
ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }}
# ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems.
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %}

View File

@ -0,0 +1,5 @@
---
docker_config:
log-opts:
max-file: "{{ docker_log_max_file }}"
max-size: "{{ docker_log_max_size }}"

View File

@ -162,7 +162,7 @@ The ``docker_storage_driver`` variable is optional. If set, it defines the
use for Docker.
The ``docker_runtime_directory`` variable is optional. If set, it defines the
runtime (``--graph``) directory for Docker.
runtime (``data-root``) directory for Docker.
The ``docker_registry`` variable, which is not set by default, defines the
address of the Docker registry. If the variable is not set, Dockerhub will be
@ -178,8 +178,16 @@ maximum number of log files to retain per container. The
``docker_log_max_size`` variable, which defaults to ``50m``, defines the
maximum size of each rotated log file per container.
The ``docker_custom_option`` variable is optional. If set, it defines
additional options to pass to the Docker engine via the Systemd unit file.
Additional options for the Docker engine can be passed in
``docker_custom_config`` variable. It will be stored in ``daemon.json`` config
file. Example:
.. code-block:: json
{
"experimental": false
}
Disabling firewalls
~~~~~~~~~~~~~~~~~~~

View File

@ -0,0 +1,18 @@
---
features:
- |
Add custom option for docker daemon by altering "docker_custom_config"
variable (json formatted).
upgrade:
- |
Docker engine configuration changes are now done in
"/etc/docker/daemon.json" file instead of altering systemd unit (which
gets removed if present). Also "docker_custom_option" got replaced by
"docker_custom_config" variable (json formatted).
deprecations:
- |
Configuring Docker daemon by "docker_custom_option" (used in systemd unit
file) is deprecated in favour of "docker_custom_config" variable (stored in
"daemon.json" config file.

View File

@ -29,7 +29,6 @@ docker_namespace: "kolla"
# will be the source of images during the upgrade.
# NOTE(yoctozepto): this is required here for CI because we run templating
# of docker systemd command only once, using the previous release when upgrading
# also note: atm upgrade would conflict with the zun profile which uses this var
docker_custom_option: "--insecure-registry {{ api_interface_address }}:4000"
{% endif %}
{% if not is_previous_release %}