1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
---
- name: Get current installed Docker version
command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker"
when: not openshift.common.is_atomic | bool
register: curr_docker_version
changed_when: false
- name: Error out if Docker pre-installed but too old
fail:
msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required."
when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined
- name: Error out if requested Docker is too old
fail:
msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required."
when: docker_version is defined and docker_version | version_compare('1.9.1', '<')
# If a docker_version was requested, sanity check that we can install or upgrade to it, and
# no downgrade is required.
- name: Fail if Docker version requested but downgrade is required
fail:
msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested."
when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>')
# This involves an extremely slow migration process, users should instead run the
# Docker 1.10 upgrade playbook to accomplish this.
- name: Error out if attempting to upgrade Docker across the 1.10 boundary
fail:
msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed."
when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=')
# Make sure Docker is installed, but does not update a running version.
# Docker upgrades are handled by a separate playbook.
- name: Install Docker
package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
when: not openshift.common.is_atomic | bool
- block:
# Extend the default Docker service unit file when using iptables-services
- name: Ensure docker.service.d directory exists
file:
path: "{{ docker_systemd_dir }}"
state: directory
- name: Configure Docker service unit file
template:
dest: "{{ docker_systemd_dir }}/custom.conf"
src: custom.conf.j2
when: not os_firewall_use_firewalld | default(False) | bool
- stat: path=/etc/sysconfig/docker
register: docker_check
- name: Set registry params
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^{{ item.reg_conf_var }}=.*$'
line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
when: item.reg_fact_val != '' and docker_check.stat.isreg is defined and docker_check.stat.isreg
with_items:
- reg_conf_var: ADD_REGISTRY
reg_fact_val: "{{ docker_additional_registries | default(None, true)}}"
reg_flag: --add-registry
- reg_conf_var: BLOCK_REGISTRY
reg_fact_val: "{{ docker_blocked_registries| default(None, true) }}"
reg_flag: --block-registry
- reg_conf_var: INSECURE_REGISTRY
reg_fact_val: "{{ docker_insecure_registries| default(None, true) }}"
reg_flag: --insecure-registry
notify:
- restart docker
- name: Set Proxy Settings
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^{{ item.reg_conf_var }}=.*$'
line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
with_items:
- reg_conf_var: HTTP_PROXY
reg_fact_val: "{{ docker_http_proxy | default('') }}"
- reg_conf_var: HTTPS_PROXY
reg_fact_val: "{{ docker_https_proxy | default('') }}"
- reg_conf_var: NO_PROXY
reg_fact_val: "{{ docker_no_proxy | default('') }}"
notify:
- restart docker
when:
- docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common'
- name: Set various Docker options
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^OPTIONS=.*$'
line: "OPTIONS='\
{% if ansible_selinux.status | default(None) == '''enabled''' and docker_selinux_enabled | default(true) %} --selinux-enabled {% endif %}\
{% if docker_log_driver is defined %} --log-driver {{ docker_log_driver }}{% endif %}\
{% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\
{% if docker_options is defined %} {{ docker_options }}{% endif %}\
{% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'"
when: docker_check.stat.isreg is defined and docker_check.stat.isreg
notify:
- restart docker
- stat: path=/etc/sysconfig/docker-network
register: sysconfig_docker_network_check
- name: Configure Docker Network OPTIONS
lineinfile:
dest: /etc/sysconfig/docker-network
regexp: '^DOCKER_NETWORK_OPTIONS=.*$'
line: "DOCKER_NETWORK_OPTIONS='\
{% if openshift.node is defined and openshift.node.sdn_mtu is defined %} --mtu={{ openshift.node.sdn_mtu }}{% endif %}'"
when:
- sysconfig_docker_network_check.stat.isreg is defined
- sysconfig_docker_network_check.stat.isreg
notify:
- restart docker
- name: Start the Docker service
systemd:
name: docker
enabled: yes
state: started
daemon_reload: yes
register: start_result
- set_fact:
docker_service_status_changed: start_result | changed
- meta: flush_handlers
|