Update to 2021-12-01 19:13

2025-07-27 00:05:44 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -0,0 +1,19 @@
+---
+
+docker_data_dir: /opt/docker
+docker_log_driver: journald
+
+docker_base_conf:
+  data-root: /opt/docker
+  log-driver: journald
+  storage-driver: overlay2
+  storage-opts:
+    - 'overlay2.override_kernel_check=true'
+docker_extra_conf: {}
+# docker_extra_conf:
+#   log-opts:
+#     max-size: 100m
+#     max-file: 5
+
+docker_conf: "{{ docker_base_conf | combine(docker_extra_conf, recursive=True) }}"
+
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: restart docker
+  service: name=docker state=restarted
+  when: not docker_start.changed
--- a/roles/docker/meta/main.yml
+++ b/roles/docker/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - role: repo_docker
+  - role: docker_compose
--- a/roles/docker/tasks/conf.yml
+++ b/roles/docker/tasks/conf.yml
@@ -0,0 +1,67 @@
+---
+
+- name: Deploy docker daemon configuration
+  template: src=daemon.json.j2 dest=/etc/docker/daemon.json mode=600
+  notify: restart docker
+  tags: docker
+
+- name: Create systemd snippet dir
+  file: path=/etc/systemd/system/docker.{{ item }}.d state=directory
+  loop:
+    - service
+    - socket
+  tags: docker
+
+- name: Create systemd service snippet dir
+  file: path=/etc/systemd/system/docker.service.d state=directory
+  tags: docker
+
+- name: Configure Docker to restart on failure
+  copy:
+    content: |
+      [Unit]
+      After=sssd.service
+
+      [Service]
+      Restart=on-failure
+      StartLimitInterval=0
+      RestartSec=30
+    dest: /etc/systemd/system/docker.service.d/99-ansible.conf
+  register: docker_service_unit
+  tags: docker
+
+- name: Override docker socket configuration
+  copy:
+    content: |
+      [Unit]
+      After=sssd.service
+      DefaultDependencies=no
+
+      [Socket]
+      SocketGroup={{ docker_conf.group }}
+    dest: /etc/systemd/system/docker.socket.d/99-ansible.conf
+  when: docker_conf.group is defined
+  register: docker_socket_unit
+  notify: restart docker
+  tags: docker
+
+- name: Remove obsolete conf
+  file: path=/etc/systemd/system/docker.socket.d/group.conf state=absent
+  register: docker_old_unit
+  tags: docker
+
+- name: Disable docker.socket to ensure the socket is pulled by the service
+  systemd: name=docker.socket enabled=False
+  tags: docker
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: docker_socket_unit.changed or docker_service_unit.changed or docker_old_unit.changed
+  tags: docker
+
+- name: Fix the dockremap UID namespace
+  lineinfile: path=/etc/{{ item }} regexp='^dockremap\s.*' line='dockremap:100000:65536'
+  loop:
+    - subuid
+    - subgid
+  tags: docker
--- a/roles/docker/tasks/directories.yml
+++ b/roles/docker/tasks/directories.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ docker_conf['data-root'] }}"
+    - dir: /etc/docker
+  tags: docker
--- a/roles/docker/tasks/facts.yml
+++ b/roles/docker/tasks/facts.yml
@@ -0,0 +1,8 @@
+---
+
+- set_fact: sysconfdir=/etc/sysconfig
+  when: ansible_os_family == 'RedHat'
+  tags: docker
+
+- set_fact: sysconfdir=/etc/default
+  when: ansible_os_family == 'Debian'
--- a/roles/docker/tasks/install.yml
+++ b/roles/docker/tasks/install.yml
@@ -0,0 +1,4 @@
+---
+
+- include: install_{{ ansible_os_family }}.yml
+
--- a/roles/docker/tasks/install_RedHat.yml
+++ b/roles/docker/tasks/install_RedHat.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Install packages
+  yum:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - device-mapper-persistent-data
+      - lvm2
+    state: present
+  tags: docker
+
+- name: Remove packaged docker-compose
+  yum:
+    name:
+      -  docker-compose
+    state: absent
+  tags: docker
+
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- include: facts.yml
+- include: directories.yml
+- include: install.yml
+- include: conf.yml
+- include: service.yml
--- a/roles/docker/tasks/service.yml
+++ b/roles/docker/tasks/service.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Start and enable dockerd
+  service: name=docker state=started enabled=True
+  register: docker_start
+  tags: docker
--- a/roles/docker/templates/daemon.json.j2
+++ b/roles/docker/templates/daemon.json.j2
@@ -0,0 +1 @@
+{{ docker_conf | to_nice_json(indent=4) }}
--- a/roles/docker/templates/docker-service-ansible.conf.j2
+++ b/roles/docker/templates/docker-service-ansible.conf.j2
@@ -0,0 +1,5 @@
+[Unit]
+After=local-fs.target
+{% if docker_sssd.stat.exists %}
+After=sssd.service
+{% endif %}