b4f1d3c993
Sync the versions with kolla-ansible Depends-On: https://review.opendev.org/c/openstack/kayobe/+/883744 Change-Id: I744d64e1e69021f93497fcf127a6abd315f04669
120 lines
3.6 KiB
YAML
120 lines
3.6 KiB
YAML
---
|
|
- name: Ensure docker config directory exists
|
|
file:
|
|
path: /etc/docker
|
|
state: directory
|
|
mode: 0755
|
|
become: True
|
|
|
|
- name: Write docker config
|
|
become: True
|
|
vars:
|
|
docker_config_insecure_registries:
|
|
insecure-registries:
|
|
- "{{ docker_registry }}"
|
|
docker_config_storage_driver:
|
|
storage-driver: "{{ docker_storage_driver }}"
|
|
docker_config_runtime_directory:
|
|
data-root: "{{ docker_runtime_directory }}"
|
|
docker_config_iptables:
|
|
iptables: false
|
|
docker_config_bridge:
|
|
bridge: "none"
|
|
docker_config_ip_forward:
|
|
ip-forward: false
|
|
docker_config_ulimit_nofile:
|
|
default-ulimits:
|
|
nofile:
|
|
name: nofile
|
|
hard: "{{ docker_ulimit_nofile_hard }}"
|
|
soft: "{{ docker_ulimit_nofile_soft }}"
|
|
docker_config: >-
|
|
{{ {}
|
|
| combine(docker_zun_config if docker_configure_for_zun | bool and 'zun-compute' in group_names else {})
|
|
| combine(docker_config_insecure_registries if docker_registry_insecure | bool else {})
|
|
| combine(docker_config_storage_driver if docker_storage_driver | length > 0 else {})
|
|
| combine(docker_config_runtime_directory if docker_runtime_directory | length > 0 else {})
|
|
| combine(docker_config_iptables if docker_disable_default_iptables_rules | bool else {})
|
|
| combine(docker_config_bridge if docker_disable_default_network | bool else {})
|
|
| combine(docker_config_ip_forward if docker_disable_ip_forward | bool else {})
|
|
| combine(docker_config_ulimit_nofile if docker_ulimit_nofile | bool else {})
|
|
| combine(docker_custom_config) }}
|
|
copy:
|
|
content: "{{ docker_config | to_nice_json }}"
|
|
dest: /etc/docker/daemon.json
|
|
mode: 0644
|
|
notify:
|
|
- Restart docker
|
|
|
|
- name: Remove old docker options file
|
|
become: True
|
|
file:
|
|
path: /etc/systemd/system/docker.service.d/kolla.conf
|
|
state: absent
|
|
when:
|
|
- not docker_configure_for_zun | bool or 'zun-compute' not in group_names
|
|
- not docker_http_proxy
|
|
- not docker_https_proxy
|
|
- not docker_no_proxy
|
|
notify:
|
|
- Reload docker service file
|
|
|
|
- name: Ensure docker service directory exists
|
|
become: True
|
|
file:
|
|
path: /etc/systemd/system/docker.service.d
|
|
state: directory
|
|
recurse: yes
|
|
when: >
|
|
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
|
|
docker_http_proxy | length > 0 or
|
|
docker_https_proxy | length > 0 or
|
|
docker_no_proxy | length > 0
|
|
|
|
- name: Configure docker service
|
|
become: True
|
|
template:
|
|
src: docker_systemd_service.j2
|
|
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
|
mode: 0644
|
|
when: >
|
|
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
|
|
docker_http_proxy | length > 0 or
|
|
docker_https_proxy | length > 0 or
|
|
docker_no_proxy | length > 0
|
|
notify:
|
|
- Reload docker service file
|
|
|
|
- name: Ensure the path for CA file for private registry exists
|
|
file:
|
|
path: "/etc/docker/certs.d/{{ docker_registry }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
state: directory
|
|
become: True
|
|
when: docker_registry is not none and docker_registry_ca is not none
|
|
|
|
- name: Ensure the CA file for private registry exists
|
|
copy:
|
|
src: "{{ docker_registry_ca }}"
|
|
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
become: True
|
|
when: docker_registry is not none and docker_registry_ca is not none
|
|
notify:
|
|
- Restart docker
|
|
|
|
- name: Flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: Start and enable docker
|
|
systemd:
|
|
name: docker
|
|
state: started
|
|
enabled: yes
|
|
masked: no
|
|
become: True
|