openstack/kolla-ansible
Code Issues Proposed changes

Modernize the way of configuring Docker daemon

Browse Source 
Instead of changing Docker daemon command line let's change config
for Docker instead. In /etc/docker/daemon.json file as it should be.

Custom Docker options can be set with 'docker_custom_config' variable.

Old 'docker_custom_option' is still present but should be avoided.

Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I1215e04ec15b01c0b43bac8c0e81293f6724f278
This commit is contained in:
Marcin Juszkiewicz 2019-07-25 11:24:53 +00:00
parent 8661599b9e
commit a5808ad8ba
8 changed files with 103 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ansible/group_vars/all.yml
View File

@ -97,8 +97,8 @@ docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
docker_runtime_directory: "" docker_runtime_directory: ""
# Retention settings for Docker logs # Retention settings for Docker logs
docker_log_max_file: 5 docker_log_max_file: "5"
docker_log_max_size: 50m docker_log_max_size: "50m"
# Valid options are [ no, on-failure, always, unless-stopped ] # Valid options are [ no, on-failure, always, unless-stopped ]
docker_restart_policy: "unless-stopped" docker_restart_policy: "unless-stopped"
@ -108,7 +108,9 @@ docker_restart_policy_retry: "10"
# Extra docker options for Zun # Extra docker options for Zun
docker_configure_for_zun: "no" docker_configure_for_zun: "no"
docker_zun_options: -H fd:// -H tcp://{{ api_interface_address }}:2375 --cluster-store=etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %} docker_zun_options: -H tcp://{{ api_interface_address }}:2375
docker_zun_config:
cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
# Timeout after Docker sends SIGTERM before sending SIGKILL. # Timeout after Docker sends SIGTERM before sending SIGKILL.
docker_graceful_timeout: 60 docker_graceful_timeout: 60

2
ansible/roles/baremetal/defaults/main.yml
View File

@ -31,8 +31,8 @@ change_selinux: True
selinux_state: "permissive" selinux_state: "permissive"
docker_storage_driver: "" docker_storage_driver: ""
docker_custom_option: "" docker_custom_option: ""
docker_custom_config: {}
# Ubuntu 18+ does not have easy_install available due to # Ubuntu 18+ does not have easy_install available due to
# https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419. # https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419.

74
ansible/roles/baremetal/tasks/post-install.yml
View File

@ -55,35 +55,83 @@
become: True become: True
when: not create_kolla_user | bool when: not create_kolla_user | bool
- name: Ensure docker config directory exists
file:
path: /etc/docker
state: directory
become: True
- name: Merge Zun docker config
set_fact:
docker_config: "{{ docker_config | combine(docker_zun_config) }}"
when:
- docker_configure_for_zun | bool
- name: Warn about deprecations
debug:
msg: >
docker_custom_option is deprecated in favor of docker_custom_config
when: docker_custom_option
- name: Setup docker insecure registries
vars:
registries: ["{{ docker_registry }}"]
set_fact:
docker_config: "{{ docker_config | combine({'insecure-registries': registries}) }}"
when: docker_registry_insecure | bool
- name: Setup docker storage driver
set_fact:
docker_config: "{{ docker_config | combine({'storage-driver': docker_storage_driver}) }}"
when: docker_storage_driver
- name: Setup docker runtime directory
set_fact:
docker_config: "{{ docker_config | combine({'data-root': docker_runtime_directory}) }}"
when: docker_runtime_directory
- name: Merge custom docker config
set_fact:
docker_config: "{{ docker_config | combine(docker_custom_config) }}"
- name: Write docker config
become: True
copy:
content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
register: docker_configured
- name: Remove old docker options file
become: True
file:
path: /etc/systemd/system/docker.service.d/kolla.conf
state: absent
when:
- not docker_custom_option
- not docker_configure_for_zun|bool
- name: Ensure docker service directory exists - name: Ensure docker service directory exists
become: True
file: file:
path: /etc/systemd/system/docker.service.d path: /etc/systemd/system/docker.service.d
state: directory state: directory
recurse: yes recurse: yes
become: True when: docker_custom_option or docker_configure_for_zun|bool
- name: Check dockerd exists
stat: path=/usr/bin/dockerd
register: dockerd_exists
- name: Setting docker daemon name
set_fact:
docker_binary_name: "dockerd"
when:
dockerd_exists.stat.exists == True
- name: Configure docker service - name: Configure docker service
become: True become: True
template: template:
src: docker_systemd_service.j2 src: docker_systemd_service.j2
dest: /etc/systemd/system/docker.service.d/kolla.conf dest: /etc/systemd/system/docker.service.d/kolla.conf
register: docker_configured when: docker_custom_option or docker_configure_for_zun|bool
- name: Reload docker service file - name: Reload docker service file
become: True become: True
systemd: systemd:
name: docker name: docker
daemon_reload: yes daemon_reload: yes
register: docker_reloaded
- name: Get stat of libvirtd apparmor profile - name: Get stat of libvirtd apparmor profile
stat: stat:
@ -122,7 +170,7 @@
name: docker name: docker
state: restarted state: restarted
become: True become: True
when: docker_configured.changed when: docker_configured.changed or docker_reloaded.changed
- name: Enable docker - name: Enable docker
service: service:

3
ansible/roles/baremetal/templates/docker_systemd_service.j2
View File

@ -1,3 +1,4 @@
[Service] [Service]
ExecStart= ExecStart=
ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }} # ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems.
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %}

5
ansible/roles/baremetal/vars/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
docker_config:
log-opts:
max-file: "{{ docker_log_max_file }}"
max-size: "{{ docker_log_max_size }}"

14
doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
View File

@ -162,7 +162,7 @@ The ``docker_storage_driver`` variable is optional. If set, it defines the
use for Docker. use for Docker.
The ``docker_runtime_directory`` variable is optional. If set, it defines the The ``docker_runtime_directory`` variable is optional. If set, it defines the
runtime (``--graph``) directory for Docker. runtime (``data-root``) directory for Docker.
The ``docker_registry`` variable, which is not set by default, defines the The ``docker_registry`` variable, which is not set by default, defines the
address of the Docker registry. If the variable is not set, Dockerhub will be address of the Docker registry. If the variable is not set, Dockerhub will be
@ -178,8 +178,16 @@ maximum number of log files to retain per container. The
``docker_log_max_size`` variable, which defaults to ``50m``, defines the ``docker_log_max_size`` variable, which defaults to ``50m``, defines the
maximum size of each rotated log file per container. maximum size of each rotated log file per container.
The ``docker_custom_option`` variable is optional. If set, it defines Additional options for the Docker engine can be passed in
additional options to pass to the Docker engine via the Systemd unit file. ``docker_custom_config`` variable. It will be stored in ``daemon.json`` config
file. Example:
.. code-block:: json
{
"experimental": false
}
Disabling firewalls Disabling firewalls
~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~

18
releasenotes/notes/docker-daemon.json-33d7618aa5a355a8.yaml Normal file
View File

@ -0,0 +1,18 @@
---
features:
- |
Add custom option for docker daemon by altering "docker_custom_config"
variable (json formatted).
upgrade:
- |
Docker engine configuration changes are now done in
"/etc/docker/daemon.json" file instead of altering systemd unit (which
gets removed if present). Also "docker_custom_option" got replaced by
"docker_custom_config" variable (json formatted).
deprecations:
- |
Configuring Docker daemon by "docker_custom_option" (used in systemd unit
file) is deprecated in favour of "docker_custom_config" variable (stored in
"daemon.json" config file.

1
tests/templates/globals-default.j2
View File

@ -29,7 +29,6 @@ docker_namespace: "kolla"
# will be the source of images during the upgrade. # will be the source of images during the upgrade.
# NOTE(yoctozepto): this is required here for CI because we run templating # NOTE(yoctozepto): this is required here for CI because we run templating
# of docker systemd command only once, using the previous release when upgrading # of docker systemd command only once, using the previous release when upgrading
# also note: atm upgrade would conflict with the zun profile which uses this var
docker_custom_option: "--insecure-registry {{ api_interface_address }}:4000" docker_custom_option: "--insecure-registry {{ api_interface_address }}:4000"
{% endif %} {% endif %}
{% if not is_previous_release %} {% if not is_previous_release %}