Modernize the way of configuring Docker daemon
Instead of changing Docker daemon command line let's change config for Docker instead. In /etc/docker/daemon.json file as it should be. Custom Docker options can be set with 'docker_custom_config' variable. Old 'docker_custom_option' is still present but should be avoided. Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com> Change-Id: I1215e04ec15b01c0b43bac8c0e81293f6724f278
This commit is contained in:
parent
8661599b9e
commit
a5808ad8ba
@ -97,8 +97,8 @@ docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
|
|||||||
docker_runtime_directory: ""
|
docker_runtime_directory: ""
|
||||||
|
|
||||||
# Retention settings for Docker logs
|
# Retention settings for Docker logs
|
||||||
docker_log_max_file: 5
|
docker_log_max_file: "5"
|
||||||
docker_log_max_size: 50m
|
docker_log_max_size: "50m"
|
||||||
|
|
||||||
# Valid options are [ no, on-failure, always, unless-stopped ]
|
# Valid options are [ no, on-failure, always, unless-stopped ]
|
||||||
docker_restart_policy: "unless-stopped"
|
docker_restart_policy: "unless-stopped"
|
||||||
@ -108,7 +108,9 @@ docker_restart_policy_retry: "10"
|
|||||||
|
|
||||||
# Extra docker options for Zun
|
# Extra docker options for Zun
|
||||||
docker_configure_for_zun: "no"
|
docker_configure_for_zun: "no"
|
||||||
docker_zun_options: -H fd:// -H tcp://{{ api_interface_address }}:2375 --cluster-store=etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
|
docker_zun_options: -H tcp://{{ api_interface_address }}:2375
|
||||||
|
docker_zun_config:
|
||||||
|
cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
# Timeout after Docker sends SIGTERM before sending SIGKILL.
|
# Timeout after Docker sends SIGTERM before sending SIGKILL.
|
||||||
docker_graceful_timeout: 60
|
docker_graceful_timeout: 60
|
||||||
|
@ -31,8 +31,8 @@ change_selinux: True
|
|||||||
selinux_state: "permissive"
|
selinux_state: "permissive"
|
||||||
|
|
||||||
docker_storage_driver: ""
|
docker_storage_driver: ""
|
||||||
|
|
||||||
docker_custom_option: ""
|
docker_custom_option: ""
|
||||||
|
docker_custom_config: {}
|
||||||
|
|
||||||
# Ubuntu 18+ does not have easy_install available due to
|
# Ubuntu 18+ does not have easy_install available due to
|
||||||
# https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419.
|
# https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419.
|
||||||
|
@ -55,35 +55,83 @@
|
|||||||
become: True
|
become: True
|
||||||
when: not create_kolla_user | bool
|
when: not create_kolla_user | bool
|
||||||
|
|
||||||
|
- name: Ensure docker config directory exists
|
||||||
|
file:
|
||||||
|
path: /etc/docker
|
||||||
|
state: directory
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Merge Zun docker config
|
||||||
|
set_fact:
|
||||||
|
docker_config: "{{ docker_config | combine(docker_zun_config) }}"
|
||||||
|
when:
|
||||||
|
- docker_configure_for_zun | bool
|
||||||
|
|
||||||
|
- name: Warn about deprecations
|
||||||
|
debug:
|
||||||
|
msg: >
|
||||||
|
docker_custom_option is deprecated in favor of docker_custom_config
|
||||||
|
when: docker_custom_option
|
||||||
|
|
||||||
|
- name: Setup docker insecure registries
|
||||||
|
vars:
|
||||||
|
registries: ["{{ docker_registry }}"]
|
||||||
|
set_fact:
|
||||||
|
docker_config: "{{ docker_config | combine({'insecure-registries': registries}) }}"
|
||||||
|
when: docker_registry_insecure | bool
|
||||||
|
|
||||||
|
- name: Setup docker storage driver
|
||||||
|
set_fact:
|
||||||
|
docker_config: "{{ docker_config | combine({'storage-driver': docker_storage_driver}) }}"
|
||||||
|
when: docker_storage_driver
|
||||||
|
|
||||||
|
- name: Setup docker runtime directory
|
||||||
|
set_fact:
|
||||||
|
docker_config: "{{ docker_config | combine({'data-root': docker_runtime_directory}) }}"
|
||||||
|
when: docker_runtime_directory
|
||||||
|
|
||||||
|
- name: Merge custom docker config
|
||||||
|
set_fact:
|
||||||
|
docker_config: "{{ docker_config | combine(docker_custom_config) }}"
|
||||||
|
|
||||||
|
- name: Write docker config
|
||||||
|
become: True
|
||||||
|
copy:
|
||||||
|
content: "{{ docker_config | to_nice_json }}"
|
||||||
|
dest: /etc/docker/daemon.json
|
||||||
|
mode: 0644
|
||||||
|
register: docker_configured
|
||||||
|
|
||||||
|
- name: Remove old docker options file
|
||||||
|
become: True
|
||||||
|
file:
|
||||||
|
path: /etc/systemd/system/docker.service.d/kolla.conf
|
||||||
|
state: absent
|
||||||
|
when:
|
||||||
|
- not docker_custom_option
|
||||||
|
- not docker_configure_for_zun|bool
|
||||||
|
|
||||||
- name: Ensure docker service directory exists
|
- name: Ensure docker service directory exists
|
||||||
|
become: True
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/system/docker.service.d
|
path: /etc/systemd/system/docker.service.d
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: yes
|
||||||
become: True
|
when: docker_custom_option or docker_configure_for_zun|bool
|
||||||
|
|
||||||
- name: Check dockerd exists
|
|
||||||
stat: path=/usr/bin/dockerd
|
|
||||||
register: dockerd_exists
|
|
||||||
|
|
||||||
- name: Setting docker daemon name
|
|
||||||
set_fact:
|
|
||||||
docker_binary_name: "dockerd"
|
|
||||||
when:
|
|
||||||
dockerd_exists.stat.exists == True
|
|
||||||
|
|
||||||
- name: Configure docker service
|
- name: Configure docker service
|
||||||
become: True
|
become: True
|
||||||
template:
|
template:
|
||||||
src: docker_systemd_service.j2
|
src: docker_systemd_service.j2
|
||||||
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
||||||
register: docker_configured
|
when: docker_custom_option or docker_configure_for_zun|bool
|
||||||
|
|
||||||
- name: Reload docker service file
|
- name: Reload docker service file
|
||||||
become: True
|
become: True
|
||||||
systemd:
|
systemd:
|
||||||
name: docker
|
name: docker
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
register: docker_reloaded
|
||||||
|
|
||||||
- name: Get stat of libvirtd apparmor profile
|
- name: Get stat of libvirtd apparmor profile
|
||||||
stat:
|
stat:
|
||||||
@ -122,7 +170,7 @@
|
|||||||
name: docker
|
name: docker
|
||||||
state: restarted
|
state: restarted
|
||||||
become: True
|
become: True
|
||||||
when: docker_configured.changed
|
when: docker_configured.changed or docker_reloaded.changed
|
||||||
|
|
||||||
- name: Enable docker
|
- name: Enable docker
|
||||||
service:
|
service:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
[Service]
|
[Service]
|
||||||
ExecStart=
|
ExecStart=
|
||||||
ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }}
|
# ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems.
|
||||||
|
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %}
|
||||||
|
5
ansible/roles/baremetal/vars/main.yml
Normal file
5
ansible/roles/baremetal/vars/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
docker_config:
|
||||||
|
log-opts:
|
||||||
|
max-file: "{{ docker_log_max_file }}"
|
||||||
|
max-size: "{{ docker_log_max_size }}"
|
@ -162,7 +162,7 @@ The ``docker_storage_driver`` variable is optional. If set, it defines the
|
|||||||
use for Docker.
|
use for Docker.
|
||||||
|
|
||||||
The ``docker_runtime_directory`` variable is optional. If set, it defines the
|
The ``docker_runtime_directory`` variable is optional. If set, it defines the
|
||||||
runtime (``--graph``) directory for Docker.
|
runtime (``data-root``) directory for Docker.
|
||||||
|
|
||||||
The ``docker_registry`` variable, which is not set by default, defines the
|
The ``docker_registry`` variable, which is not set by default, defines the
|
||||||
address of the Docker registry. If the variable is not set, Dockerhub will be
|
address of the Docker registry. If the variable is not set, Dockerhub will be
|
||||||
@ -178,8 +178,16 @@ maximum number of log files to retain per container. The
|
|||||||
``docker_log_max_size`` variable, which defaults to ``50m``, defines the
|
``docker_log_max_size`` variable, which defaults to ``50m``, defines the
|
||||||
maximum size of each rotated log file per container.
|
maximum size of each rotated log file per container.
|
||||||
|
|
||||||
The ``docker_custom_option`` variable is optional. If set, it defines
|
Additional options for the Docker engine can be passed in
|
||||||
additional options to pass to the Docker engine via the Systemd unit file.
|
``docker_custom_config`` variable. It will be stored in ``daemon.json`` config
|
||||||
|
file. Example:
|
||||||
|
|
||||||
|
.. code-block:: json
|
||||||
|
|
||||||
|
{
|
||||||
|
"experimental": false
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
Disabling firewalls
|
Disabling firewalls
|
||||||
~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~
|
||||||
|
18
releasenotes/notes/docker-daemon.json-33d7618aa5a355a8.yaml
Normal file
18
releasenotes/notes/docker-daemon.json-33d7618aa5a355a8.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add custom option for docker daemon by altering "docker_custom_config"
|
||||||
|
variable (json formatted).
|
||||||
|
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
Docker engine configuration changes are now done in
|
||||||
|
"/etc/docker/daemon.json" file instead of altering systemd unit (which
|
||||||
|
gets removed if present). Also "docker_custom_option" got replaced by
|
||||||
|
"docker_custom_config" variable (json formatted).
|
||||||
|
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Configuring Docker daemon by "docker_custom_option" (used in systemd unit
|
||||||
|
file) is deprecated in favour of "docker_custom_config" variable (stored in
|
||||||
|
"daemon.json" config file.
|
@ -29,7 +29,6 @@ docker_namespace: "kolla"
|
|||||||
# will be the source of images during the upgrade.
|
# will be the source of images during the upgrade.
|
||||||
# NOTE(yoctozepto): this is required here for CI because we run templating
|
# NOTE(yoctozepto): this is required here for CI because we run templating
|
||||||
# of docker systemd command only once, using the previous release when upgrading
|
# of docker systemd command only once, using the previous release when upgrading
|
||||||
# also note: atm upgrade would conflict with the zun profile which uses this var
|
|
||||||
docker_custom_option: "--insecure-registry {{ api_interface_address }}:4000"
|
docker_custom_option: "--insecure-registry {{ api_interface_address }}:4000"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if not is_previous_release %}
|
{% if not is_previous_release %}
|
||||||
|
Loading…
Reference in New Issue
Block a user