From 899bd89833244dc26279334ac3c404983f964abe Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 6 Jul 2018 13:48:09 -0400 Subject: [PATCH] Add role for installing docker and configuring registry mirror There are two different ways to install docker - from upstream repos or from distro. At the moment each of these carries with it the need for a different caching proxy setup. Add a role that will install docker from upstream by default, but which also supports installing directly from distros. The role also sets up the registry proxy appropriately for each. This role at the moment only works on ubuntu. It should obviously be updated to work on centos and fedora as well. Needed-By: https://review.openstack.org/580160 Change-Id: I7d6bac68a2c0fecf13a8bd9535a3fdeb85e7d999 --- roles/install-docker/README.rst | 26 ++++++++ roles/install-docker/defaults/main.yaml | 2 + roles/install-docker/tasks/distro.yaml | 5 ++ roles/install-docker/tasks/main.yaml | 30 +++++++++ roles/install-docker/tasks/mirror.yaml | 28 +++++++++ roles/install-docker/tasks/upstream.yaml | 32 ++++++++++ roles/install-docker/templates/daemon.json.j2 | 3 + .../install-docker/templates/sources.list.j2 | 1 + roles/install-docker/vars/default.yaml | 63 +++++++++++++++++++ 9 files changed, 190 insertions(+) create mode 100644 roles/install-docker/README.rst create mode 100644 roles/install-docker/defaults/main.yaml create mode 100644 roles/install-docker/tasks/distro.yaml create mode 100644 roles/install-docker/tasks/main.yaml create mode 100644 roles/install-docker/tasks/mirror.yaml create mode 100644 roles/install-docker/tasks/upstream.yaml create mode 100644 roles/install-docker/templates/daemon.json.j2 create mode 100644 roles/install-docker/templates/sources.list.j2 create mode 100644 roles/install-docker/vars/default.yaml diff --git a/roles/install-docker/README.rst b/roles/install-docker/README.rst new file mode 100644 index 000000000..b794d2df5 --- /dev/null +++ b/roles/install-docker/README.rst @@ -0,0 +1,26 @@ +An ansible role to install docker and configure it to use mirrors if available. + +**Role Variables** + +.. zuul:rolevar:: mirror_fqdn + :default: {{ zuul_site_mirror_fqdn }} + + The base host for mirror servers. + +.. zuul:rolevar:: docker_mirror + + URL to override the generated docker hub mirror url based on + :zuul:rolevar:`install-docker.mirror_fqdn`. + +.. zuul:rolevar:: use_upstream_docker + :default: True + + By default this role adds repositories to install docker from upstream + docker. Set this to False to use the docker that comes with the distro. + +.. zuul:rolevar:: docker_update_channel + :default: stable + + Which update channel to use for upstream docker. The two choices are + ``stable``, which is the default and updates quarterly, and ``edge`` + which updates monthly. diff --git a/roles/install-docker/defaults/main.yaml b/roles/install-docker/defaults/main.yaml new file mode 100644 index 000000000..98dbb13cd --- /dev/null +++ b/roles/install-docker/defaults/main.yaml @@ -0,0 +1,2 @@ +use_upstream_docker: True +docker_update_channel: stable diff --git a/roles/install-docker/tasks/distro.yaml b/roles/install-docker/tasks/distro.yaml new file mode 100644 index 000000000..52cd83632 --- /dev/null +++ b/roles/install-docker/tasks/distro.yaml @@ -0,0 +1,5 @@ +- name: Install docker + become: yes + package: + name: docker-engine + state: present diff --git a/roles/install-docker/tasks/main.yaml b/roles/install-docker/tasks/main.yaml new file mode 100644 index 000000000..c6e5cb38f --- /dev/null +++ b/roles/install-docker/tasks/main.yaml @@ -0,0 +1,30 @@ +- name: Set mirror_fqdn fact + when: + - mirror_fqdn is not defined + - zuul_site_mirror_fqdn is defined + set_fact: + mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" + +- name: Set up docker mirrors + include: mirror.yaml + when: mirror_fqdn is defined + static: no + +- name: Install docker-ce from upstream + include: upstream.yaml + when: use_upstream_docker + +- name: Install docker-engine from distro + include: distro.yaml + when: not use_upstream_docker + +- name: Add user to docker group + become: yes + user: + name: "{{ ansible_user }}" + groups: + - docker + append: yes + +- name: reset ssh connection to pick up docker group + meta: reset_connection diff --git a/roles/install-docker/tasks/mirror.yaml b/roles/install-docker/tasks/mirror.yaml new file mode 100644 index 000000000..16820fef5 --- /dev/null +++ b/roles/install-docker/tasks/mirror.yaml @@ -0,0 +1,28 @@ +- name: Create docker directory + become: yes + file: + state: directory + path: /etc/docker + +- name: Set docker_mirror fact for upstream docker + when: + - docker_mirror is not defined + - use_upstream_docker + set_fact: + docker_mirror: "http://{{ mirror_fqdn }}:8082" + +- name: Set docker_mirror fact for distro docker + when: + - docker_mirror is not defined + - not use_upstream_docker + set_fact: + docker_mirror: "http://{{ mirror_fqdn }}:8081/registry-1.docker/" + +- name: Install dockerhub proxy configuration + become: yes + template: + dest: /etc/docker/daemon.json + group: root + mode: 0644 + owner: root + src: daemon.json.j2 diff --git a/roles/install-docker/tasks/upstream.yaml b/roles/install-docker/tasks/upstream.yaml new file mode 100644 index 000000000..ca5463c3a --- /dev/null +++ b/roles/install-docker/tasks/upstream.yaml @@ -0,0 +1,32 @@ +- name: Install pre-reqs + package: + name: "{{ item }}" + state: present + with_items: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + become: yes + +- name: Add docker GPG key + become: yes + apt_key: + data: "{{ ubuntu_gpg_key }}" + +# TODO(mordred) We should add a proxy cache mirror for this +- name: Add docker apt repo + become: yes + template: + dest: /etc/apt/sources.list.d/docker.list + group: root + mode: 0644 + owner: root + src: sources.list.j2 + +- name: Install docker + become: yes + apt: + name: docker-ce + state: present + update_cache: yes diff --git a/roles/install-docker/templates/daemon.json.j2 b/roles/install-docker/templates/daemon.json.j2 new file mode 100644 index 000000000..1e6f15870 --- /dev/null +++ b/roles/install-docker/templates/daemon.json.j2 @@ -0,0 +1,3 @@ +{ + "registry-mirrors": ["{{ docker_mirror }}"] +} diff --git a/roles/install-docker/templates/sources.list.j2 b/roles/install-docker/templates/sources.list.j2 new file mode 100644 index 000000000..7cf0b6843 --- /dev/null +++ b/roles/install-docker/templates/sources.list.j2 @@ -0,0 +1 @@ +deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} {{ docker_update_channel }} diff --git a/roles/install-docker/vars/default.yaml b/roles/install-docker/vars/default.yaml new file mode 100644 index 000000000..ea350cf69 --- /dev/null +++ b/roles/install-docker/vars/default.yaml @@ -0,0 +1,63 @@ +ubuntu_gpg_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth + lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh + 38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq + L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7 + UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N + cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht + ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo + vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD + G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ + XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj + q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB + tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 + BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO + v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd + tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk + jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m + 6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P + XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc + FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8 + g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm + ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh + 9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5 + G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW + FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB + EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF + M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx + Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu + w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk + z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8 + eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb + VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa + 1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X + zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ + pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7 + ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ + BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY + 1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp + YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI + mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES + KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7 + JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ + cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0 + 6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5 + U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z + VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f + irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk + SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz + QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W + 9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw + 24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe + dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y + Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR + H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh + /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ + M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S + xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O + jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG + YT90qFF93M3v01BbxP+EIY2/9tiIPbrd + =0YYh + -----END PGP PUBLIC KEY BLOCK-----