Add role for installing docker and configuring registry mirror

There are two different ways to install docker - from upstream repos or
from distro. At the moment each of these carries with it the need for a
different caching proxy setup.

Add a role that will install docker from upstream by default, but which
also supports installing directly from distros. The role also sets up
the registry proxy appropriately for each.

This role at the moment only works on ubuntu. It should obviously be
updated to work on centos and fedora as well.

Needed-By: https://review.openstack.org/580160
Change-Id: I7d6bac68a2c0fecf13a8bd9535a3fdeb85e7d999

roles/install-docker/README.rst

@@ -0,0 +1,26 @@
+An ansible role to install docker and configure it to use mirrors if available.
+
+**Role Variables**
+
+.. zuul:rolevar:: mirror_fqdn
+   :default: {{ zuul_site_mirror_fqdn }}
+
+   The base host for mirror servers.
+
+.. zuul:rolevar:: docker_mirror
+
+   URL to override the generated docker hub mirror url based on
+   :zuul:rolevar:`install-docker.mirror_fqdn`.
+
+.. zuul:rolevar:: use_upstream_docker
+   :default: True
+
+   By default this role adds repositories to install docker from upstream
+   docker. Set this to False to use the docker that comes with the distro.
+
+.. zuul:rolevar:: docker_update_channel
+   :default: stable
+
+   Which update channel to use for upstream docker. The two choices are
+   ``stable``, which is the default and updates quarterly, and ``edge``
+   which updates monthly.

roles/install-docker/defaults/main.yaml

@@ -0,0 +1,2 @@
+use_upstream_docker: True
+docker_update_channel: stable

roles/install-docker/tasks/distro.yaml

@@ -0,0 +1,5 @@
+- name: Install docker
+  become: yes
+  package:
+    name: docker-engine
+    state: present

roles/install-docker/tasks/main.yaml

@@ -0,0 +1,30 @@
+- name: Set mirror_fqdn fact
+  when:
+    - mirror_fqdn is not defined
+    - zuul_site_mirror_fqdn is defined
+  set_fact:
+    mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
+
+- name: Set up docker mirrors
+  include: mirror.yaml
+  when: mirror_fqdn is defined
+  static: no
+
+- name: Install docker-ce from upstream
+  include: upstream.yaml
+  when: use_upstream_docker
+
+- name: Install docker-engine from distro
+  include: distro.yaml
+  when: not use_upstream_docker
+
+- name: Add user to docker group
+  become: yes
+  user:
+    name: "{{ ansible_user }}"
+    groups:
+      - docker
+    append: yes
+
+- name: reset ssh connection to pick up docker group
+  meta: reset_connection

roles/install-docker/tasks/mirror.yaml

@@ -0,0 +1,28 @@
+- name: Create docker directory
+  become: yes
+  file:
+    state: directory
+    path: /etc/docker
+
+- name: Set docker_mirror fact for upstream docker
+  when:
+    - docker_mirror is not defined
+    - use_upstream_docker
+  set_fact:
+    docker_mirror: "http://{{ mirror_fqdn }}:8082"
+
+- name: Set docker_mirror fact for distro docker
+  when:
+    - docker_mirror is not defined
+    - not use_upstream_docker
+  set_fact:
+    docker_mirror: "http://{{ mirror_fqdn }}:8081/registry-1.docker/"
+
+- name: Install dockerhub proxy configuration
+  become: yes
+  template:
+    dest: /etc/docker/daemon.json
+    group: root
+    mode: 0644
+    owner: root
+    src: daemon.json.j2

roles/install-docker/tasks/upstream.yaml

@@ -0,0 +1,32 @@
+- name: Install pre-reqs
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - software-properties-common
+  become: yes
+
+- name: Add docker GPG key
+  become: yes
+  apt_key:
+    data: "{{ ubuntu_gpg_key }}"
+
+# TODO(mordred) We should add a proxy cache mirror for this
+- name: Add docker apt repo
+  become: yes
+  template:
+    dest: /etc/apt/sources.list.d/docker.list
+    group: root
+    mode: 0644
+    owner: root
+    src: sources.list.j2
+
+- name: Install docker
+  become: yes
+  apt:
+    name: docker-ce
+    state: present
+    update_cache: yes

roles/install-docker/templates/daemon.json.j2

@@ -0,0 +1,3 @@
+{
+  "registry-mirrors": ["{{ docker_mirror }}"]
+}

roles/install-docker/templates/sources.list.j2

@@ -0,0 +1 @@
+deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} {{ docker_update_channel }}

roles/install-docker/vars/default.yaml

@@ -0,0 +1,63 @@
+ubuntu_gpg_key: |
+  -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+  mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
+  lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
+  38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
+  L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
+  UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
+  cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
+  ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
+  vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
+  G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
+  XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
+  q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
+  tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
+  BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
+  v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
+  tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
+  jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
+  6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
+  XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
+  FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
+  g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
+  ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
+  9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
+  G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
+  FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
+  EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
+  M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
+  Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
+  w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
+  z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
+  eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
+  VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
+  1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
+  zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
+  pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
+  ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
+  BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
+  1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
+  YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
+  mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
+  KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
+  JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
+  cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
+  6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
+  U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
+  VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
+  irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
+  SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
+  QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
+  9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
+  24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
+  dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
+  Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
+  H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
+  /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
+  M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
+  xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
+  jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
+  YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
+  =0YYh
+  -----END PGP PUBLIC KEY BLOCK-----