From f1f609e09cfdafd3b0e1a7a4b709c46101ef45a6 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Mon, 10 Jun 2019 17:33:32 -0500 Subject: [PATCH] Add multi-distro support to install-docker This change adds the ability for the zuul provided role for docker installation to support multiple distros automatically. With this change the role will dynamically load variables based on the target operating system. While the default to install from upstream reamains unchanged, the role will now fall back to installing using the distro packages in the event there's is a fault with the upstream tasks or if an upstream task file has not been implemented. > stubbs for upstream implementation task files have been created. With this change the role will now support, debian (and family), opensuse, and red hat (and family). The upstream installation process is using the documented steps from upstream docker, as found here [0]. The default "ubuntu_gpg_key" as renamed to "docker_gpg_key" as its now used for more than one distro. The daemon.json.j2 template has been removed. This template was stored here but unused by this role. [0] https://docs.docker.com/install/linux/docker-ce/fedora/ Change-Id: Ie52444f8c62d6e2f86ce9ba1c17795dd9a6471d2 Signed-off-by: Kevin Carter --- roles/install-docker/README.rst | 39 +++++-- roles/install-docker/defaults/main.yaml | 8 +- .../files/docker-ce-centos.repo | 83 +++++++++++++ .../files/docker-ce-fedora.repo | 83 +++++++++++++ roles/install-docker/handlers/main.yml | 16 +++ .../install-docker/tasks/distros/Debian.yaml | 5 - .../install-docker/tasks/distros/default.yaml | 5 - roles/install-docker/tasks/main.yaml | 110 +++++++++++++----- .../{upstream.yaml => upstream-apt.yaml} | 12 +- roles/install-docker/tasks/upstream-dnf.yaml | 1 + roles/install-docker/tasks/upstream-yum.yaml | 34 ++++++ .../install-docker/tasks/upstream-zypper.yaml | 6 + roles/install-docker/templates/daemon.json.j2 | 4 - roles/install-docker/vars/debian.yaml | 17 +++ roles/install-docker/vars/fedora.yaml | 16 +++ roles/install-docker/vars/main.yaml | 3 + roles/install-docker/vars/opensuse.yaml | 10 ++ roles/install-docker/vars/redhat.yaml | 18 +++ 18 files changed, 409 insertions(+), 61 deletions(-) create mode 100644 roles/install-docker/files/docker-ce-centos.repo create mode 100644 roles/install-docker/files/docker-ce-fedora.repo create mode 100644 roles/install-docker/handlers/main.yml delete mode 100644 roles/install-docker/tasks/distros/Debian.yaml delete mode 100644 roles/install-docker/tasks/distros/default.yaml rename roles/install-docker/tasks/{upstream.yaml => upstream-apt.yaml} (63%) create mode 120000 roles/install-docker/tasks/upstream-dnf.yaml create mode 100644 roles/install-docker/tasks/upstream-yum.yaml create mode 100644 roles/install-docker/tasks/upstream-zypper.yaml delete mode 100644 roles/install-docker/templates/daemon.json.j2 create mode 100644 roles/install-docker/vars/debian.yaml create mode 100644 roles/install-docker/vars/fedora.yaml create mode 100644 roles/install-docker/vars/main.yaml create mode 100644 roles/install-docker/vars/opensuse.yaml create mode 100644 roles/install-docker/vars/redhat.yaml diff --git a/roles/install-docker/README.rst b/roles/install-docker/README.rst index e820cb1e8..cb5527df0 100644 --- a/roles/install-docker/README.rst +++ b/roles/install-docker/README.rst @@ -25,17 +25,40 @@ An ansible role to install docker and configure it to use mirrors if available. ``stable``, which is the default and updates quarterly, and ``edge`` which updates monthly. -.. zuul:rolevar:: docker_version - :default: undefined - - Declare this with the version of the docker package to install. - Undefined will install the latest. This will look something like - ``18.06.1~ce~3-0~ubuntu``. Only supported when using upstream - docker repos. - .. zuul:rolevar:: docker_insecure_registries :default: undefined Declare this with a list of insecure registries to define the registries which are allowed to communicate with HTTP only or HTTPS with no valid certificate. + +.. zuul:rolevar:: docker_gpg_key + :default: string + + The raw content of the upstream docker gpg key, as found here + https://download.docker.com/linux/fedora/gpg + +.. zuul:rolevar:: docker_distro_packages + :default: list + + List of packages to be installed when `use_upstream_docker` is set to + **false**. The package set is defined by default using distro specific + variables. If the package set needs to be changed this option can be + overridden as needed. + +.. zuul:rolevar:: docker_upstream_distro_required_packages + :default: list + + List of packages to be installed when `use_upstream_docker` is set to + **true**. The package set is defined by default using distro specific + variables and contains a list of supporting packages required to be + installed prior to installing docker-ce. If the package set needs to + be changed this option can be overridden as needed. + +.. zuul:rolevar:: docker_upstream_distro_packages + :default: list + + List of packages to be installed when `use_upstream_docker` is set to + **true**. The package set is defined by default using distro specific + variables. If the package set needs to be changed this option can be + overridden as needed. diff --git a/roles/install-docker/defaults/main.yaml b/roles/install-docker/defaults/main.yaml index bef4fbdef..93aff9a5d 100644 --- a/roles/install-docker/defaults/main.yaml +++ b/roles/install-docker/defaults/main.yaml @@ -1,7 +1,13 @@ use_upstream_docker: True docker_group: docker +# NOTE(cloudnull): Packages are loaded through distro specific variables. +# The default option will return an empty list which +# allows folks to override these lists as they see fit. +docker_distro_packages: "{{ _docker_distro_packages | default([]) }}" +docker_upstream_distro_packages: "{{ _docker_upstream_distro_packages | default([]) }}" +docker_upstream_distro_required_packages: "{{ _docker_upstream_distro_required_packages | default([]) }}" docker_update_channel: stable -ubuntu_gpg_key: | +docker_gpg_key: | -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth diff --git a/roles/install-docker/files/docker-ce-centos.repo b/roles/install-docker/files/docker-ce-centos.repo new file mode 100644 index 000000000..e45af62d5 --- /dev/null +++ b/roles/install-docker/files/docker-ce-centos.repo @@ -0,0 +1,83 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/centos/7/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-stable-debuginfo] +name=Docker CE Stable - Debuginfo $basearch +baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-stable-source] +name=Docker CE Stable - Sources +baseurl=https://download.docker.com/linux/centos/7/source/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-edge] +name=Docker CE Edge - $basearch +baseurl=https://download.docker.com/linux/centos/7/$basearch/edge +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-edge-debuginfo] +name=Docker CE Edge - Debuginfo $basearch +baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/edge +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-edge-source] +name=Docker CE Edge - Sources +baseurl=https://download.docker.com/linux/centos/7/source/edge +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-test] +name=Docker CE Test - $basearch +baseurl=https://download.docker.com/linux/centos/7/$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-test-debuginfo] +name=Docker CE Test - Debuginfo $basearch +baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-test-source] +name=Docker CE Test - Sources +baseurl=https://download.docker.com/linux/centos/7/source/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-nightly] +name=Docker CE Nightly - $basearch +baseurl=https://download.docker.com/linux/centos/7/$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-nightly-debuginfo] +name=Docker CE Nightly - Debuginfo $basearch +baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg + +[docker-ce-nightly-source] +name=Docker CE Nightly - Sources +baseurl=https://download.docker.com/linux/centos/7/source/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg diff --git a/roles/install-docker/files/docker-ce-fedora.repo b/roles/install-docker/files/docker-ce-fedora.repo new file mode 100644 index 000000000..99ad9cf20 --- /dev/null +++ b/roles/install-docker/files/docker-ce-fedora.repo @@ -0,0 +1,83 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-debuginfo] +name=Docker CE Stable - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-stable-source] +name=Docker CE Stable - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-edge] +name=Docker CE Edge - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/edge +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-edge-debuginfo] +name=Docker CE Edge - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/edge +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-edge-source] +name=Docker CE Edge - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/edge +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test] +name=Docker CE Test - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-debuginfo] +name=Docker CE Test - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-test-source] +name=Docker CE Test - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/test +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly] +name=Docker CE Nightly - $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-debuginfo] +name=Docker CE Nightly - Debuginfo $basearch +baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg + +[docker-ce-nightly-source] +name=Docker CE Nightly - Sources +baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly +enabled=0 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/fedora/gpg diff --git a/roles/install-docker/handlers/main.yml b/roles/install-docker/handlers/main.yml new file mode 100644 index 000000000..fce10af33 --- /dev/null +++ b/roles/install-docker/handlers/main.yml @@ -0,0 +1,16 @@ +--- + +- name: Assure docker service is running + become: yes + service: + name: docker + enabled: yes + state: started + listen: Restart docker + +- name: Correct group ownership on docker sock + become: yes + file: + path: /var/run/docker.sock + group: "{{ docker_group }}" + listen: Restart docker diff --git a/roles/install-docker/tasks/distros/Debian.yaml b/roles/install-docker/tasks/distros/Debian.yaml deleted file mode 100644 index 99fd589ac..000000000 --- a/roles/install-docker/tasks/distros/Debian.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Install docker - become: yes - package: - name: docker.io - state: present diff --git a/roles/install-docker/tasks/distros/default.yaml b/roles/install-docker/tasks/distros/default.yaml deleted file mode 100644 index d2c1da59d..000000000 --- a/roles/install-docker/tasks/distros/default.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Install docker - become: yes - package: - name: docker - state: present diff --git a/roles/install-docker/tasks/main.yaml b/roles/install-docker/tasks/main.yaml index 45b9684d7..a52ff836c 100644 --- a/roles/install-docker/tasks/main.yaml +++ b/roles/install-docker/tasks/main.yaml @@ -1,23 +1,82 @@ -- name: Set up docker mirrors - include_role: - name: use-docker-mirror +--- -- name: Install docker-ce from upstream - include: upstream.yaml - when: use_upstream_docker - -- name: Install docker from distro - include_tasks: "{{ lookup('first_found', params) }}" - vars: - params: +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - skip: true files: - - "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml" - - "{{ ansible_distribution }}.yaml" - - "{{ ansible_os_family }}.yaml" - - "default.yaml" - paths: - - distros - when: not use_upstream_docker + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yaml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yaml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yaml" + - "{{ ansible_distribution | lower }}.yaml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yaml" + - "{{ ansible_os_family | lower }}.yaml" + tags: + - always + +- name: Sanity check for distro selection + fail: + msg: >- + This role is not known to be compatible with this distro. Check the inventory and deployment + target settings. Make sure facts are being gathered prior to executing this role. + when: + - not (docker_distro_vars_loaded | bool) + +- name: Sanity check for distro install + fail: + msg: >- + The docker distro package list contains no packages and the variable `use_upstream_docker` + has been set to "{{ use_upstream_docker }}". To install docker at least one package will be + required. Please check your settings. + docker_distro_packages = {{ docker_distro_packages }} + when: + - (docker_distro_packages | length) < 1 + - not (use_upstream_docker | bool) + +- name: Sanity check for upstream install + fail: + msg: >- + The docker upstream package list contains no packages and the variable `use_upstream_docker` + has been set to "{{ use_upstream_docker }}". To install docker at least one package will be + required. Please check your settings. + docker_upstream_distro_packages = {{ docker_upstream_distro_packages }} + when: + - (docker_upstream_distro_packages | length) < 1 + - use_upstream_docker | bool + +- name: Upstream block + when: + - use_upstream_docker | bool + block: + - name: Set up docker mirrors + include_role: + name: use-docker-mirror + + - name: Install docker-ce from upstream + include_tasks: "upstream-{{ ansible_pkg_mgr }}.yaml" + rescue: + - name: Notice + debug: + msg: >- + The upstream installation of docker has failed, falling back to the distro packages. + + - name: Re-Set the use upstream flag + set_fact: + use_upstream_docker: false + +- name: Install docker + become: yes + package: + name: "{{ docker_distro_packages }}" + state: present + when: + - not (use_upstream_docker | bool) + notify: Assure docker service is running + +- name: Ensure "docker" group exists + group: + name: "{{ docker_group }}" + state: present - name: Add user to docker group become: yes @@ -27,23 +86,14 @@ - "{{ docker_group }}" append: yes -- name: Assure docker service is running - become: yes - service: - name: docker - enabled: yes - state: started - -- name: Correct group ownership on docker sock - become: yes - file: - path: /var/run/docker.sock - group: "{{ docker_group }}" +- name: Flush handlers before role exit + meta: flush_handlers - name: Reset ssh connection to pick up docker group meta: reset_connection - name: Validate ability to talk with docker command: docker ps + changed_when: false args: warn: no diff --git a/roles/install-docker/tasks/upstream.yaml b/roles/install-docker/tasks/upstream-apt.yaml similarity index 63% rename from roles/install-docker/tasks/upstream.yaml rename to roles/install-docker/tasks/upstream-apt.yaml index b25c0dfd4..40ad8678c 100644 --- a/roles/install-docker/tasks/upstream.yaml +++ b/roles/install-docker/tasks/upstream-apt.yaml @@ -1,18 +1,13 @@ - name: Install pre-reqs package: - name: "{{ item }}" + name: "{{ _docker_upstream_distro_required_packages }}" state: present - with_items: - - apt-transport-https - - ca-certificates - - curl - - software-properties-common become: yes - name: Add docker GPG key become: yes apt_key: - data: "{{ ubuntu_gpg_key }}" + data: "{{ docker_gpg_key }}" # TODO(mordred) We should add a proxy cache mirror for this - name: Add docker apt repo @@ -27,6 +22,7 @@ - name: Install docker become: yes apt: - name: "docker-ce{% if docker_version is defined %}={{ docker_version }}{% endif %}" + name: "{{ docker_upstream_distro_packages }}" state: present update_cache: yes + notify: Restart docker diff --git a/roles/install-docker/tasks/upstream-dnf.yaml b/roles/install-docker/tasks/upstream-dnf.yaml new file mode 120000 index 000000000..9fa6ff24a --- /dev/null +++ b/roles/install-docker/tasks/upstream-dnf.yaml @@ -0,0 +1 @@ +upstream-yum.yaml \ No newline at end of file diff --git a/roles/install-docker/tasks/upstream-yum.yaml b/roles/install-docker/tasks/upstream-yum.yaml new file mode 100644 index 000000000..14ffd1f6e --- /dev/null +++ b/roles/install-docker/tasks/upstream-yum.yaml @@ -0,0 +1,34 @@ +--- + +- name: Install pre-reqs + package: + name: "{{ _docker_upstream_distro_required_packages }}" + state: present + become: yes + +- name: Create tmp gpg key file + copy: + content: "{{ docker_gpg_key }}" + dest: /tmp/key.gpg + +- name: Import gpg key + rpm_key: + state: present + key: /tmp/key.gpg + +# TODO(mordred) We should add a proxy cache mirror for this +- name: Add docker repo + become: yes + copy: + dest: /etc/yum.repos.d/docker-ce.repo + group: root + mode: 0644 + owner: root + src: "{{ docker_repo_template }}" + +- name: Install docker + become: yes + package: + name: "{{ docker_upstream_distro_packages }}" + state: present + notify: Restart docker diff --git a/roles/install-docker/tasks/upstream-zypper.yaml b/roles/install-docker/tasks/upstream-zypper.yaml new file mode 100644 index 000000000..71bf059d1 --- /dev/null +++ b/roles/install-docker/tasks/upstream-zypper.yaml @@ -0,0 +1,6 @@ +--- + +- name: Not Implemented + fail: + msg: >- + This set of tasks has not been implemented. diff --git a/roles/install-docker/templates/daemon.json.j2 b/roles/install-docker/templates/daemon.json.j2 deleted file mode 100644 index 252081880..000000000 --- a/roles/install-docker/templates/daemon.json.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{ - {% if docker_insecure_registries is defined -%}"insecure-registries": {{ docker_insecure_registries | to_json }},{% endif %} - "registry-mirrors": ["{{ docker_mirror }}"] -} diff --git a/roles/install-docker/vars/debian.yaml b/roles/install-docker/vars/debian.yaml new file mode 100644 index 000000000..f65d51f48 --- /dev/null +++ b/roles/install-docker/vars/debian.yaml @@ -0,0 +1,17 @@ +--- + +_docker_distro_packages: + - docker.io + +_docker_upstream_distro_required_packages: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + +_docker_upstream_distro_packages: + - docker-ce + - docker-ce-cli + - containerd.io + +docker_distro_vars_loaded: true diff --git a/roles/install-docker/vars/fedora.yaml b/roles/install-docker/vars/fedora.yaml new file mode 100644 index 000000000..21aa7294c --- /dev/null +++ b/roles/install-docker/vars/fedora.yaml @@ -0,0 +1,16 @@ +--- + +_docker_distro_packages: + - docker + +_docker_upstream_distro_required_packages: + - dnf-plugins-core + +_docker_upstream_distro_packages: + - docker-ce + - docker-ce-cli + - containerd.io + +docker_repo_template: docker-ce-centos.repo + +docker_distro_vars_loaded: true diff --git a/roles/install-docker/vars/main.yaml b/roles/install-docker/vars/main.yaml new file mode 100644 index 000000000..4a3acf137 --- /dev/null +++ b/roles/install-docker/vars/main.yaml @@ -0,0 +1,3 @@ +--- + +docker_distro_vars_loaded: false diff --git a/roles/install-docker/vars/opensuse.yaml b/roles/install-docker/vars/opensuse.yaml new file mode 100644 index 000000000..b25ea24d4 --- /dev/null +++ b/roles/install-docker/vars/opensuse.yaml @@ -0,0 +1,10 @@ +--- + +_docker_distro_packages: + - docker + +_docker_upstream_distro_required_packages: [] + +_docker_upstream_distro_packages: [] + +docker_distro_vars_loaded: true diff --git a/roles/install-docker/vars/redhat.yaml b/roles/install-docker/vars/redhat.yaml new file mode 100644 index 000000000..d49b6b071 --- /dev/null +++ b/roles/install-docker/vars/redhat.yaml @@ -0,0 +1,18 @@ +--- + +_docker_distro_packages: + - docker + +_docker_upstream_distro_required_packages: + - yum-utils + - device-mapper-persistent-data + - lvm2 + +_docker_upstream_distro_packages: + - docker-ce + - docker-ce-cli + - containerd.io + +docker_repo_template: docker-ce-centos.repo + +docker_distro_vars_loaded: true