diff --git a/defaults/main.yml b/defaults/main.yml index 2bcb620..f5f6159 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,19 +6,26 @@ docker_package_state: present # Service options. docker_service_state: started -docker_service_enabled: true +docker_service_enabled: yes docker_restart_handler_state: restarted # Docker Compose options. -docker_install_compose: true -docker_compose_version: "1.22.0" -docker_compose_path: /usr/local/bin/docker-compose +docker_compose_install: yes +docker_compose_version: '1.24.0' +docker_compose_path: '/usr/local/bin/docker-compose' +docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64" + +# LazyDocker options. +lazydocker_install: yes +lazydocker_version: '0.4' +lazydocker_path: '/usr/local/bin/lazydocker' +lazydocker_url: "https://github.com/jesseduffield/lazydocker/releases/download/v{{ lazydocker_version }}/lazydocker_{{ lazydocker_version }}_Linux_x86_64.tar.gz" # Used only for Debian/Ubuntu. Switch 'stable' to 'edge' if needed. docker_apt_release_channel: stable docker_apt_arch: amd64 docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" -docker_apt_ignore_key_error: true +docker_apt_ignore_key_error: yes # Used only for RedHat/CentOS/Fedora. docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo diff --git a/handlers/main.yml b/handlers/main.yml index 7847bc1..40b621e 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,5 @@ --- - name: restart docker - service: "name=docker state={{ docker_restart_handler_state }}" + service: + name: docker + state: "{{ docker_restart_handler_state }}" diff --git a/tasks/docker-1809-shim.yml b/tasks/docker-1809-shim.yml deleted file mode 100644 index 286254b..0000000 --- a/tasks/docker-1809-shim.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Ensure containerd service dir exists. - file: - path: /etc/systemd/system/containerd.service.d - state: directory - -- name: Add shim to ensure Docker can start in all environments. - template: - src: override.conf.j2 - dest: /etc/systemd/system/containerd.service.d/override.conf - register: override_template - -- name: Reload systemd daemon if template is changed. - systemd: - daemon_reload: true - when: override_template is changed diff --git a/tasks/docker-compose-install.yml b/tasks/docker-compose-install.yml new file mode 100644 index 0000000..01dfdaa --- /dev/null +++ b/tasks/docker-compose-install.yml @@ -0,0 +1,24 @@ +--- +- name: docker-compose | check binary installed + stat: + path: "{{ docker_compose_path }}" + changed_when: no + register: docker_compose_current_binary + +- name: docker-compose | get current binary version + shell: | + sudo -Hu nobody timeout 2 {{ docker_compose_path }} --version 2>&1 | grep -Eoi '([0-9]{1,}\.){1,3}[0-9]{1,}(|-[a-z0-9]{1,})' | sort -uV | head -1 + register: docker_compose_current_version + changed_when: no + when: + - docker_compose_current_binary.stat.exists + +- name: docker-compose | download if need install, upgrade or downgrade + get_url: + url: "{{ docker_compose_url }}" + dest: "{{ docker_compose_path }}" + force: yes + owner: root + mode: 0755 + when: + - not docker_compose_current_binary.stat.exists or (docker_compose_current_version.stdout and docker_compose_current_version.stdout is version(docker_compose_version, '!=')) diff --git a/tasks/docker-compose.yml b/tasks/docker-compose.yml deleted file mode 100644 index 92cf4f2..0000000 --- a/tasks/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Check current docker-compose version. - command: docker-compose --version - register: docker_compose_current_version - changed_when: false - failed_when: false - -- name: Delete existing docker-compose version if it's different. - file: - path: "{{ docker_compose_path }}" - state: absent - when: > - docker_compose_current_version.stdout is defined - and docker_compose_version not in docker_compose_current_version.stdout - -- name: Install Docker Compose (if configured). - get_url: - url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64 - dest: "{{ docker_compose_path }}" - mode: 0755 diff --git a/tasks/docker-shim.yml b/tasks/docker-shim.yml new file mode 100644 index 0000000..1ea5092 --- /dev/null +++ b/tasks/docker-shim.yml @@ -0,0 +1,34 @@ +--- +- name: docker-shim | get current version when installed + shell: | + sudo -Hu nobody timeout 2 docker --version 2>&1 | grep -Eoi '([0-9]{1,}\.){2,3}[0-9]{1,}(|-[a-z0-9]{1,})' | sort -uV | head -1 + register: docker_current_version + changed_when: no + +- name: docker-shim | Setup shim if required + block: + - name: docker-shim | Ensure containerd service dir exists + file: + path: /etc/systemd/system/containerd.service.d + state: directory + - name: docker-shim | Add shim to ensure Docker can start in all environments. + template: + src: etc/systemd/system/containerd.service.d/override.conf.j2 + dest: /etc/systemd/system/containerd.service.d/override.conf + register: docker_service_override_template + when: + - docker_current_version.stdout is version('19.03.2', '<=') + +- name: docker-shim | Delete shim when it outdated + file: + path: /etc/systemd/system/containerd.service.d/override.conf + state: absent + register: docker_service_override_template + when: + - docker_current_version.stdout is version('19.03.2', '>') + +- name: docker-shim | Reload systemd daemon if template is changed + systemd: + daemon_reload: yes + when: + - docker_service_override_template is changed diff --git a/tasks/lazydocker-install.yml b/tasks/lazydocker-install.yml new file mode 100644 index 0000000..ec1534f --- /dev/null +++ b/tasks/lazydocker-install.yml @@ -0,0 +1,28 @@ +--- +- name: lazydocker | check binary installed + stat: + path: "{{ lazydocker_path }}" + changed_when: no + register: lazydocker_current_binary + +- name: lazydocker | get current binary version + shell: | + sudo -Hu nobody timeout 2 {{ lazydocker_path }} --version 2>&1 | grep -Eoi '([0-9]{1,}\.){1,3}[0-9]{1,}(|-[a-z0-9]{1,})' | sort -uV | head -1 + register: lazydocker_current_version + changed_when: no + when: + - lazydocker_current_binary.stat.exists + +- name: lazydocker | download with unarchive when upgrade or downgrade + unarchive: + src: "{{ lazydocker_url }}" + dest: "{{ lazydocker_path | dirname }}" + exclude: + - 'README.md' + - 'LICENSE' + remote_src: yes + force: yes + owner: root + mode: 0755 + when: + - not lazydocker_current_binary.stat.exists or (lazydocker_current_version.stdout and lazydocker_current_version.stdout is version(lazydocker_version, '!=')) diff --git a/tasks/main.yml b/tasks/main.yml index f248279..a3084fe 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,19 +1,36 @@ --- - include_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' + when: + - ansible_os_family == 'RedHat' - include_tasks: setup-Debian.yml - when: ansible_os_family == 'Debian' + when: + - ansible_os_family == 'Debian' -- name: Install Docker. +- name: Ensure docker config dir exists. + file: + path: /etc/docker + state: directory + +- name: Add docker/daemon.json custom config. + template: + src: etc/docker/daemon.json.j2 + dest: /etc/docker/daemon.json + notify: restart docker + +- name: Install docker package: name: "{{ docker_package }}" state: "{{ docker_package_state }}" + environment: + DEBIAN_FRONTEND: noninteractive + RUNLEVEL: 1 notify: restart docker # TODO: Remove this shim once 18.09.1 or later is released. -- import_tasks: docker-1809-shim.yml - when: ansible_service_mgr == 'systemd' +- import_tasks: docker-shim.yml + when: + - ansible_service_mgr == 'systemd' - name: Ensure Docker is started and enabled at boot. service: @@ -24,8 +41,14 @@ - name: Ensure handlers are notified now to avoid firewall conflicts. meta: flush_handlers -- include_tasks: docker-compose.yml - when: docker_install_compose +- include_tasks: docker-compose-install.yml + when: + - docker_compose_install + +- include_tasks: lazydocker-install.yml + when: + - lazydocker_install - include_tasks: docker-users.yml - when: docker_users + when: + - docker_users diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index eaaa96f..94c3e03 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -5,6 +5,8 @@ - docker - docker-engine state: absent + environment: + DEBIAN_FRONTEND: noninteractive - name: Ensure dependencies are installed. apt: @@ -12,29 +14,39 @@ - apt-transport-https - ca-certificates state: present + environment: + DEBIAN_FRONTEND: noninteractive - name: Add Docker apt key. apt_key: url: https://download.docker.com/linux/ubuntu/gpg id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 state: present + environment: + DEBIAN_FRONTEND: noninteractive register: add_repository_key ignore_errors: "{{ docker_apt_ignore_key_error }}" - name: Ensure curl is present (on older systems without SNI). - package: name=curl state=present - when: add_repository_key is failed + package: + name: curl + state: present + environment: + DEBIAN_FRONTEND: noninteractive + when: + - add_repository_key is failed - name: Add Docker apt key (alternative for older systems without SNI). shell: | - set -o pipefail - curl -sSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + set -euxo pipefail + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - args: warn: false - when: add_repository_key is failed + when: + - add_repository_key is failed - name: Add Docker repository. apt_repository: repo: "{{ docker_apt_repository }}" state: present - update_cache: true + update_cache: yes diff --git a/templates/etc/docker/daemon.json.j2 b/templates/etc/docker/daemon.json.j2 new file mode 100644 index 0000000..67fc4ef --- /dev/null +++ b/templates/etc/docker/daemon.json.j2 @@ -0,0 +1,25 @@ +{ + "data-root": "/srv/docker", + "dns": [ + "8.8.8.8", + "1.1.1.1" + ], + "log-driver": "journald", + "metrics-addr" : "0.0.0.0:9323", + "experimental" : true, + "storage-driver": "overlay2", + "live-restore": true, + "default-ulimits": { + "nofile": { + "Name": "nofile", + "Hard": 65536, + "Soft": 65536 + } + }, + "default-address-pools":[ + {"base":"172.17.0.0/16","size":24}, + {"base":"172.18.0.0/16","size":24}, + {"base":"172.19.0.0/16","size":24}, + {"base":"172.20.0.0/16","size":24} + ] +} diff --git a/templates/override.conf.j2 b/templates/etc/systemd/system/containerd.service.d/override.conf.j2 similarity index 100% rename from templates/override.conf.j2 rename to templates/etc/systemd/system/containerd.service.d/override.conf.j2