avinetworks / ansible-role-docker Goto Github PK

View Code? Open in Web Editor NEW

60.0 21.0 37.0 146 KB

Ansible Role for deploying docker-engine to hosts

License: Apache License 2.0

Python 16.71% Jinja 83.29%

docker docker-engine ansible devicemapper

ansible-role-docker's Introduction

avinetworks.docker

Role Summary

This role provides the following:

Installation of Docker following Docker-Engine install procedures as documented by Docker.
It will manage kernel versions as well, verifying the that the correct kernel for Docker support is installed.

Supports the following Operating Systems:

CentOS 7
RedHat 7
Fedora 24
Fedora 23
Fedora 26
Fedora 27
Fedora 29
OracleLinux 7
Ubuntu 14.04
Ubuntu 16.04

Requirements

This role requires Ansible 2.4 or higher. Requirements are listed in the metadata file.

If you rely on privileage escalation (e.g. become: true) with this role, you will need Ansible 2.2.1 or higher to take advantage of this issue being fixed: ansible/ansible#17490

Role Variables

For more information about the variables many can be found https://docs.docker.com/engine/reference/commandline/dockerd/

Variable	Required	Default	Comments
`docker_edition`	No	`ce`	Specifies either ce, or ee version of Docker.
`docker_ee_url`	No	`Undefined`	Docker EE URL from the Docker Store
`docker_repo`	No	`docker`	Defines how Ansible manages the repository. Options are "other" and "docker"
`docker_channel`	No	`stable`	What release channel of Docker to install.
`docker_ee_version`	No	`17.03`	Docker EE version for EE repository
`docker_storage_driver`	No	`Undefined`	Storage driver to use
`docker_block_device`	No	`Undefined`	The device name used for the storage driver.
`docker_mount_opts`	No	`Undefined`	The mount options when mounting filesystems
`docker_storage_opts`	No	`Undefined`	Storage driver options
`docker_api_cors_header`	No	`Undefined`	Set CORS headers in the remote API
`docker_authorization_plugins`	No	`Undefined`	Authorization plugins to load
`docker_bip`	No	`Undefined`	Specify network bridge IP
`docker_bridge`	No	`Undefined`	Attach containers to a network bridge
`docker_cgroup_parent`	No	`Undefined`	Set parent cgroup for all containers
`docker_cluster_store`	No	`Undefined`	Set cluster store options
`docker_cluster_store_opts`	No	`Undefined`	Please see dockerd manual for info
`docker_cluster_advertise`	No	`Undefined`	Address or interface name to advertise
`docker_debug`	No	`Undefined`	Enable debug mode
`docker_default_gateway`	No	`Undefined`	Container default gateway IPv4 address
`docker_default_gateway_v6`	No	`Undefined`	Container default gateway IPv6 address
`docker_default_runtime`	No	`Undefined`	Default OCI runtime for containers
`docker_default_ulimits`	No	`Undefined`	Default ulimits for containers
`docker_disable_legacy_registry`	No	`Undefined`	Disable contacting legacy registries
`docker_dns`	No	`Undefined`	DNS server to use
`docker_dns_opts`	No	`Undefined`	DNS options to use
`docker_dns_search`	No	`Undefined`	DNS search domains to use
`docker_exec_opts`	No	`Undefined`	Runtime execution options
`docker_exec_root`	No	`Undefined`	Root directory for execution state files
`docker_fixed_cidr`	No	`Undefined`	IPv4 subnet for fixed IPs
`docker_fixed_cidr_v6`	No	`Undefined`	IPv6 subnet for fixed IPs
`docker_graph`	No	`Undefined`	Root of the Docker runtime
`docker_group`	No	`Undefined`	Group for the unix socket
`docker_hosts`	No	`Undefined`	Daemon socket(s) to connect to
`docker_icc`	No	`Undefined`	Enable inter-container communication
`docker_insecure_registries`	No	`Undefined`	Enable insecure registry communication
`docker_ip`	No	`Undefined`	Default IP when binding container ports
`docker_iptables`	No	`Undefined`	Enable addition of iptables rules
`docker_ipv6`	No	`Undefined`	Enable IPv6 networking
`docker_ip_forward`	No	`Undefined`	Enable net.ipv4.ip_forward
`docker_ip_masq`	No	`Undefined`	Enable IP masquerading
`docker_labels`	No	`Undefined`	Set key=value labels to the daemon
`docker_live_restore`	No	`Undefined`	Enables keeping containers alive during daemon downtime
`docker_log_driver`	No	`Undefined`	Default driver for container logs
`docker_log_level`	No	`Undefined`	Set the logging level
`docker_log_opts`	No	`Undefined`	Default log driver options for containers
`docker_max_concurrent_downloads`	No	`Undefined`	Set the max concurrent downloads for each pull
`docker_max_concurrent_uploads`	No	`Undefined`	Set the max concurrent uploads for each push
`docker_mtu`	No	`Undefined`	Set the containers network MTU
`docker_oom_score_adjust`	No	`Undefined`	Set the oom_score_adj for the daemon
`docker_pidfile`	No	`Undefined`	Path to use for daemon PID file
`docker_raw_logs`	No	`Undefined`	Full timestamps without ANSI coloring
`docker_registry_mirrors`	No	`Undefined`	Preferred Docker registry mirror
`docker_runtimes`	No	`Undefined`	Register an additional OCI compatible runtime
`docker_selinux_enabled`	No	`Undefined`	Enable selinux support
`docker_swarm_default_advertise_addr`	No	`Undefined`	Set default address or interface for swarm advertised address
`docker_tls`	No	`Undefined`	Use TLS; implied by –tlsverify
`docker_tlscacert`	No	`Undefined`	Trust certs signed only by this CA
`docker_tlscert`	No	`Undefined`	Path to TLS certificate file
`docker_tlskey`	No	`Undefined`	Path to TLS key file
`docker_tlsverify`	No	`Undefined`	Use TLS and verify the remote
`docker_userland_proxy`	No	`Undefined`	Use userland proxy for loopback traffic
`docker_userns_remap`	No	`Undefined`	User/Group setting for user namespaces
`docker_users`	No	`Undefined`	A list of system users to be added to the docker group (so they can use Docker on the server)
`docker_http_proxy`	No	`Undefined`	Set the Docker service to use HTTP_PROXY
`docker_https_proxy`	No	`Undefined`	Set the Docker service to use HTTPS_PROXY
`docker_no_proxy_params`	No	`Undefined`	Do not proxy for Docker service params

Example Playbooks

Install docker to the hosts with basic defaults. This does not install devicemapper, or configure the server for production. This just simply installs docker and gets it running. Compare this to apt install docker-ce or yum install docker-ce.

- hosts: servers
  roles:
    - role: avinetworks.docker

Install docker with devicemapper. Please note, this will create a new LVM on /dev/sda3, please do not use a block device already in use. This is the recommended production deployment on RHEL/CentOS/Fedora systems.

- hosts: servers
  roles:
    - role: avinetworks.docker
      docker_storage_driver: devicemapper
      docker_block_device: /dev/sda3

Install docker with AUFS. This is recommended for production deployment on Ubuntu systems.

- hosts: servers
  roles:
    - role: avinetworks.docker
      docker_storage_driver: aufs

Please see examples/ folder for more examples.

License

Apache 2.0

Author Information

Avi Networks

ansible-role-docker's People

Contributors

Stargazers

Watchers

ansible-role-docker's Issues

Installation of the ce edge channel on Ubuntu fails

I submitted pull request #7 to fix this.

I’ll provide more detail here:

This problem is caused by the task that installs ce edge on Ubuntu (the last task in “tasks/ce/os/ubuntu.yml”). It calls the “yum” installation handler instead of the “apt” installation handler.

It becomes obvious that this is a typo if the file is viewed in its entirety. You’ll notice that all tasks are “apt” based, except the last line that notifies a “yum” handler (which fails on non-yum systems), and the correct “apt installation handler” exists and works.

Please provide an example with binding to a tcp port accessible externally.

I'm having trouble with this:

roles:
  - role: avinetworks.docker
    become: yes
    docker_debug: True
    docker_exec_opts: -H tcp://0.0.0.0:2375

so I presume the exec opts are incorrect.

template error while templating string: unexpected ''.''.

Hello! Thanks for role docker
I try configure tag in log-opts for get result like this:

{
"log-driver": "json-file",
"log-opts": {
"tag": "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}"
}
}

Playbook

---
- hosts: javaindocker
  become: true
  pre_tasks:
    - name: Update apt cache.
      apt: update_cache=true cache_valid_time=600
      when: ansible_os_family == 'Debian'
    - name: install pip3
      apt: name=python3-pip state=present
    - name: Install multi python packages with version specifiers
      pip:
        name:
          - docker
          - docker-compose
  roles:
    - role: ansible-role-docker

Inventory

all:
  children:
    javaindocker:
      hosts:
        "javaindocker":
          ansible_host: "xxx"
  vars:
    docker_options:
      "log-driver": "json-file"
      "log-opts":
          "tag": "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}"
          "max-size": "100m"

error:

TASK [ansible-role-docker : Docker | Deploy Config | Set the Docker configuration] *****************************************************************************************************
Sunday 01 May 2022  14:16:17 +0600 (0:00:00.954)       0:02:37.514 ************
fatal: [javaindocker]: FAILED! =>
  msg: 'An unhandled exception occurred while templating ''{''log-driver'': ''json-file'', ''log-opts'': {''tag'': ''{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}'', ''max-size'': ''100m''}}''. Error was a <class ''ansible.errors.AnsibleError''>, original message: template error while templating string: unexpected ''.''. String: {{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}'

fatal: [frontend-0001]: FAILED! => {"changed": true, "failed": true, "msg": "There are unfinished transactions remaining. You might consider running yum-complete-transaction, or \"yum-complete-transaction --cleanup-only\" and \"yum history redo last\", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help).\n\n\nTransaction check error:\n  file /usr/bin/docker from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64\n  file /usr/bin/docker-containerd from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64\n  file /usr/bin/docker-containerd-shim from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64\n  file /usr/bin/dockerd from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64\n\nError Summary\n-------------\n\n", "rc": 1, "results": ["Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\n * base: ftp.riken.jp\n * elrepo: ftp.ne.jp\n * epel: s3-mirror-ap-northeast-1.fedoraproject.org\n * extras: ftp.riken.jp\n * updates: ftp.riken.jp\nResolving Dependencies\n--> Running transaction check\n---> Package docker-engine.x86_64 0:17.05.0.ce-1.el7.centos will be installed\n--> Processing Dependency: libltdl.so.7()(64bit) for package: docker-engine-17.05.0.ce-1.el7.centos.x86_64\n--> Running transaction check\n---> Package libtool-ltdl.x86_64 0:2.4.2-22.el7_3 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package           Arch       Version                      Repository      Size\n================================================================================\nInstalling:\n docker-engine     x86_64     17.05.0.ce-1.el7.centos      dockerrepo      19 M\nInstalling for dependencies:\n libtool-ltdl      x86_64     2.4.2-22.el7_3               updates         49 k\n\nTransaction Summary\n================================================================================\nInstall  1 Package (+1 Dependent package)\n\nTotal size: 20 M\nInstalled size: 70 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\n"]}

Basically:

Transaction check error:
  file /usr/bin/docker from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64
  file /usr/bin/docker-containerd from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64
  file /usr/bin/docker-containerd-shim from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64
  file /usr/bin/dockerd from install of docker-engine-17.05.0.ce-1.el7.centos.x86_64 conflicts with file from package docker-common-2:1.12.6-28.git1398f24.el7.centos.x86_64

After running the playbook, I still get:

$ rpm -qa | grep docker
docker-common-1.12.6-28.git1398f24.el7.centos.x86_64
docker-client-1.12.6-28.git1398f24.el7.centos.x86_64

Can not use direct-lvm autoconfiguration mode

Currently it is impossible to use Docker's direct-lvm autoconfiguration:
https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#allow-docker-to-configure-direct-lvm-mode

When I try to use:

    - role: avinetworks.docker
      docker_storage_driver: devicemapper
      docker_storage_opts:
        - "dm.directlvm_device=/dev/sdb"
        - "dm.basesize=25GB"

tasks for devicemapper will automatically try to create the volume manually and there is no possibility to disable it.

Almalinux support

Will be a plan to include almalinux in this role?

thanks