okd/roles/docker/tasks/main.yml

---
- name: Get current installed Docker version
  command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker"
  when: not openshift.common.is_atomic | bool
  register: curr_docker_version
  changed_when: false

- name: Error out if Docker pre-installed but too old
  fail:
    msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined

- name: Error out if requested Docker is too old
  fail:
    msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required."
  when: docker_version is defined and docker_version | version_compare('1.9.1', '<')

- name: Get latest available version of Docker
  command: >
    {{ repoquery_cmd }} --qf '%{version}' "docker"
  register: avail_docker_version
  failed_when: false
  changed_when: false
  when: docker_version is defined and not openshift.common.is_atomic | bool

# If a docker_version was requested, sanity check that we can install or upgrade to it, and
# no downgrade is required.
- name: Fail if Docker version requested but downgrade is required
  fail:
    msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>')

# This involves an extremely slow migration process, users should instead run the
# Docker 1.10 upgrade playbook to accomplish this.
- name: Error out if attempting to upgrade Docker across the 1.10 boundary
  fail:
    msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=')

# Make sure Docker is installed, but does not update a running version.
# Docker upgrades are handled by a separate playbook.
- name: Install Docker
  package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
  when: not openshift.common.is_atomic | bool

- block:
  # Extend the default Docker service unit file when using iptables-services
  - name: Ensure docker.service.d directory exists
    file:
      path: "{{ docker_systemd_dir }}"
      state: directory

  - name: Configure Docker service unit file
    template:
      dest: "{{ docker_systemd_dir }}/custom.conf"
      src: custom.conf.j2
  when: not os_firewall_use_firewalld | default(True) | bool

- include: udev_workaround.yml
  when: docker_udev_workaround | default(False) | bool

- stat: path=/etc/sysconfig/docker
  register: docker_check

- name: Set registry params
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^{{ item.reg_conf_var }}=.*$'
    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
  when: item.reg_fact_val != '' and docker_check.stat.isreg is defined and docker_check.stat.isreg
  with_items:
  - reg_conf_var: ADD_REGISTRY
    reg_fact_val: "{{ docker_additional_registries | default(None, true)}}"
    reg_flag: --add-registry
  - reg_conf_var: BLOCK_REGISTRY
    reg_fact_val: "{{ docker_blocked_registries| default(None, true) }}"
    reg_flag: --block-registry
  - reg_conf_var: INSECURE_REGISTRY
    reg_fact_val: "{{ docker_insecure_registries| default(None, true) }}"
    reg_flag: --insecure-registry
  notify:
  - restart docker

- name: Set Proxy Settings
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^{{ item.reg_conf_var }}=.*$'
    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
    state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
  with_items:
  - reg_conf_var: HTTP_PROXY
    reg_fact_val: "{{ docker_http_proxy | default('') }}"
  - reg_conf_var: HTTPS_PROXY
    reg_fact_val: "{{ docker_https_proxy | default('') }}"
  - reg_conf_var: NO_PROXY
    reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}"
  notify:
  - restart docker
  when:
  - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common'

- name: Set various Docker options
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^OPTIONS=.*$'
    line: "OPTIONS='\
      {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\
      {% if docker_log_driver is defined  %} --log-driver {{ docker_log_driver }}{% endif %}\
      {% if docker_log_options is defined %} {{ docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\
      {% if docker_options is defined %} {{ docker_options }}{% endif %}\
      {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'"
  when: docker_check.stat.isreg is defined and docker_check.stat.isreg
  notify:
  - restart docker

- name: Start the Docker service
  systemd:
    name: docker
    enabled: yes
    state: started
    daemon_reload: yes
  register: start_result

- set_fact:
    docker_service_status_changed: start_result | changed

- meta: flush_handlers