shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
							---
- name: Get current installed Docker version
  command: "{{ repoquery_installed }} --qf '%{version}' docker"
  when: not openshift.common.is_atomic | bool
  register: curr_docker_version
  retries: 4
  until: curr_docker_version | succeeded
  changed_when: false

- name: Error out if Docker pre-installed but too old
  fail:
    msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined

- name: Error out if requested Docker is too old
  fail:
    msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required."
  when: docker_version is defined and docker_version | version_compare('1.9.1', '<')

# If a docker_version was requested, sanity check that we can install or upgrade to it, and
# no downgrade is required.
- name: Fail if Docker version requested but downgrade is required
  fail:
    msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>')

# This involves an extremely slow migration process, users should instead run the
# Docker 1.10 upgrade playbook to accomplish this.
- name: Error out if attempting to upgrade Docker across the 1.10 boundary
  fail:
    msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=')

# Make sure Docker is installed, but does not update a running version.
# Docker upgrades are handled by a separate playbook.
# Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed.
- name: Install Docker
  package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
  when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != ''
  register: result
  until: result | success

- block:
  # Extend the default Docker service unit file when using iptables-services
  - name: Ensure docker.service.d directory exists
    file:
      path: "{{ docker_systemd_dir }}"
      state: directory

  - name: Configure Docker service unit file
    template:
      dest: "{{ docker_systemd_dir }}/custom.conf"
      src: custom.conf.j2
    notify:
    - restart container runtime
  when: not (os_firewall_use_firewalld | default(False)) | bool

- stat: path=/etc/sysconfig/docker
  register: docker_check

- name: Set registry params
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^{{ item.reg_conf_var }}=.*$'
    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
  when:
  - item.reg_fact_val != []
  - docker_check.stat.isreg is defined
  - docker_check.stat.isreg
  with_items:
  - reg_conf_var: ADD_REGISTRY
    reg_fact_val: "{{ l2_docker_additional_registries }}"
    reg_flag: --add-registry
  - reg_conf_var: BLOCK_REGISTRY
    reg_fact_val: "{{ l2_docker_blocked_registries }}"
    reg_flag: --block-registry
  - reg_conf_var: INSECURE_REGISTRY
    reg_fact_val: "{{ l2_docker_insecure_registries }}"
    reg_flag: --insecure-registry
  notify:
  - restart container runtime

- name: Place additional/blocked/insecure registries in /etc/containers/registries.conf
  template:
    dest: "{{ containers_registries_conf_path }}"
    src: registries.conf
  when: openshift_docker_use_etc_containers | bool
  notify:
  - restart container runtime

- name: Set Proxy Settings
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^{{ item.reg_conf_var }}=.*$'
    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
    state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
  with_items:
  - reg_conf_var: HTTP_PROXY
    reg_fact_val: "{{ docker_http_proxy }}"
  - reg_conf_var: HTTPS_PROXY
    reg_fact_val: "{{ docker_https_proxy }}"
  - reg_conf_var: NO_PROXY
    reg_fact_val: "{{ docker_no_proxy }}"
  notify:
  - restart container runtime
  when:
  - docker_check.stat.isreg is defined
  - docker_check.stat.isreg
  - docker_http_proxy != '' or docker_https_proxy != ''

- name: Set various Docker options
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^OPTIONS=.*$'
    line: "OPTIONS='\
      {% if ansible_selinux.status | default(None) == 'enabled' and openshift_docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \
      {% if openshift_docker_log_driver | bool %} --log-driver {{ openshift_docker_log_driver }}{% endif %} \
      {% if l2_docker_log_options != [] %} {{ l2_docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \
      {% if openshift_docker_hosted_registry_insecure and (openshift_docker_hosted_registry_network | bool) %} --insecure-registry={{ openshift_docker_hosted_registry_network }} {% endif %} \
      {% if docker_options is defined %} {{ docker_options }}{% endif %} \
      {% if openshift_docker_options %} {{ openshift_docker_options }}{% endif %} \
      {% if openshift_docker_disable_push_dockerhub %} --confirm-def-push={{ openshift_docker_disable_push_dockerhub | bool }}{% endif %} \
      --signature-verification={{ openshift_docker_signature_verification | bool }}'"
  when: docker_check.stat.isreg is defined and docker_check.stat.isreg
  notify:
  - restart container runtime

- stat: path=/etc/sysconfig/docker-network
  register: sysconfig_docker_network_check

- name: Configure Docker Network OPTIONS
  lineinfile:
    dest: /etc/sysconfig/docker-network
    regexp: '^DOCKER_NETWORK_OPTIONS=.*$'
    line: "DOCKER_NETWORK_OPTIONS='\
      {% if openshift.node is defined and openshift.node.sdn_mtu is defined %} --mtu={{ openshift.node.sdn_mtu }}{% endif %}'"
  when:
  - sysconfig_docker_network_check.stat.isreg is defined
  - sysconfig_docker_network_check.stat.isreg
  notify:
  - restart container runtime

# The following task is needed as the systemd module may report a change in
# state even though docker is already running.
- name: Detect if docker is already started
  command: "systemctl show docker -p ActiveState"
  changed_when: False
  register: r_docker_already_running_result

- name: Start the Docker service
  systemd:
    name: docker
    enabled: yes
    state: started
    daemon_reload: yes
  register: r_docker_package_docker_start_result
  until: not r_docker_package_docker_start_result | failed
  retries: 3
  delay: 30

- set_fact:
    docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}"

- meta: flush_handlers

# This needs to run after docker is restarted to account for proxy settings.
- include_tasks: registry_auth.yml