From 8b5b27bb512dfc5186eb07ee64561890ea75b0d1 Mon Sep 17 00:00:00 2001 From: Chad Swenson Date: Fri, 4 Nov 2016 16:40:14 -0500 Subject: [PATCH] Docker Options Refactor --- inventory/group_vars/all.yml | 5 +- roles/docker/tasks/main.yml | 21 +++---- roles/docker/tasks/non-systemd.yml | 61 +++++++++++++++++++ roles/docker/tasks/systemd-proxies.yml | 9 --- roles/docker/tasks/systemd.yml | 24 ++++++++ roles/docker/templates/docker-options.conf.j2 | 2 + ...md-docker.service.j2 => docker.service.j2} | 13 +--- roles/docker/templates/http-proxy.conf.j2 | 1 - .../node/templates/kubelet-container.j2 | 2 +- roles/network_plugin/calico/tasks/main.yml | 13 ---- roles/network_plugin/calico/templates/docker | 2 - roles/network_plugin/flannel/tasks/main.yml | 41 +++++++++---- roles/network_plugin/flannel/templates/docker | 6 -- .../flannel/templates/docker-systemd | 2 - .../flannel/templates/flannel-options.conf.j2 | 2 + roles/network_plugin/weave/tasks/main.yml | 10 --- roles/network_plugin/weave/templates/docker | 2 - 17 files changed, 131 insertions(+), 85 deletions(-) create mode 100644 roles/docker/tasks/non-systemd.yml delete mode 100644 roles/docker/tasks/systemd-proxies.yml create mode 100644 roles/docker/tasks/systemd.yml create mode 100644 roles/docker/templates/docker-options.conf.j2 rename roles/docker/templates/{systemd-docker.service.j2 => docker.service.j2} (65%) delete mode 100644 roles/network_plugin/calico/templates/docker delete mode 100644 roles/network_plugin/flannel/templates/docker delete mode 100644 roles/network_plugin/flannel/templates/docker-systemd create mode 100644 roles/network_plugin/flannel/templates/flannel-options.conf.j2 delete mode 100644 roles/network_plugin/weave/templates/docker diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 229a0d314..f64cab5aa 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -148,11 +148,14 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') # https_proxy: "" # no_proxy: "" +# Path used to store Docker data +docker_daemon_graph: "/var/lib/docker" + ## A string of extra options to pass to the docker daemon. ## This string should be exactly as you wish it to appear. ## An obvious use case is allowing insecure-registry access ## to self hosted registries like so: -docker_options: "--insecure-registry={{ kube_service_addresses }}" +docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }}" # K8s image pull policy (imagePullPolicy) k8s_image_pull_policy: IfNotPresent diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1d237f5e9..c3bd842f3 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -62,20 +62,13 @@ with_items: "{{ docker_package_info.pkgs }}" when: (ansible_os_family != "CoreOS") and (docker_package_info.pkgs|length > 0) -- name: allow for proxies on systems using systemd - include: systemd-proxies.yml - when: ansible_service_mgr == "systemd" and - (http_proxy is defined or https_proxy is defined or no_proxy is defined) +- name: Set docker upstart and sysvinit config + include: non-systemd.yml + when: ansible_service_mgr in ["sysvinit","upstart"] -- name: Write docker.service systemd file - template: - src: systemd-docker.service.j2 - dest: /etc/systemd/system/docker.service - register: docker_service_file - notify: restart docker - when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS" - -- meta: flush_handlers +- name: Set docker systemd config + include: systemd.yml + when: ansible_service_mgr == "systemd" - name: ensure docker service is started and enabled service: @@ -83,4 +76,4 @@ enabled: yes state: started with_items: - - docker + - docker \ No newline at end of file diff --git a/roles/docker/tasks/non-systemd.yml b/roles/docker/tasks/non-systemd.yml new file mode 100644 index 000000000..48139e625 --- /dev/null +++ b/roles/docker/tasks/non-systemd.yml @@ -0,0 +1,61 @@ +--- +# This uses lineinfile instead of templates for idempotency in files that may be modified by different roles +- name: Set docker options config file path + set_fact: + docker_options_file: >- + {%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%} + +- name: Set docker options config variable name + set_fact: + docker_options_name: >- + {%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%} + +- name: Set docker options config value to be written + set_fact: + docker_options_value: '"{{ docker_options }} $DOCKER_NETWORK_OPTIONS $DOCKER_STORAGE_OPTIONS $INSECURE_REGISTRY"' + +- name: Set docker options config line to be written + set_fact: + docker_options_line: "{{ docker_options_name }}={{ docker_options_value }}" + +- name: Set docker proxy lines to be written + set_fact: + docker_proxy_lines: + - { name: "HTTP_PROXY", value: '"{{ http_proxy }}"' } + - { name: "HTTPS_PROXY", value: '"{{ https_proxy }}"' } + - { name: "NO_PROXY", value: '"{{ no_proxy }}"' } + +- name: Remove docker daemon proxy config lines that don't match desired lines + lineinfile: + dest: "{{ docker_options_file }}" + regexp: "^{{ item.name }}=(?!{{ item.value|regex_escape() }})" + state: absent + with_items: "{{ docker_proxy_lines|default([]) }}" + when: item.value is defined and (item.value | trim != '') + +- name: Write docker daemon proxy config lines + lineinfile: + dest: "{{ docker_options_file }}" + line: "{{ item.name }}={{ item.value }}" + owner: root + group: root + mode: 0644 + with_items: "{{ docker_proxy_lines|default([]) }}" + when: item.value is defined and (item.value | trim != '') + +- name: Remove docker daemon options lines that don't match desired line + lineinfile: + dest: "{{ docker_options_file }}" + regexp: "^(DOCKER_OPTS|OPTIONS|other_args)=(?!{{ docker_options_value|regex_escape() }})" + state: absent + +- name: Write docker daemon options line + lineinfile: + dest: "{{ docker_options_file }}" + line: "{{ docker_options_line }}" + owner: root + group: root + mode: 0644 + notify: restart docker + +- meta: flush_handlers \ No newline at end of file diff --git a/roles/docker/tasks/systemd-proxies.yml b/roles/docker/tasks/systemd-proxies.yml deleted file mode 100644 index 4bbc423c9..000000000 --- a/roles/docker/tasks/systemd-proxies.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: create docker service directory for systemd - file: path=/etc/systemd/system/docker.service.d state=directory - -- name: drop docker environment conf to enable proxy usage - template: - src: http-proxy.conf.j2 - dest: /etc/systemd/system/docker.service.d/http-proxy.conf - notify: restart docker diff --git a/roles/docker/tasks/systemd.yml b/roles/docker/tasks/systemd.yml new file mode 100644 index 000000000..e998979a6 --- /dev/null +++ b/roles/docker/tasks/systemd.yml @@ -0,0 +1,24 @@ +--- +- name: Create docker service systemd directory if it doesn't exist + file: path=/etc/systemd/system/docker.service.d state=directory + +- name: Write docker proxy drop-in + template: + src: http-proxy.conf.j2 + dest: /etc/systemd/system/docker.service.d/http-proxy.conf + when: http_proxy is defined or https_proxy is defined or no_proxy is defined + +- name: Write docker.service systemd file + template: + src: docker.service.j2 + dest: /etc/systemd/system/docker.service + register: docker_service_file + when: ansible_os_family != "CoreOS" + +- name: Write docker options systemd drop-in + template: + src: docker-options.conf.j2 + dest: "/etc/systemd/system/docker.service.d/docker-options.conf" + notify: restart docker + +- meta: flush_handlers \ No newline at end of file diff --git a/roles/docker/templates/docker-options.conf.j2 b/roles/docker/templates/docker-options.conf.j2 new file mode 100644 index 000000000..50356a9f4 --- /dev/null +++ b/roles/docker/templates/docker-options.conf.j2 @@ -0,0 +1,2 @@ +[Service] +Environment="DOCKER_OPTS={% if docker_options is defined %}{{ docker_options }}{% endif %}" diff --git a/roles/docker/templates/systemd-docker.service.j2 b/roles/docker/templates/docker.service.j2 similarity index 65% rename from roles/docker/templates/systemd-docker.service.j2 rename to roles/docker/templates/docker.service.j2 index b19b1caaf..60ab22194 100644 --- a/roles/docker/templates/systemd-docker.service.j2 +++ b/roles/docker/templates/docker.service.j2 @@ -11,24 +11,15 @@ Wants=docker.socket [Service] Type=notify -{% if ansible_os_family == "RedHat" %} -EnvironmentFile=-/etc/default/docker -EnvironmentFile=-/etc/sysconfig/docker -EnvironmentFile=-/etc/sysconfig/docker-network -EnvironmentFile=-/etc/sysconfig/docker-storage -{% elif ansible_os_family == "Debian" %} -EnvironmentFile=-/etc/default/docker -{% endif %} Environment=GOTRACEBACK=crash ExecReload=/bin/kill -s HUP $MAINPID Delegate=yes KillMode=process ExecStart=/usr/bin/docker daemon \ - $OPTIONS \ + $DOCKER_OPTS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ - $INSECURE_REGISTRY \ - $DOCKER_OPTS + $INSECURE_REGISTRY TasksMax=infinity LimitNOFILE=1048576 LimitNPROC=1048576 diff --git a/roles/docker/templates/http-proxy.conf.j2 b/roles/docker/templates/http-proxy.conf.j2 index 7e558837c..e79047771 100644 --- a/roles/docker/templates/http-proxy.conf.j2 +++ b/roles/docker/templates/http-proxy.conf.j2 @@ -1,3 +1,2 @@ [Service] - Environment={% if http_proxy %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy %}"NO_PROXY={{ no_proxy }}"{% endif %} diff --git a/roles/kubernetes/node/templates/kubelet-container.j2 b/roles/kubernetes/node/templates/kubelet-container.j2 index 2fcc7307f..9be8795a9 100644 --- a/roles/kubernetes/node/templates/kubelet-container.j2 +++ b/roles/kubernetes/node/templates/kubelet-container.j2 @@ -6,7 +6,7 @@ -v /etc/kubernetes:/etc/kubernetes \ -v /sys:/sys \ -v /dev:/dev \ --v /var/lib/docker:/var/lib/docker \ +-v {{ docker_daemon_graph }}:/var/lib/docker \ -v /var/run:/var/run \ -v /var/lib/kubelet:/var/lib/kubelet \ {{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \ diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml index 189c6f370..c67313208 100644 --- a/roles/network_plugin/calico/tasks/main.yml +++ b/roles/network_plugin/calico/tasks/main.yml @@ -5,19 +5,6 @@ dest: "/etc/cni/net.d/10-calico.conf" owner: kube -- name: Calico | Set docker daemon options - template: - src: docker - dest: "/etc/default/docker" - owner: root - group: root - mode: 0644 - notify: - - restart docker - when: ansible_os_family != "CoreOS" - -- meta: flush_handlers - - name: Calico | Create calico certs directory file: dest: "{{ calico_cert_dir }}" diff --git a/roles/network_plugin/calico/templates/docker b/roles/network_plugin/calico/templates/docker deleted file mode 100644 index 05d6f9535..000000000 --- a/roles/network_plugin/calico/templates/docker +++ /dev/null @@ -1,2 +0,0 @@ -# Deployed by Ansible -DOCKER_OPTS="{% if docker_options is defined %}{{ docker_options }}{% endif %}" diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml index 8581d2ce7..ebb2b693d 100644 --- a/roles/network_plugin/flannel/tasks/main.yml +++ b/roles/network_plugin/flannel/tasks/main.yml @@ -35,27 +35,42 @@ - set_fact: flannel_mtu: "{{ flannel_mtu_output.stdout }}" -- name: Flannel | Set docker daemon options - template: - src: docker - dest: "/etc/default/docker" +- set_fact: + docker_options_file: >- + {%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%} + +- set_fact: + docker_options_name: >- + {%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%} + +- set_fact: + docker_network_options: '"--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"' + +- name: Flannel | Remove non-systemd docker daemon network options that don't match desired line + lineinfile: + dest: "{{ docker_options_file }}" + regexp: "^DOCKER_NETWORK_OPTIONS=(?!{{ docker_network_options|regex_escape() }})" + state: absent + when: ansible_service_mgr in ["sysvinit","upstart"] + +- name: Flannel | Set non-systemd docker daemon network options + lineinfile: + dest: "{{ docker_options_file }}" + line: DOCKER_NETWORK_OPTIONS={{ docker_network_options }} + insertbefore: ^{{ docker_options_name }}= owner: root group: root mode: 0644 notify: - restart docker - when: ansible_os_family != "CoreOS" - -- name: Flannel | Create docker service path for CoreOS - file: path=/etc/systemd/system/docker.service.d state=directory - when: ansible_os_family == "CoreOS" + when: ansible_service_mgr in ["sysvinit","upstart"] -- name: Flannel | Create docker dropin for CoreOS +- name: Flannel | Create docker network systemd drop-in template: - src: docker-systemd + src: flannel-options.conf.j2 dest: "/etc/systemd/system/docker.service.d/flannel-options.conf" notify: - restart docker - when: ansible_os_family == "CoreOS" + when: ansible_service_mgr == "systemd" -- meta: flush_handlers +- meta: flush_handlers \ No newline at end of file diff --git a/roles/network_plugin/flannel/templates/docker b/roles/network_plugin/flannel/templates/docker deleted file mode 100644 index a0e2b052b..000000000 --- a/roles/network_plugin/flannel/templates/docker +++ /dev/null @@ -1,6 +0,0 @@ -# Deployed by Ansible -{% if (ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "Debian") or (ansible_os_family == "CoreOS") %} -DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }} {% if docker_options is defined %}{{ docker_options }}{% endif %}" -{% else %} -OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }} {% if docker_options is defined %}{{ docker_options }}{% endif %}" -{% endif %} diff --git a/roles/network_plugin/flannel/templates/docker-systemd b/roles/network_plugin/flannel/templates/docker-systemd deleted file mode 100644 index 8d7d6ad83..000000000 --- a/roles/network_plugin/flannel/templates/docker-systemd +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -Environment="DOCKER_OPTS=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }} {% if docker_options is defined %}{{ docker_options }}{% endif %}" diff --git a/roles/network_plugin/flannel/templates/flannel-options.conf.j2 b/roles/network_plugin/flannel/templates/flannel-options.conf.j2 new file mode 100644 index 000000000..62dcb1e41 --- /dev/null +++ b/roles/network_plugin/flannel/templates/flannel-options.conf.j2 @@ -0,0 +1,2 @@ +[Service] +Environment="DOCKER_NETWORK_OPTIONS=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml index 59cc1bf37..b9c00cd33 100644 --- a/roles/network_plugin/weave/tasks/main.yml +++ b/roles/network_plugin/weave/tasks/main.yml @@ -1,14 +1,4 @@ --- -- name: Set docker daemon options - template: - src: docker - dest: "/etc/default/docker" - owner: root - group: root - mode: 0644 - notify: - - restart docker - - name: Weave | Copy cni plugins from hyperkube command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/" register: cni_task_result diff --git a/roles/network_plugin/weave/templates/docker b/roles/network_plugin/weave/templates/docker deleted file mode 100644 index 05d6f9535..000000000 --- a/roles/network_plugin/weave/templates/docker +++ /dev/null @@ -1,2 +0,0 @@ -# Deployed by Ansible -DOCKER_OPTS="{% if docker_options is defined %}{{ docker_options }}{% endif %}"