willzhang · January 7, 2020 02:23
diff --git a/ansible docker binary b/ansible docker binary
 [root@ansible1 templates]# cat main.yml
 - name: Check if docker is installed
  shell: 'systemctl status docker | grep running || echo "not running"'
  register: docker_status

 - name: fail info
  fail: msg="docker already installed!"
  when: '"active" in docker_status.stdout'

 - name: copy docker binary into /usr/bin
  copy:
    src: "{{ base_dir }}/bin/docker/{{ item }}"
    dest: /usr/bin
  with_items:
  - containerd
  - containerd-shim
  - ctr
  - docker
  - docker-init
  - docker-proxy
  - dockerd
  - runc  

 - name: distribute docker.service
  template:
    src: docker.service.j2
    dest: /usr/lib/systemd/system/docker.service

 - name: init docker to create folder /etc/docker
  systemd:
    name: docker
    state: restarted 
  
 - name: distribute docker config
  template:
    src: daemon.json.j2
    dest: /etc/docker/daemon.json

 - name: reload & restart docker
  systemd:
    name: docker
    daemon_reload: true
    enabled: true
    state: restarted

 - name: set sysctl
  sysctl:
    name: '{{ item }}'
    value: 1
    state: present
    reload: true
  with_items:
  - net.bridge.bridge-nf-call-iptables
  - net.bridge.bridge-nf-call-ip6tables


 [root@ansible1 templates]# cat daemon.json.j2 
 {
  "exec-opts": [
    "native.cgroupdriver=systemd"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "5"
  },
  "insecure-registries": [
      "{{ insecure-registry }}"
  ],
 {% if enable_mirror_registry %}
  "registry-mirrors": [
      "{{ reg_mirrors }}"
  ], 
 {% endif %}
  "storage-driver": "overlay2"
 }
 [root@ansible1 templates]# cat docker.service.j2 
 [Unit]
 Description=Docker Application Container Engine
 Documentation=https://docs.docker.com
 After=network.target

 [Service]
 Type=notify
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required
 # for containers run by docker
 ExecStart=/usr/bin/dockerd
 ExecReload=/bin/kill -s HUP $MAINPID
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
 LimitNOFILE=infinity
 LimitNPROC=infinity
 LimitCORE=infinity
 # Uncomment TasksMax if your systemd version supports it.
 # Only systemd 226 and above support this version.
 #TasksMax=infinity
 TimeoutStartSec=0
 # set delegate yes so that systemd does not reset the cgroups of docker containers
 Delegate=yes
 # kill only the docker process, not all processes in the cgroup
 KillMode=process

 [Install]
 WantedBy=multi-user.target
	[root@ansible1 templates]# cat main.yml
	- name: Check if docker is installed
	shell: 'systemctl status docker \| grep running \|\| echo "not running"'
	register: docker_status

	- name: fail info
	fail: msg="docker already installed!"
	when: '"active" in docker_status.stdout'

	- name: copy docker binary into /usr/bin
	copy:
	src: "{{ base_dir }}/bin/docker/{{ item }}"
	dest: /usr/bin
	with_items:
	- containerd
	- containerd-shim
	- ctr
	- docker
	- docker-init
	- docker-proxy
	- dockerd
	- runc

	- name: distribute docker.service
	template:
	src: docker.service.j2
	dest: /usr/lib/systemd/system/docker.service

	- name: init docker to create folder /etc/docker
	systemd:
	name: docker
	state: restarted

	- name: distribute docker config
	template:
	src: daemon.json.j2
	dest: /etc/docker/daemon.json

	- name: reload & restart docker
	systemd:
	name: docker
	daemon_reload: true
	enabled: true
	state: restarted

	- name: set sysctl
	sysctl:
	name: '{{ item }}'
	value: 1
	state: present
	reload: true
	with_items:
	- net.bridge.bridge-nf-call-iptables
	- net.bridge.bridge-nf-call-ip6tables


	[root@ansible1 templates]# cat daemon.json.j2
	{
	"exec-opts": [
	"native.cgroupdriver=systemd"
	],
	"log-driver": "json-file",
	"log-opts": {
	"max-size": "100m",
	"max-file": "5"
	},
	"insecure-registries": [
	"{{ insecure-registry }}"
	],
	{% if enable_mirror_registry %}
	"registry-mirrors": [
	"{{ reg_mirrors }}"
	],
	{% endif %}
	"storage-driver": "overlay2"
	}
	[root@ansible1 templates]# cat docker.service.j2
	[Unit]
	Description=Docker Application Container Engine
	Documentation=https://docs.docker.com
	After=network.target

	[Service]
	Type=notify
	# the default is not to use systemd for cgroups because the delegate issues still
	# exists and systemd currently does not support the cgroup feature set required
	# for containers run by docker
	ExecStart=/usr/bin/dockerd
	ExecReload=/bin/kill -s HUP $MAINPID
	# Having non-zero Limit*s causes performance problems due to accounting overhead
	# in the kernel. We recommend using cgroups to do container-local accounting.
	LimitNOFILE=infinity
	LimitNPROC=infinity
	LimitCORE=infinity
	# Uncomment TasksMax if your systemd version supports it.
	# Only systemd 226 and above support this version.
	#TasksMax=infinity
	TimeoutStartSec=0
	# set delegate yes so that systemd does not reset the cgroups of docker containers
	Delegate=yes
	# kill only the docker process, not all processes in the cgroup
	KillMode=process

	[Install]
	WantedBy=multi-user.target