diff options
Diffstat (limited to 'roles/docker')
-rw-r--r-- | roles/docker/README.md | 2 | ||||
-rw-r--r-- | roles/docker/tasks/package_docker.yml | 2 | ||||
-rw-r--r-- | roles/docker/tasks/systemcontainer_docker.yml | 9 | ||||
-rw-r--r-- | roles/docker/templates/daemon.json | 59 | ||||
-rw-r--r-- | roles/docker/templates/systemcontainercustom.conf.j2 | 2 |
5 files changed, 20 insertions, 54 deletions
diff --git a/roles/docker/README.md b/roles/docker/README.md index f25ca03cd..4a9f21f22 100644 --- a/roles/docker/README.md +++ b/roles/docker/README.md @@ -3,6 +3,8 @@ Docker Ensures docker package or system container is installed, and optionally raises timeout for systemd-udevd.service to 5 minutes. +daemon.json items may be found at https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file + Requirements ------------ diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 10fb5772c..e101730d2 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -46,7 +46,7 @@ template: dest: "{{ docker_systemd_dir }}/custom.conf" src: custom.conf.j2 - when: not os_firewall_use_firewalld | default(True) | bool + when: not os_firewall_use_firewalld | default(False) | bool - stat: path=/etc/sysconfig/docker register: docker_check diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index b0d0632b0..a461c479a 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -114,6 +114,15 @@ dest: "{{ docker_systemd_dir }}/custom.conf" src: systemcontainercustom.conf.j2 +# Set local versions of facts that must be in json format for daemon.json +# NOTE: When jinja2.9+ is used the daemon.json file can move to using tojson +- set_fact: + l_docker_insecure_registries: "{{ docker_insecure_registries | default([]) | to_json }}" + l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}" + l_docker_additional_registries: "{{ docker_additional_registries | default([]) | to_json }}" + l_docker_blocked_registries: "{{ docker_blocked_registries | default([]) | to_json }}" + l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}" + # Configure container-engine using the daemon.json file - name: Configure Container Engine template: diff --git a/roles/docker/templates/daemon.json b/roles/docker/templates/daemon.json index 30a1b30f4..c607e6afe 100644 --- a/roles/docker/templates/daemon.json +++ b/roles/docker/templates/daemon.json @@ -1,66 +1,21 @@ - { - "api-cors-header": "", "authorization-plugins": ["rhel-push-plugin"], - "bip": "", - "bridge": "", - "cgroup-parent": "", - "cluster-store": "", - "cluster-store-opts": {}, - "cluster-advertise": "", - "debug": true, - "default-gateway": "", - "default-gateway-v6": "", "default-runtime": "oci", - "containerd": "/var/run/containerd.sock", - "default-ulimits": {}, + "containerd": "/run/containerd.sock", "disable-legacy-registry": false, - "dns": [], - "dns-opts": [], - "dns-search": [], "exec-opts": ["native.cgroupdriver=systemd"], - "exec-root": "", - "fixed-cidr": "", - "fixed-cidr-v6": "", - "graph": "", - "group": "", - "hosts": [], - "icc": false, - "insecure-registries": {{ docker_insecure_registries|default([]) }}, - "ip": "0.0.0.0", - "iptables": false, - "ipv6": false, - "ip-forward": false, - "ip-masq": false, - "labels": [], - "live-restore": true, + "insecure-registries": {{ l_docker_insecure_registries }}, {% if docker_log_driver is defined %} "log-driver": "{{ docker_log_driver }}", -{% endif %} - "log-level": "", - "log-opts": {{ docker_log_options|default({}) }}, - "max-concurrent-downloads": 3, - "max-concurrent-uploads": 5, - "mtu": 0, - "oom-score-adjust": -500, - "pidfile": "", - "raw-logs": false, - "registry-mirrors": [], +{%- endif %} + "log-opts": {{ l_docker_log_options }}, "runtimes": { "oci": { "path": "/usr/libexec/docker/docker-runc-current" } }, - "selinux-enabled": {{ docker_selinux_enabled|default(true) }}, - "storage-driver": "", - "storage-opts": [], - "tls": true, - "tlscacert": "", - "tlscert": "", - "tlskey": "", - "tlsverify": true, - "userns-remap": "", - "add-registry": {{ docker_additional_registries|default([]) }}, - "blocked-registries": {{ docker_blocked_registries|default([]) }}, + "selinux-enabled": {{ l_docker_selinux_enabled | lower }}, + "add-registry": {{ l_docker_additional_registries }}, + "block-registry": {{ l_docker_blocked_registries }}, "userland-proxy-path": "/usr/libexec/docker/docker-proxy-current" } diff --git a/roles/docker/templates/systemcontainercustom.conf.j2 b/roles/docker/templates/systemcontainercustom.conf.j2 index a4fb01d2b..1faad506a 100644 --- a/roles/docker/templates/systemcontainercustom.conf.j2 +++ b/roles/docker/templates/systemcontainercustom.conf.j2 @@ -10,7 +10,7 @@ ENVIRONMENT=HTTPS_PROXY={{ docker_http_proxy }} {%- if "no_proxy" in openshift.common %} ENVIRONMENT=NO_PROXY={{ docker_no_proxy }} {%- endif %} -{%- if os_firewall_use_firewalld|default(true) %} +{%- if os_firewall_use_firewalld|default(false) %} [Unit] Wants=iptables.service After=iptables.service |