summaryrefslogtreecommitdiffstats
path: root/roles/docker
diff options
context:
space:
mode:
Diffstat (limited to 'roles/docker')
-rw-r--r--roles/docker/README.md2
-rw-r--r--roles/docker/tasks/package_docker.yml2
-rw-r--r--roles/docker/tasks/systemcontainer_docker.yml9
-rw-r--r--roles/docker/templates/daemon.json59
-rw-r--r--roles/docker/templates/systemcontainercustom.conf.j22
5 files changed, 20 insertions, 54 deletions
diff --git a/roles/docker/README.md b/roles/docker/README.md
index f25ca03cd..4a9f21f22 100644
--- a/roles/docker/README.md
+++ b/roles/docker/README.md
@@ -3,6 +3,8 @@ Docker
Ensures docker package or system container is installed, and optionally raises timeout for systemd-udevd.service to 5 minutes.
+daemon.json items may be found at https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+
Requirements
------------
diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml
index 10fb5772c..e101730d2 100644
--- a/roles/docker/tasks/package_docker.yml
+++ b/roles/docker/tasks/package_docker.yml
@@ -46,7 +46,7 @@
template:
dest: "{{ docker_systemd_dir }}/custom.conf"
src: custom.conf.j2
- when: not os_firewall_use_firewalld | default(True) | bool
+ when: not os_firewall_use_firewalld | default(False) | bool
- stat: path=/etc/sysconfig/docker
register: docker_check
diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml
index b0d0632b0..a461c479a 100644
--- a/roles/docker/tasks/systemcontainer_docker.yml
+++ b/roles/docker/tasks/systemcontainer_docker.yml
@@ -114,6 +114,15 @@
dest: "{{ docker_systemd_dir }}/custom.conf"
src: systemcontainercustom.conf.j2
+# Set local versions of facts that must be in json format for daemon.json
+# NOTE: When jinja2.9+ is used the daemon.json file can move to using tojson
+- set_fact:
+ l_docker_insecure_registries: "{{ docker_insecure_registries | default([]) | to_json }}"
+ l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}"
+ l_docker_additional_registries: "{{ docker_additional_registries | default([]) | to_json }}"
+ l_docker_blocked_registries: "{{ docker_blocked_registries | default([]) | to_json }}"
+ l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}"
+
# Configure container-engine using the daemon.json file
- name: Configure Container Engine
template:
diff --git a/roles/docker/templates/daemon.json b/roles/docker/templates/daemon.json
index 30a1b30f4..c607e6afe 100644
--- a/roles/docker/templates/daemon.json
+++ b/roles/docker/templates/daemon.json
@@ -1,66 +1,21 @@
-
{
- "api-cors-header": "",
"authorization-plugins": ["rhel-push-plugin"],
- "bip": "",
- "bridge": "",
- "cgroup-parent": "",
- "cluster-store": "",
- "cluster-store-opts": {},
- "cluster-advertise": "",
- "debug": true,
- "default-gateway": "",
- "default-gateway-v6": "",
"default-runtime": "oci",
- "containerd": "/var/run/containerd.sock",
- "default-ulimits": {},
+ "containerd": "/run/containerd.sock",
"disable-legacy-registry": false,
- "dns": [],
- "dns-opts": [],
- "dns-search": [],
"exec-opts": ["native.cgroupdriver=systemd"],
- "exec-root": "",
- "fixed-cidr": "",
- "fixed-cidr-v6": "",
- "graph": "",
- "group": "",
- "hosts": [],
- "icc": false,
- "insecure-registries": {{ docker_insecure_registries|default([]) }},
- "ip": "0.0.0.0",
- "iptables": false,
- "ipv6": false,
- "ip-forward": false,
- "ip-masq": false,
- "labels": [],
- "live-restore": true,
+ "insecure-registries": {{ l_docker_insecure_registries }},
{% if docker_log_driver is defined %}
"log-driver": "{{ docker_log_driver }}",
-{% endif %}
- "log-level": "",
- "log-opts": {{ docker_log_options|default({}) }},
- "max-concurrent-downloads": 3,
- "max-concurrent-uploads": 5,
- "mtu": 0,
- "oom-score-adjust": -500,
- "pidfile": "",
- "raw-logs": false,
- "registry-mirrors": [],
+{%- endif %}
+ "log-opts": {{ l_docker_log_options }},
"runtimes": {
"oci": {
"path": "/usr/libexec/docker/docker-runc-current"
}
},
- "selinux-enabled": {{ docker_selinux_enabled|default(true) }},
- "storage-driver": "",
- "storage-opts": [],
- "tls": true,
- "tlscacert": "",
- "tlscert": "",
- "tlskey": "",
- "tlsverify": true,
- "userns-remap": "",
- "add-registry": {{ docker_additional_registries|default([]) }},
- "blocked-registries": {{ docker_blocked_registries|default([]) }},
+ "selinux-enabled": {{ l_docker_selinux_enabled | lower }},
+ "add-registry": {{ l_docker_additional_registries }},
+ "block-registry": {{ l_docker_blocked_registries }},
"userland-proxy-path": "/usr/libexec/docker/docker-proxy-current"
}
diff --git a/roles/docker/templates/systemcontainercustom.conf.j2 b/roles/docker/templates/systemcontainercustom.conf.j2
index a4fb01d2b..1faad506a 100644
--- a/roles/docker/templates/systemcontainercustom.conf.j2
+++ b/roles/docker/templates/systemcontainercustom.conf.j2
@@ -10,7 +10,7 @@ ENVIRONMENT=HTTPS_PROXY={{ docker_http_proxy }}
{%- if "no_proxy" in openshift.common %}
ENVIRONMENT=NO_PROXY={{ docker_no_proxy }}
{%- endif %}
-{%- if os_firewall_use_firewalld|default(true) %}
+{%- if os_firewall_use_firewalld|default(false) %}
[Unit]
Wants=iptables.service
After=iptables.service