From 44115530148069e200e3a5d92b00e981aaa6e824 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Mon, 24 Apr 2017 16:28:37 -0400 Subject: System container docker This change allows for the use of either the traditional package install of docker OR a system container install of docker. Two new inventory options, openshift_docker_use_system_container and openshift_docker_systemcontainer_image_registry_override, have been added which are be used to install with a system container. By default this option is commented out. One new fact has been added: - docker.service_name: docker by default, container-engine-docker for system container --- roles/docker/templates/daemon.json | 64 ++++++++++++++++++++++ .../docker/templates/systemcontainercustom.conf.j2 | 17 ++++++ 2 files changed, 81 insertions(+) create mode 100644 roles/docker/templates/daemon.json create mode 100644 roles/docker/templates/systemcontainercustom.conf.j2 (limited to 'roles/docker/templates') diff --git a/roles/docker/templates/daemon.json b/roles/docker/templates/daemon.json new file mode 100644 index 000000000..bd085d2be --- /dev/null +++ b/roles/docker/templates/daemon.json @@ -0,0 +1,64 @@ + +{ + "api-cors-header": "", + "authorization-plugins": ["rhel-push-plugin"], + "bip": "", + "bridge": "", + "cgroup-parent": "", + "cluster-store": "", + "cluster-store-opts": {}, + "cluster-advertise": "", + "debug": true, + "default-gateway": "", + "default-gateway-v6": "", + "default-runtime": "oci", + "containerd": "/var/run/containerd.sock", + "default-ulimits": {}, + "disable-legacy-registry": false, + "dns": [], + "dns-opts": [], + "dns-search": [], + "exec-opts": ["native.cgroupdriver=systemd"], + "exec-root": "", + "fixed-cidr": "", + "fixed-cidr-v6": "", + "graph": "", + "group": "", + "hosts": [], + "icc": false, + "insecure-registries": {{ docker_insecure_registries|default([]) }}, + "ip": "0.0.0.0", + "iptables": false, + "ipv6": false, + "ip-forward": false, + "ip-masq": false, + "labels": [], + "live-restore": true, + "log-driver": "{{ docker_log_driver }}", + "log-level": "", + "log-opts": {{ docker_log_options|default({}) }}, + "max-concurrent-downloads": 3, + "max-concurrent-uploads": 5, + "mtu": 0, + "oom-score-adjust": -500, + "pidfile": "", + "raw-logs": false, + "registry-mirrors": [], + "runtimes": { + "oci": { + "path": "/usr/libexec/docker/docker-runc-current" + } + }, + "selinux-enabled": {{ docker_selinux_enabled|default(true) }}, + "storage-driver": "", + "storage-opts": [], + "tls": true, + "tlscacert": "", + "tlscert": "", + "tlskey": "", + "tlsverify": true, + "userns-remap": "", + "add-registry": {{ docker_additional_registries|default([]) }}, + "blocked-registries": {{ docker_blocked_registries|defaukt([]) }}, + "userland-proxy-path": "/usr/libexec/docker/docker-proxy-current" +} diff --git a/roles/docker/templates/systemcontainercustom.conf.j2 b/roles/docker/templates/systemcontainercustom.conf.j2 new file mode 100644 index 000000000..a2cfed8a9 --- /dev/null +++ b/roles/docker/templates/systemcontainercustom.conf.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Service] +{%- if docker_http_proxy %} +ENVIRONMENT=HTTP_PROXY={{ docker_http_proxy }} +{%- endif -%} +{%- if docker_https_proxy %} +ENVIRONMENT=HTTPS_PROXY={{ docker_http_proxy }} +{%- endif -%} +{%- if docker_no_proxy %} +ENVIRONMENT=NO_PROXY={{ docker_no_proxy }} +{%- endif %} +{%- if os_firewall_use_firewalld|default(true) %} +[Unit] +Wants=iptables.service +After=iptables.service +{%- endif %} -- cgit v1.2.3