Last active
January 7, 2020 02:23
-
-
Save willzhang/10eeade0f65c9473a8012abbca2beaf5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@ansible1 templates]# cat main.yml | |
| - name: Check if docker is installed | |
| shell: 'systemctl status docker | grep running || echo "not running"' | |
| register: docker_status | |
| - name: fail info | |
| fail: msg="docker already installed!" | |
| when: '"active" in docker_status.stdout' | |
| - name: copy docker binary into /usr/bin | |
| copy: | |
| src: "{{ base_dir }}/bin/docker/{{ item }}" | |
| dest: /usr/bin | |
| with_items: | |
| - containerd | |
| - containerd-shim | |
| - ctr | |
| - docker | |
| - docker-init | |
| - docker-proxy | |
| - dockerd | |
| - runc | |
| - name: distribute docker.service | |
| template: | |
| src: docker.service.j2 | |
| dest: /usr/lib/systemd/system/docker.service | |
| - name: init docker to create folder /etc/docker | |
| systemd: | |
| name: docker | |
| state: restarted | |
| - name: distribute docker config | |
| template: | |
| src: daemon.json.j2 | |
| dest: /etc/docker/daemon.json | |
| - name: reload & restart docker | |
| systemd: | |
| name: docker | |
| daemon_reload: true | |
| enabled: true | |
| state: restarted | |
| - name: set sysctl | |
| sysctl: | |
| name: '{{ item }}' | |
| value: 1 | |
| state: present | |
| reload: true | |
| with_items: | |
| - net.bridge.bridge-nf-call-iptables | |
| - net.bridge.bridge-nf-call-ip6tables | |
| [root@ansible1 templates]# cat daemon.json.j2 | |
| { | |
| "exec-opts": [ | |
| "native.cgroupdriver=systemd" | |
| ], | |
| "log-driver": "json-file", | |
| "log-opts": { | |
| "max-size": "100m", | |
| "max-file": "5" | |
| }, | |
| "insecure-registries": [ | |
| "{{ insecure-registry }}" | |
| ], | |
| {% if enable_mirror_registry %} | |
| "registry-mirrors": [ | |
| "{{ reg_mirrors }}" | |
| ], | |
| {% endif %} | |
| "storage-driver": "overlay2" | |
| } | |
| [root@ansible1 templates]# cat docker.service.j2 | |
| [Unit] | |
| Description=Docker Application Container Engine | |
| Documentation=https://docs.docker.com | |
| After=network.target | |
| [Service] | |
| Type=notify | |
| # the default is not to use systemd for cgroups because the delegate issues still | |
| # exists and systemd currently does not support the cgroup feature set required | |
| # for containers run by docker | |
| ExecStart=/usr/bin/dockerd | |
| ExecReload=/bin/kill -s HUP $MAINPID | |
| # Having non-zero Limit*s causes performance problems due to accounting overhead | |
| # in the kernel. We recommend using cgroups to do container-local accounting. | |
| LimitNOFILE=infinity | |
| LimitNPROC=infinity | |
| LimitCORE=infinity | |
| # Uncomment TasksMax if your systemd version supports it. | |
| # Only systemd 226 and above support this version. | |
| #TasksMax=infinity | |
| TimeoutStartSec=0 | |
| # set delegate yes so that systemd does not reset the cgroups of docker containers | |
| Delegate=yes | |
| # kill only the docker process, not all processes in the cgroup | |
| KillMode=process | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment