From 1db40cdf9cb25b446ffd15dfd1e3e6f178ae2257 Mon Sep 17 00:00:00 2001 From: Thedro Neely Date: Mon, 23 Mar 2020 16:42:44 -0400 Subject: tasks/docker: Move alpine bootstrap to common tasks --- roles/common/files/1-cgroup-docker.start | 20 ++++++++++++ roles/common/tasks/docker/alpine.yml | 31 ++++++++++++++++++ roles/docker-registry/main.yml | 55 ++++++++++++++++++++++++++++++++ roles/docker/alpine-registry.yml | 55 -------------------------------- roles/docker/alpine.yml | 31 ------------------ roles/docker/files/1-cgroup-docker.start | 20 ------------ 6 files changed, 106 insertions(+), 106 deletions(-) create mode 100644 roles/common/files/1-cgroup-docker.start create mode 100644 roles/common/tasks/docker/alpine.yml create mode 100644 roles/docker-registry/main.yml delete mode 100644 roles/docker/alpine-registry.yml delete mode 100644 roles/docker/alpine.yml delete mode 100644 roles/docker/files/1-cgroup-docker.start diff --git a/roles/common/files/1-cgroup-docker.start b/roles/common/files/1-cgroup-docker.start new file mode 100644 index 0000000..15c2172 --- /dev/null +++ b/roles/common/files/1-cgroup-docker.start @@ -0,0 +1,20 @@ +# https://forum.proxmox.com/threads/docker-daemon-running-in-alpine-container-solved.58999/ + +# remove dirs for failed mounts +rmdir /sys/fs/cgroup/cpu && rmdir /sys/fs/cgroup/cpuacct && rmdir /sys/fs/cgroup/net_cls && rmdir /sys/fs/cgroup/net_prio + +# mount missing cgroups (Ubuntu style) +mkdir "/sys/fs/cgroup/cpu,cpuacct" +mount -n -t cgroup -o "nodev,noexec,nosuid,cpu,cpuacct" "cpu,cpuacct" "/sys/fs/cgroup/cpu,cpuacct" +ln -s "cpu,cpuacct" /sys/fs/cgroup/cpu +ln -s "cpu,cpuacct" /sys/fs/cgroup/cpuacct + +mkdir "/sys/fs/cgroup/net_cls,net_prio" +mount -n -t cgroup -o "nodev,noexec,nosuid,net_cls,net_prio" "net_cls,net_prio" "/sys/fs/cgroup/net_cls,net_prio" +ln -s "net_cls,net_prio" /sys/fs/cgroup/net_cls +ln -s "net_cls,net_prio" /sys/fs/cgroup/net_prio + +# mount systemd cgroup (Alpine mounts openrc, but Docker requires systemd...) +# (based on hint at https://k9s.hatenablog.jp/entry/2019/06/16/075741) +mkdir /sys/fs/cgroup/systemd +mount -n -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd diff --git a/roles/common/tasks/docker/alpine.yml b/roles/common/tasks/docker/alpine.yml new file mode 100644 index 0000000..ce759a4 --- /dev/null +++ b/roles/common/tasks/docker/alpine.yml @@ -0,0 +1,31 @@ +--- +- name: Installing Docker + apk: + state: present + update_cache: yes + name: + - docker + - docker-py + +- name: Ensuring Docker has been started + service: + name: docker + state: started + enabled: yes + +- name: Copying cgroups mount script to local.d + copy: + src: ../../../common/files/1-cgroup-docker.start + dest: /etc/local.d/1-cgroup-docker.start + mode: '0700' + +- name: Ensuring local service has been started + service: + name: local + state: started + enabled: yes + +- name: Running hello-world test + docker_container: + name: hello-world + image: hello-world diff --git a/roles/docker-registry/main.yml b/roles/docker-registry/main.yml new file mode 100644 index 0000000..9143d7a --- /dev/null +++ b/roles/docker-registry/main.yml @@ -0,0 +1,55 @@ +--- +- name: Container Setup + + vars: + lxc_base: ansible-alpine3.11 + lxc_name: docker-registry + + import_playbook: ../common/tasks/lxc.yml + +- name: Installing Docker Registry on Alpine LXC Container + hosts: docker_registry + + vars_files: + - ../variables.yml + + tasks: + + - name: Including docker bootstrap for alpine + include: ../common/tasks/docker/alpine.yml + + - name: Creating docker registry folder + file: + path: /opt/docker/registry + state: directory + + - name: Working around docker registry not restarting after reboot + blockinfile: + path: /etc/local.d/2-docker-registry.start + block: | + while true; + do + [ -e /run/docker.sock ] && break; + sleep 3; + done + docker stop $(docker ps -aq); + docker container prune --force; + docker run -d \ + --publish=5000:5000 \ + --volume=/opt:/var/lib/registry \ + --env=REGISTRY_HTTP_SECRET={{ secret_key }} \ + --restart=always \ + --name=registry \ + registry:{{ docker_registry_version }} \ + create: yes + + - name: Setting rc.local executable + file: + path: /etc/local.d/2-docker-registry.start + mode: '0755' + + - name: Starting docker registry + service: + name: local + state: restarted + enabled: yes diff --git a/roles/docker/alpine-registry.yml b/roles/docker/alpine-registry.yml deleted file mode 100644 index 78091a8..0000000 --- a/roles/docker/alpine-registry.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Container Setup - - vars: - lxc_base: ansible-alpine3.11 - lxc_name: docker-registry - - import_playbook: ../common/tasks/lxc.yml - -- name: Install Docker Registry on Alpine LXC Container - hosts: docker_registry - - vars_files: - - ../variables.yml - - tasks: - - - name: Including docker bootstrap for alpine - include: alpine.yml - - - name: Creating docker registry folder - file: - path: /opt/docker/registry - state: directory - - - name: Working around docker registry not restarting after reboot - blockinfile: - path: /etc/local.d/2-docker-registry.start - block: | - while true; - do - [ -e /run/docker.sock ] && break; - sleep 3; - done - docker stop $(docker ps -aq); - docker container prune --force; - docker run -d \ - --publish=5000:5000 \ - --volume=/opt:/var/lib/registry \ - --env=REGISTRY_HTTP_SECRET={{ secret_key }} \ - --restart=always \ - --name=registry \ - registry:{{ docker_registry_version }} \ - create: yes - - - name: Setting rc.local executable - file: - path: /etc/local.d/2-docker-registry.start - mode: '0755' - - - name: Starting docker registry - service: - name: local - state: restarted - enabled: yes diff --git a/roles/docker/alpine.yml b/roles/docker/alpine.yml deleted file mode 100644 index cfb0e78..0000000 --- a/roles/docker/alpine.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Installing Docker - apk: - state: present - update_cache: yes - name: - - docker - - docker-py - -- name: Ensuring Docker has been started - service: - name: docker - state: started - enabled: yes - -- name: Copying cgroups mount script to local.d - copy: - src: 1-cgroup-docker.start - dest: /etc/local.d/1-cgroup-docker.start - mode: '0700' - -- name: Ensuring local service has been started - service: - name: local - state: started - enabled: yes - -- name: Running hello-world test - docker_container: - name: hello-world - image: hello-world diff --git a/roles/docker/files/1-cgroup-docker.start b/roles/docker/files/1-cgroup-docker.start deleted file mode 100644 index 15c2172..0000000 --- a/roles/docker/files/1-cgroup-docker.start +++ /dev/null @@ -1,20 +0,0 @@ -# https://forum.proxmox.com/threads/docker-daemon-running-in-alpine-container-solved.58999/ - -# remove dirs for failed mounts -rmdir /sys/fs/cgroup/cpu && rmdir /sys/fs/cgroup/cpuacct && rmdir /sys/fs/cgroup/net_cls && rmdir /sys/fs/cgroup/net_prio - -# mount missing cgroups (Ubuntu style) -mkdir "/sys/fs/cgroup/cpu,cpuacct" -mount -n -t cgroup -o "nodev,noexec,nosuid,cpu,cpuacct" "cpu,cpuacct" "/sys/fs/cgroup/cpu,cpuacct" -ln -s "cpu,cpuacct" /sys/fs/cgroup/cpu -ln -s "cpu,cpuacct" /sys/fs/cgroup/cpuacct - -mkdir "/sys/fs/cgroup/net_cls,net_prio" -mount -n -t cgroup -o "nodev,noexec,nosuid,net_cls,net_prio" "net_cls,net_prio" "/sys/fs/cgroup/net_cls,net_prio" -ln -s "net_cls,net_prio" /sys/fs/cgroup/net_cls -ln -s "net_cls,net_prio" /sys/fs/cgroup/net_prio - -# mount systemd cgroup (Alpine mounts openrc, but Docker requires systemd...) -# (based on hint at https://k9s.hatenablog.jp/entry/2019/06/16/075741) -mkdir /sys/fs/cgroup/systemd -mount -n -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd -- cgit v1.2.3