目录结构
docker/
├── tasks/
│ └── main.yml
├── templates/
│ ├── daemon.json.j2
│ └── docker.service.j2
└── vars/
└── main.yml1. tasks/main.yml
- name: 获取是否已经安装 docker
shell: 'systemctl is-active docker || echo "NoFound"'
register: docker_svc
- name: 获取 docker 版本信息
shell: "{{ base_dir }}/bin/docker-bin/dockerd --version|cut -d' ' -f3"
register: docker_ver
connection: local
run_once: true
tags: upgrade_docker, download_docker
- name: debug info
debug: var="docker_ver"
connection: local
run_once: true
tags: upgrade_docker, download_docker
- name: 转换 docker 版本信息为浮点数
set_fact:
DOCKER_VER: "{{ docker_ver.stdout.split('.')[0]|int + docker_ver.stdout.split('.')[1]|int/100 }}"
connection: local
run_once: true
tags: upgrade_docker, download_docker
- name: 已安装提示
debug:
msg: "docker 服务已安装"
when: "'NoFound' not in docker_svc.stdout"
- block:
- name: 准备 docker 相关目录
file:
name: "{{ item }}"
state: directory
loop:
- "{{ bin_dir }}"
- "/etc/docker"
- name: 下载 docker 二进制文件
copy:
src: "{{ item }}"
dest: "{{ bin_dir }}/"
mode: '0755'
with_fileglob:
- "{{ base_dir }}/bin/docker-bin/*"
tags: upgrade_docker, download_docker
- name: 配置 docker daemon
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
- name: 创建 docker 的 systemd unit 文件
template:
src: docker.service.j2
dest: /etc/systemd/system/docker.service
tags: upgrade_docker, download_docker
- name: 开机启用 docker 服务
shell: systemctl enable docker
ignore_errors: true
- name: 开启 docker 服务
shell: systemctl daemon-reload && systemctl restart docker
tags: upgrade_docker
- name: 轮询等待 docker 服务运行
shell: "systemctl is-active docker.service"
register: docker_status
until: '"active" in docker_status.stdout'
retries: 8
delay: 2
tags: upgrade_docker
# 配置 docker 命令软链接,方便单独安装 docker
- name: 配置 docker 命令软链接
file:
src: "{{ bin_dir }}/docker"
dest: /usr/bin/docker
state: link
ignore_errors: true
when: "'NoFound' in docker_svc.stdout"2. templates
2.1 daemon.json.j2
{
"data-root": "{{ DOCKER_STORAGE_DIR }}",
"exec-opts": ["native.cgroupdriver={{ CGROUP_DRIVER }}"],
{% if ENABLE_MIRROR_REGISTRY %}
"registry-mirrors": [
"https://docker.nju.edu.cn/",
"https://kuamavit.mirror.aliyuncs.com"
],
{% endif %}
{% if DOCKER_ENABLE_REMOTE_API %}
"hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"],
{% endif %}
"insecure-registries": [{{ INSECURE_REG_STRING }}],
"max-concurrent-downloads": 10,
"live-restore": true,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "50m",
"max-file": "1"
},
"storage-driver": "overlay2"
}2.2 docker.service.j2
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
[Service]
Environment="PATH={{ bin_dir }}:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart={{ bin_dir }}/dockerd
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target3. vars/main.yml
# cgroup driver
CGROUP_DRIVER: "{%- if DOCKER_VER|float >= 20.10 -%} \
systemd \
{%- else -%} \
cgroupfs \
{%- endif -%}"
#
INSECURE_REG_STR: "{% for reg in INSECURE_REG %}\"{{ reg }}\",{% endfor %}"
INSECURE_REG_STRING: "{{ INSECURE_REG_STR.rstrip(',') }}"