Modernize the way of configuring Docker daemon

Instead of changing Docker daemon command line let's change config for Docker instead. In /etc/docker/daemon.json file as it should be. Custom Docker options can be set with 'docker_custom_config' variable. Old 'docker_custom_option' is still present but should be avoided. Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com> Change-Id: I1215e04ec15b01c0b43bac8c0e81293f6724f278

Modernize the way of configuring Docker daemon
a5808ad8 · Marcin Juszkiewicz · 8661599b · a5808ad8 · a5808ad8 · a5808ad8
Commit a5808ad8 authored 5 years ago by Marcin Juszkiewicz
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -97,8 +97,8 @@ docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
 docker_runtime_directory: ""

 # Retention settings for Docker logs
-docker_log_max_file: 5
-docker_log_max_size: 50m
+docker_log_max_file: "5"
+docker_log_max_size: "50m"

 # Valid options are [ no, on-failure, always, unless-stopped ]
 docker_restart_policy: "unless-stopped"
@@ -108,7 +108,9 @@ docker_restart_policy_retry: "10"

 # Extra docker options for Zun
 docker_configure_for_zun: "no"
-docker_zun_options: -H fd:// -H tcp://{{ api_interface_address }}:2375 --cluster-store=etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
+docker_zun_options: -H tcp://{{ api_interface_address }}:2375
+docker_zun_config:
+  cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}

 # Timeout after Docker sends SIGTERM before sending SIGKILL.
 docker_graceful_timeout: 60

--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -31,8 +31,8 @@ change_selinux: True
 selinux_state: "permissive"

 docker_storage_driver: ""
-
 docker_custom_option: ""
+docker_custom_config: {}

 # Ubuntu 18+ does not have easy_install available due to
 # https://bugs.launchpad.net/ubuntu/+source/python-setuptools/+bug/1774419.

--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -55,35 +55,83 @@
  become: True
  when: not create_kolla_user | bool

- name: Ensure docker service directory exists
+- name: Ensure docker config directory exists
  file:
-    path: /etc/systemd/system/docker.service.d
+    path: /etc/docker
    state: directory
-    recurse: yes
  become: True

- name: Check dockerd exists
-  stat: path=/usr/bin/dockerd
-  register: dockerd_exists
+- name: Merge Zun docker config
+  set_fact:
+    docker_config: "{{ docker_config | combine(docker_zun_config) }}"
+  when:
+    - docker_configure_for_zun | bool
+
+- name: Warn about deprecations
+  debug:
+    msg: >
+      docker_custom_option is deprecated in favor of docker_custom_config
+  when: docker_custom_option

- name: Setting docker daemon name
+- name: Setup docker insecure registries
+  vars:
+    registries: ["{{ docker_registry }}"]
  set_fact:
-    docker_binary_name: "dockerd"
+    docker_config: "{{ docker_config | combine({'insecure-registries': registries}) }}"
+  when: docker_registry_insecure | bool
+
+- name: Setup docker storage driver
+  set_fact:
+    docker_config: "{{ docker_config | combine({'storage-driver': docker_storage_driver}) }}"
+  when: docker_storage_driver
+
+- name: Setup docker runtime directory
+  set_fact:
+    docker_config: "{{ docker_config | combine({'data-root': docker_runtime_directory}) }}"
+  when: docker_runtime_directory
+
+- name: Merge custom docker config
+  set_fact:
+    docker_config: "{{ docker_config | combine(docker_custom_config) }}"
+
+- name: Write docker config
+  become: True
+  copy:
+    content: "{{ docker_config | to_nice_json }}"
+    dest: /etc/docker/daemon.json
+    mode: 0644
+  register: docker_configured
+
+- name: Remove old docker options file
+  become: True
+  file:
+    path: /etc/systemd/system/docker.service.d/kolla.conf
+    state: absent
  when:
-    dockerd_exists.stat.exists == True
+    - not docker_custom_option
+    - not docker_configure_for_zun|bool
+
+- name: Ensure docker service directory exists
+  become: True
+  file:
+    path: /etc/systemd/system/docker.service.d
+    state: directory
+    recurse: yes
+  when: docker_custom_option or docker_configure_for_zun|bool

 - name: Configure docker service
  become: True
  template:
    src: docker_systemd_service.j2
    dest: /etc/systemd/system/docker.service.d/kolla.conf
-  register: docker_configured
+  when: docker_custom_option or docker_configure_for_zun|bool

 - name: Reload docker service file
  become: True
  systemd:
    name: docker
    daemon_reload: yes
+  register: docker_reloaded

 - name: Get stat of libvirtd apparmor profile
  stat:
@@ -122,7 +170,7 @@
    name: docker
    state: restarted
  become: True
-  when: docker_configured.changed
+  when: docker_configured.changed or docker_reloaded.changed

 - name: Enable docker
  service:

--- a/ansible/roles/baremetal/templates/docker_systemd_service.j2
+++ b/ansible/roles/baremetal/templates/docker_systemd_service.j2
 [Service]
 ExecStart=
-ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %} --log-opt max-file={{ docker_log_max_file }} --log-opt max-size={{ docker_log_max_size }}
+# ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems.
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %}
--- a/ansible/roles/baremetal/vars/main.yml
+++ b/ansible/roles/baremetal/vars/main.yml
+---
+docker_config:
+  log-opts:
+    max-file: "{{ docker_log_max_file }}"
+    max-size: "{{ docker_log_max_size }}"
--- a/doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
+++ b/doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
@@ -162,7 +162,7 @@ The ``docker_storage_driver`` variable is optional. If set, it defines the
 use for Docker.

 The ``docker_runtime_directory`` variable is optional. If set, it defines the
-runtime (``--graph``) directory for Docker.
+runtime (``data-root``) directory for Docker.

 The ``docker_registry`` variable, which is not set by default, defines the
 address of the Docker registry. If the variable is not set, Dockerhub will be
@@ -178,8 +178,16 @@ maximum number of log files to retain per container. The
 ``docker_log_max_size`` variable, which defaults to ``50m``, defines the
 maximum size of each rotated log file per container.

-The ``docker_custom_option`` variable is optional. If set, it defines
-additional options to pass to the Docker engine via the Systemd unit file.
+Additional options for the Docker engine can be passed in
+``docker_custom_config`` variable. It will be stored in ``daemon.json`` config
+file. Example:
+
+.. code-block:: json
+
+    {
+        "experimental": false
+    }
+

 Disabling firewalls
 ~~~~~~~~~~~~~~~~~~~

--- a/releasenotes/notes/docker-daemon.json-33d7618aa5a355a8.yaml
+++ b/releasenotes/notes/docker-daemon.json-33d7618aa5a355a8.yaml
+---
+features:
+  - |
+    Add custom option for docker daemon by altering "docker_custom_config"
+    variable (json formatted).
+
+upgrade:
+  - |
+    Docker engine configuration changes are now done in
+    "/etc/docker/daemon.json" file instead of altering systemd unit (which
+    gets removed if present). Also "docker_custom_option" got replaced by
+    "docker_custom_config" variable (json formatted).
+
+deprecations:
+  - |
+    Configuring Docker daemon by "docker_custom_option" (used in systemd unit
+    file) is deprecated in favour of "docker_custom_config" variable (stored in
+    "daemon.json" config file.
--- a/tests/templates/globals-default.j2
+++ b/tests/templates/globals-default.j2
@@ -29,7 +29,6 @@ docker_namespace: "kolla"
 # will be the source of images during the upgrade.
 # NOTE(yoctozepto): this is required here for CI because we run templating
 # of docker systemd command only once, using the previous release when upgrading
-# also note: atm upgrade would conflict with the zun profile which uses this var
 docker_custom_option: "--insecure-registry {{ api_interface_address }}:4000"
 {% endif %}
 {% if not is_previous_release %}