From 58de8b571821aeb664e86b0e0dfc658e745fe3aa Mon Sep 17 00:00:00 2001 From: Maciej Delmanowski Date: Sat, 12 Jan 2019 20:10:06 +0100 Subject: [PATCH] [debops.docker] Drop custom 'docker.service' unit The 'debops.docker' role will not maintain its own custom 'docker.service' systemd unit file anymore, to avoid rapid changes in the Docker upstream. Instead, required changes will be configured using the unit override files. --- ansible/roles/debops.docker/tasks/main.yml | 44 +++----------- .../execstart-override.conf.j2 | 8 +++ .../etc/systemd/system/docker.service.j2 | 59 ------------------- 3 files changed, 16 insertions(+), 95 deletions(-) create mode 100644 ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.d/execstart-override.conf.j2 delete mode 100644 ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.j2 diff --git a/ansible/roles/debops.docker/tasks/main.yml b/ansible/roles/debops.docker/tasks/main.yml index dbe13c89e9..53d14df2f2 100644 --- a/ansible/roles/debops.docker/tasks/main.yml +++ b/ansible/roles/debops.docker/tasks/main.yml @@ -20,25 +20,14 @@ update_cache: True when: docker__upstream|d() | bool -- name: Make sure that systemd directory exists - file: - path: '/etc/systemd/system' - state: 'directory' - owner: 'root' - group: 'root' - mode: '0755' - when: ansible_service_mgr == 'systemd' - tags: [ 'role::docker:config' ] - -- name: Make sure that docker.service.d directory exists +- name: Make sure that docker.service.d override directory exists file: path: '/etc/systemd/system/docker.service.d' state: 'directory' owner: 'root' group: 'root' mode: '0755' - when: (ansible_service_mgr == 'systemd' and - (docker__env_http_proxy is defined or docker__env_https_proxy is defined)) + when: ansible_service_mgr == 'systemd' tags: [ 'role::docker:config' ] - name: Remove other version if upstream is modified @@ -156,41 +145,24 @@ tags: [ 'role::docker:config' ] when: (ansible_service_mgr == 'systemd' and docker__register_version.stdout is version_compare('1.10', '>=')) -- name: Install Debian systemd service unit +- name: Configure Docker systemd overrides template: - src: 'etc/systemd/system/docker.service.j2' - dest: '/etc/systemd/system/docker.service' + src: 'etc/systemd/system/docker.service.d/{{ item }}.j2' + dest: '/etc/systemd/system/docker.service.d/{{ item }}' owner: 'root' group: 'root' mode: '0644' - register: docker__register_systemd_service + loop: [ 'execstart-override.conf', 'http-proxy.conf' ] + register: docker__register_systemd_overrides notify: ['Restart docker' ] when: ansible_service_mgr == 'systemd' tags: [ 'role::docker:config' ] -- name: Configure Docker proxy - template: - src: 'etc/systemd/system/docker.service.d/http-proxy.conf.j2' - dest: '/etc/systemd/system/docker.service.d/http-proxy.conf' - owner: 'root' - group: 'root' - mode: '0644' - register: docker__register_systemd_proxy_present - notify: ['Restart docker' ] - when: (ansible_service_mgr == 'systemd' and - (docker__env_http_proxy is defined or docker__env_https_proxy is defined)) - tags: [ 'role::docker:config' ] - - name: Reload systemd daemons systemd: daemon_reload: True when: (ansible_service_mgr == 'systemd' and - ((docker__register_systemd_service|d() and - docker__register_systemd_service is changed) or - (docker__register_systemd_proxy_present|d() and - docker__register_systemd_proxy_present is changed) or - (docker__register_systemd_proxy_absent|d() and - docker__register_systemd_proxy_absent is changed))) + docker__register_systemd_overrides is changed) tags: [ 'role::docker:config' ] - name: Add specified users to 'docker' group diff --git a/ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.d/execstart-override.conf.j2 b/ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.d/execstart-override.conf.j2 new file mode 100644 index 0000000000..0073a6d978 --- /dev/null +++ b/ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.d/execstart-override.conf.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +# Override the default ExecStart= option that comes with the upstream Docker +# systemd unit. The socket configuration is specified in the 'daemon.json' +# configuration file. +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd diff --git a/ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.j2 b/ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.j2 deleted file mode 100644 index 65e5b89c08..0000000000 --- a/ansible/roles/debops.docker/templates/etc/systemd/system/docker.service.j2 +++ /dev/null @@ -1,59 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -{% if docker__register_version.stdout is version('18.09', '>=') %} -BindsTo=containerd.service -{% else %} -Requires=docker.socket -{% endif %} -After=network-online.target firewalld.service -Wants=network-online.target - -[Service] -Type=notify -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -{% if docker__register_version.stdout is version('1.12', '>=') %} -ExecStart=/usr/bin/dockerd {{ docker__options | join(" ") }} -{% elif docker__register_version.stdout is version('1.10', '>=') %} -ExecStart=/usr/bin/docker daemon {{ docker__options | join(" ") }} -{% else %} -EnvironmentFile=-/etc/default/docker -ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS -{% endif %} -ExecReload=/bin/kill -s HUP $MAINPID -TimeoutSec=0 -RestartSec=2 -Restart=always - -# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. -# Both the old, and new location are accepted by systemd 229 and up, so using the old location -# to make them work for either version of systemd. -StartLimitBurst=3 - -# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. -# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make -# this option work for either version of systemd. -StartLimitInterval=60s - -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity - -# Comment TasksMax if your systemd version does not supports it. -# Only systemd 226 and above support this option. -TasksMax=infinity - -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes - -# kill only the docker process, not all processes in the cgroup -KillMode=process - -[Install] -WantedBy=multi-user.target