fix: add socket file and daemon configs

vexxhost · Nov 23, 2023 · f950faf · f950faf
1 parent de46b22
commit f950faf
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 9 deletions.
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
@@ -39,7 +39,10 @@ docker_state_dir: /run/docker
 docker_oom_score: 0
 
 docker_debug_level: "info"
-docker_max_log_size: -1
+docker_max_log_size: "50m"
+docker_max_log_file: "5"
+docker_use_iptables: "false"
+docker_ip_forward: "false"
 
 docker_limit_proc_num: "infinity"
 docker_limit_core: "infinity"

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
@@ -44,6 +44,21 @@
   notify:
     - Restart docker
 
+- name: Install "iptables" package
+  ansible.builtin.package:
+    name: iptables
+    state: present
+  when: docker_use_iptables | bool
+
+- name: Create systemd socket file for docker
+  ansible.builtin.template:
+    src: docker.socket.j2
+    dest: /usr/lib/systemd/system/docker.socket
+    mode: "0644"
+  notify:
+    - Reload systemd
+    - Restart docker
+
 - name: Create docker config file
   ansible.builtin.template:
     src: daemon.json.j2

diff --git a/roles/docker/templates/daemon.json.j2 b/roles/docker/templates/daemon.json.j2
@@ -1,10 +1,22 @@
 {
- "log-driver": "json-file",
- "log-opts": {
-   "max-size": {{ docker_max_log_size }}
- },
- "exec-root": "{{ docker_state_dir }}",
- "data-root": "{{ docker_storage_dir }}",
- "log-level": "{{ docker_debug_level | default('info') }}",
- "oom-score-adjust": {{ docker_oom_score }}
+    "log-driver": "json-file",
+    "exec-root": "{{ docker_state_dir }}",
+    "data-root": "{{ docker_storage_dir }}",
+    "log-level": "{{ docker_debug_level | default('info') }}",
+    "oom-score-adjust": {{ docker_oom_score }},
+    "bridge": "none",
+    "default-ulimits": {
+        "nofile": {
+            "hard": 1048576,
+            "name": "nofile",
+            "soft": 1048576
+        }
+    },
+    "ip-forward": {{ docker_ip_forward }},
+    "iptables": {{ docker_use_iptables }},
+    "live-restore": true,
+    "log-opts": {
+        "max-file": "{{ docker_max_log_file }}",
+        "max-size": "{{ docker_max_log_size }}"
+    }
 }
diff --git a/roles/docker/templates/docker.socket.j2 b/roles/docker/templates/docker.socket.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Docker Socket for the API
+
+[Socket]
+# If /var/run is not implemented as a symlink to /run, you may need to
+# specify ListenStream=/var/run/docker.sock instead.
+ListenStream=/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=root
+
+[Install]
+WantedBy=sockets.target