---
- hosts: 10.0.0.33
vars:
- dockerver: "19.03.15"
- dockersrc: "http://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/docker-{{dockerver}}.tgz"
- dockerdir: "/usr/bin"
- dockerdatadir: /data/docker
tasks:
- name: remove packs
apt:
name:
- docker
- docker-engine
- docker.io
state: absent
- name: download docker and unarchive
unarchive: remote_src=yes src={{dockersrc}} dest=/usr/local
register: var1
until: var1 is succeeded
retries: 5
- name: copy binary
shell: /bin/cp -a /usr/local/docker/* {{dockerdir}}
- name: group add
group: name=docker system=yes
- name: user add
user: name=deployer append=yes groups=docker shell=/bin/bash
- name: generate container.service
copy:
content: |
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart={{dockerdir}}/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
dest: /lib/systemd/system/containerd.service
- name: generate docker.socket
copy:
content: |
[Unit]
Description=Docker Socket for the API PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
dest: /lib/systemd/system/docker.socket
- name: generate docker.service
copy:
content: |
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart={{dockerdir}}/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
dest: /lib/systemd/system/docker.service
- name: make dir /etc/docker
file: state=directory path=/etc/docker
- name: generate config json
copy:
content: |
{
"registry-mirrors": ["https://dw5xdjrm.mirror.aliyuncs.com"],
"data-root": "/data/docker",
"insecure-registries": ["10.0.0.84"]
}
dest: /etc/docker/daemon.json
- name: make docker data dir
file: state=directory recurse=yes path=/data/docker owner=root group=root
- name: start dockerd
service: name=docker state=started enabled=yes
329
08-22
“相关推荐”对你有帮助么?
-
非常没帮助 -
没帮助 -
一般 -
有帮助 -
非常有帮助
提交
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
