From 1f97e908e74bfe45583b136adf761e64b543fbb5 Mon Sep 17 00:00:00 2001 From: Administrator Date: Fri, 21 Nov 2025 07:47:33 +0000 Subject: [PATCH] Update file main.yml --- roles/base_setup/tasks/main.yml | 100 +++++++++++++++++++++----------- 1 file changed, 66 insertions(+), 34 deletions(-) diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml index ddab720..52b6c0e 100644 --- a/roles/base_setup/tasks/main.yml +++ b/roles/base_setup/tasks/main.yml @@ -19,7 +19,72 @@ autoclean: yes become: yes -- name: Configure sysctl parameters for Docker compatibility +# ========== Fix Docker runc version ========== +- name: Check current runc version + command: runc --version + register: runc_version_check + ignore_errors: yes + changed_when: false + become: yes + +- name: Download and update runc to v1.2.4 if needed + block: + - name: Download runc v1.2.4 + get_url: + url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64 + dest: /tmp/runc.amd64 + mode: '0755' + become: yes + + - name: Stop docker service + systemd: + name: docker + state: stopped + become: yes + + - name: Backup existing runc + command: mv /usr/bin/runc /usr/bin/runc.bak + args: + creates: /usr/bin/runc.bak + become: yes + + - name: Install new runc + copy: + src: /tmp/runc.amd64 + dest: /usr/bin/runc + remote_src: yes + mode: '0755' + become: yes + + - name: Start docker service + systemd: + name: docker + state: started + become: yes + + - name: Clean up temporary runc file + file: + path: /tmp/runc.amd64 + state: absent + become: yes + + - name: Verify new runc version + command: runc --version + register: new_runc_version + become: yes + + - name: Show runc update result + debug: + msg: "runc updated to version: {{ new_runc_version.stdout }}" + become: yes + + when: + - runc_version_check is failed or + "'1.2.4' not in runc_version_check.stdout" + - ansible_architecture == "x86_64" + become: yes + +- name: Disable IPv6 via sysctl sysctl: name: "{{ item.name }}" value: "{{ item.value }}" @@ -29,40 +94,7 @@ loop: - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } - - { name: 'net.ipv4.ip_forward', value: '1' } - - { name: 'net.ipv4.ip_unprivileged_port_start', value: '0' } - - { name: 'vm.max_map_count', value: '262144' } - - { name: 'fs.inotify.max_user_instances', value: '8192' } - - { name: 'fs.inotify.max_user_watches', value: '524288' } become: yes - notify: reload sysctl - -- name: Configure Docker daemon - copy: - content: | - { - "exec-opts": ["native.cgroupdriver=systemd"], - "log-driver": "json-file", - "log-opts": { - "max-size": "100m" - }, - "storage-driver": "overlay2", - "userland-proxy": false, - "iptables": true, - "ipv6": false, - "default-ulimits": { - "nofile": { - "Name": "nofile", - "Hard": 65536, - "Soft": 65536 - } - } - } - dest: /etc/docker/daemon.json - mode: '0644' - become: yes - when: ansible_facts.services['docker.service'] is defined or ansible_facts.services['docker.service'] is defined - notify: restart docker - name: Ensure /root/.bashrc exists file: