zailon/olimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update file main.yml

Browse Source
This commit is contained in:
Administrator 2025-11-21 07:47:33 +00:00
parent 2e9fa4b9f4
commit 1f97e908e7
1 changed files with 66 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
roles/base_setup/tasks/main.yml
View File

@ -19,7 +19,72 @@
autoclean: yes autoclean: yes
become: yes become: yes
- name: Configure sysctl parameters for Docker compatibility # ========== Fix Docker runc version ==========
- name: Check current runc version
command: runc --version
register: runc_version_check
ignore_errors: yes
changed_when: false
become: yes
- name: Download and update runc to v1.2.4 if needed
block:
- name: Download runc v1.2.4
get_url:
url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64
dest: /tmp/runc.amd64
mode: '0755'
become: yes
- name: Stop docker service
systemd:
name: docker
state: stopped
become: yes
- name: Backup existing runc
command: mv /usr/bin/runc /usr/bin/runc.bak
args:
creates: /usr/bin/runc.bak
become: yes
- name: Install new runc
copy:
src: /tmp/runc.amd64
dest: /usr/bin/runc
remote_src: yes
mode: '0755'
become: yes
- name: Start docker service
systemd:
name: docker
state: started
become: yes
- name: Clean up temporary runc file
file:
path: /tmp/runc.amd64
state: absent
become: yes
- name: Verify new runc version
command: runc --version
register: new_runc_version
become: yes
- name: Show runc update result
debug:
msg: "runc updated to version: {{ new_runc_version.stdout }}"
become: yes
when:
- runc_version_check is failed or
"'1.2.4' not in runc_version_check.stdout"
- ansible_architecture == "x86_64"
become: yes
- name: Disable IPv6 via sysctl
sysctl: sysctl:
name: "{{ item.name }}" name: "{{ item.name }}"
value: "{{ item.value }}" value: "{{ item.value }}"
@ -29,40 +94,7 @@
loop: loop:
- { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }
- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
- { name: 'net.ipv4.ip_forward', value: '1' }
- { name: 'net.ipv4.ip_unprivileged_port_start', value: '0' }
- { name: 'vm.max_map_count', value: '262144' }
- { name: 'fs.inotify.max_user_instances', value: '8192' }
- { name: 'fs.inotify.max_user_watches', value: '524288' }
become: yes become: yes
notify: reload sysctl
- name: Configure Docker daemon
copy:
content: |
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"userland-proxy": false,
"iptables": true,
"ipv6": false,
"default-ulimits": {
"nofile": {
"Name": "nofile",
"Hard": 65536,
"Soft": 65536
}
}
}
dest: /etc/docker/daemon.json
mode: '0644'
become: yes
when: ansible_facts.services['docker.service'] is defined or ansible_facts.services['docker.service'] is defined
notify: restart docker
- name: Ensure /root/.bashrc exists - name: Ensure /root/.bashrc exists
file: file: