Update file main.yml

2025-11-21 07:47:33 +00:00 · 2025-11-21 07:47:33 +00:00 · 1f97e908e7
commit 1f97e908e7
parent 2e9fa4b9f4
1 changed files with 66 additions and 34 deletions
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@ -19,7 +19,72 @@
    autoclean: yes
  become: yes

- name: Configure sysctl parameters for Docker compatibility
+# ========== Fix Docker runc version ==========
+- name: Check current runc version
+  command: runc --version
+  register: runc_version_check
+  ignore_errors: yes
+  changed_when: false
+  become: yes
+
+- name: Download and update runc to v1.2.4 if needed
+  block:
+    - name: Download runc v1.2.4
+      get_url:
+        url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64
+        dest: /tmp/runc.amd64
+        mode: '0755'
+      become: yes
+
+    - name: Stop docker service
+      systemd:
+        name: docker
+        state: stopped
+      become: yes
+
+    - name: Backup existing runc
+      command: mv /usr/bin/runc /usr/bin/runc.bak
+      args:
+        creates: /usr/bin/runc.bak
+      become: yes
+
+    - name: Install new runc
+      copy:
+        src: /tmp/runc.amd64
+        dest: /usr/bin/runc
+        remote_src: yes
+        mode: '0755'
+      become: yes
+
+    - name: Start docker service
+      systemd:
+        name: docker
+        state: started
+      become: yes
+
+    - name: Clean up temporary runc file
+      file:
+        path: /tmp/runc.amd64
+        state: absent
+      become: yes
+
+    - name: Verify new runc version
+      command: runc --version
+      register: new_runc_version
+      become: yes
+
+    - name: Show runc update result
+      debug:
+        msg: "runc updated to version: {{ new_runc_version.stdout }}"
+      become: yes
+
+  when: 
+    - runc_version_check is failed or 
+      "'1.2.4' not in runc_version_check.stdout"
+    - ansible_architecture == "x86_64"
+  become: yes
+  
+- name: Disable IPv6 via sysctl
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
@ -29,40 +94,7 @@
  loop:
    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }
    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
-    - { name: 'net.ipv4.ip_forward', value: '1' }
-    - { name: 'net.ipv4.ip_unprivileged_port_start', value: '0' }
-    - { name: 'vm.max_map_count', value: '262144' }
-    - { name: 'fs.inotify.max_user_instances', value: '8192' }
-    - { name: 'fs.inotify.max_user_watches', value: '524288' }
  become: yes
-  notify: reload sysctl
-
- name: Configure Docker daemon
-  copy:
-    content: |
-      {
-        "exec-opts": ["native.cgroupdriver=systemd"],
-        "log-driver": "json-file",
-        "log-opts": {
-          "max-size": "100m"
-        },
-        "storage-driver": "overlay2",
-        "userland-proxy": false,
-        "iptables": true,
-        "ipv6": false,
-        "default-ulimits": {
-          "nofile": {
-            "Name": "nofile",
-            "Hard": 65536,
-            "Soft": 65536
-          }
-        }
-      }
-    dest: /etc/docker/daemon.json
-    mode: '0644'
-  become: yes
-  when: ansible_facts.services['docker.service'] is defined or ansible_facts.services['docker.service'] is defined
-  notify: restart docker

 - name: Ensure /root/.bashrc exists
  file: