From 993c3d77ef90b026e3c0a8dbc3b8abcbdaa02207 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 24 Mar 2026 17:10:32 +0500 Subject: [PATCH] Update file main.yml --- roles/docker/tasks/main.yml | 277 ++++++++++++++++++------------------ 1 file changed, 136 insertions(+), 141 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 9607281..b1b7089 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,44 +1,4 @@ --- -# ============================================================================= -# DOCKER ROLE - roles/docker/tasks/main.yml -# ============================================================================= - -# ========== 1. Cleanup conflicting Docker configs ========== -- name: Remove conflicting Docker repository files - file: - path: "{{ item }}" - state: absent - loop: - - /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list - - /etc/apt/sources.list.d/docker-ce.list - - /etc/apt/sources.list.d/docker.list - become: yes - tags: [docker, deploy_docker] - -- name: Remove old Docker GPG keys - file: - path: "{{ item }}" - state: absent - loop: - - /etc/apt/keyrings/docker.gpg - - /etc/apt/keyrings/docker.asc - - /usr/share/keyrings/docker-archive-keyring.gpg - become: yes - tags: [docker, deploy_docker] - -- name: Clean apt cache - apt: - clean: yes - become: yes - tags: [docker, deploy_docker] - -- name: Clear apt lists cache (contents only, not directory) - shell: rm -rf /var/lib/apt/lists/* - become: yes - tags: [docker, deploy_docker] - ignore_errors: yes - -# ========== 2. Install Docker dependencies ========== - name: Install Docker dependencies apt: name: @@ -49,154 +9,87 @@ - lsb-release state: present update_cache: yes - become: yes - tags: [docker, deploy_docker] -# ========== 3. Setup GPG key ========== -- name: Create keyrings directory - file: - path: /etc/apt/keyrings - state: directory - mode: '0755' - become: yes - tags: [docker, deploy_docker] - -- name: Download Docker GPG key - get_url: +- name: Add Docker GPG key + apt_key: url: https://download.docker.com/linux/ubuntu/gpg - dest: /etc/apt/keyrings/docker.asc - mode: '0644' - force: yes - become: yes - tags: [docker, deploy_docker] + state: present -- name: Dearmor Docker GPG key - shell: gpg --dearmor -o /etc/apt/keyrings/docker.gpg /etc/apt/keyrings/docker.asc - args: - creates: /etc/apt/keyrings/docker.gpg - become: yes - tags: [docker, deploy_docker] - -- name: Set permissions on Docker GPG key - file: - path: /etc/apt/keyrings/docker.gpg - mode: 'a+r' - become: yes - tags: [docker, deploy_docker] - -# ========== 4. Add Docker repository ========== - name: Add Docker repository - copy: - content: | - deb [arch={{ ansible_architecture }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable - dest: /etc/apt/sources.list.d/docker.list - mode: '0644' - become: yes - tags: [docker, deploy_docker] + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + state: present -- name: Update apt cache after adding Docker repo - apt: - update_cache: yes - cache_valid_time: 0 - become: yes - tags: [docker, deploy_docker] - -# ========== 5. Install Docker packages ========== -- name: Install docker-ce and docker-ce-cli first +- name: Install Docker apt: name: - - "docker-ce={{ docker_ce_version }}" - - "docker-ce-cli={{ docker_ce_cli_version }}" + - docker-ce + - docker-ce-cli + - containerd.io state: present - allow_downgrade: yes - allow_change_held_packages: yes - become: yes - tags: [docker, deploy_docker] + update_cache: yes -- name: Install containerd.io (after docker-ce to preserve runc) +- name: Install Docker Compose apt: - name: "containerd.io={{ containerd_io_version }}" + name: docker-compose-plugin state: present - allow_downgrade: yes - allow_change_held_packages: yes - become: yes - notify: restart docker - tags: [docker, deploy_docker] -# ========== 6. Start Docker and configure user ========== - name: Start and enable Docker service systemd: name: docker state: started enabled: yes - daemon_reload: yes - become: yes - tags: [docker, deploy_docker] -- name: Wait for Docker socket to be available - wait_for: - path: /var/run/docker.sock - timeout: 30 - tags: [docker, deploy_docker] +- name: Wait for Docker to start + pause: + seconds: 5 -- name: Add admin user to docker group - user: - name: "{{ admin_user | default('zailon') }}" - groups: docker - append: yes - become: yes - tags: [docker, deploy_docker] - -# ========== 7. Verify installation ========== - name: Verify Docker installation command: docker --version register: docker_version changed_when: false - tags: [docker, deploy_docker] - name: Show Docker version debug: msg: "Docker version: {{ docker_version.stdout }}" - tags: [docker, deploy_docker] - name: Verify Docker Compose installation command: docker compose version register: docker_compose_version changed_when: false - tags: [docker, deploy_docker] - name: Show Docker Compose version debug: msg: "Docker Compose version: {{ docker_compose_version.stdout }}" - tags: [docker, deploy_docker] -- name: Test Docker with docker ps - command: docker ps - register: docker_ps_test - changed_when: false - tags: [docker, deploy_docker] - -- name: Show Docker containers - debug: - msg: "Docker is working! Containers: {{ docker_ps_test.stdout_lines | default(['none']) }}" - tags: [docker, deploy_docker] - -# ========== 8. Docker monitoring (optional) ========== -- name: Setup Docker monitoring for Node Exporter +- name: Setup Docker monitoring block: + - name: Create scripts directory + file: + path: /opt/scripts + state: directory + mode: '0755' + become: yes + - name: Deploy Docker metrics script copy: content: | #!/bin/bash + # Docker metrics script for Node Exporter textfile collector + OUTFILE="/var/lib/node_exporter/textfile_collector/docker_metrics.prom" + + # Get container counts TOTAL_CONTAINERS=$(docker ps -a -q 2>/dev/null | wc -l) RUNNING_CONTAINERS=$(docker ps -q 2>/dev/null | wc -l) EXITED_CONTAINERS=$((TOTAL_CONTAINERS - RUNNING_CONTAINERS)) + + # Write metrics in Prometheus format cat << EOF > $OUTFILE # HELP docker_containers_total Total number of Docker containers # TYPE docker_containers_total gauge docker_containers_total $TOTAL_CONTAINERS - # HELP docker_containers_running Number of running Docker containers + # HELP docker_containers_running Number of running Docker containers # TYPE docker_containers_running gauge docker_containers_running $RUNNING_CONTAINERS # HELP docker_containers_exited Number of exited Docker containers @@ -207,6 +100,36 @@ mode: '0755' become: yes + - name: Create systemd service for Docker metrics + copy: + content: | + [Unit] + Description=Docker metrics script + After=docker.service + + [Service] + User=root + ExecStart=/opt/scripts/docker_metrics.sh + dest: /etc/systemd/system/docker-metrics.service + mode: '0644' + become: yes + + - name: Create systemd timer for Docker metrics + copy: + content: | + [Unit] + Description=Run Docker metrics every 30 seconds + + [Timer] + OnBootSec=1min + OnUnitActiveSec=30s + + [Install] + WantedBy=timers.target + dest: /etc/systemd/system/docker-metrics.timer + mode: '0644' + become: yes + - name: Ensure Node Exporter textfile directory exists file: path: /var/lib/node_exporter/textfile_collector @@ -216,12 +139,84 @@ mode: '0755' become: yes - - name: Enable Docker metrics timer + - name: Enable and start Docker metrics timer systemd: name: docker-metrics.timer enabled: yes state: started daemon_reload: yes become: yes - when: enable_docker_monitoring | default(true) - tags: [docker, monitoring] \ No newline at end of file + + - name: Test Docker metrics script + command: /opt/scripts/docker_metrics.sh + register: metrics_test + changed_when: false + + - name: Show Docker metrics test result + debug: + var: metrics_test.stdout + +# ========== Fix Docker runc version ========== +- name: Check current runc version + command: runc --version + register: runc_version_check + ignore_errors: yes + changed_when: false + become: yes + +- name: Download and update runc to v1.2.4 if needed + block: + - name: Download runc v1.2.4 + get_url: + url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64 + dest: /tmp/runc.amd64 + mode: '0755' + become: yes + + - name: Stop docker service + systemd: + name: docker + state: stopped + become: yes + + - name: Backup existing runc + command: mv /usr/bin/runc /usr/bin/runc.bak + args: + creates: /usr/bin/runc.bak + become: yes + + - name: Install new runc + copy: + src: /tmp/runc.amd64 + dest: /usr/bin/runc + remote_src: yes + mode: '0755' + become: yes + + - name: Start docker service + systemd: + name: docker + state: started + become: yes + + - name: Clean up temporary runc file + file: + path: /tmp/runc.amd64 + state: absent + become: yes + + - name: Verify new runc version + command: runc --version + register: new_runc_version + become: yes + + - name: Show runc update result + debug: + msg: "runc updated to version: {{ new_runc_version.stdout }}" + become: yes + + when: + - runc_version_check is failed or + "'1.2.4' not in runc_version_check.stdout" + - ansible_architecture == "x86_64" + become: yes \ No newline at end of file