Update (& fix) dockerd role.

2024-02-21 21:56:48 +01:00 · 2024-02-21 21:56:48 +01:00 · 4c3f1404a1
commit 4c3f1404a1
parent 853d1b20bb
2 changed files with 36 additions and 15 deletions
--- a/roles/dockerd/files/override.conf
+++ b/roles/dockerd/files/override.conf
@ -0,0 +1,3 @@
+[Service]
+Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
+Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
--- a/roles/dockerd/tasks/main.yml
+++ b/roles/dockerd/tasks/main.yml
@ -1,6 +1,7 @@
 - name: Make sure required packages are installed
  apt:
    name:
+      - dbus-user-session
      - docker.io
      - docker-compose
      - rootlesskit
@ -8,23 +9,26 @@
      - uidmap
  become: true

- name: Make sure system-wide Docker daemon is stopped & disabled
+- name: Make sure system-wide Docker daemon & socket are stopped & disabled
  service:
-    name: docker
+    name: "{{ item }}"
    state: stopped
    enabled: false
+  loop:
+    - docker
+    - docker.socket
  become: true

- name: Make sure system-wide Docker socket is stopped & disabled
-  service:
-    name: docker.socket
-    state: stopped
-    enabled: false
-  become: true
+- name: Get docker user service status
+  stat:
+    path: "{{ ansible_env['HOME'] }}/.config/systemd/user/docker.service"
+  register: dockerd_user_service_file_result

 - name: Run dockerd-rootless-setuptool.sh script
  command:
    cmd: /usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh install
+  # Don't run install script everytime
+  when: not dockerd_user_service_file_result.stat.exists

 - name: Make sure /usr/share/docker.io/contrib is in PATH variable
  lineinfile:
@ -43,21 +47,35 @@
    cmd: "loginctl enable-linger {{ ansible_env['USER'] }}"
  become: true

- name: "Create directory {{ ansible_env['HOME'] }}/.config/systemd/user/docker.service.d to override environment variables"
+- name: "Create directory {{ ansible_env['HOME'] }}/.config/systemd/user/docker.service.d"
  file:
    path: "{{ ansible_env['HOME'] }}/.config/systemd/user/docker.service.d"
    state: directory

- name: Add environment variables to Docker user service to use slirp4netns RootlessKit port driver, which enables source IP propagation
+# Set port driver to slirp4netns to enable source IP propagation, which is required for coturn to work.
+- name: "Copy systemd service override.conf to {{ ansible_env['HOME'] }}/.config/systemd/user/docker.service.d/override.conf"
  copy:
+    src: "{{ role_path }}/files/override.conf"
    dest: "{{ ansible_env['HOME'] }}/.config/systemd/user/docker.service.d/override.conf"
-    content: |
-      [Service]
-      Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
-      Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
+  register: dockerd_copy_override_conf_result
+
+- name: Edit some sysctl entries for Redis & Syncthing
+  sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+  loop:
+    - key: vm.overcommit_memory
+      value: 1
+    - key: net.core.wmem_max
+      value: 2500000
+    - key: net.core.rmem_max
+      value: 2500000
+  become: true

 - name: Start/restart & enable Docker user service
  service:
    name: docker
-    state: restarted
+    scope: user
+    # Restart only if config file(s) changed
+    state: "{{ (dockerd_copy_override_conf_result.changed) | ternary('restarted', 'started') }}"
    enabled: true