当前位置：首页 > news >正文

Docker自动化部署与配置详解③

news 2025/10/28 8:33:10

目录结构

docker/
├── tasks/
│   └── main.yml
├── templates/
│   ├── daemon.json.j2
│   └── docker.service.j2
└── vars/└── main.yml

1. `tasks/main.yml`

- name: 获取是否已经安装 dockershell: 'systemctl is-active docker || echo "NoFound"'register: docker_svc- name: 获取 docker 版本信息shell: "{{ base_dir }}/bin/docker-bin/dockerd --version|cut -d' ' -f3"register: docker_verconnection: localrun_once: truetags: upgrade_docker, download_docker- name: debug infodebug: var="docker_ver"connection: localrun_once: truetags: upgrade_docker, download_docker- name: 转换 docker 版本信息为浮点数set_fact:DOCKER_VER: "{{ docker_ver.stdout.split('.')[0]|int + docker_ver.stdout.split('.')[1]|int/100 }}"connection: localrun_once: truetags: upgrade_docker, download_docker- name: 已安装提示debug:msg: "docker 服务已安装"when: "'NoFound' not in docker_svc.stdout"- block:- name: 准备 docker 相关目录file:name: "{{ item }}"state: directoryloop:- "{{ bin_dir }}"- "/etc/docker"- name: 下载 docker 二进制文件copy:src: "{{ item }}"dest: "{{ bin_dir }}/"mode: '0755'with_fileglob:- "{{ base_dir }}/bin/docker-bin/*"tags: upgrade_docker, download_docker- name: 配置 docker daemontemplate:src: daemon.json.j2dest: /etc/docker/daemon.json- name: 创建 docker 的 systemd unit 文件template:src: docker.service.j2dest: /etc/systemd/system/docker.servicetags: upgrade_docker, download_docker- name: 开机启用 docker 服务shell: systemctl enable dockerignore_errors: true- name: 开启 docker 服务shell: systemctl daemon-reload && systemctl restart dockertags: upgrade_docker- name: 轮询等待 docker 服务运行shell: "systemctl is-active docker.service"register: docker_statusuntil: '"active" in docker_status.stdout'retries: 8delay: 2tags: upgrade_docker# 配置 docker 命令软链接，方便单独安装 docker- name: 配置 docker 命令软链接file:src: "{{ bin_dir }}/docker"dest: /usr/bin/dockerstate: linkignore_errors: truewhen: "'NoFound' in docker_svc.stdout"

2. `templates`

2.1 `daemon.json.j2`

{"data-root": "{{ DOCKER_STORAGE_DIR }}","exec-opts": ["native.cgroupdriver={{ CGROUP_DRIVER }}"],
{% if ENABLE_MIRROR_REGISTRY %}"registry-mirrors": ["https://docker.nju.edu.cn/","https://kuamavit.mirror.aliyuncs.com"],
{% endif %}
{% if DOCKER_ENABLE_REMOTE_API %}"hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"],
{% endif %}"insecure-registries": [{{ INSECURE_REG_STRING }}],"max-concurrent-downloads": 10,"live-restore": true,"log-driver": "json-file","log-level": "warn","log-opts": {"max-size": "50m","max-file": "1"},"storage-driver": "overlay2"
}

2.2 `docker.service.j2`

[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io[Service]
Environment="PATH={{ bin_dir }}:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart={{ bin_dir }}/dockerd 
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process[Install]
WantedBy=multi-user.target

3. `vars/main.yml`

# cgroup driver
CGROUP_DRIVER: "{%- if DOCKER_VER|float >= 20.10 -%} \systemd \{%- else -%} \cgroupfs \{%- endif -%}"#
INSECURE_REG_STR: "{% for reg in INSECURE_REG %}\"{{ reg }}\",{% endfor %}"
INSECURE_REG_STRING: "{{ INSECURE_REG_STR.rstrip(',') }}"

查看全文

http://www.dtcms.com/a/536500.html