实例学习Ansible系列：安装docker服务

这篇文章介绍一下使用Ansible安装node节点的docker服务的方法。

所用到的Ansible基础知识：

template模块用于设定证书的csr文件
copy模块用于拷贝文件并设定权限
shell模块用于执行命令
file模块可以用于创建目录
register/until/retries/delay可用于确认服务启动等常见场景，并实现sleep+retry的功能

前提条件：需要flannel启动状态

创建docker服务的基础知识

主要是与flannel如何结合使用的点需要注意在systemd的service文件中：

• 通过flannel的环境变量设定文件读取DOCKER_NETWORK_OPTIONS
• 启动时指定DOCKER_NETWORK_OPTIONS
• 镜像加速指定了registry-mirror
• selinux-enabled指定为了false

示例代码

- name: create dirs for docker
  file:
    path: "{{ item }}"
    state: directory
  with_items:
    - "{{ var_docker_dir_bin }}"

- name: copy docker to install dir
  copy:
    src: "{{ item }}"
    dest: "{{ var_docker_dir_bin }}"
    mode: "{{ var_default_bin_mode }}"
  with_items:
    - "{{ var_src_docker }}/dockerd"
    - "{{ var_src_docker }}/containerd"
    - "{{ var_src_docker }}/containerd-shim"
    - "{{ var_src_docker }}/ctr"
    - "{{ var_src_docker }}/docker"
    - "{{ var_src_docker }}/docker-init"
    - "{{ var_src_docker }}/docker-proxy"
    - "{{ var_src_docker }}/runc"

- name: create docker service file
  template:
    src: "{{ var_template_docker_service }}"
    dest: "{{ var_docker_service }}"

- name: systemctl enable docker service
  shell: "systemctl enable docker"

- name: start docker service
  shell: "systemctl daemon-reload \
          && systemctl restart docker"

- name: confirm docer service state
  shell: "systemctl status docker.service|grep Active"
  register: ret_docker_status
  until: '"running" in ret_docker_status.stdout'
  retries: "{{ var_retry_max }}"
  delay: "{{ var_delay_cnt }}"

执行示例

[root@host131 ansible]# ansible-playbook docker/tests/test.yml 

PLAY [localhost] ************************************************************************************************************************************

TASK [docker : create dirs for docker] **************************************************************************************************************
ok: [localhost] => (item=/usr/local/bin)

TASK [docker : copy docker to install dir] **********************************************************************************************************
ok: [localhost] => (item=/tmp/binary/docker/dockerd)
ok: [localhost] => (item=/tmp/binary/docker/containerd)
ok: [localhost] => (item=/tmp/binary/docker/containerd-shim)
ok: [localhost] => (item=/tmp/binary/docker/ctr)
changed: [localhost] => (item=/tmp/binary/docker/docker)
ok: [localhost] => (item=/tmp/binary/docker/docker-init)
ok: [localhost] => (item=/tmp/binary/docker/docker-proxy)
ok: [localhost] => (item=/tmp/binary/docker/runc)

TASK [docker : create docker service file] **********************************************************************************************************
changed: [localhost]

TASK [docker : systemctl enable docker service] *****************************************************************************************************
changed: [localhost]

TASK [docker : start docker service] ****************************************************************************************************************
changed: [localhost]

TASK [docker : confirm docer service state] *********************************************************************************************************
changed: [localhost]

PLAY RECAP ******************************************************************************************************************************************
localhost                  : ok=6    changed=5    unreachable=0    failed=0   

[root@host131 ansible]# 
由于之前二进制文件在clean的role中没有删除干净，Ansible的copy模块的幂等性保证了已经存在的情况下不再执行。通过ip addr可以确认docker0和flannel在同一网段
[root@host131 ansible]# ip addr show flannel.1 
3: flannel.1:  mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 4a:93:5b:03:10:01 brd ff:ff:ff:ff:ff:ff
    inet 10.254.40.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
[root@host131 ansible]# ip addr show docker0
4: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:8f:da:b1:ea brd ff:ff:ff:ff:ff:ff
    inet 10.254.40.1/21 brd 10.254.47.255 scope global docker0
       valid_lft forever preferred_lft forever
[root@host131 ansible]# 
[root@host131 ansible]# docker version
Client: Docker Engine - Community
 Version:           18.09.7
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        2d0083d
 Built:             Thu Jun 27 17:54:15 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.7
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       2d0083d
  Built:            Thu Jun 27 18:01:17 2019
  OS/Arch:          linux/amd64
  Experimental:     false
[root@host131 ansible]# 

ansible vs shell

和Shell脚本的比较可以参看，因为本系列示例主要用于说明类似功能使用Ansible如何实现，详细的K8S相关的设定可参看：

• https://liumiaocn.blog.csdn.net/article/details/88843105

代码路径

• https://github.com/liumiaocn/easypack/tree/master/k8s/ansible

其他Ansible内容

• https://liumiaocn.blog.csdn.net/article/details/87273800