Install docker 18.06

group_vars/k8s

@@ -11,5 +11,5 @@ harden_linux_ufw_rules:
   - rule: "allow"
     to_port: "7000"
     protocol: "udp"
-docker_version: "17.03.2-ce"
+docker_version: 18.06.*
 

k8s.yml

@@ -3,6 +3,8 @@
   roles:
     - role: proxy
       tags: proxy
+    - role: docker
+      tags: docker
 #- hosts: localhost
 #  become: yes
 #  gather_facts: no

roles/docker/defaults/main.yml

@@ -0,0 +1,7 @@
+docker_apt_key: https://download.docker.com/linux/ubuntu/gpg
+docker_apt_repository: https://download.docker.com/linux/ubuntu
+# Choose 'edge' 'stable' or 'testing' for docker channel
+docker_apt_channel: stable
+# Docker daemon config file
+docker_daemon_config: /etc/docker/daemon.json
+docker_version: 17.03.*

roles/docker/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: reload systemd
+  command: systemctl daemon-reload
+
+- name: restart docker
+  systemd:
+    name: docker
+    state: restarted
+
+

roles/docker/tasks/main.yml

@@ -0,0 +1,93 @@
+---
+- name: Docker installation for Ubuntu distribution
+  block:
+
+  - name: Ensure docker packages are not present
+    apt:
+      state: absent
+      name: ['docker', 'docker-engine', 'docker.io']
+
+  - name: Install docker package dependencies
+    apt:
+      state: latest
+      name: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common']
+      update_cache: yes
+      cache_valid_time: 86400
+    register: result
+    retries: 3
+    until: result is success
+
+  - name: Adding Docker official gpg key
+    apt_key:
+      url: "{{ docker_apt_key }}"
+      state: present
+
+  - name: Setting Docker repository depending on arch
+    set_fact:
+      docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}"
+    when: ansible_architecture == item.system_arch
+    with_items:
+      - { system_arch: 'x86_64', apt_arch: 'amd64' }
+      - { system_arch: 'arm', apt_arch: 'armhf' }
+
+  - name: Printing Docker repository
+    debug:
+      var: docker_repository
+
+  - name: Adding Docker repository
+    apt_repository:
+      repo: "{{ docker_repository }}"
+      state: present
+      filename: 'docker'
+
+  # TODO fix this - fails when ip route is using tun0 in scaleway
+  - name: Explictly create docker0
+    shell: |
+      ip link add name docker0 type bridge || true
+      ip addr add dev docker0 172.17.0.1/16 || true
+
+  - name: Install docker-ce
+    apt:
+      name: docker-ce={{ docker_version }}
+      update_cache: yes
+    register: result
+    retries: 3
+    until: result is success
+
+  - name: Pin docker-ce release
+    copy:
+      dest: /etc/apt/preferences.d/docker-ce
+      content: |
+        Package: docker-ce
+        Pin: version {{ docker_version }}
+        Pin-Priority: 1002
+
+  - name: Fixing systemd unit for Docker config file
+    template:
+      src: docker.service.j2
+      dest: /lib/systemd/system/docker.service
+    notify: reload systemd
+
+  - name: Create docker config directory
+    file:
+      path: /etc/docker
+      mode: 0700
+      recurse: yes
+
+  - name: Templating /etc/docker/daemon.json
+    template:
+      src: daemon.json.j2
+      dest: /etc/docker/daemon.json
+    notify: restart docker
+
+  - name: Flushing handlers 2
+    meta: flush_handlers
+
+  - name: Getting Docker version
+    shell: "docker --version"
+    register: docker_version
+
+  - name: Printing Docker version
+    debug: var=docker_version
+
+  when: ansible_distribution == "Ubuntu"

roles/docker/templates/daemon.json.j2

@@ -0,0 +1,3 @@
+{
+  "experimental": true
+}

roles/docker/templates/docker.service.j2

@@ -0,0 +1,37 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network-online.target docker.socket firewalld.service
+Wants=network-online.target
+Requires=docker.socket
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd --config-file {{ docker_daemon_config }} -H fd://
+ExecReload=/bin/kill -s HUP $MAINPID
+LimitNOFILE=1048576
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
+# Uncomment TasksMax if your systemd version supports it.
+# Only systemd 226 and above support this version.
+TasksMax=infinity
+TimeoutStartSec=0
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+# restart the docker process if it exits prematurely
+Restart=on-failure
+StartLimitBurst=3
+StartLimitInterval=60s
+Environment="NO_PROXY=https://cp-par1.scaleway.com,https://cp-ams1.scaleway.com,https://account.scaleway.com,http://169.254.42.42,192.168.66.0/24"
+Environment="DOCKER_OPTS=--iptables=false --ip-masq=false"
+
+[Install]
+WantedBy=multi-user.target
+