ansible/roles/docker: install docuumosmith/wip-docuum

Change-Id: I640b1e607feca87e7a578946ae4b8332ce854ab1

6 files changed, 145 insertions, 1 deletions

diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml
index 2c03d90..3418577 100644
--- a/ansible/roles/docker/defaults/main.yml
+++ b/ansible/roles/docker/defaults/main.yml
@@ -2,3 +2,7 @@
 
 # Adds this user to the group docker which is allowed to access docker
 jenkins_user: jenkins
+
+# Keep amount of stored docker images below this size with docuum (OS#5099)
+# (Currently configured for x86_64 only)
+docker_max_space: "100 GB"
diff --git a/ansible/roles/docker/files/Dockerfile b/ansible/roles/docker/files/Dockerfile
new file mode 100644
index 0000000..85379c3
--- /dev/null
+++ b/ansible/roles/docker/files/Dockerfile
@@ -0,0 +1,31 @@
+ARG	REGISTRY=docker.io
+FROM	${REGISTRY}/alpine:3.15
+ARG	DOCKER_GID
+
+RUN	apk add \
+		cargo \
+		docker-cli
+
+# Create user and docker group with same group-id as on host system, create
+# /opt/docuum dir owned by user
+RUN	set -x && \
+	delgroup $(getent group "${DOCKER_GID}" | cut -d: -f1) && \
+	addgroup -g "${DOCKER_GID}" docker && \
+	adduser -D -u 1000 -G docker user && \
+	mkdir /opt/docuum && \
+	chown user /opt/docuum
+
+USER	user
+
+ARG	DOCUUM_VER=0.20.4
+
+RUN	set -x && \
+	cd /opt/docuum && \
+	wget https://github.com/stepchowfun/docuum/archive/refs/tags/v${DOCUUM_VER}.tar.gz \
+		-O docuum.tar.gz && \
+	tar -xf docuum.tar.gz && \
+	cd docuum-${DOCUUM_VER} && \
+	cargo build --release && \
+	cd .. && \
+	mv docuum-${DOCUUM_VER}/target/release/docuum . && \
+	rm -rf ~/.cargo docuum-${DOCUUM_VER} docuum.tar.gz
diff --git a/ansible/roles/docker/files/docuum.service b/ansible/roles/docker/files/docuum.service
new file mode 100644
index 0000000..8c62973
--- /dev/null
+++ b/ansible/roles/docker/files/docuum.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Docuum
+After=docker.service
+Wants=docker.service
+
+[Service]
+ExecStart=/opt/docuum/docuum.sh
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/roles/docker/files/docuum.sh b/ansible/roles/docker/files/docuum.sh
new file mode 100755
index 0000000..8c088dc
--- /dev/null
+++ b/ansible/roles/docker/files/docuum.sh
@@ -0,0 +1,43 @@
+#!/bin/sh -ex
+
+# Maximum amount of storage that docker images may consume
+THRESHOLD="$(cat /opt/docuum/docker_max_space)"
+
+DIR="$(dirname "$(realpath "$0")")"
+IMG="osmo-ci-docuum"
+DOCUUM_UID="1000"
+DOCKER_GID="$(getent group docker | cut -d : -f 3)"
+PULL_ARG=""
+
+if [ -z "$THRESHOLD" ]; then
+	set +x
+	echo "ERROR: failed to read threshold from /opt/docuum/docker_max_space"
+	exit 1
+fi
+
+if [ "$INITIAL_BUILD" = 1 ]; then
+	PULL_ARG="--pull"
+fi
+
+mkdir -p /var/cache/docuum
+chown "$DOCUUM_UID" /var/cache/docuum
+
+cd "$DIR"
+docker build \
+	--build-arg DOCKER_GID="$DOCKER_GID" \
+	$PULL_ARG \
+	-t "$IMG" \
+	.
+
+if [ "$INITIAL_BUILD" = 1 ]; then
+	exit 0
+fi
+
+docker run \
+	--rm \
+	--init \
+	--name docuum \
+	-v /var/run/docker.sock:/var/run/docker.sock \
+	-v /var/cache/docuum:/home/user \
+	"$IMG" \
+	sh -c "exec /opt/docuum/docuum --threshold '$THRESHOLD'"
diff --git a/ansible/roles/docker/tasks/docuum.yml b/ansible/roles/docker/tasks/docuum.yml
new file mode 100644
index 0000000..e076a88
--- /dev/null
+++ b/ansible/roles/docker/tasks/docuum.yml
@@ -0,0 +1,48 @@
+---
+- name: "docuum : set docker_max_space to {{ docker_max_space }}"
+  lineinfile:
+    path: /opt/docuum/docker_max_space
+    state: present
+    create: yes
+    line: "{{ docker_max_space }}"
+
+- name: "docuum : copy Dockerfile"
+  copy:
+    src: Dockerfile
+    dest: /opt/docuum/
+    mode: 0644
+
+- name: "docuum : copy docuum.sh"
+  copy:
+    src: docuum.sh
+    dest: /opt/docuum/
+    mode: 0755
+
+- name: "docuum : build container"
+  shell: INITIAL_BUILD=1 /opt/docuum/docuum.sh
+
+- name: "docuum : copy docuum.service"
+  copy:
+    src: docuum.service
+    dest: /lib/systemd/system/docuum.service
+  register: docuumservice
+
+- name: "docuum : systemctl daemon-reload"
+  systemd:
+    daemon_reload: yes
+  when: docuumservice is changed
+
+- name: "docuum : ensure the systemd service is installed"
+  systemd:
+    name: docuum.service
+    state: started
+    enabled: yes
+
+- name: "docuum : disable legacy cleanup cronjob"
+  cron:
+    name: cleanup-docker-images
+    disabled: true
+    minute: 0
+    hour: '*/3'
+    user: "{{ jenkins_user }}"
+    job: "test -x /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh && /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh >/dev/null"
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index a268d2b..eb5bc35 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -37,16 +37,23 @@
     groups: docker
     append: yes
 
-- name: cleanup old docker images
+- name: cleanup old docker images (legacy)
+  # Legacy method of cleaning old docker images, currently used for arm.
   cron:
     name: cleanup-docker-images
+    disabled: false
     minute: 0
     hour: '*/3'
     user: "{{ jenkins_user }}"
     job: "test -x /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh && /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh >/dev/null"
+  when: ansible_architecture != 'x86_64'
 
 - name: copy daemon.json to support ipv6
   copy:
     src: daemon.json
     dest: /etc/docker/daemon.json
   notify: restart docker
+
+# After docker is set up, add docuum to clean old docker images
+- include: docuum.yml
+  when: ansible_architecture == 'x86_64'