summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOliver Smith <osmith@sysmocom.de>2022-02-07 16:31:26 +0100
committerOliver Smith <osmith@sysmocom.de>2022-02-10 17:19:02 +0100
commitf2ab07ffc9f0f74aec7c2e1c9c77b982269a0668 (patch)
treec32011fc676f7e44347a85907d150163db26aaf4
parente9be03ca36f70a554ce5c2e980d765980e02931e (diff)
ansible/roles/docker: install docuumosmith/wip-docuum
-rw-r--r--ansible/roles/docker/defaults/main.yml4
-rw-r--r--ansible/roles/docker/files/Dockerfile31
-rw-r--r--ansible/roles/docker/files/docuum.service11
-rwxr-xr-xansible/roles/docker/files/docuum.sh43
-rw-r--r--ansible/roles/docker/tasks/docuum.yml48
-rw-r--r--ansible/roles/docker/tasks/main.yml9
6 files changed, 145 insertions, 1 deletions
diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml
index 2c03d90..3418577 100644
--- a/ansible/roles/docker/defaults/main.yml
+++ b/ansible/roles/docker/defaults/main.yml
@@ -2,3 +2,7 @@
# Adds this user to the group docker which is allowed to access docker
jenkins_user: jenkins
+
+# Keep amount of stored docker images below this size with docuum (OS#5099)
+# (Currently configured for x86_64 only)
+docker_max_space: "100 GB"
diff --git a/ansible/roles/docker/files/Dockerfile b/ansible/roles/docker/files/Dockerfile
new file mode 100644
index 0000000..85379c3
--- /dev/null
+++ b/ansible/roles/docker/files/Dockerfile
@@ -0,0 +1,31 @@
+ARG REGISTRY=docker.io
+FROM ${REGISTRY}/alpine:3.15
+ARG DOCKER_GID
+
+RUN apk add \
+ cargo \
+ docker-cli
+
+# Create user and docker group with same group-id as on host system, create
+# /opt/docuum dir owned by user
+RUN set -x && \
+ delgroup $(getent group "${DOCKER_GID}" | cut -d: -f1) && \
+ addgroup -g "${DOCKER_GID}" docker && \
+ adduser -D -u 1000 -G docker user && \
+ mkdir /opt/docuum && \
+ chown user /opt/docuum
+
+USER user
+
+ARG DOCUUM_VER=0.20.4
+
+RUN set -x && \
+ cd /opt/docuum && \
+ wget https://github.com/stepchowfun/docuum/archive/refs/tags/v${DOCUUM_VER}.tar.gz \
+ -O docuum.tar.gz && \
+ tar -xf docuum.tar.gz && \
+ cd docuum-${DOCUUM_VER} && \
+ cargo build --release && \
+ cd .. && \
+ mv docuum-${DOCUUM_VER}/target/release/docuum . && \
+ rm -rf ~/.cargo docuum-${DOCUUM_VER} docuum.tar.gz
diff --git a/ansible/roles/docker/files/docuum.service b/ansible/roles/docker/files/docuum.service
new file mode 100644
index 0000000..8c62973
--- /dev/null
+++ b/ansible/roles/docker/files/docuum.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Docuum
+After=docker.service
+Wants=docker.service
+
+[Service]
+ExecStart=/opt/docuum/docuum.sh
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/roles/docker/files/docuum.sh b/ansible/roles/docker/files/docuum.sh
new file mode 100755
index 0000000..8c088dc
--- /dev/null
+++ b/ansible/roles/docker/files/docuum.sh
@@ -0,0 +1,43 @@
+#!/bin/sh -ex
+
+# Maximum amount of storage that docker images may consume
+THRESHOLD="$(cat /opt/docuum/docker_max_space)"
+
+DIR="$(dirname "$(realpath "$0")")"
+IMG="osmo-ci-docuum"
+DOCUUM_UID="1000"
+DOCKER_GID="$(getent group docker | cut -d : -f 3)"
+PULL_ARG=""
+
+if [ -z "$THRESHOLD" ]; then
+ set +x
+ echo "ERROR: failed to read threshold from /opt/docuum/docker_max_space"
+ exit 1
+fi
+
+if [ "$INITIAL_BUILD" = 1 ]; then
+ PULL_ARG="--pull"
+fi
+
+mkdir -p /var/cache/docuum
+chown "$DOCUUM_UID" /var/cache/docuum
+
+cd "$DIR"
+docker build \
+ --build-arg DOCKER_GID="$DOCKER_GID" \
+ $PULL_ARG \
+ -t "$IMG" \
+ .
+
+if [ "$INITIAL_BUILD" = 1 ]; then
+ exit 0
+fi
+
+docker run \
+ --rm \
+ --init \
+ --name docuum \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v /var/cache/docuum:/home/user \
+ "$IMG" \
+ sh -c "exec /opt/docuum/docuum --threshold '$THRESHOLD'"
diff --git a/ansible/roles/docker/tasks/docuum.yml b/ansible/roles/docker/tasks/docuum.yml
new file mode 100644
index 0000000..e076a88
--- /dev/null
+++ b/ansible/roles/docker/tasks/docuum.yml
@@ -0,0 +1,48 @@
+---
+- name: "docuum : set docker_max_space to {{ docker_max_space }}"
+ lineinfile:
+ path: /opt/docuum/docker_max_space
+ state: present
+ create: yes
+ line: "{{ docker_max_space }}"
+
+- name: "docuum : copy Dockerfile"
+ copy:
+ src: Dockerfile
+ dest: /opt/docuum/
+ mode: 0644
+
+- name: "docuum : copy docuum.sh"
+ copy:
+ src: docuum.sh
+ dest: /opt/docuum/
+ mode: 0755
+
+- name: "docuum : build container"
+ shell: INITIAL_BUILD=1 /opt/docuum/docuum.sh
+
+- name: "docuum : copy docuum.service"
+ copy:
+ src: docuum.service
+ dest: /lib/systemd/system/docuum.service
+ register: docuumservice
+
+- name: "docuum : systemctl daemon-reload"
+ systemd:
+ daemon_reload: yes
+ when: docuumservice is changed
+
+- name: "docuum : ensure the systemd service is installed"
+ systemd:
+ name: docuum.service
+ state: started
+ enabled: yes
+
+- name: "docuum : disable legacy cleanup cronjob"
+ cron:
+ name: cleanup-docker-images
+ disabled: true
+ minute: 0
+ hour: '*/3'
+ user: "{{ jenkins_user }}"
+ job: "test -x /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh && /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh >/dev/null"
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index a268d2b..eb5bc35 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -37,16 +37,23 @@
groups: docker
append: yes
-- name: cleanup old docker images
+- name: cleanup old docker images (legacy)
+ # Legacy method of cleaning old docker images, currently used for arm.
cron:
name: cleanup-docker-images
+ disabled: false
minute: 0
hour: '*/3'
user: "{{ jenkins_user }}"
job: "test -x /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh && /home/{{ jenkins_user }}/osmo-ci/scripts/docker-cleanup.sh >/dev/null"
+ when: ansible_architecture != 'x86_64'
- name: copy daemon.json to support ipv6
copy:
src: daemon.json
dest: /etc/docker/daemon.json
notify: restart docker
+
+# After docker is set up, add docuum to clean old docker images
+- include: docuum.yml
+ when: ansible_architecture == 'x86_64'