diff options
| author | Oliver Smith <osmith@sysmocom.de> | 2022-02-07 16:31:26 +0100 |
|---|---|---|
| committer | Oliver Smith <osmith@sysmocom.de> | 2022-02-11 15:44:16 +0100 |
| commit | 17f82a260dc34434c4f9ec3adcb2f0175d7839b0 (patch) | |
| tree | 4c39d91ac8a05af8c5790f54c4279b4aaf22b4e6 | |
| parent | f07b5c8a64af0d77de7ed955928940e44725a0f6 (diff) | |
ansible/roles/docker: install docuum
Allow setting a max amount of space that docker images should take up,
and delete the least recently used images when the amount is exceeded.
Related: https://osmocom.org/projects/osmocom-servers/wiki/Docker_cache_clean_up
Change-Id: I640b1e607feca87e7a578946ae4b8332ce854ab1
| -rw-r--r-- | ansible/roles/docker/defaults/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/docker/files/Dockerfile | 31 | ||||
| -rw-r--r-- | ansible/roles/docker/files/docuum.service | 11 | ||||
| -rwxr-xr-x | ansible/roles/docker/files/docuum.sh | 43 | ||||
| -rw-r--r-- | ansible/roles/docker/tasks/docuum.yml | 39 | ||||
| -rw-r--r-- | ansible/roles/docker/tasks/main.yml | 6 |
6 files changed, 134 insertions, 0 deletions
diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index 2c03d90..24b13c2 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -2,3 +2,7 @@ # Adds this user to the group docker which is allowed to access docker jenkins_user: jenkins + +# Keep amount of stored docker images below this size +# https://osmocom.org/projects/osmocom-servers/wiki/Docker_cache_clean_up +docker_max_image_space: "100 GB" diff --git a/ansible/roles/docker/files/Dockerfile b/ansible/roles/docker/files/Dockerfile new file mode 100644 index 0000000..85379c3 --- /dev/null +++ b/ansible/roles/docker/files/Dockerfile @@ -0,0 +1,31 @@ +ARG REGISTRY=docker.io +FROM ${REGISTRY}/alpine:3.15 +ARG DOCKER_GID + +RUN apk add \ + cargo \ + docker-cli + +# Create user and docker group with same group-id as on host system, create +# /opt/docuum dir owned by user +RUN set -x && \ + delgroup $(getent group "${DOCKER_GID}" | cut -d: -f1) && \ + addgroup -g "${DOCKER_GID}" docker && \ + adduser -D -u 1000 -G docker user && \ + mkdir /opt/docuum && \ + chown user /opt/docuum + +USER user + +ARG DOCUUM_VER=0.20.4 + +RUN set -x && \ + cd /opt/docuum && \ + wget https://github.com/stepchowfun/docuum/archive/refs/tags/v${DOCUUM_VER}.tar.gz \ + -O docuum.tar.gz && \ + tar -xf docuum.tar.gz && \ + cd docuum-${DOCUUM_VER} && \ + cargo build --release && \ + cd .. && \ + mv docuum-${DOCUUM_VER}/target/release/docuum . && \ + rm -rf ~/.cargo docuum-${DOCUUM_VER} docuum.tar.gz diff --git a/ansible/roles/docker/files/docuum.service b/ansible/roles/docker/files/docuum.service new file mode 100644 index 0000000..8c62973 --- /dev/null +++ b/ansible/roles/docker/files/docuum.service @@ -0,0 +1,11 @@ +[Unit] +Description=Docuum +After=docker.service +Wants=docker.service + +[Service] +ExecStart=/opt/docuum/docuum.sh +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/docker/files/docuum.sh b/ansible/roles/docker/files/docuum.sh new file mode 100755 index 0000000..e7d5e28 --- /dev/null +++ b/ansible/roles/docker/files/docuum.sh @@ -0,0 +1,43 @@ +#!/bin/sh -ex + +# Maximum amount of storage that docker images may consume +THRESHOLD="$(cat /opt/docuum/docker_max_image_space)" + +DIR="$(dirname "$(realpath "$0")")" +IMG="osmo-ci-docuum" +DOCUUM_UID="1000" +DOCKER_GID="$(getent group docker | cut -d : -f 3)" +PULL_ARG="" + +if [ -z "$THRESHOLD" ]; then + set +x + echo "ERROR: failed to read threshold from /opt/docuum/docker_max_image_space" + exit 1 +fi + +if [ "$INITIAL_BUILD" = 1 ]; then + PULL_ARG="--pull" +fi + +mkdir -p /var/cache/docuum +chown "$DOCUUM_UID" /var/cache/docuum + +cd "$DIR" +docker build \ + --build-arg DOCKER_GID="$DOCKER_GID" \ + $PULL_ARG \ + -t "$IMG" \ + . + +if [ "$INITIAL_BUILD" = 1 ]; then + exit 0 +fi + +docker run \ + --rm \ + --init \ + --name docuum \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /var/cache/docuum:/home/user \ + "$IMG" \ + sh -c "exec /opt/docuum/docuum --threshold '$THRESHOLD'" diff --git a/ansible/roles/docker/tasks/docuum.yml b/ansible/roles/docker/tasks/docuum.yml new file mode 100644 index 0000000..7c9ab73 --- /dev/null +++ b/ansible/roles/docker/tasks/docuum.yml @@ -0,0 +1,39 @@ +--- +- name: "docuum : set docker_max_image_space to {{ docker_max_image_space }}" + lineinfile: + path: /opt/docuum/docker_max_image_space + state: present + create: yes + line: "{{ docker_max_image_space }}" + +- name: "docuum : copy Dockerfile" + copy: + src: Dockerfile + dest: /opt/docuum/ + mode: 0644 + +- name: "docuum : copy docuum.sh" + copy: + src: docuum.sh + dest: /opt/docuum/ + mode: 0755 + +- name: "docuum : build container" + shell: INITIAL_BUILD=1 /opt/docuum/docuum.sh + +- name: "docuum : copy docuum.service" + copy: + src: docuum.service + dest: /lib/systemd/system/docuum.service + register: docuumservice + +- name: "docuum : systemctl daemon-reload" + systemd: + daemon_reload: yes + when: docuumservice is changed + +- name: "docuum : ensure the systemd service is installed" + systemd: + name: docuum.service + state: started + enabled: yes diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index a268d2b..97df86a 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -40,6 +40,7 @@ - name: cleanup old docker images cron: name: cleanup-docker-images + disabled: false minute: 0 hour: '*/3' user: "{{ jenkins_user }}" @@ -50,3 +51,8 @@ src: daemon.json dest: /etc/docker/daemon.json notify: restart docker + +# After docker is set up, add docuum to clean old docker images +# x86_64 only, as the raspberries need to be upgraded before they can use recent docker images (OS#5453) +- include: docuum.yml + when: ansible_architecture == 'x86_64' |