使用 Ansible 批量安装 Docker
1. 主机列表
| IP | 主机名 | 内存(GB) | CPU核数 | 磁盘 | 操作系统 | CPU 架构 |
|---|---|---|---|---|---|---|
| 10.0.0.13 | arc-pro-dc01 | 8 | 1 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.14 | arc-pro-dc02 | 8 | 1 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.15 | arc-pro-dc03 | 8 | 1 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.16 | arc-pro-dc04 | 16 | 2 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.17 | arc-pro-dc05 | 16 | 2 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.18 | arc-pro-dc06 | 16 | 2 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.19 | arc-pro-dc07 | 16 | 2 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.20 | arc-pro-dc08 | 16 | 2 | 500GB | CentOS 7.9.2009 | x86_64 |
| 10.0.0.21 | arc-pro-dc09 | 16 | 2 | 500GB | CentOS 7.9.2009 | x86_64 |
说明:
- 每个服务器均存在一个管理员用户 admin,该用户可以免密码执行 sudo 命令;
- 在 arc-pro-dc01 机器上,可以使用 admin 用户免密码 ssh 到其他机器;
- 在 arc-pro-dc01 机器上,已经安装好了 ansible 命令
- 执行 ansible 命令时,工作目录是 /home/admin/ansible
参考以下文章完成虚拟机创建、虚拟机优化以及集群基础配置:
- 使用 VMware Workstation 安装 CentOS-7 虚拟机
- 使用 Ansible 批量完成 CentOS 7 操作系统基础配置
2. 准备工作
2.1 上传安装包
在 arc-pro-dc01 服务器操作
Docker 下载地址:https://download.docker.com/linux/static/stable/x86_64/
Docker Compose 下载地址:https://github.com/docker/compose/releases/
准备好安装包:
- docker-28.3.3.tgz
- docker-compose-linux-x86_64
上传到 /home/admin/ansible/docker 目录下
2.2 ansible 目录结构
$ pwd
/home/admin/ansible$ tree .
.
├── ansible.cfg
├── docker
│ ├── containerd.service
│ ├── docker-28.3.3.tgz
│ ├── docker-compose-linux-x86_64
│ ├── docker.service
│ ├── docker.socket
│ └── install-docker.yml
└── hosts
下面分别列出每个文件的内容。
2.3 hosts
[cluster]
arc-pro-dc01
arc-pro-dc02
arc-pro-dc03
arc-pro-dc04
arc-pro-dc05
arc-pro-dc06
arc-pro-dc07
arc-pro-dc08
arc-pro-dc09[cluster:vars]
ansible_user=admin
2.4 ansible.cfg
[defaults]
inventory=./hosts
host_key_checking=False
2.5 docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Older systemd versions default to a LimitNOFILE of 1024:1024, which is insufficient for many
# applications including dockerd itself and will be inherited. Raise the hard limit, while
# preserving the soft limit for select(2).
LimitNOFILE=1024:524288# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500[Install]
WantedBy=multi-user.target
2.6 containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerdType=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999[Install]
WantedBy=multi-user.target
2.7 docker.socket
[Unit]
Description=Docker Socket for the API[Socket]
# If /var/run is not implemented as a symlink to /run, you may need to
# specify ListenStream=/var/run/docker.sock instead.
ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.target
2.8 install-docker.yml
---
- name: Install Dockerhosts: allbecome: truegather_facts: falsevars:admin_user: admin docker_data_root: "/data/docker"docker_registry_mirrors:- "https://docker.1ms.run"- "https://docker.xuanyuan.me"tasks:- name: Stop Docker service if runningservice:name: "{{ item }}"state: stoppedignore_errors: yesloop:- docker.service- containerd.service- name: Delete {{ docker_data_root }} recursivelyfile:path: "{{ docker_data_root }}"state: absent- name: Remove Docker related packagesansible.builtin.yum:name:- docker- docker-client- docker-client-latest- docker-common- docker-latest- docker-latest-logrotate- docker-logrotate- docker-enginestate: absent- name: Create docker group if not existsgroup: name: docker state: present - name: Ensure temporary directory exists on management nodefile:path: /tmp/dockerstate: directorydelegate_to: localhost- name: Extract Docker tarballunarchive:src: docker-28.3.3.tgzdest: /tmp/dockerremote_src: noextra_opts:- "--strip-components=1"delegate_to: localhost- name: Copy Docker binaries to remote /usr/bincopy:src: "{{ item }}"dest: "/usr/bin/"mode: '0755'owner: rootgroup: rootremote_src: noloop: "{{ lookup('ansible.builtin.fileglob', '/tmp/docker/*', wantlist=True) }}"- name: Copy Docker compose binaries to remote /usr/bin copy: src: "docker-compose-linux-x86_64" dest: "/usr/bin/docker-compose" mode: '0755' owner: root group: root remote_src: no - name: Copy Docker service file to remotecopy: src: "{{ item }}"dest: "/usr/lib/systemd/system/{{ item }}"owner: root group: root remote_src: no loop:- docker.service- containerd.service- docker.socket- name: Ensure docker data-root directory existsfile:path: "{{ docker_data_root }}"state: directoryowner: rootgroup: root- name: Ensure docker config directory existsfile:path: /etc/dockerstate: directoryowner: rootgroup: docker- name: Create /etc/docker/daemon.jsoncopy:dest: /etc/docker/daemon.jsoncontent: |{"data-root": "{{ docker_data_root }}","registry-mirrors": {{ docker_registry_mirrors | to_nice_json }}}owner: rootgroup: dockermode: '0644'- name: Add {{ admin_user }} to docker groupuser:name: "{{ admin_user }}"groups: dockerappend: yes- name: Start Docker to apply changessystemd:name: "{{ item }}"state: startedenabled: truedaemon_reload: yesloop:- containerd.service- docker.service- name: Check Docker Compose versioncommand: docker-compose versionregister: compose_versionignore_errors: yes- name: Check Docker versioncommand: docker -vregister: docker_versionignore_errors: yes- name: Get docker service statussystemd:name: dockerregister: docker_status- name: Print Docker Compose versiondebug:msg: "{{ compose_version.stdout }}"- name: Print Docker version debug: msg: "{{ docker_version.stdout }}"- name: Print docker service statusdebug:msg: |"Docker is {{ docker_status.status.ActiveState }} (running=active, stopped=inactive, failed=failed)""Docker service is {{ 'enabled' if docker_status.status.UnitFileState == 'enabled' else 'disabled' }}"- name: Cleanup temporary directory on management nodeshell: rm -rf /tmp/dockerdelegate_to: localhost
3. 安装 Docker
在 arc-pro-dc01 服务器操作
$ pwd
/home/admin/ansible$ ansible-playbook docker/install-docker.yml# 部分检查结果输出
TASK [Print Docker Compose version] *********************************
ok: [arc-pro-dc01] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc02] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc03] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc04] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc05] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc06] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc07] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc08] => {"msg": "Docker Compose version v2.39.2"
}
ok: [arc-pro-dc09] => {"msg": "Docker Compose version v2.39.2"
}TASK [Print Docker version] ****************************************
ok: [arc-pro-dc01] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc02] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc03] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc04] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc05] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc06] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc08] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc07] => {"msg": "Docker version 28.3.3, build 980b856"
}
ok: [arc-pro-dc09] => {"msg": "Docker version 28.3.3, build 980b856"
}TASK [Print docker service status] *******************************
ok: [arc-pro-dc02] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc01] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc03] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc05] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc04] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc06] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc08] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc07] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}
ok: [arc-pro-dc09] => {"msg": "\"Docker is active (running=active, stopped=inactive, failed=failed)\"\n\"Docker service is enabled\"\n"
}