RootlessKit network and port driver config #432
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
konstruktoid
requested changes
Aug 12, 2024
There was a problem hiding this comment.
CRITICAL Idempotence test failed because of the following tasks:
* => ansible-role-docker-rootless : Add Docker systemd service
* => ansible-role-docker-rootless : Add Docker systemd service
* => ansible-role-docker-rootless : Add Docker systemd service
* => ansible-role-docker-rootless : Add Docker systemd service
* => ansible-role-docker-rootless : Configure Docker network/port drivers
* => ansible-role-docker-rootless : Configure Docker network/port drivers
* => ansible-role-docker-rootless : Configure Docker network/port drivers
* => ansible-role-docker-rootless : Configure Docker network/port drivers
* => ansible-role-docker-rootless : Configure Docker network/port drivers
* => ansible-role-docker-rootless : Configure Docker network/port drivers
* => ansible-role-docker-rootless : Configure Docker network/port drivers
* => ansible-role-docker-rootless : Configure Docker network/port drivers
diff --git a/README.md b/README.md
index 593f87f..2f842f7 100644
--- a/README.md
+++ b/README.md
@@ -136,7 +136,7 @@ The `docker_allow_ping` variable configures if unprivileged users can open
On some distributions, this is not allowed, and thereby containers cannot ping
to the outside.
-The `docker_driver_network` and `docker_driver_port` variables configure RootlessKit's
+The `docker_driver_network` and `docker_driver_port` variables configure RootlessKit's
[network driver](https://github.com/rootless-containers/rootlesskit/blob/master/docs/network.md) or
[port driver](https://github.com/rootless-containers/rootlesskit/blob/master/docs/port.md),
respectively. This is useful for
diff --git a/tasks/docker_service.yml b/tasks/docker_service.yml
index 9e9fbbe..ea917e2 100644
--- a/tasks/docker_service.yml
+++ b/tasks/docker_service.yml
@@ -1,12 +1,13 @@
+---
- name: Configure Docker network/port drivers
become: true
become_user: "{{ docker_user }}"
ansible.builtin.lineinfile:
dest: "{{ docker_user_info.home }}/.config/systemd/user/docker.service"
- insertafter: '\[Service\]'
+ insertafter: \[Service\]
firstmatch: true
- regexp: "^Environment=\"{{ item.key }}="
- line: "Environment=\"{{ item.key }}={{ item.value }}\""
+ regexp: ^Environment="{{ item.key }}=
+ line: Environment="{{ item.key }}={{ item.value }}"
loop:
- key: DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER
value: "{{ docker_driver_port }}" |
|
Thanks @msladek! A couple of issues, see above. |
|
@konstruktoid The patch is applied. Regarding the test failure, do you have more detailed info on what's not idempotent about the two tasks? I cannot get the molecule vagrant tests to run on my end. |
|
Seems the environment variable an set/unset in TASK [ansible-role-docker-rootless : Configure Docker network/port drivers] ****
changed: [jammy] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER', 'value': 'builtin'})
changed: [focal] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER', 'value': 'builtin'})
ok: [focalroot] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER', 'value': 'builtin'})
changed: [bookworm] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER', 'value': 'builtin'})
changed: [debiantesting] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER', 'value': 'builtin'})
ok: [almalinux9] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER', 'value': 'builtin'})
ok: [focalroot] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_NET', 'value': 'slirp4netns'})
changed: [focal] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_NET', 'value': 'slirp4netns'})
changed: [jammy] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_NET', 'value': 'slirp4netns'})
changed: [bookworm] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_NET', 'value': 'slirp4netns'})
changed: [debiantesting] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_NET', 'value': 'slirp4netns'})
ok: [almalinux9] => (item={'key': 'DOCKERD_ROOTLESS_ROOTLESSKIT_NET', 'value': 'slirp4netns'})~$ cat /home/jammyuser/.config/systemd/user/docker.service
# Ansible managed: Do NOT edit this file manually!
# Generated by Ansible role ansible-role-docker-rootless
[Unit]
Description=Docker Application Container Engine (Rootless)
Documentation=https://docs.docker.com/engine/security/rootless/
[Service]
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=builtin"
Environment="DOCKER_HOST=unix:///run/user/1001/docker.sock"
Environment="PATH=/home/jammyuser/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Environment="XDG_RUNTIME_DIR=/run/user/1001"
ExecStart=/home/jammyuser/bin/dockerd-rootless.sh
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
Type=simple
KillMode=mixed
[Install]
WantedBy=default.target
~$ sha1sum $HOME/.config/systemd/user/docker.service*
14ce954549826e23a7134bc316f528c1e3ffeb83 /home/jammyuser/.config/systemd/user/docker.service
14ce954549826e23a7134bc316f528c1e3ffeb83 /home/jammyuser/.config/systemd/user/docker.service.4084.2024-08-12@17:15:58~
14ce954549826e23a7134bc316f528c1e3ffeb83 /home/jammyuser/.config/systemd/user/docker.service.5903.2024-08-12@17:29:01~ |
|
Thanks for the details! Moved the config to the override.conf, hope that resolves the issues. |
docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/jammyuser/.config/systemd/user/docker.service; enabled; vendor preset: enabled)
Drop-In: /home/jammyuser/.config/systemd/user/docker.service.d
└─override.conf |
konstruktoid
approved these changes
Aug 14, 2024
|
Thanks @msladek! |
|
Awesome, thanks for the merge @konstruktoid! |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#426