osmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ci/+/27152 )
Change subject: ansible/roles/docker: install docuum ...................................................................... ansible/roles/docker: install docuum Allow setting a max amount of space that docker images should take up, and delete the least recently used images when the amount is exceeded. Related: https://osmocom.org/projects/osmocom-servers/wiki/Docker_cache_clean_up Change-Id: I640b1e607feca87e7a578946ae4b8332ce854ab1 --- M ansible/roles/docker/defaults/main.yml A ansible/roles/docker/files/Dockerfile A ansible/roles/docker/files/docuum.service A ansible/roles/docker/files/docuum.sh A ansible/roles/docker/tasks/docuum.yml M ansible/roles/docker/tasks/main.yml 6 files changed, 134 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ci refs/changes/52/27152/1 diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index 2c03d90..24b13c2 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -2,3 +2,7 @@ # Adds this user to the group docker which is allowed to access docker jenkins_user: jenkins + +# Keep amount of stored docker images below this size +# https://osmocom.org/projects/osmocom-servers/wiki/Docker_cache_clean_up +docker_max_image_space: "100 GB" diff --git a/ansible/roles/docker/files/Dockerfile b/ansible/roles/docker/files/Dockerfile new file mode 100644 index 0000000..85379c3 --- /dev/null +++ b/ansible/roles/docker/files/Dockerfile @@ -0,0 +1,31 @@ +ARG REGISTRY=docker.io +FROM ${REGISTRY}/alpine:3.15 +ARG DOCKER_GID + +RUN apk add \ + cargo \ + docker-cli + +# Create user and docker group with same group-id as on host system, create +# /opt/docuum dir owned by user +RUN set -x && \ + delgroup $(getent group "${DOCKER_GID}" | cut -d: -f1) && \ + addgroup -g "${DOCKER_GID}" docker && \ + adduser -D -u 1000 -G docker user && \ + mkdir /opt/docuum && \ + chown user /opt/docuum + +USER user + +ARG DOCUUM_VER=0.20.4 + +RUN set -x && \ + cd /opt/docuum && \ + wget https://github.com/stepchowfun/docuum/archive/refs/tags/v${DOCUUM_VER}.tar.gz \ + -O docuum.tar.gz && \ + tar -xf docuum.tar.gz && \ + cd docuum-${DOCUUM_VER} && \ + cargo build --release && \ + cd .. && \ + mv docuum-${DOCUUM_VER}/target/release/docuum . && \ + rm -rf ~/.cargo docuum-${DOCUUM_VER} docuum.tar.gz diff --git a/ansible/roles/docker/files/docuum.service b/ansible/roles/docker/files/docuum.service new file mode 100644 index 0000000..8c62973 --- /dev/null +++ b/ansible/roles/docker/files/docuum.service @@ -0,0 +1,11 @@ +[Unit] +Description=Docuum +After=docker.service +Wants=docker.service + +[Service] +ExecStart=/opt/docuum/docuum.sh +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/docker/files/docuum.sh b/ansible/roles/docker/files/docuum.sh new file mode 100755 index 0000000..e7d5e28 --- /dev/null +++ b/ansible/roles/docker/files/docuum.sh @@ -0,0 +1,43 @@ +#!/bin/sh -ex + +# Maximum amount of storage that docker images may consume +THRESHOLD="$(cat /opt/docuum/docker_max_image_space)" + +DIR="$(dirname "$(realpath "$0")")" +IMG="osmo-ci-docuum" +DOCUUM_UID="1000" +DOCKER_GID="$(getent group docker | cut -d : -f 3)" +PULL_ARG="" + +if [ -z "$THRESHOLD" ]; then + set +x + echo "ERROR: failed to read threshold from /opt/docuum/docker_max_image_space" + exit 1 +fi + +if [ "$INITIAL_BUILD" = 1 ]; then + PULL_ARG="--pull" +fi + +mkdir -p /var/cache/docuum +chown "$DOCUUM_UID" /var/cache/docuum + +cd "$DIR" +docker build \ + --build-arg DOCKER_GID="$DOCKER_GID" \ + $PULL_ARG \ + -t "$IMG" \ + . + +if [ "$INITIAL_BUILD" = 1 ]; then + exit 0 +fi + +docker run \ + --rm \ + --init \ + --name docuum \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /var/cache/docuum:/home/user \ + "$IMG" \ + sh -c "exec /opt/docuum/docuum --threshold '$THRESHOLD'" diff --git a/ansible/roles/docker/tasks/docuum.yml b/ansible/roles/docker/tasks/docuum.yml new file mode 100644 index 0000000..7c9ab73 --- /dev/null +++ b/ansible/roles/docker/tasks/docuum.yml @@ -0,0 +1,39 @@ +--- +- name: "docuum : set docker_max_image_space to {{ docker_max_image_space }}" + lineinfile: + path: /opt/docuum/docker_max_image_space + state: present + create: yes + line: "{{ docker_max_image_space }}" + +- name: "docuum : copy Dockerfile" + copy: + src: Dockerfile + dest: /opt/docuum/ + mode: 0644 + +- name: "docuum : copy docuum.sh" + copy: + src: docuum.sh + dest: /opt/docuum/ + mode: 0755 + +- name: "docuum : build container" + shell: INITIAL_BUILD=1 /opt/docuum/docuum.sh + +- name: "docuum : copy docuum.service" + copy: + src: docuum.service + dest: /lib/systemd/system/docuum.service + register: docuumservice + +- name: "docuum : systemctl daemon-reload" + systemd: + daemon_reload: yes + when: docuumservice is changed + +- name: "docuum : ensure the systemd service is installed" + systemd: + name: docuum.service + state: started + enabled: yes diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index a268d2b..97df86a 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -40,6 +40,7 @@ - name: cleanup old docker images cron: name: cleanup-docker-images + disabled: false minute: 0 hour: '*/3' user: "{{ jenkins_user }}" @@ -50,3 +51,8 @@ src: daemon.json dest: /etc/docker/daemon.json notify: restart docker + +# After docker is set up, add docuum to clean old docker images +# x86_64 only, as the raspberries need to be upgraded before they can use recent docker images (OS#5453) +- include: docuum.yml + when: ansible_architecture == 'x86_64' -- To view, visit https://gerrit.osmocom.org/c/osmo-ci/+/27152 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ci Gerrit-Branch: master Gerrit-Change-Id: I640b1e607feca87e7a578946ae4b8332ce854ab1 Gerrit-Change-Number: 27152 Gerrit-PatchSet: 1 Gerrit-Owner: osmith <[email protected]> Gerrit-MessageType: newchange
