Closed marcusianlevine closed 7 years ago
Hello, @marcusianlevine
This looks like a great improvement over the current way that we handle the installation of Docker across the different distros.
A couple of points that I find important (some you have already mentioned):
I'm not a big fan of pulling scripts from Internet and running them in production environments (I do this on my laptop, though, but never in production) so a way to verify the checksum of the installer is a must.
Since the checksum of the installer is going to be a variable (I'm assuming this), it's important to leave a visible note for the user right next to it so that they change it only if they are a 100% sure what they are doing. Clumsy users might just adjust the checksum accordingly without knowing exactly what the impact/implication of it is.
I think it's cleaner if we stick to one source for installing Docker. If Rancher's sources offer support for all of the versions that the users are interested in (my criteria would be current stable, one version before current and edge/testing), then let's just stick to that. This means that you can get rid of the step If docker_version is defined, switch to rancher setup script in the tasks/install.yml
file.
I think it's important that we let the users know that we are not pulling Docker from the official repo but from Rancher's. Not sure how this would impact people from choosing this role for their deployments but if it's a major concern I guess someone will just open an issue.
Unfortunately our test suite is not complete yet (I just opened an issue https://github.com/mongrelion/ansible-role-docker/issues/13) so I'm going to have to ask you to also make sure that your changes don't break the installation on the list of distros that we officially support: https://github.com/mongrelion/ansible-role-docker/blob/master/meta/main.yml#L8-L17
Thanks!
@mongrelion,
Thanks for reviewing, I'll add optional checksum verification with appropriate warnings.
Looks like Rancher's install-docker
repo includes scripts for all major and minor versions since 1.10, including edge releases (e.g. 17.05), so I'll switch everything to use Rancher's scripts and install latest stable release by default (including a default checksum).
Also Rancher's scripts still reference the official Docker apt and yum repositories, so I don't think we need to be concerned about Rancher's scripts installing unofficial releases.
Once I implement checksum I'll run some tests on the supported OS distros
Added checksum support and condensed URLs to use Rancher's scripts by default.
One could still use the official Docker setup script for latest release just by specifying the setup_script_url
and overriding the checksum. We will need to update the default docker_version
over time since it's pinned at 17.06
...
Just need to run those tests now
Turns out that the official Docker 17.06.0-ce apt and yum distributions has a deprecation-related bug that is caused by an upstream error in docker-machine.
Should be resolved in 17.06.1 or 17.12, but for now I just downgraded the default version to 17.03 and that seems to work on the 3 target OS distros in the Vagrantfile
Zesty is giving me some trouble, looks like there isn't an official Docker apt repo for Zesty yet. I think that working around this issue as described here would require modifying the Rancher setup scripts though...
Personally I'm using 1.12.6 and 17.03 with Rancher on Ubuntu Xenial, so the issues with 17.06 and Zesty don't effect my use case
I agree that modifying the Rancher installation script is not a good idea so let's not do that.
I just took this for a spin and everything seems to be working, with the exception of the Zesty part, which is a pity because it breaks backwards compatibility in the role BUT I am willing to push it forward in the hope that soon™ a fix will be introduced on either side of Docker, Rancher or any other divine entity that cares enough to fix it here.
So, as a last step, could you please update the meta.yml
file so that we don't advertise support for Zetsy?
Sure, I just commented the zesty line out since it will (hopefully) be supported again "soon" 😝
LGTM
The current release of the role uses apt and yum packages for installation, which tend to be several releases behind stable.
Docker provides a standard OS-agnostic setup script for the latest version of Docker at https//get.docker.com, which this PR implements fetching and running
To install a specific version of Docker, Rancher Labs provide a set of equivalent OS-agnostic setup scripts by version, which will be used if the new optional variable
docker_version
is provided to the role.Could add checksum verification if security is a concern