Move docker systemd unit creation to docker role

Creating the unit using default settings early on
and then changing it during network_plugin section
leads to too many docker restarts and duplicated code.

Reversed Wants= dependence on docker.service so it does not
restart docker when reloading systemd

Consolidated all docker restart handlers.

roles/docker/handlers/main.yml

@@ -4,6 +4,8 @@
   notify:
     - Docker | reload systemd
     - Docker | reload docker
+    - Docker | pause while Docker restarts
+    - Docker | wait for docker
 
 - name : Docker | reload systemd
   shell: systemctl daemon-reload
@@ -13,3 +15,13 @@
   service:
     name: docker
     state: restarted
+
+- name: Docker | pause while Docker restarts
+  pause: seconds=10 prompt="Waiting for docker restart"
+
+- name: Docker | wait for docker
+  command: /usr/bin/docker images
+  register: docker_ready
+  retries: 10
+  delay: 5
+  until: docker_ready.rc == 0

roles/docker/tasks/main.yml

@@ -59,6 +59,14 @@
   when: ansible_service_mgr == "systemd" and
         (http_proxy is defined or https_proxy is defined or no_proxy is defined)
 
+- name: Write docker.service systemd file
+  template:
+    src: systemd-docker.service.j2
+    dest: /etc/systemd/system/docker.service
+  register: docker_service_file
+  notify: restart docker
+  when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
+
 - meta: flush_handlers
 
 - name: ensure docker service is started and enabled

roles/network_plugin/calico/templates/systemd-docker.service → roles/docker/templates/systemd-docker.service.j2

@@ -29,11 +29,12 @@ ExecStart=/usr/bin/docker daemon \
           $DOCKER_NETWORK_OPTIONS \
           $INSECURE_REGISTRY \
           $DOCKER_OPTS
+TasksMax=infinity
 LimitNOFILE=1048576
 LimitNPROC=1048576
 LimitCORE=infinity
-MountFlags=slave
 TimeoutStartSec=1min
+Restart=on-abnormal
 
 [Install]
 WantedBy=multi-user.target

roles/etcd/templates/etcd-docker.service.j2

 [Unit]
 Description=etcd docker wrapper
-Wants=docker.service docker.socket
-After=docker.service docker.socket
+Wants=docker.socket
+After=docker.service
 
 [Service]
 User=root
@@ -18,7 +18,7 @@ ExecStart={{ docker_bin_dir | default("/usr/bin") }}/docker run --restart=always
 {% if etcd_after_v3 %}
 {{ etcd_container_bin_dir }}etcd
 {% endif %}
-ExecStopPost=-{{ docker_bin_dir | default("/usr/bin") }}/docker rm -f {{ etcd_member_name | default("etcd-proxy") }}
+ExecStartPre=-{{ docker_bin_dir | default("/usr/bin") }}/docker rm -f {{ etcd_member_name | default("etcd-proxy") }}
 ExecReload={{ docker_bin_dir | default("/usr/bin") }}/docker restart {{ etcd_member_name | default("etcd-proxy") }}
 ExecStop={{ docker_bin_dir | default("/usr/bin") }}/docker stop {{ etcd_member_name | default("etcd-proxy") }}
 Restart=always

roles/etcd/templates/etcd-proxy-docker.service.j2

 [Unit]
 Description=etcd-proxy docker wrapper
-Wants=docker.service docker.socket
-After=docker.service docker.socket
+Wants=docker.socket
+After=docker.service
 
 [Service]
 User=root
@@ -18,7 +18,7 @@ ExecStart={{ docker_bin_dir | default("/usr/bin") }}/docker run --restart=always
 {% if etcd_after_v3 %}
 {{ etcd_container_bin_dir }}etcd
 {% endif %}
-ExecStopPost=-{{ docker_bin_dir | default("/usr/bin") }}/docker rm -f {{ etcd_proxy_member_name | default("etcd-proxy") }}
+ExecStartPre=-{{ docker_bin_dir | default("/usr/bin") }}/docker rm -f {{ etcd_proxy_member_name | default("etcd-proxy") }}
 ExecReload={{ docker_bin_dir | default("/usr/bin") }}/docker restart {{ etcd_proxy_member_name | default("etcd-proxy") }}
 ExecStop={{ docker_bin_dir | default("/usr/bin") }}/docker stop {{ etcd_proxy_member_name | default("etcd-proxy") }}
 Restart=always

roles/kubernetes/node/templates/kubelet.service.j2

@@ -3,10 +3,10 @@ Description=Kubernetes Kubelet Server
 Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 {% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
 After=docker.service docker.socket calico-node.service
-Wants=docker.service docker.socket calico-node.service
+Wants=docker.socket calico-node.service
 {% else %}
-After=docker.service docker.socket
-Wants=docker.service docker.socket
+After=docker.service
+Wants=docker.socket
 {% endif %}
 
 [Service]
@@ -24,7 +24,7 @@ ExecStart={{ bin_dir }}/kubelet \
 		$KUBELET_REGISTER_NODE \
 		$KUBELET_NETWORK_PLUGIN \
 		$KUBELET_CLOUDPROVIDER
-ExecStopPost=-/usr/bin/docker rm -f kubelet
+ExecStartPre=-/usr/bin/docker rm -f kubelet
 ExecReload=/usr/bin/docker restart kubelet
 Restart=always
 RestartSec=10s

roles/network_plugin/calico/tasks/main.yml

@@ -10,13 +10,6 @@
     - restart docker
   when: ansible_os_family != "CoreOS"
 
-- name: Calico | Write docker.service systemd file
-  template:
-    src: systemd-docker.service
-    dest: /lib/systemd/system/docker.service
-  notify: restart docker
-  when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
-
 - meta: flush_handlers
 
 - name: Calico | Install calicoctl container script

roles/network_plugin/calico/templates/calico-node.service.j2

@@ -2,7 +2,7 @@
 Description=Calico per-node agent
 Documentation=https://github.com/projectcalico/calico-docker
 After=docker.service docker.socket etcd-proxy.service
-Wants=docker.service docker.socket etcd-proxy.service
+Wants=docker.socket etcd-proxy.service
 
 [Service]
 User=root

roles/network_plugin/flannel/handlers/main.yml

@@ -4,22 +4,6 @@
   ignore_errors: yes
   notify: restart docker
 
-- name: restart docker
-  command: /bin/true
-  notify:
-    - Flannel | reload systemd
-    - Flannel | reload docker
-    - Flannel | reload kubelet
-
-- name : Flannel | reload systemd
-  shell: systemctl daemon-reload
-  when: ansible_service_mgr == "systemd"
-
-- name: Flannel | reload docker
-  service:
-    name: docker
-    state: restarted
-
 - name: Flannel | reload kubelet
   service:
     name: kubelet

roles/network_plugin/flannel/tasks/main.yml

@@ -50,11 +50,4 @@
     state: link
   when: ansible_os_family == "CoreOS"
 
-- name: Flannel | Write docker.service systemd file
-  template:
-    src: systemd-docker.service
-    dest: /lib/systemd/system/docker.service
-  notify: restart docker
-  when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
-
 - meta: flush_handlers

roles/network_plugin/flannel/templates/systemd-docker.service

-[Unit]
-Description=Docker Application Container Engine
-Documentation=http://docs.docker.com
-{% if ansible_os_family == "RedHat" %}
-After=network.target docker-storage-setup.service
-Wants=docker-storage-setup.service
-{% elif ansible_os_family == "Debian" %}
-After=network.target docker.socket
-Wants=docker.socket
-{% endif %}
-
-[Service]
-Type=notify
-EnvironmentFile=-/etc/default/docker
-Environment=GOTRACEBACK=crash
-ExecReload=/bin/kill -s HUP $MAINPID
-Delegate=yes
-KillMode=process
-ExecStart=/usr/bin/docker daemon \
-          $OPTIONS \
-          $DOCKER_STORAGE_OPTIONS \
-          $DOCKER_NETWORK_OPTIONS \
-          $INSECURE_REGISTRY \
-          $DOCKER_OPTS
-LimitNOFILE=1048576
-LimitNPROC=1048576
-LimitCORE=infinity
-MountFlags=slave
-TimeoutStartSec=1min
-
-[Install]
-WantedBy=multi-user.target

roles/network_plugin/meta/main.yml

@@ -6,3 +6,4 @@ dependencies:
    when: kube_network_plugin == 'flannel'
  - role: network_plugin/weave
    when: kube_network_plugin == 'weave'
+ - role: docker

roles/network_plugin/weave/handlers/main.yml

 ---
-- name: Weave | restart docker
-  command: /bin/true
-  notify:
-    - Weave | reload systemd
-    - Weave | reload docker
-
 - name: restart weave
   command: /bin/true
   notify:
@@ -27,11 +21,6 @@
     - Weave | reload systemd
     - reload weaveexpose
 
-- name: Weave | reload docker
-  service:
-    name: docker
-    state: restarted
-
 - name: reload weave
   service:
     name: weave

roles/network_plugin/weave/tasks/main.yml

@@ -7,14 +7,7 @@
     group: root
     mode: 0644
   notify:
-    - Weave | restart docker
-
-- name: Write docker.service systemd file
-  template:
-    src: systemd-docker.service
-    dest: /lib/systemd/system/docker.service
-  notify: Weave | restart docker
-  when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
+    - restart docker
 
 - name: Weave | Install weave
   command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave"

roles/network_plugin/weave/templates/systemd-docker.service

-[Unit]
-Description=Docker Application Container Engine
-Documentation=http://docs.docker.com
-{% if ansible_os_family == "RedHat" %}
-After=network.target
-Wants=docker-storage-setup.service
-{% elif ansible_os_family == "Debian" %}
-After=network.target docker.socket
-Wants=docker.socket
-{% endif %}
-
-[Service]
-Type=notify
-EnvironmentFile=-/etc/default/docker
-Environment=GOTRACEBACK=crash
-ExecReload=/bin/kill -s HUP $MAINPID
-Delegate=yes
-KillMode=process
-ExecStart=/usr/bin/docker daemon \
-          $OPTIONS \
-          $DOCKER_STORAGE_OPTIONS \
-          $DOCKER_NETWORK_OPTIONS \
-          $INSECURE_REGISTRY \
-          $DOCKER_OPTS
-LimitNOFILE=1048576
-LimitNPROC=1048576
-LimitCORE=infinity
-MountFlags=slave
-TimeoutStartSec=1min
-
-[Install]
-WantedBy=multi-user.target

roles/network_plugin/weave/templates/weave.service.j2

 [Unit]
 Description=Weave Network
 Documentation=http://docs.weave.works/weave/latest_release/
-Wants=docker.service docker.socket
+Wants=docker.socket
 After=docker.service docker.socket
 
 [Service]

roles/network_plugin/weave/templates/weaveexpose.service.j2

 [Unit]
 Documentation=http://docs.weave.works/
-Wants=docker.service docker.socket weave.service
+Wants=docker.socket weave.service
 After=docker.service docker.socket weave.service
 
 [Service]

roles/network_plugin/weave/templates/weaveproxy.service.j2

 [Unit]
 Description=Weave proxy for Docker API
 Documentation=http://docs.weave.works/
-Wants=docker.service docker.socket
+Wants=docker.socket
 After=docker.service docker.socket
 
 [Service]