From 5a4cddc92d6acce0265c1b2f62b01b3f66fa9e10 Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Wed, 19 May 2021 10:18:11 +0200
Subject: [docker-*] docker with nvidia support

and no trivial-root plugin
---
 docker-ce/files/etc/docker/daemon.json |   5 ++
 docker-ce/tasks/main.yml               | 120 +++++++++++++++++++++++++++++++++
 docker-nvidia/meta/main.yml            |   3 +
 docker-nvidia/tasks/main.yml           |  19 ++++++
 4 files changed, 147 insertions(+)
 create mode 100644 docker-ce/files/etc/docker/daemon.json
 create mode 100644 docker-ce/tasks/main.yml
 create mode 100644 docker-nvidia/meta/main.yml
 create mode 100644 docker-nvidia/tasks/main.yml

diff --git a/docker-ce/files/etc/docker/daemon.json b/docker-ce/files/etc/docker/daemon.json
new file mode 100644
index 0000000..b887738
--- /dev/null
+++ b/docker-ce/files/etc/docker/daemon.json
@@ -0,0 +1,5 @@
+{
+	"data-root": "/tmp/virt/docker",
+	"storage-driver": "overlay2",
+	"userns-remap": "default"
+}
diff --git a/docker-ce/tasks/main.yml b/docker-ce/tasks/main.yml
new file mode 100644
index 0000000..0383f9c
--- /dev/null
+++ b/docker-ce/tasks/main.yml
@@ -0,0 +1,120 @@
+---
+- name: Install dependencies for apt key import
+  apt:
+    name: "{{ apt_key_deps }}"
+  vars:
+    apt_key_deps:
+      - ca-certificates
+      - curl
+      - gpg
+      - gnupg-agent
+      - software-properties-common
+  become: yes
+
+- name: Add docker apt key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    state: present
+  become: yes
+
+- name: Add docker repo
+  apt_repository:
+    repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    update_cache: yes
+  become: yes
+
+- name: Install Docker CE and containerd
+  apt:
+    name: "{{ pkgs }}"
+  environment:
+    RUNLEVEL: 1
+  vars:
+    pkgs:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+  become: yes
+
+- name: Add subuid/subgid ranges for dockremap
+  shell: >
+    awk -F: 'BEGIN {
+               max=0
+               found=0
+             } {
+               if ($1=="dockremap")
+                 found=1
+               if ($2>max)
+                 max=($2)
+             } END {
+               if (!found)
+                 print "dockremap:"max+65536":65536"}' \ 
+             "/etc/{{ item }}" >> "/etc/{{ item }}"
+  with_items:
+    - subuid
+    - subgid
+  become: yes
+
+- name: Copy static files
+  copy:
+    src: files/
+    dest: /
+  become: yes
+
+- name: Disable automatic docker startup
+  systemd:
+    name: "{{ item }}"
+    enabled: no
+  with_items:
+    - docker.service
+    - containerd.service
+  become: yes
+
+- name: Enable docker socket activation 
+  systemd:
+    name: docker.socket
+    enabled: yes
+  become: yes
+
+# Enable no-trivial-root authorization plugin
+- name: install
+  unarchive:
+    src: "https://github.com/ad-freiburg/docker-no-trivial-root/releases/download/v0.1.0/docker-no-trivial-root_{{ ansible_architecture }}.tar.bz2"
+    dest: "/tmp"
+    remote_src: yes
+
+- name: Copy over
+  copy:
+    src: "/tmp/docker-no-trivial-root_{{ ansible_architecture }}/docker-no-trivial-root"
+    dest: "/usr/sbin/docker-no-trivial-root"
+    mode: 0755
+    remote_src: yes
+  become: yes
+
+- name: systemd
+  copy:
+    src: "/tmp/docker-no-trivial-root_{{ ansible_architecture }}/systemd/docker-no-trivial-root.service"
+    dest: "/etc/systemd/system/docker-no-trivial-root.service"
+    remote_src: yes
+  become: yes
+
+- name: Enable service
+  systemd:
+    name: docker-no-trivial-root
+    enabled: yes
+  become: yes
+
+- name: Copy service to
+  copy:
+    src: /lib/systemd/system/docker.service
+    dest: /etc/systemd/system/docker.service
+    remote_src: yes
+  become: yes
+
+- name: Enable plugin via command line
+  lineinfile:
+    path: /etc/systemd/system/docker.service
+    regexp: '^(ExecStart=.*dockerd) (.*)$'
+    line: '\1 --authorization-plugin=no-trivial-root \2'
+    backrefs: yes
+  become: yes
diff --git a/docker-nvidia/meta/main.yml b/docker-nvidia/meta/main.yml
new file mode 100644
index 0000000..eec3550
--- /dev/null
+++ b/docker-nvidia/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: docker-ce }
diff --git a/docker-nvidia/tasks/main.yml b/docker-nvidia/tasks/main.yml
new file mode 100644
index 0000000..963e6bc
--- /dev/null
+++ b/docker-nvidia/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Add nvidia-docker GPG apt-key
+  apt_key:
+    url: https://nvidia.github.io/nvidia-docker/gpgkey
+    id: C95B321B61E88C1809C4F759DDCAE044F796ECB0
+  become: yes
+
+- name: Add nvidia-docker repository in /etc/apt/sources.list.d
+  get_url:
+    url: "https://nvidia.github.io/nvidia-docker/{{ ansible_distribution | lower }}{{ ansible_distribution_version }}//nvidia-docker.list"
+    dest: /etc/apt/sources.list.d/nvidia-docker.list
+    checksum: sha256:1727985494fbd19e3b963880d15117487435cbabef4e295484111f003cf03d41
+  become: yes
+
+- name: Update and install nvidia-container-toolkit
+  apt:
+    name: nvidia-container-toolkit
+    update_cache: yes
+  become: yes
-- 
cgit v1.2.3-55-g7522