Terraform で AWS (ap-northeast-1d) に t2.large で Ubuntu 18.04 1 を apply したあとに Ansible で Docker をインストールする手順がわかったので共有してみる

さいしょ


❯ ansible-playbook ./aws-docker.yaml -I "xx.xxx.xxx.xx," -u ubuntu -v -C
Using /Users/sogaoh/src/../ansible.cfg as config file
 ____________
< PLAY [all] >
・・・
fatal: [xx.xxx.xxx.xx]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"xx.xxx.xxx.xx\". Make sure this host can be reached over ssh", "unreachable": true}

こんな感じだったので手動SSHしてコマンドで入れようとしたりしてたらアドバイスをもらった

https://twitter.com/sogaoh/status/1220140897590865921

調整1:ansible_python_interpreter

  • 「ansible.cfg ansible_python_interpreter」で検索
    • [Ansible] 利用する Python をタスクごとに切り替える方法(ansible_python_interpreter をタスク変数で指定) - てくなべ (tekunabe) の情報を発見したので設定してみた

      >
      [defaults]
      host_key_checking = False
      
      [ssh_connection]   # 書いてあるけど使ってないような気がする
      pipelining = true
      
      
      >
      - hosts: all
        become: yes
        become_user: ubuntu    # ここでは有効だが最終的にはコメントアウトされる
      
        vars:
          ansible_python_interpreter: /usr/bin/python3    # <- 追加
      ・・・
      

      -> dry-run で到達するようになった

      changed: [xx.xxx.xxx.xx] => {"ansible_facts": {"ansible_domain": "ap-northeast-1.compute.internal", "ansible_fqdn": "ip-yy-y-y-yy.ap-northeast-1.compute.internal", "ansible_hostname": "aws-docker", "ansible_nodename": "aws-docker"}, "changed": true, "name": "aws-docker"}
      

      -> しかし -C をはずすと成功はしなかった

      fatal: [xx.xxx.xxx.xx]: FAILED! => {"changed": false, "msg": "Command failed rc=1, out=, err=Could not set property: Interactive authentication required.\n"}
      

調整2:become_user

課題3:docker のインストール

>---
- hosts: all
  become: yes

  vars:
    ansible_python_interpreter: /usr/bin/python3
    host_name: aws-docker
    pip_install_packages:
      - name: docker

  roles:
    - hostname
#   - geerlingguy.pip     # 成功したときはコメントアウトしてました
    - geerlingguy.docker
>
- name: set hostname
  become: true
  hostname: name=

docker は ansible-galaxy から role をもらってきて使った

ansible-galaxy install geerlingguy.pip
ansible-galaxy install geerlingguy.docker
cd ${/path/to}/roles
mv ${/path/to/.ansible}/roles/* ./  # geerlingguy.docker たちを移動
cd ${/path/to}/    # aws-docker.yaml があるディレクトリ
  • おどろきの一発成功?

  • コンソール出力 [とっても長いのでご注意を]
    
    ❯ ansible-playbook ./aws-docker.yaml -i "xx.xxx.xxx.xx," -u ubuntu -vv
    ansible-playbook 2.7.1
        config file = /Users/sogaoh/src/.../ansible.cfg
        configured module search path = ['/Users/sogaoh/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
        ansible python module location = /usr/local/Cellar/ansible/2.7.1/libexec/lib/python3.7/site-packages/ansible
        executable location = /usr/local/bin/ansible-playbook
        python version = 3.7.3 (default, Mar 27 2019, 09:23:15) [Clang 10.0.1 (clang-1001.0.46.3)]
    Using /Users/sogaoh/src/.../ansible.cfg as config file
        ___________________________
    < PLAYBOOK: aws-docker.yaml >
        ---------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    1 plays in ./aws-docker.yaml
        ____________
    < PLAY [all] >
        ------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
        ________________________
    < TASK [Gathering Facts] >
        ------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../aws-docker.yaml:8
    ok: [xx.xxx.xxx.xx]
    META: ran handlers
        ________________________________
    < TASK [hostname : set hostname] >
        --------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/hostname/tasks/main.yml:1
    ok: [xx.xxx.xxx.xx] => {"ansible_facts": {"ansible_domain": "ap-northeast-1.compute.internal", "ansible_fqdn": "ip-yy-y-y-yy.ap-northeast-1.compute.internal", "ansible_hostname": "aws-docker", "ansible_nodename": "aws-docker"}, "changed": false, "name": "aws-docker"}
        ___________________________________________
    < TASK [geerlingguy.docker : include_tasks] >
        -------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/main.yml:2
    skipping: [xx.xxx.xxx.xx] => {"changed": false, "skip_reason": "Conditional result was False"}
        ___________________________________________
    < TASK [geerlingguy.docker : include_tasks] >
        -------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/main.yml:5
    included: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/setup-Debian.yml for xx.xxx.xxx.xx
        __________________________________________________________
    / TASK [geerlingguy.docker : Ensure old versions of Docker \
    \ are not installed.]                                      /
        ----------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/setup-Debian.yml:2
    ok: [xx.xxx.xxx.xx] => {"changed": false}
        ____________________________________________________
    / TASK [geerlingguy.docker : Ensure dependencies are \
    \ installed.]                                        /
        ----------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/setup-Debian.yml:9
    changed: [xx.xxx.xxx.xx] => {"cache_update_time": 1580222109, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n  apt-transport-https\n0 upgraded, 1 newly installed, 0 to remove and 41 not upgraded.\nNeed to get 1692 B of archives.\nAfter this operation, 153 kB of additional disk space will be used.\nGet:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 apt-transport-https all 1.6.12 [1692 B]\nFetched 1692 B in 0s (6744 B/s)\nSelecting previously unselected package apt-transport-https.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 83915 files and directories currently installed.)\r\nPreparing to unpack .../apt-transport-https_1.6.12_all.deb ...\r\nUnpacking apt-transport-https (1.6.12) ...\r\nSetting up apt-transport-https (1.6.12) ...\r\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following NEW packages will be installed:", "  apt-transport-https", "0 upgraded, 1 newly installed, 0 to remove and 41 not upgraded.", "Need to get 1692 B of archives.", "After this operation, 153 kB of additional disk space will be used.", "Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 apt-transport-https all 1.6.12 [1692 B]", "Fetched 1692 B in 0s (6744 B/s)", "Selecting previously unselected package apt-transport-https.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 83915 files and directories currently installed.)", "Preparing to unpack .../apt-transport-https_1.6.12_all.deb ...", "Unpacking apt-transport-https (1.6.12) ...", "Setting up apt-transport-https (1.6.12) ..."]}
        _________________________________________________
    < TASK [geerlingguy.docker : Add Docker apt key.] >
        -------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/setup-Debian.yml:16
        [WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions
    manually
    
    changed: [xx.xxx.xxx.xx] => {"changed": true}
        _____________________________________________________________
    / TASK [geerlingguy.docker : Ensure curl is present (on older \
    \ systems without SNI).]                                      /
        -------------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/setup-Debian.yml:24
    skipping: [xx.xxx.xxx.xx] => {"changed": false, "skip_reason": "Conditional result was False"}
        ____________________________________________________________
    / TASK [geerlingguy.docker : Add Docker apt key (alternative \
    \ for older systems without SNI).]                           /
        ------------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/setup-Debian.yml:28
    skipping: [xx.xxx.xxx.xx] => {"changed": false, "skip_reason": "Conditional result was False"}
        ____________________________________________________
    < TASK [geerlingguy.docker : Add Docker repository.] >
        ----------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/setup-Debian.yml:36
    changed: [xx.xxx.xxx.xx] => {"changed": true, "repo": "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable", "state": "present"}
        _____________________________________________
    < TASK [geerlingguy.docker : Install Docker.] >
        ---------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/main.yml:8
    NOTIFIED HANDLER geerlingguy.docker : restart docker for xx.xxx.xxx.xx
    changed: [xx.xxx.xxx.xx] => {"cache_update_time": 1580316936, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following additional packages will be installed:\n  aufs-tools cgroupfs-mount containerd.io docker-ce-cli libltdl7 pigz\nThe following NEW packages will be installed:\n  aufs-tools cgroupfs-mount containerd.io docker-ce docker-ce-cli libltdl7\n  pigz\n0 upgraded, 7 newly installed, 0 to remove and 41 not upgraded.\nNeed to get 85.5 MB of archives.\nAfter this operation, 384 MB of additional disk space will be used.\nGet:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]\nGet:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]\nGet:3 https://download.docker.com/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.2.10-3 [20.0 MB]\nGet:4 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6320 B]\nGet:5 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libltdl7 amd64 2.4.6-2 [38.8 kB]\nGet:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:19.03.5~3-0~ubuntu-bionic [42.5 MB]\nGet:7 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:19.03.5~3-0~ubuntu-bionic [22.8 MB]\nFetched 85.5 MB in 2s (55.3 MB/s)\nSelecting previously unselected package pigz.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 83919 files and directories currently installed.)\r\nPreparing to unpack .../0-pigz_2.4-1_amd64.deb ...\r\nUnpacking pigz (2.4-1) ...\r\nSelecting previously unselected package aufs-tools.\r\nPreparing to unpack .../1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ...\r\nUnpacking aufs-tools (1:4.9+20170918-1ubuntu1) ...\r\nSelecting previously unselected package cgroupfs-mount.\r\nPreparing to unpack .../2-cgroupfs-mount_1.4_all.deb ...\r\nUnpacking cgroupfs-mount (1.4) ...\r\nSelecting previously unselected package containerd.io.\r\nPreparing to unpack .../3-containerd.io_1.2.10-3_amd64.deb ...\r\nUnpacking containerd.io (1.2.10-3) ...\r\nSelecting previously unselected package docker-ce-cli.\r\nPreparing to unpack .../4-docker-ce-cli_5%3a19.03.5~3-0~ubuntu-bionic_amd64.deb ...\r\nUnpacking docker-ce-cli (5:19.03.5~3-0~ubuntu-bionic) ...\r\nSelecting previously unselected package docker-ce.\r\nPreparing to unpack .../5-docker-ce_5%3a19.03.5~3-0~ubuntu-bionic_amd64.deb ...\r\nUnpacking docker-ce (5:19.03.5~3-0~ubuntu-bionic) ...\r\nSelecting previously unselected package libltdl7:amd64.\r\nPreparing to unpack .../6-libltdl7_2.4.6-2_amd64.deb ...\r\nUnpacking libltdl7:amd64 (2.4.6-2) ...\r\nSetting up aufs-tools (1:4.9+20170918-1ubuntu1) ...\r\nSetting up containerd.io (1.2.10-3) ...\r\nCreated symlink /etc/systemd/system/multi-user.target.wants/containerd.service -> /lib/systemd/system/containerd.service.\r\nSetting up cgroupfs-mount (1.4) ...\r\nSetting up libltdl7:amd64 (2.4.6-2) ...\r\nSetting up docker-ce-cli (5:19.03.5~3-0~ubuntu-bionic) ...\r\nSetting up pigz (2.4-1) ...\r\nSetting up docker-ce (5:19.03.5~3-0~ubuntu-bionic) ...\r\nCreated symlink /etc/systemd/system/multi-user.target.wants/docker.service -> /lib/systemd/system/docker.service.\r\nCreated symlink /etc/systemd/system/sockets.target.wants/docker.socket -> /lib/systemd/system/docker.socket.\r\nProcessing triggers for libc-bin (2.27-3ubuntu1) ...\r\nProcessing triggers for systemd (237-3ubuntu10.29) ...\r\nProcessing triggers for man-db (2.8.3-2ubuntu0.1) ...\r\nProcessing triggers for ureadahead (0.100.0-21) ...\r\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following additional packages will be installed:", "  aufs-tools cgroupfs-mount containerd.io docker-ce-cli libltdl7 pigz", "The following NEW packages will be installed:", "  aufs-tools cgroupfs-mount containerd.io docker-ce docker-ce-cli libltdl7", "  pigz", "0 upgraded, 7 newly installed, 0 to remove and 41 not upgraded.", "Need to get 85.5 MB of archives.", "After this operation, 384 MB of additional disk space will be used.", "Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]", "Get:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]", "Get:3 https://download.docker.com/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.2.10-3 [20.0 MB]", "Get:4 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6320 B]", "Get:5 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libltdl7 amd64 2.4.6-2 [38.8 kB]", "Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:19.03.5~3-0~ubuntu-bionic [42.5 MB]", "Get:7 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:19.03.5~3-0~ubuntu-bionic [22.8 MB]", "Fetched 85.5 MB in 2s (55.3 MB/s)", "Selecting previously unselected package pigz.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 83919 files and directories currently installed.)", "Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...", "Unpacking pigz (2.4-1) ...", "Selecting previously unselected package aufs-tools.", "Preparing to unpack .../1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ...", "Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) ...", "Selecting previously unselected package cgroupfs-mount.", "Preparing to unpack .../2-cgroupfs-mount_1.4_all.deb ...", "Unpacking cgroupfs-mount (1.4) ...", "Selecting previously unselected package containerd.io.", "Preparing to unpack .../3-containerd.io_1.2.10-3_amd64.deb ...", "Unpacking containerd.io (1.2.10-3) ...", "Selecting previously unselected package docker-ce-cli.", "Preparing to unpack .../4-docker-ce-cli_5%3a19.03.5~3-0~ubuntu-bionic_amd64.deb ...", "Unpacking docker-ce-cli (5:19.03.5~3-0~ubuntu-bionic) ...", "Selecting previously unselected package docker-ce.", "Preparing to unpack .../5-docker-ce_5%3a19.03.5~3-0~ubuntu-bionic_amd64.deb ...", "Unpacking docker-ce (5:19.03.5~3-0~ubuntu-bionic) ...", "Selecting previously unselected package libltdl7:amd64.", "Preparing to unpack .../6-libltdl7_2.4.6-2_amd64.deb ...", "Unpacking libltdl7:amd64 (2.4.6-2) ...", "Setting up aufs-tools (1:4.9+20170918-1ubuntu1) ...", "Setting up containerd.io (1.2.10-3) ...", "Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service -> /lib/systemd/system/containerd.service.", "Setting up cgroupfs-mount (1.4) ...", "Setting up libltdl7:amd64 (2.4.6-2) ...", "Setting up docker-ce-cli (5:19.03.5~3-0~ubuntu-bionic) ...", "Setting up pigz (2.4-1) ...", "Setting up docker-ce (5:19.03.5~3-0~ubuntu-bionic) ...", "Created symlink /etc/systemd/system/multi-user.target.wants/docker.service -> /lib/systemd/system/docker.service.", "Created symlink /etc/systemd/system/sockets.target.wants/docker.socket -> /lib/systemd/system/docker.socket.", "Processing triggers for libc-bin (2.27-3ubuntu1) ...", "Processing triggers for systemd (237-3ubuntu10.29) ...", "Processing triggers for man-db (2.8.3-2ubuntu0.1) ...", "Processing triggers for ureadahead (0.100.0-21) ..."]}
        _________________________________________________________
    / TASK [geerlingguy.docker : Ensure Docker is started and \
    \ enabled at boot.]                                       /
        ---------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/main.yml:14
    ok: [xx.xxx.xxx.xx] => {"changed": false, "enabled": true, "name": "docker", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2020-01-29 16:55:53 UTC", "ActiveEnterTimestampMonotonic": "94861758099", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket containerd.service docker.socket basic.target firewalld.service sysinit.target network-online.target system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2020-01-29 16:55:52 UTC", "AssertTimestampMonotonic": "94860921344", "Before": "multi-user.target shutdown.target", "BindsTo": "containerd.service", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2020-01-29 16:55:52 UTC", "ConditionTimestampMonotonic": "94860921343", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ConsistsOf": "docker.socket", "ControlGroup": "/system.slice/docker.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "yes", "DelegateControllers": "cpu cpuacct io blkio memory devices pids", "Description": "Docker Application Container Engine", "DevicePolicy": "auto", "Documentation": "https://docs.docker.com", "DynamicUser": "no", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "958", "ExecMainStartTimestamp": "Wed 2020-01-29 16:55:52 UTC", "ExecMainStartTimestampMonotonic": "94860921992", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/lib/systemd/system/docker.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "docker.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2020-01-29 16:55:52 UTC", "InactiveExitTimestampMonotonic": "94860922026", "InvocationID": "c2d8a09889864ac9a1880c4ca348ece5", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "process", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "16777216", "LimitMEMLOCKSoft": "16777216", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "infinity", "LimitNOFILESoft": "infinity", "LimitNPROC": "infinity", "LimitNPROCSoft": "infinity", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "31807", "LimitSIGPENDINGSoft": "31807", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogsDirectoryMode": "0755", "MainPID": "958", "MemoryAccounting": "no", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "Names": "docker.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target docker.socket", "Restart": "always", "RestartUSec": "2s", "RestrictNamespaces": "no", "RestrictRealtime": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "3", "StartLimitIntervalUSec": "1min", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2020-01-29 16:55:53 UTC", "StateChangeTimestampMonotonic": "94861758099", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "10", "TasksMax": "infinity", "TimeoutStartUSec": "infinity", "TimeoutStopUSec": "infinity", "TimerSlackNSec": "50000", "Transient": "no", "TriggeredBy": "docker.socket", "Type": "notify", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogTimestamp": "Wed 2020-01-29 16:55:53 UTC", "WatchdogTimestampMonotonic": "94861758095", "WatchdogUSec": "0"}}
        _______________________________________________________
    < RUNNING HANDLER [geerlingguy.docker : restart docker] >
        -------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/handlers/main.yml:2
    changed: [xx.xxx.xxx.xx] => {"changed": true, "name": "docker", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2020-01-29 xx:55:53 UTC", "ActiveEnterTimestampMonotonic": "94861758099", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket containerd.service docker.socket basic.target firewalld.service sysinit.target network-online.target system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2020-01-29 16:55:52 UTC", "AssertTimestampMonotonic": "94860921344", "Before": "multi-user.target shutdown.target", "BindsTo": "containerd.service", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2020-01-29 16:55:52 UTC", "ConditionTimestampMonotonic": "94860921343", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ConsistsOf": "docker.socket", "ControlGroup": "/system.slice/docker.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "yes", "DelegateControllers": "cpu cpuacct io blkio memory devices pids", "Description": "Docker Application Container Engine", "DevicePolicy": "auto", "Documentation": "https://docs.docker.com", "DynamicUser": "no", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "958", "ExecMainStartTimestamp": "Wed 2020-01-29 16:55:52 UTC", "ExecMainStartTimestampMonotonic": "94860921992", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/lib/systemd/system/docker.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "docker.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2020-01-29 16:55:52 UTC", "InactiveExitTimestampMonotonic": "94860922026", "InvocationID": "c2d8a09889864ac9a1880c4ca348ece5", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "process", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "16777216", "LimitMEMLOCKSoft": "16777216", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "infinity", "LimitNOFILESoft": "infinity", "LimitNPROC": "infinity", "LimitNPROCSoft": "infinity", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "31807", "LimitSIGPENDINGSoft": "31807", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogsDirectoryMode": "0755", "MainPID": "958", "MemoryAccounting": "no", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "Names": "docker.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target docker.socket", "Restart": "always", "RestartUSec": "2s", "RestrictNamespaces": "no", "RestrictRealtime": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "3", "StartLimitIntervalUSec": "1min", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2020-01-29 16:55:53 UTC", "StateChangeTimestampMonotonic": "94861758099", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "10", "TasksMax": "infinity", "TimeoutStartUSec": "infinity", "TimeoutStopUSec": "infinity", "TimerSlackNSec": "50000", "Transient": "no", "TriggeredBy": "docker.socket", "Type": "notify", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogTimestamp": "Wed 2020-01-29 16:55:53 UTC", "WatchdogTimestampMonotonic": "94861758095", "WatchdogUSec": "0"}}
    META: ran handlers
        ___________________________________________
    < TASK [geerlingguy.docker : include_tasks] >
        -------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/main.yml:23
    included: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/docker-compose.yml for xx.xxx.xxx.xx
        _________________________________________________________
    / TASK [geerlingguy.docker : Check current docker-compose \
    \ version.]                                               /
        ---------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/docker-compose.yml:2
    ok: [xx.xxx.xxx.xx] => {"changed": false, "cmd": "docker-compose --version", "failed_when_result": false, "msg": "[Errno 2] No such file or directory: 'docker-compose': 'docker-compose'", "rc": 2}
        ___________________________________________________________
    / TASK [geerlingguy.docker : Delete existing docker-compose \
    \ version if it's different.]                               /
        -----------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/docker-compose.yml:8
    skipping: [xx.xxx.xxx.xx] => {"changed": false, "skip_reason": "Conditional result was False"}
        _______________________________________________________
    / TASK [geerlingguy.docker : Install Docker Compose (if \
    \ configured).]                                         /
        -------------------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/docker-compose.yml:16
    changed: [xx.xxx.xxx.xx] => {"changed": true, "checksum_dest": null, "checksum_src": "ebe6d19586103e9822cefa6794a18425e622337e", "dest": "/usr/local/bin/docker-compose", "gid": 0, "group": "root", "md5sum": "7048a965a86e6eed1622e0990e9a7ab4", "mode": "0755", "msg": "OK (16168192 bytes)", "owner": "root", "size": 16168192, "src": "/root/.ansible/tmp/ansible-moduletmp-1580316960.2161603-z6ba67l1/tmp_q77q2u9", "state": "file", "status_code": 200, "uid": 0, "url": "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64"}
        ___________________________________________
    < TASK [geerlingguy.docker : include_tasks] >
        -------------------------------------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    task path: /Users/sogaoh/src/.../roles/geerlingguy.docker/tasks/main.yml:26
    skipping: [xx.xxx.xxx.xx] => {"changed": false, "skip_reason": "Conditional result was False"}
    META: ran handlers
    META: ran handlers
        ____________
    < PLAY RECAP >
        ------------
            \   ^__^
                \  (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
    
    xx.xxx.xxx.xx              : ok=13   changed=6    unreachable=0    failed=0
    
    
  • バージョン確認

    
    root@aws-docker:~# docker --version
    Docker version 19.03.5, build 633a0ea838
    
    root@aws-docker:~# docker-compose --version
    docker-compose version 1.24.1, build 4667896b
    

その他

後日、インスタンスタイプおとしてほんとに一発でいくか再確認してみる 1日起動したままだと $3 かかるのでシャットダウンをお忘れなく

思索の記録

https://twitter.com/sogaoh/status/1222172611339153408 https://twitter.com/sogaoh/status/1222540954218876928

Appendix

Footnote

  1. Ubuntu Server 18.04 LTS (HVM), SSD Volume Type (64 ビット x86)