X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/28d9a1d5b4c58ebc33e94780753e6c1e2a2e2181..cc57b9e9a6f06eb2fdce5ed83aa5f9ed6cd90cad:/cookbooks/docker/recipes/default.rb diff --git a/cookbooks/docker/recipes/default.rb b/cookbooks/docker/recipes/default.rb index fd3773634..aa4aa34f0 100644 --- a/cookbooks/docker/recipes/default.rb +++ b/cookbooks/docker/recipes/default.rb @@ -17,28 +17,51 @@ # limitations under the License. # +include_recipe "apt::docker" + package %w[ - apt-transport-https - ca-certificates - curl - software-properties-common - gnupg2 + docker-ce + docker-ce-cli + containerd.io + docker-compose-plugin ] +directory "/etc/docker" do + owner "root" + group "root" + mode "755" +end + template "/etc/docker/daemon.json" do source "daemon.json.erb" owner "root" group "root" - mode 0o644 + mode "644" end -package %w[ - docker-ce - docker-ce-cli - containerd.io -] - service "docker" do action [:enable, :start] subscribes :restart, "template[/etc/docker/daemon.json]" end + +systemd_service "docker-system-prune" do + description "Cleanup up unused docker images and containers" + after ["docker.service"] + wants ["docker.service"] + user "root" + exec_start "/usr/bin/docker system prune --all --force" + sandbox :enable_network => true + memory_deny_write_execute false + restrict_address_families "AF_UNIX" +end + +systemd_timer "docker-system-prune" do + description "Cleanup up unused docker images and containers" + on_boot_sec "2h" + on_unit_active_sec "7d" + randomized_delay_sec "4h" +end + +service "docker-system-prune.timer" do + action [:enable, :start] +end