Externalize role

2018-10-08 19:35:10 +02:00 · 2018-10-08 19:35:10 +02:00 · 790bec29ab
commit 790bec29ab
14 changed files with 1154 additions and 0 deletions
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@ -0,0 +1,37 @@
+---
+- name: add docker apt key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+  when:
+    - docker_ver == "docker-ce"
+
+- name: add docker repository
+  apt_repository: repo='deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ansible_distribution_release}} stable' state=present update_cache=yes 
+  when:
+    - docker_ver == "docker-ce"
+
+- name: "Ensure GRUB_CMDLINE_LINUX is updated"
+  lineinfile: dest=/etc/default/grub regexp='^(GRUB_CMDLINE_LINUX=".*)"$' line='\1 cgroup_enable=memory swapaccount=1"' backrefs=yes
+  when:
+    - not docker_installed.stat.exists
+
+- name: "Update grub.conf"
+  command: update-grub
+  when:
+    - not docker_installed.stat.exists
+
+- name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated"
+  lineinfile: dest=/etc/default/ufw regexp='^(DEFAULT_FORWARD_POLICY=").*"$' line='\1ACCEPT"' backrefs=yes
+  notify: reload ufw
+  tags: [docker,firewall]
+
+# Need Certificat ? Only in local
+#- name: "Add docker port 2376/TCP "
+#  ufw: rule=allow port=2376 proto=tcp
+#  notify: reload ufw
+#  tags: [docker,firewall]
+
+#- name: "Start UFW rules"
+#  service: name=ufw state=started
+#  tags: [docker,firewall]
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@ -0,0 +1,17 @@
+---
+#- name: Add docker repository
+#  yumrepo:
+#    name: docker
+#    description: "Docker Repository"
+#    baseurl: https://yum.dockerproject.org/repo/main/centos/$releasever/
+#    gpgcheck: yes
+#    enabled: yes
+#    gpgkey: https://yum.dockerproject.org/gpg
+#    state: present
+
+- name: Add Official docker's repo
+  get_url:
+    url: https://download.docker.com/linux/centos/docker-ce.repo
+    dest: /etc/yum.repos.d/docker-ce.repo
+    mode: 0644
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,69 @@
+---
+- name: Include vars for {{ ansible_os_family }}
+  include_vars: "{{ ansible_os_family }}_{{ docker_ver }}.yml"
+
+# Is it needed any more ?
+#- name: "Ensure system is x86_64"
+#  fail: msg="Docker requires a 64bit system architecture"
+#  when: "ansible_architecture != 'x86_64'"
+#
+#- name: See if docker is installed
+#  stat: path=/usr/bin/docker
+#  register: docker_installed
+
+- name: Install docker rules for {{ ansible_os_family }} OS family
+  include_tasks: "{{ ansible_os_family }}.yml"
+  
+- name: Remove all other's docker version packages
+  package: name="{{ docker_remove_packages_name }}" state=absent update_cache=yes
+
+- name: Install docker
+  package: name="{{ docker_package_name }}" state=latest update_cache=yes
+ # when:
+ #   - not docker_installed.stat.exists
+  notify: Restart docker
+
+- name: Enable docker on boot
+  service: name=docker state=started enabled=yes
+
+# Create docker group if needed
+
+# Add normal user to docker group
+
+- include_tasks: tools.yml
+
+# Configuration dans /etc/docker/daemon.json
+- name: config_docker | Ensuring /etc/docker Folder Exists
+  file:
+    path: "/etc/docker"
+    state: "directory"
+    group: root
+    owner: root
+    mode: 0700
+
+#- name: config_docker | Configuring Docker
+#  template:
+#    src: "etc/docker/daemon.json.j2"
+#    dest: "/etc/docker/daemon.json"
+#    group: root
+#    owner: root
+#    mode: 0644
+#  notify: Restart docker
+
+#- port TCP 2376: permet au client local de communiquer de façon sécurisée avec le daemon tournant sur une machine du swarm
+#
+#- port TCP 2377: permet la communication entre les managers du swarm (port seulement ouvert sur les managers)
+#
+#- port UDP 4789: permet la communication entre les containers sur un réseau overlay
+#
+#- port TCP et UDP 7946: permet la communication entre les machines du swarm
+#
+#- interfaces docker0 and docker_gwbridge ? firewall-cmd --change-zone=docker0 --zone=trusted --permanent; firewall-cmd --change-zone=docker_gwbridge --zone=trusted --permanent
+
+- name: Install python library for docker
+  package: name="{{ docker_python_lib }}" state=latest update_cache=yes
+
+- name: Enable swarm mode
+  include_tasks: swarm.yml
+  when:
+    - docker_swarmmode
--- a/tasks/swarm.yml
+++ b/tasks/swarm.yml
@ -0,0 +1,129 @@
+---
+- name: Create ClusterSwarm group
+  group_by: key=ClusterSwarm
+  when:
+    - docker_swarmmode
+
+- name: Checking Swarm Mode Status
+  command: "docker info"
+  register: "docker_info"
+  changed_when: false
+  check_mode: no
+
+- name: Create Master Swarm group
+  group_by: key=MasterSwarm
+  when:
+    - '"Swarm: active" in docker_info.stdout'
+    - '" Is Manager: true" in docker_info.stdout'
+
+- name: Init Docker Swarm Mode On First Manager
+  command: >
+          docker swarm init
+          --listen-addr {{ internal_interface }}:{{ docker_swarm_port }}
+          --advertise-addr {{ internal_interface }}
+  when:
+    - not MasterSwarm is defined
+    - '"Swarm: inactive" in docker_info.stdout'
+    - inventory_hostname == groups['ClusterSwarm'][0]
+
+- name: Add the new master to MasterSwarm group
+  add_host:
+    name: '{{ inventory_hostname }}'
+    groups: MasterSwarm
+  when:
+    - not MasterSwarm is defined
+    - inventory_hostname == groups['ClusterSwarm'][0]
+
+#- name: cluster | Capturing Docker Swarm Worker join-token
+#  command: "docker swarm join-token -q worker"
+#  changed_when: false
+#  register: "docker_swarm_worker_token"
+#  delegate_to: groups['MasterSwarm'][0]
+#  when:
+#    - inventory_hostname != groups['MasterSwarm'][0]
+#    - '"Swarm: inactive" in docker_info.stdout'
+
+#- name: cluster | Capturing Docker Swarm Manager join-token
+#  command: "docker swarm join-token -q manager"
+#  changed_when: false
+#  register: "docker_swarm_manager_token"
+#  when: >
+#        inventory_hostname == groups['MasterSwarm'][0]
+#- name: cluster | Defining Docker Swarm Manager Address
+#  set_fact:
+#    docker_swarm_manager_address: "{{ docker_swarm_addr }}:{{ docker_swarm_port }}"
+#  changed_when: false
+#  when: >
+#        inventory_hostname == groups['MasterSwarm'][0]
+#- name: cluster | Defining Docker Swarm Manager Address
+#  set_fact:
+#    docker_swarm_manager_address: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_address'] }}"
+#  changed_when: false
+#  when: >
+#        inventory_hostname != docker_swarm_primary_manager
+#- name: cluster | Defining Docker Swarm Manager join-token
+#  set_fact:
+#    docker_swarm_manager_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_token'] }}"
+#  changed_when: false
+#  when: >
+#        inventory_hostname != docker_swarm_primary_manager
+#- name: cluster | Defining Docker Swarm Worker join-token
+#  set_fact:
+#    docker_swarm_worker_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_worker_token'] }}"
+#  changed_when: false
+#  when: >
+#        inventory_hostname != docker_swarm_primary_manager
+#- name: cluster | Joining Additional Docker Swarm Managers To Cluster
+#  command: >
+#          docker swarm join
+#          --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
+#          --advertise-addr {{ docker_swarm_addr }}
+#          --token {{ docker_swarm_manager_token.stdout }}
+#          {{ docker_swarm_manager_address }}
+#  when: >
+#        inventory_hostname != groups['MasterSwarm'][0] and
+#        inventory_hostname not in groups[docker_swarm_workers_ansible_group] and
+#        'Swarm: active' not in docker_info.stdout and
+#        'Swarm: pending' not in docker_info.stdout
+#- name: cluster | Joining Docker Swarm Workers To Cluster
+#  command: >
+#         docker swarm join
+#         --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
+#         --advertise-addr {{ docker_swarm_addr }}
+#         --token {{ docker_swarm_worker_token.stdout }}
+#         {{ docker_swarm_manager_address }}
+#  when: >
+#        inventory_hostname in groups[docker_swarm_workers_ansible_group] and
+#        'Swarm: active' not in docker_info.stdout and
+#        'Swarm: pending' not in docker_info.stdout
+#
+###############
+#- name: Initialize Swarm Master
+#  hosts: swarm-master
+#  gather_facts: yes
+#  tasks:
+#    - command: "docker swarm init --advertise-addr {{inventory_hostname}}"
+#    - command: "docker swarm join-token -q worker"
+#      register: swarm_token
+#    - set_fact: swarmtoken="{{swarm_token.stdout}}"
+#
+#- name: Join Swarm Nodes
+#  hosts: swarm-nodes
+#  gather_facts: yes
+#  tasks:
+#  - command: "docker swarm join --advertise-addr {{inventory_hostname}} --token {{hostvars[groups['swarm-master'][0]].swarmtoken}} {{hostvars[groups['swarm-master'][0]].inventory_hostname}}:2377"
+#
+##- name: Leave Swarm
+##  hosts: swarm-master:swarm-nodes
+##  gather_facts: yes
+##  tasks:
+##    - command: "docker swarm leave --force"
+#
+## - name: docker_swarm | Managing Docker Swarm Networks
+##   docker_network:
+##     name: "{{ item.name }}"
+##     driver: "{{ item.driver }}"
+##     state: "{{ item.state }}"
+##   with_items: '{{ docker_swarm_networks }}'
+##   when: >
+##         inventory_hostname == docker_swarm_primary_manager
--- a/tasks/tools.yml
+++ b/tasks/tools.yml
@ -0,0 +1,75 @@
+---
+# Docker machine
+- name: Check if docker-machine is already installed
+  stat: path=/usr/local/bin/docker-machine
+  register: dockermachine
+
+- name: Check local version installed
+  shell: docker-compose --version | sed 's|docker-compose version \([^ ,]*\).*|\1|'
+  register: dockermachine_locver
+  changed_when: false
+  when:
+    - dockermachine.stat.exists
+
+- name: Check online version
+  shell: curl -s https://github.com/docker/machine/releases/latest | sed 's|.*tag/\(.*\)".*|\1|'
+  register: dockermachine_ver
+  changed_when: false
+- name: "Retreive docker-machine version {{ dockermachine_ver.stdout }}"
+  get_url:
+    url: https://github.com/docker/machine/releases/download/{{ dockermachine_ver.stdout }}/docker-machine-{{ ansible_system }}-{{ ansible_machine }}
+    dest: /usr/local/bin/docker-machine
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Check docker-machine-driver-kvm online version
+  shell: curl -s https://github.com/dhiltgen/docker-machine-kvm/releases/latest | sed 's|.*tag/\(.*\)".*|\1|'
+  register: dockermachinekvm_ver
+  changed_when: false
+- name: Retreive docker-machine-driver-kvm
+  get_url:
+    url: https://github.com/dhiltgen/docker-machine-kvm/releases/download/{{ dockermachinekvm_ver.stdout }}/docker-machine-driver-kvm-{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}
+    dest: /usr/local/bin/docker-machine-driver-kvm
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Retreive docker-machine-driver-kvm2
+  get_url:
+    url: https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-kvm2
+    dest: /usr/local/bin/docker-machine-driver-kvm2
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Check docker-machine-driver-scaleway online version
+  shell: curl -s https://github.com/scaleway/docker-machine-driver-scaleway/releases/latest | sed 's|.*tag/\(.*\)".*|\1|'
+  register: dockermachinescw_ver
+  changed_when: false
+- name: Retreive docker-machine-driver-scaleway
+  get_url:
+    url: https://github.com/scaleway/docker-machine-driver-scaleway/releases/download/{{ dockermachinescw_ver.stdout }}/docker-machine-driver-scaleway-{{ ansible_system | lower }}-{{ ansible_machine | regex_replace('x86_64', 'amd64')}}
+    dest: /usr/local/bin/docker-machine-driver-scaleway
+    owner: root
+    group: root
+    mode: 0755
+
+# docker-compose
+- name: Check if docker-compose is already installed
+  stat: path=/usr/local/bin/docker-compose
+  register: dockercompose
+
+- name: Check online version
+  shell: curl -s https://github.com/docker/compose/releases/latest | sed 's|.*tag/\(.*\)".*|\1|'
+  register: dockercompose_ver
+  changed_when: false
+
+- name: Retreive docker-compose
+  get_url:
+    url: https://github.com/docker/compose/releases/download/{{ dockercompose_ver.stdout }}/docker-compose-{{ ansible_system }}-{{ ansible_machine }}
+    dest: /usr/local/bin/docker-compose
+    owner: root
+    group: root
+    mode: 0755
+