diff --git a/defaults/main.yml b/defaults/main.yml index c42542b..a2335a1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,6 @@ --- # Possible value: docker_ce , docker -# docker_ce : official docker comunity edition +# docker_ce : official docker community edition # docker : distribution version docker_ver: docker_ce docker_swarmmode: false diff --git a/meta/main.yml b/meta/main.yml index 80d3f4f..be8227f 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,11 +6,11 @@ galaxy_info: galaxy_tags: [] license: GPL2 platforms: - - name: CentOS - version: - - 7 - - 8 - - name: RedHat - version: - - 7 - - 8 + - name: CentOS + version: + - 7 + - 8 + - name: RedHat + version: + - 7 + - 8 diff --git a/tasks/Debian.yml b/tasks/Debian.yml index 5446edd..e93a318 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -1,10 +1,10 @@ --- -#- name: Add docker apt key -# ansible.builtin.get_url: -# url: https://download.docker.com/linux/ubuntu/gpg.asc -# dest: /etc/apt/keyrings/docker.gpg -# when: -# - docker_ver == "docker_ce" +# - name: Add docker apt key +# ansible.builtin.get_url: +# url: https://download.docker.com/linux/ubuntu/gpg.asc +# dest: /etc/apt/keyrings/docker.gpg +# when: +# - docker_ver == "docker_ce" - name: Add docker apt key ansible.builtin.copy: src: etc/apt/keyrings/docker.gpg @@ -13,16 +13,16 @@ - docker_ver == "docker_ce" - name: Add docker repository - apt_repository: + ansible.builtin.apt_repository: repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable' filename: docker-ce state: present - update_cache: yes + update_cache: true when: - docker_ver == "docker_ce" - name: "Ensure GRUB_CMDLINE_LINUX is updated" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub regexp: '^(GRUB_CMDLINE_LINUX=".*)"$' line: '\1 cgroup_enable=memory swapaccount=1"' @@ -31,33 +31,33 @@ - not docker_installed.stat.exists - name: "Update grub.conf" - command: update-grub + ansible.builtin.command: update-grub when: - not docker_installed.stat.exists - name: Check whether ufw status is active - shell: ufw status + ansible.builtin.shell: ufw status changed_when: False ignore_errors: True register: ufw_check check_mode: false - name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/ufw regexp: '^(DEFAULT_FORWARD_POLICY=").*"$' line: '\1ACCEPT"' backrefs: yes notify: reload ufw when: "'inactive' not in ufw_check.stdout" - tags: [docker,firewall] + tags: [docker, firewall] # Need Certificat ? Only in local -#- name: "Add docker port 2376/TCP " -# ufw: rule=allow port=2376 proto=tcp -# notify: reload ufw -# tags: [docker,firewall] +# - name: "Add docker port 2376/TCP " +# ufw: rule=allow port=2376 proto=tcp +# notify: reload ufw +# tags: [docker,firewall] -#- name: "Start UFW rules" -# service: name=ufw state=started -# tags: [docker,firewall] +# - name: "Start UFW rules" +# service: name=ufw state=started +# tags: [docker,firewall] diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml index 7d0c3d4..3f076ad 100644 --- a/tasks/RedHat.yml +++ b/tasks/RedHat.yml @@ -1,22 +1,22 @@ --- -#- name: Add docker repository -# yumrepo: -# name: docker -# description: "Docker Repository" -# baseurl: https://yum.dockerproject.org/repo/main/centos/$releasever/ -# gpgcheck: yes -# enabled: yes -# gpgkey: https://yum.dockerproject.org/gpg -# state: present +# - name: Add docker repository +# yumrepo: +# name: docker +# description: "Docker Repository" +# baseurl: https://yum.dockerproject.org/repo/main/centos/$releasever/ +# gpgcheck: yes +# enabled: true +# gpgkey: https://yum.dockerproject.org/gpg +# state: present - name: Add Official docker's repo - get_url: + ansible.builtin.get_url: url: https://download.docker.com/linux/centos/docker-ce.repo dest: /etc/yum.repos.d/docker-ce.repo mode: 0644 - name: Register docker firewalld service - template: + ansible.builtin.template: src: "etc/firewalld/services/docker-swarm.xml.j2" dest: "/etc/firewalld/services/docker-swarm.xml" group: root @@ -24,23 +24,23 @@ mode: 0644 register: need_firewalld_reload -#- name: Reload firewalld configuration -# service: -# name: firewalld -# state: reloaded -# enabled: yes +# - name: Reload firewalld configuration +# ansible.builtin.service: +# name: firewalld +# state: reloaded +# enabled: true - name: reload firewalld to refresh service list - command: firewall-cmd --reload + ansible.builtin.command: firewall-cmd --reload when: - need_firewalld_reload is changed # Définir interface -#- name: Open Firewalld -# firewalld: -# service: docker-swarm -# permanent: true -# state: enabled -# immediate: true -# when: -# - need_firewall == true -# - firewall_name == "firewalld" +# - name: Open Firewalld +# ansible.posix.firewalld: +# service: docker-swarm +# permanent: true +# state: enabled +# immediate: true +# when: +# - need_firewall == true +# - firewall_name == "firewalld" diff --git a/tasks/main.yml b/tasks/main.yml index b711475..9c0df53 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,34 +1,34 @@ --- - name: Include vars for {{ ansible_os_family }} - include_vars: "{{ ansible_os_family }}_{{ docker_ver }}.yml" + ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ docker_ver }}.yml" - name: See if docker is installed stat: path=/usr/bin/docker register: docker_installed - name: Install docker rules for {{ ansible_os_family }} OS family - include_tasks: "{{ ansible_os_family }}.yml" + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - name: Remove all other's docker version packages - package: + ansible.builtin.package: name: "{{ docker_remove_packages_name }}" state: absent - update_cache: yes + update_cache: true - name: Install docker - package: + ansible.builtin.package: name: "{{ docker_package_name }}" state: present - update_cache: yes + update_cache: true # when: # - not docker_installed.stat.exists notify: Restart docker - name: Enable docker on boot - service: + ansible.builtin.service: name: docker state: started - enabled: yes + enabled: true # Create docker group if needed @@ -36,39 +36,39 @@ # Configuration dans /etc/docker/daemon.json - name: Config_docker | Ensuring /etc/docker Folder Exists - file: + ansible.builtin.file: path: "/etc/docker" state: "directory" group: root owner: root mode: 0700 -#- name: Config_docker | Configuring Docker -# template: -# src: "etc/docker/daemon.json.j2" -# dest: "/etc/docker/daemon.json" -# group: root -# owner: root -# mode: 0644 -# notify: Restart docker +# - name: Config_docker | Configuring Docker +# ansible.builtin.template: +# src: "etc/docker/daemon.json.j2" +# dest: "/etc/docker/daemon.json" +# group: root +# owner: root +# mode: 0644 +# notify: Restart docker -#- port TCP 2376: permet au client local de communiquer de façon sécurisée avec le daemon tournant sur une machine du swarm -# -#- port TCP 2377: permet la communication entre les managers du swarm (port seulement ouvert sur les managers) -# -#- port UDP 4789: permet la communication entre les containers sur un réseau overlay -# -#- port TCP et UDP 7946: permet la communication entre les machines du swarm -# -#- interfaces docker0 and docker_gwbridge ? firewall-cmd --change-zone=docker0 --zone=trusted --permanent; firewall-cmd --change-zone=docker_gwbridge --zone=trusted --permanent +# - port TCP 2376: permet au client local de communiquer de façon sécurisée avec le daemon tournant sur une machine du swarm +# +# - port TCP 2377: permet la communication entre les managers du swarm (port seulement ouvert sur les managers) +# +# - port UDP 4789: permet la communication entre les containers sur un réseau overlay +# +# - port TCP et UDP 7946: permet la communication entre les machines du swarm +# +# - interfaces docker0 and docker_gwbridge ? firewall-cmd --change-zone=docker0 --zone=trusted --permanent; firewall-cmd --change-zone=docker_gwbridge --zone=trusted --permanent - name: Install python library for docker - package: + ansible.builtin.package: name: "{{ docker_python_lib }}" state: present - update_cache: yes + update_cache: true -#- name: Enable swarm mode -# include_tasks: swarm.yml -# when: -# - docker_swarmmode +# - name: Enable swarm mode +# ansible.builtin.include_tasks: swarm.yml +# when: +# - docker_swarmmode diff --git a/tasks/swarm.yml b/tasks/swarm.yml index 0b7cb85..a8906dd 100644 --- a/tasks/swarm.yml +++ b/tasks/swarm.yml @@ -5,10 +5,10 @@ - docker_swarmmode - name: Checking Swarm Mode Status - command: "docker info" + ansible.builtin.command: "docker info" register: "docker_info" changed_when: false - check_mode: no + check_mode: false - name: Create Master Swarm group group_by: key=MasterSwarm @@ -17,7 +17,7 @@ - '" Is Manager: true" in docker_info.stdout' - name: Init Docker Swarm Mode On First Manager - command: > + ansible.builtin.command: > docker swarm init --listen-addr {{ internal_interface }}:{{ docker_swarm_port }} --advertise-addr {{ internal_interface }} @@ -34,90 +34,90 @@ - not MasterSwarm is defined - inventory_hostname == groups['ClusterSwarm'][0] -#- name: cluster | Capturing Docker Swarm Worker join-token -# command: "docker swarm join-token -q worker" -# changed_when: false -# register: "docker_swarm_worker_token" -# delegate_to: groups['MasterSwarm'][0] -# when: -# - inventory_hostname != groups['MasterSwarm'][0] -# - '"Swarm: inactive" in docker_info.stdout' +# - name: cluster | Capturing Docker Swarm Worker join-token +# ansible.builtin.command: "docker swarm join-token -q worker" +# changed_when: false +# register: "docker_swarm_worker_token" +# delegate_to: groups['MasterSwarm'][0] +# when: +# - inventory_hostname != groups['MasterSwarm'][0] +# - '"Swarm: inactive" in docker_info.stdout' -#- name: cluster | Capturing Docker Swarm Manager join-token -# command: "docker swarm join-token -q manager" -# changed_when: false -# register: "docker_swarm_manager_token" -# when: > -# inventory_hostname == groups['MasterSwarm'][0] -#- name: cluster | Defining Docker Swarm Manager Address -# set_fact: -# docker_swarm_manager_address: "{{ docker_swarm_addr }}:{{ docker_swarm_port }}" -# changed_when: false -# when: > -# inventory_hostname == groups['MasterSwarm'][0] -#- name: cluster | Defining Docker Swarm Manager Address -# set_fact: -# docker_swarm_manager_address: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_address'] }}" -# changed_when: false -# when: > -# inventory_hostname != docker_swarm_primary_manager -#- name: cluster | Defining Docker Swarm Manager join-token -# set_fact: -# docker_swarm_manager_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_token'] }}" -# changed_when: false -# when: > -# inventory_hostname != docker_swarm_primary_manager -#- name: cluster | Defining Docker Swarm Worker join-token -# set_fact: -# docker_swarm_worker_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_worker_token'] }}" -# changed_when: false -# when: > -# inventory_hostname != docker_swarm_primary_manager -#- name: cluster | Joining Additional Docker Swarm Managers To Cluster -# command: > +# - name: cluster | Capturing Docker Swarm Manager join-token +# ansible.builtin.command: "docker swarm join-token -q manager" +# changed_when: false +# register: "docker_swarm_manager_token" +# when: > +# inventory_hostname == groups['MasterSwarm'][0] +# - name: cluster | Defining Docker Swarm Manager Address +# ansible.builtin.set_fact: +# docker_swarm_manager_address: "{{ docker_swarm_addr }}:{{ docker_swarm_port }}" +# changed_when: false +# when: > +# inventory_hostname == groups['MasterSwarm'][0] +# - name: cluster | Defining Docker Swarm Manager Address +# ansible.builtin.set_fact: +# docker_swarm_manager_address: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_address'] }}" +# changed_when: false +# when: > +# inventory_hostname != docker_swarm_primary_manager +# - name: cluster | Defining Docker Swarm Manager join-token +# ansible.builtin.set_fact: +# docker_swarm_manager_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_token'] }}" +# changed_when: false +# when: > +# inventory_hostname != docker_swarm_primary_manager +# - name: cluster | Defining Docker Swarm Worker join-token +# ansible.builtin.set_fact: +# docker_swarm_worker_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_worker_token'] }}" +# changed_when: false +# when: > +# inventory_hostname != docker_swarm_primary_manager +# - name: cluster | Joining Additional Docker Swarm Managers To Cluster +# ansible.builtin.command: > +# docker swarm join +# --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }} +# --advertise-addr {{ docker_swarm_addr }} +# --token {{ docker_swarm_manager_token.stdout }} +# {{ docker_swarm_manager_address }} +# when: > +# inventory_hostname != groups['MasterSwarm'][0] and +# inventory_hostname not in groups[docker_swarm_workers_ansible_group] and +# 'Swarm: active' not in docker_info.stdout and +# 'Swarm: pending' not in docker_info.stdout +# - name: cluster | Joining Docker Swarm Workers To Cluster +# ansible.builtin.command: > # docker swarm join # --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }} # --advertise-addr {{ docker_swarm_addr }} -# --token {{ docker_swarm_manager_token.stdout }} +# --token {{ docker_swarm_worker_token.stdout }} # {{ docker_swarm_manager_address }} -# when: > -# inventory_hostname != groups['MasterSwarm'][0] and -# inventory_hostname not in groups[docker_swarm_workers_ansible_group] and -# 'Swarm: active' not in docker_info.stdout and -# 'Swarm: pending' not in docker_info.stdout -#- name: cluster | Joining Docker Swarm Workers To Cluster -# command: > -# docker swarm join -# --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }} -# --advertise-addr {{ docker_swarm_addr }} -# --token {{ docker_swarm_worker_token.stdout }} -# {{ docker_swarm_manager_address }} -# when: > -# inventory_hostname in groups[docker_swarm_workers_ansible_group] and -# 'Swarm: active' not in docker_info.stdout and -# 'Swarm: pending' not in docker_info.stdout -# +# when: > +# inventory_hostname in groups[docker_swarm_workers_ansible_group] and +# 'Swarm: active' not in docker_info.stdout and +# 'Swarm: pending' not in docker_info.stdout +# ############### -#- name: Initialize Swarm Master -# hosts: swarm-master -# gather_facts: yes -# tasks: -# - command: "docker swarm init --advertise-addr {{inventory_hostname}}" -# - command: "docker swarm join-token -q worker" -# register: swarm_token -# - set_fact: swarmtoken="{{swarm_token.stdout}}" +# - name: Initialize Swarm Master +# hosts: swarm-master +# gather_facts: yes +# tasks: +# - ansible.builtin.command: "docker swarm init --advertise-addr {{inventory_hostname}}" +# - ansible.builtin.command: "docker swarm join-token -q worker" +# register: swarm_token +# - set_fact: swarmtoken="{{swarm_token.stdout}}" # -#- name: Join Swarm Nodes -# hosts: swarm-nodes -# gather_facts: yes -# tasks: -# - command: "docker swarm join --advertise-addr {{inventory_hostname}} --token {{hostvars[groups['swarm-master'][0]].swarmtoken}} {{hostvars[groups['swarm-master'][0]].inventory_hostname}}:2377" +# - name: Join Swarm Nodes +# hosts: swarm-nodes +# gather_facts: yes +# tasks: +# - ansible.builtin.command: "docker swarm join --advertise-addr {{inventory_hostname}} --token {{hostvars[groups['swarm-master'][0]].swarmtoken}} {{hostvars[groups['swarm-master'][0]].inventory_hostname}}:2377" # -##- name: Leave Swarm -## hosts: swarm-master:swarm-nodes -## gather_facts: yes -## tasks: -## - command: "docker swarm leave --force" +## - name: Leave Swarm +## hosts: swarm-master:swarm-nodes +## gather_facts: yes +## tasks: +## - ansible.builtin.command: "docker swarm leave --force" # ## - name: docker_swarm | Managing Docker Swarm Networks ## docker_network: diff --git a/tasks/uninstall_RedHat.yml b/tasks/uninstall_RedHat.yml index 110f2ef..b35e92c 100644 --- a/tasks/uninstall_RedHat.yml +++ b/tasks/uninstall_RedHat.yml @@ -1,24 +1,24 @@ --- - name: Disable docker service - service: + ansible.builtin.service: name: docker state: stopped - enabled: no + enabled: false - name: Remove all other's docker version packages - package: + ansible.builtin.package: name: "{{ docker_remove_packages_name }}" state: absent - update_cache: yes + update_cache: true - name: Remove docker - package: + ansible.builtin.package: name: "{{ docker_package_name }}" state: absent - update_cache: yes + update_cache: true - name: Remove files and directories - file: + ansible.builtin.file: force: yes recurse: yes path: "{{ item }}" @@ -30,13 +30,13 @@ - /etc/yum.repos.d/docker-ce.repo - name: Register docker firewalld service - file: + ansible.builtin.file: force: yes path: "/etc/firewalld/services/docker-swarm.xml" state: absent register: need_firewalld_reload - name: reload firewalld to refresh service list - command: firewall-cmd --reload + ansible.builtin.command: firewall-cmd --reload when: - need_firewalld_reload is changed diff --git a/vars/Debian_docker-io.yml b/vars/Debian_docker.yml similarity index 100% rename from vars/Debian_docker-io.yml rename to vars/Debian_docker.yml