adrien/ansible-role-docker
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update ansible code
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-11-30 07:19:40 +01:00
parent 2ca2ad9796
commit eec95be2de
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
8 changed files with 175 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -1,6 +1,6 @@
--- ---
# Possible value: docker_ce , docker # Possible value: docker_ce , docker
# docker_ce : official docker comunity edition # docker_ce : official docker community edition
# docker : distribution version # docker : distribution version
docker_ver: docker_ce docker_ver: docker_ce
docker_swarmmode: false docker_swarmmode: false

16
meta/main.yml
View file

@ -6,11 +6,11 @@ galaxy_info:
galaxy_tags: [] galaxy_tags: []
license: GPL2 license: GPL2
platforms: platforms:
- name: CentOS - name: CentOS
version: version:
- 7 - 7
- 8 - 8
- name: RedHat - name: RedHat
version: version:
- 7 - 7
- 8 - 8

40
tasks/Debian.yml
View file

@ -1,10 +1,10 @@
--- ---
#- name: Add docker apt key # - name: Add docker apt key
# ansible.builtin.get_url: # ansible.builtin.get_url:
# url: https://download.docker.com/linux/ubuntu/gpg.asc # url: https://download.docker.com/linux/ubuntu/gpg.asc
# dest: /etc/apt/keyrings/docker.gpg # dest: /etc/apt/keyrings/docker.gpg
# when: # when:
# - docker_ver == "docker_ce" # - docker_ver == "docker_ce"
- name: Add docker apt key - name: Add docker apt key
ansible.builtin.copy: ansible.builtin.copy:
src: etc/apt/keyrings/docker.gpg src: etc/apt/keyrings/docker.gpg
@ -13,16 +13,16 @@
- docker_ver == "docker_ce" - docker_ver == "docker_ce"
- name: Add docker repository - name: Add docker repository
apt_repository: ansible.builtin.apt_repository:
repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable' repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable'
filename: docker-ce filename: docker-ce
state: present state: present
update_cache: yes update_cache: true
when: when:
- docker_ver == "docker_ce" - docker_ver == "docker_ce"
- name: "Ensure GRUB_CMDLINE_LINUX is updated" - name: "Ensure GRUB_CMDLINE_LINUX is updated"
lineinfile: ansible.builtin.lineinfile:
dest: /etc/default/grub dest: /etc/default/grub
regexp: '^(GRUB_CMDLINE_LINUX=".*)"$' regexp: '^(GRUB_CMDLINE_LINUX=".*)"$'
line: '\1 cgroup_enable=memory swapaccount=1"' line: '\1 cgroup_enable=memory swapaccount=1"'
@ -31,33 +31,33 @@
- not docker_installed.stat.exists - not docker_installed.stat.exists
- name: "Update grub.conf" - name: "Update grub.conf"
command: update-grub ansible.builtin.command: update-grub
when: when:
- not docker_installed.stat.exists - not docker_installed.stat.exists
- name: Check whether ufw status is active - name: Check whether ufw status is active
shell: ufw status ansible.builtin.shell: ufw status
changed_when: False changed_when: False
ignore_errors: True ignore_errors: True
register: ufw_check register: ufw_check
check_mode: false check_mode: false
- name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated" - name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated"
lineinfile: ansible.builtin.lineinfile:
dest: /etc/default/ufw dest: /etc/default/ufw
regexp: '^(DEFAULT_FORWARD_POLICY=").*"$' regexp: '^(DEFAULT_FORWARD_POLICY=").*"$'
line: '\1ACCEPT"' line: '\1ACCEPT"'
backrefs: yes backrefs: yes
notify: reload ufw notify: reload ufw
when: "'inactive' not in ufw_check.stdout" when: "'inactive' not in ufw_check.stdout"
tags: [docker,firewall] tags: [docker, firewall]
# Need Certificat ? Only in local # Need Certificat ? Only in local
#- name: "Add docker port 2376/TCP " # - name: "Add docker port 2376/TCP "
# ufw: rule=allow port=2376 proto=tcp # ufw: rule=allow port=2376 proto=tcp
# notify: reload ufw # notify: reload ufw
# tags: [docker,firewall] # tags: [docker,firewall]
#- name: "Start UFW rules" # - name: "Start UFW rules"
# service: name=ufw state=started # service: name=ufw state=started
# tags: [docker,firewall] # tags: [docker,firewall]

52
tasks/RedHat.yml
View file

@ -1,22 +1,22 @@
--- ---
#- name: Add docker repository # - name: Add docker repository
# yumrepo: # yumrepo:
# name: docker # name: docker
# description: "Docker Repository" # description: "Docker Repository"
# baseurl: https://yum.dockerproject.org/repo/main/centos/$releasever/ # baseurl: https://yum.dockerproject.org/repo/main/centos/$releasever/
# gpgcheck: yes # gpgcheck: yes
# enabled: yes # enabled: true
# gpgkey: https://yum.dockerproject.org/gpg # gpgkey: https://yum.dockerproject.org/gpg
# state: present # state: present
- name: Add Official docker's repo - name: Add Official docker's repo
get_url: ansible.builtin.get_url:
url: https://download.docker.com/linux/centos/docker-ce.repo url: https://download.docker.com/linux/centos/docker-ce.repo
dest: /etc/yum.repos.d/docker-ce.repo dest: /etc/yum.repos.d/docker-ce.repo
mode: 0644 mode: 0644
- name: Register docker firewalld service - name: Register docker firewalld service
template: ansible.builtin.template:
src: "etc/firewalld/services/docker-swarm.xml.j2" src: "etc/firewalld/services/docker-swarm.xml.j2"
dest: "/etc/firewalld/services/docker-swarm.xml" dest: "/etc/firewalld/services/docker-swarm.xml"
group: root group: root
@ -24,23 +24,23 @@
mode: 0644 mode: 0644
register: need_firewalld_reload register: need_firewalld_reload
#- name: Reload firewalld configuration # - name: Reload firewalld configuration
# service: # ansible.builtin.service:
# name: firewalld # name: firewalld
# state: reloaded # state: reloaded
# enabled: yes # enabled: true
- name: reload firewalld to refresh service list - name: reload firewalld to refresh service list
command: firewall-cmd --reload ansible.builtin.command: firewall-cmd --reload
when: when:
- need_firewalld_reload is changed - need_firewalld_reload is changed
# Définir interface # Définir interface
#- name: Open Firewalld # - name: Open Firewalld
# firewalld: # ansible.posix.firewalld:
# service: docker-swarm # service: docker-swarm
# permanent: true # permanent: true
# state: enabled # state: enabled
# immediate: true # immediate: true
# when: # when:
# - need_firewall == true # - need_firewall == true
# - firewall_name == "firewalld" # - firewall_name == "firewalld"

64
tasks/main.yml
View file

@ -1,34 +1,34 @@
--- ---
- name: Include vars for {{ ansible_os_family }} - name: Include vars for {{ ansible_os_family }}
include_vars: "{{ ansible_os_family }}_{{ docker_ver }}.yml" ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ docker_ver }}.yml"
- name: See if docker is installed - name: See if docker is installed
stat: path=/usr/bin/docker stat: path=/usr/bin/docker
register: docker_installed register: docker_installed
- name: Install docker rules for {{ ansible_os_family }} OS family - name: Install docker rules for {{ ansible_os_family }} OS family
include_tasks: "{{ ansible_os_family }}.yml" ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
- name: Remove all other's docker version packages - name: Remove all other's docker version packages
package: ansible.builtin.package:
name: "{{ docker_remove_packages_name }}" name: "{{ docker_remove_packages_name }}"
state: absent state: absent
update_cache: yes update_cache: true
- name: Install docker - name: Install docker
package: ansible.builtin.package:
name: "{{ docker_package_name }}" name: "{{ docker_package_name }}"
state: present state: present
update_cache: yes update_cache: true
# when: # when:
# - not docker_installed.stat.exists # - not docker_installed.stat.exists
notify: Restart docker notify: Restart docker
- name: Enable docker on boot - name: Enable docker on boot
service: ansible.builtin.service:
name: docker name: docker
state: started state: started
enabled: yes enabled: true
# Create docker group if needed # Create docker group if needed
@ -36,39 +36,39 @@
# Configuration dans /etc/docker/daemon.json # Configuration dans /etc/docker/daemon.json
- name: Config_docker | Ensuring /etc/docker Folder Exists - name: Config_docker | Ensuring /etc/docker Folder Exists
file: ansible.builtin.file:
path: "/etc/docker" path: "/etc/docker"
state: "directory" state: "directory"
group: root group: root
owner: root owner: root
mode: 0700 mode: 0700
#- name: Config_docker | Configuring Docker # - name: Config_docker | Configuring Docker
# template: # ansible.builtin.template:
# src: "etc/docker/daemon.json.j2" # src: "etc/docker/daemon.json.j2"
# dest: "/etc/docker/daemon.json" # dest: "/etc/docker/daemon.json"
# group: root # group: root
# owner: root # owner: root
# mode: 0644 # mode: 0644
# notify: Restart docker # notify: Restart docker
#- port TCP 2376: permet au client local de communiquer de façon sécurisée avec le daemon tournant sur une machine du swarm # - port TCP 2376: permet au client local de communiquer de façon sécurisée avec le daemon tournant sur une machine du swarm
# #
#- port TCP 2377: permet la communication entre les managers du swarm (port seulement ouvert sur les managers) # - port TCP 2377: permet la communication entre les managers du swarm (port seulement ouvert sur les managers)
# #
#- port UDP 4789: permet la communication entre les containers sur un réseau overlay # - port UDP 4789: permet la communication entre les containers sur un réseau overlay
# #
#- port TCP et UDP 7946: permet la communication entre les machines du swarm # - port TCP et UDP 7946: permet la communication entre les machines du swarm
# #
#- interfaces docker0 and docker_gwbridge ? firewall-cmd --change-zone=docker0 --zone=trusted --permanent; firewall-cmd --change-zone=docker_gwbridge --zone=trusted --permanent # - interfaces docker0 and docker_gwbridge ? firewall-cmd --change-zone=docker0 --zone=trusted --permanent; firewall-cmd --change-zone=docker_gwbridge --zone=trusted --permanent
- name: Install python library for docker - name: Install python library for docker
package: ansible.builtin.package:
name: "{{ docker_python_lib }}" name: "{{ docker_python_lib }}"
state: present state: present
update_cache: yes update_cache: true
#- name: Enable swarm mode # - name: Enable swarm mode
# include_tasks: swarm.yml # ansible.builtin.include_tasks: swarm.yml
# when: # when:
# - docker_swarmmode # - docker_swarmmode

158
tasks/swarm.yml
View file

@ -5,10 +5,10 @@
- docker_swarmmode - docker_swarmmode
- name: Checking Swarm Mode Status - name: Checking Swarm Mode Status
command: "docker info" ansible.builtin.command: "docker info"
register: "docker_info" register: "docker_info"
changed_when: false changed_when: false
check_mode: no check_mode: false
- name: Create Master Swarm group - name: Create Master Swarm group
group_by: key=MasterSwarm group_by: key=MasterSwarm
@ -17,7 +17,7 @@
- '" Is Manager: true" in docker_info.stdout' - '" Is Manager: true" in docker_info.stdout'
- name: Init Docker Swarm Mode On First Manager - name: Init Docker Swarm Mode On First Manager
command: > ansible.builtin.command: >
docker swarm init docker swarm init
--listen-addr {{ internal_interface }}:{{ docker_swarm_port }} --listen-addr {{ internal_interface }}:{{ docker_swarm_port }}
--advertise-addr {{ internal_interface }} --advertise-addr {{ internal_interface }}
@ -34,90 +34,90 @@
- not MasterSwarm is defined - not MasterSwarm is defined
- inventory_hostname == groups['ClusterSwarm'][0] - inventory_hostname == groups['ClusterSwarm'][0]
#- name: cluster | Capturing Docker Swarm Worker join-token # - name: cluster | Capturing Docker Swarm Worker join-token
# command: "docker swarm join-token -q worker" # ansible.builtin.command: "docker swarm join-token -q worker"
# changed_when: false # changed_when: false
# register: "docker_swarm_worker_token" # register: "docker_swarm_worker_token"
# delegate_to: groups['MasterSwarm'][0] # delegate_to: groups['MasterSwarm'][0]
# when: # when:
# - inventory_hostname != groups['MasterSwarm'][0] # - inventory_hostname != groups['MasterSwarm'][0]
# - '"Swarm: inactive" in docker_info.stdout' # - '"Swarm: inactive" in docker_info.stdout'
#- name: cluster | Capturing Docker Swarm Manager join-token # - name: cluster | Capturing Docker Swarm Manager join-token
# command: "docker swarm join-token -q manager" # ansible.builtin.command: "docker swarm join-token -q manager"
# changed_when: false # changed_when: false
# register: "docker_swarm_manager_token" # register: "docker_swarm_manager_token"
# when: > # when: >
# inventory_hostname == groups['MasterSwarm'][0] # inventory_hostname == groups['MasterSwarm'][0]
#- name: cluster | Defining Docker Swarm Manager Address # - name: cluster | Defining Docker Swarm Manager Address
# set_fact: # ansible.builtin.set_fact:
# docker_swarm_manager_address: "{{ docker_swarm_addr }}:{{ docker_swarm_port }}" # docker_swarm_manager_address: "{{ docker_swarm_addr }}:{{ docker_swarm_port }}"
# changed_when: false # changed_when: false
# when: > # when: >
# inventory_hostname == groups['MasterSwarm'][0] # inventory_hostname == groups['MasterSwarm'][0]
#- name: cluster | Defining Docker Swarm Manager Address # - name: cluster | Defining Docker Swarm Manager Address
# set_fact: # ansible.builtin.set_fact:
# docker_swarm_manager_address: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_address'] }}" # docker_swarm_manager_address: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_address'] }}"
# changed_when: false # changed_when: false
# when: > # when: >
# inventory_hostname != docker_swarm_primary_manager # inventory_hostname != docker_swarm_primary_manager
#- name: cluster | Defining Docker Swarm Manager join-token # - name: cluster | Defining Docker Swarm Manager join-token
# set_fact: # ansible.builtin.set_fact:
# docker_swarm_manager_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_token'] }}" # docker_swarm_manager_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_manager_token'] }}"
# changed_when: false # changed_when: false
# when: > # when: >
# inventory_hostname != docker_swarm_primary_manager # inventory_hostname != docker_swarm_primary_manager
#- name: cluster | Defining Docker Swarm Worker join-token # - name: cluster | Defining Docker Swarm Worker join-token
# set_fact: # ansible.builtin.set_fact:
# docker_swarm_worker_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_worker_token'] }}" # docker_swarm_worker_token: "{{ hostvars[docker_swarm_primary_manager]['docker_swarm_worker_token'] }}"
# changed_when: false # changed_when: false
# when: > # when: >
# inventory_hostname != docker_swarm_primary_manager # inventory_hostname != docker_swarm_primary_manager
#- name: cluster | Joining Additional Docker Swarm Managers To Cluster # - name: cluster | Joining Additional Docker Swarm Managers To Cluster
# command: > # ansible.builtin.command: >
# docker swarm join
# --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
# --advertise-addr {{ docker_swarm_addr }}
# --token {{ docker_swarm_manager_token.stdout }}
# {{ docker_swarm_manager_address }}
# when: >
# inventory_hostname != groups['MasterSwarm'][0] and
# inventory_hostname not in groups[docker_swarm_workers_ansible_group] and
# 'Swarm: active' not in docker_info.stdout and
# 'Swarm: pending' not in docker_info.stdout
# - name: cluster | Joining Docker Swarm Workers To Cluster
# ansible.builtin.command: >
# docker swarm join # docker swarm join
# --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }} # --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
# --advertise-addr {{ docker_swarm_addr }} # --advertise-addr {{ docker_swarm_addr }}
# --token {{ docker_swarm_manager_token.stdout }} # --token {{ docker_swarm_worker_token.stdout }}
# {{ docker_swarm_manager_address }} # {{ docker_swarm_manager_address }}
# when: > # when: >
# inventory_hostname != groups['MasterSwarm'][0] and # inventory_hostname in groups[docker_swarm_workers_ansible_group] and
# inventory_hostname not in groups[docker_swarm_workers_ansible_group] and # 'Swarm: active' not in docker_info.stdout and
# 'Swarm: active' not in docker_info.stdout and # 'Swarm: pending' not in docker_info.stdout
# 'Swarm: pending' not in docker_info.stdout #
#- name: cluster | Joining Docker Swarm Workers To Cluster
# command: >
# docker swarm join
# --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
# --advertise-addr {{ docker_swarm_addr }}
# --token {{ docker_swarm_worker_token.stdout }}
# {{ docker_swarm_manager_address }}
# when: >
# inventory_hostname in groups[docker_swarm_workers_ansible_group] and
# 'Swarm: active' not in docker_info.stdout and
# 'Swarm: pending' not in docker_info.stdout
#
############### ###############
#- name: Initialize Swarm Master # - name: Initialize Swarm Master
# hosts: swarm-master # hosts: swarm-master
# gather_facts: yes # gather_facts: yes
# tasks: # tasks:
# - command: "docker swarm init --advertise-addr {{inventory_hostname}}" # - ansible.builtin.command: "docker swarm init --advertise-addr {{inventory_hostname}}"
# - command: "docker swarm join-token -q worker" # - ansible.builtin.command: "docker swarm join-token -q worker"
# register: swarm_token # register: swarm_token
# - set_fact: swarmtoken="{{swarm_token.stdout}}" # - set_fact: swarmtoken="{{swarm_token.stdout}}"
# #
#- name: Join Swarm Nodes # - name: Join Swarm Nodes
# hosts: swarm-nodes # hosts: swarm-nodes
# gather_facts: yes # gather_facts: yes
# tasks: # tasks:
# - command: "docker swarm join --advertise-addr {{inventory_hostname}} --token {{hostvars[groups['swarm-master'][0]].swarmtoken}} {{hostvars[groups['swarm-master'][0]].inventory_hostname}}:2377" # - ansible.builtin.command: "docker swarm join --advertise-addr {{inventory_hostname}} --token {{hostvars[groups['swarm-master'][0]].swarmtoken}} {{hostvars[groups['swarm-master'][0]].inventory_hostname}}:2377"
# #
##- name: Leave Swarm ## - name: Leave Swarm
## hosts: swarm-master:swarm-nodes ## hosts: swarm-master:swarm-nodes
## gather_facts: yes ## gather_facts: yes
## tasks: ## tasks:
## - command: "docker swarm leave --force" ## - ansible.builtin.command: "docker swarm leave --force"
# #
## - name: docker_swarm | Managing Docker Swarm Networks ## - name: docker_swarm | Managing Docker Swarm Networks
## docker_network: ## docker_network:

18
tasks/uninstall_RedHat.yml
View file

@ -1,24 +1,24 @@
--- ---
- name: Disable docker service - name: Disable docker service
service: ansible.builtin.service:
name: docker name: docker
state: stopped state: stopped
enabled: no enabled: false
- name: Remove all other's docker version packages - name: Remove all other's docker version packages
package: ansible.builtin.package:
name: "{{ docker_remove_packages_name }}" name: "{{ docker_remove_packages_name }}"
state: absent state: absent
update_cache: yes update_cache: true
- name: Remove docker - name: Remove docker
package: ansible.builtin.package:
name: "{{ docker_package_name }}" name: "{{ docker_package_name }}"
state: absent state: absent
update_cache: yes update_cache: true
- name: Remove files and directories - name: Remove files and directories
file: ansible.builtin.file:
force: yes force: yes
recurse: yes recurse: yes
path: "{{ item }}" path: "{{ item }}"
@ -30,13 +30,13 @@
- /etc/yum.repos.d/docker-ce.repo - /etc/yum.repos.d/docker-ce.repo
- name: Register docker firewalld service - name: Register docker firewalld service
file: ansible.builtin.file:
force: yes force: yes
path: "/etc/firewalld/services/docker-swarm.xml" path: "/etc/firewalld/services/docker-swarm.xml"
state: absent state: absent
register: need_firewalld_reload register: need_firewalld_reload
- name: reload firewalld to refresh service list - name: reload firewalld to refresh service list
command: firewall-cmd --reload ansible.builtin.command: firewall-cmd --reload
when: when:
- need_firewalld_reload is changed - need_firewalld_reload is changed

0
vars/Debian_docker-io.yml → vars/Debian_docker.yml
View file