ben
/
infra
1
1
Fork 2
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
infra/roles/docker/tasks/docker.yml

277 lines
6.1 KiB
YAML
Raw Permalink Blame History

---
- debug:
var: ansible_lsb
- debug:
var: ansible_architecture
- name: set arch to armhf for raspi/armv7l
set_fact:
arch: armhf
when: ansible_lsb.id == "Raspbian" or ansible_architecture == "armv7l"
tags: packages
- name: set arch to amd64 if x86_64
set_fact:
arch: amd64
when: ansible_architecture == "x86_64"
tags: packages
- name: set arch to arm64 if aarch64
set_fact:
arch: arm64
when: ansible_architecture == "aarch64"
tags: packages
- name: install docker dependencies for raspbian
apt:
name:
- raspberrypi-kernel
- raspberrypi-kernel-headers
state: present
when: ansible_lsb.id == "Raspbian"
tags: packages
- name: remove packages
apt:
name:
- docker
- docker.io
- docker-engine
- containerd
state: absent
tags: packages
when: ansible_lsb.codename != "bullseye"
- name: install debian packages
apt:
name:
- docker.io
- containerd
state: present
tags: packages
when:
- ansible_lsb.id != "Raspbian"
- ansible_lsb.codename == "bullseye"
- name: add apt key
get_url:
url: https://download.docker.com/linux/debian/gpg
dest: "{{ item }}/download.docker.com.gpg.asc"
with_items:
# needs [signed-by]
- /usr/share/keyrings
# trusted
- /etc/apt/trusted.gpg.d
tags:
- packages
- docker-apt-key
when: ansible_lsb.codename != "bullseye"
- name: set codename to bookworm (stable) if trixie (testing)
set_fact:
codename: bookworm
when:
- ansible_lsb.codename in ["trixie"]
tags:
- packages
- name: "otherwise use lsb codename ('{{ ansible_lsb.codename }}')"
set_fact:
codename: "{{ ansible_lsb.codename }}"
when:
- ansible_lsb.codename != "trixie"
tags:
- influx-repo
- packages
- name: "add repo (codename: '{{ codename }}')"
apt_repository:
repo: "deb [arch={{ arch }}] https://download.docker.com/linux/{{ ansible_lsb.id | lower }} {{ codename | lower }} stable"
state: present
tags:
- packages
when: ansible_lsb.codename != "bullseye"
- name: install docker packages
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose
- python3-docker
update_cache: true
#state: latest
state: present
environment:
PATH: "{{ ansible_env.PATH }}:/sbin:/usr/sbin"
notify: restart docker
tags:
- packages
when: ansible_lsb.codename != "bullseye"
- name: set docker gid
group:
name: docker
# was 998
gid: "{{ docker_gid | default(134) }}"
state: present
tags:
- docker-gid
- name: template daemon.json
template:
dest: /etc/docker/daemon.json
src: daemon.json.j2
owner: root
group: root
mode: 0600
notify: restart docker
tags:
- daemon.json
- name: install pip modules for ansible tasks
pip:
name:
- docker
- docker-compose
executable: pip3
state: present
tags:
- packages
- pip
- docker-compose
- docker-pip
- pip-latest
# installed with apt instead
when: false
- name: set up bridged network with dns
community.docker.docker_network:
docker_host: "unix:///var/run/docker.sock"
name: bridgewithdns
driver: bridge
driver_options:
com.docker.network.bridge.name: docker1
ipam_config:
- subnet: "{{ bridgewithdns_cidr }}"
gateway: "{{ bridgewithdns.host }}"
internal: false
tags:
- docker-network
- docker-network-bridgewithdns
- name: install systemd config for container
template:
src: container.service.j2
dest: "/etc/systemd/system/container@.service"
- meta: flush_handlers
# - name: start dockerlogs container
# docker_container:
# name: dockerlogs
# hostname: dockerlogs
# image: benediktkr/dockerlogs:latest
# auto_remove: false
# detach: true
# pull: true
# restart_policy: "no"
# state: started
# container_default_behavior: compatibility
# env:
# DOCKERLOGS_OUTPUT_TYPE: udp
# DOCKERLOGS_OUTPUT_URL: "{{ logstash_url }}:{{ logstash_udp }}"
# mounts:
# - type: bind
# source: /var/run/docker.sock
# target: /var/run/docker.sock
# - type: bind
# source: /var/lib/docker/containers
# target: /var/lib/docker/containers
# read_only: true
# networks_cli_compatible: false
# networks:
# - name: bridgewithdns
# ipv4_address: "{{ bridgewithdns.dockerlogs }}"
# labels:
# dockerlogs_format: "plain" # hmmmm...
# tags:
# - docker-containers
# - dockerlogs
- name: template filebeat config
template:
src: filebeat-docker.yml.j2
dest: "/etc/filebeat/inputs.d/docker.yml"
owner: root
group: root
mode: 0644
tags:
- filebeat
- filebeat-input
- filebeat-docker
notify: restart filebeat
when: false
- name: temp remove filebeat docker input
file:
state: absent
path: /etc/filebeat/inputs.d/docker.yml
tags:
- filebeat
- filebeat-docker
notify: restart filebeat
when: true
- name: make .docker dir
file:
state: directory
path: "{{ item.destdir }}/.docker"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: 0700
loop_control:
label: "{{ item.destdir }}/.docker"
with_items:
- destdir: /root
owner: root
group: root
- destdir: "{{ systemuserlist[ansible_user].home }}"
owner: "{{ systemuserlist[ansible_user].uid }}"
group: "{{ systemuserlist[ansible_user].gid }}"
tags:
- docker-auth
- name: docker auth config
copy:
dest: "{{ item.destdir }}/.docker/config.json"
mode: 0750
owner: "{{ item.owner }}"
group: "{{ item.group }}"
content: "{{ docker_config | to_nice_json }}"
loop_control:
label: "{{ item.destdir }}/.docker/config.json"
with_items:
- destdir: /root
owner: root
group: root
- destdir: "{{ systemuserlist[ansible_user].home }}"
owner: "{{ systemuserlist[ansible_user].uid }}"
group: "{{ systemuserlist[ansible_user].gid }}"
tags:
- docker-auth
- name: cron file
template:
src: docker-cron.j2
dest: /etc/cron.d/docker
owner: root
group: root
mode: 0640
tags:
- cron
- docker-cron
View Git Blame Copy Permalink