infra/roles/docker/tasks/docker.yml

201 lines
4.3 KiB
YAML

---
- debug:
var: ansible_lsb
- name: set arch to armhf for raspi
set_fact:
arch: armhf
when: ansible_lsb.id == "Raspbian"
tags: packages
- name: set arch to amd64 if x86_64
set_fact:
arch: amd64
when: ansible_architecture == "x86_64"
tags: packages
- name: set arch to arm64 if aarch64
set_fact:
arch: arm64
when: ansible_architecture == "aarch64"
tags: packages
- name: install docker dependencies for raspbian
apt:
name:
- raspberrypi-kernel
- raspberrypi-kernel-headers
state: present
when: ansible_lsb.id == "Raspbian"
tags: packages
- name: remove packages
apt:
name:
- docker
- docker.io
- docker-engine
- containerd
state: absent
tags: packages
when: ansible_lsb.codename != "bullseye"
- name: install debian packages on bullseye
apt:
name:
- docker.io
- containerd
state: present
tags: packages
when: ansible_lsb.codename == "bullseye"
- name: add apt key
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
tags:
- packages
when: ansible_lsb.codename != "bullseye"
- name: add repo
apt_repository:
repo: "deb [arch={{ arch }}] https://download.docker.com/linux/{{ ansible_lsb.id | lower }} {{ ansible_lsb.codename }} stable"
state: present
tags:
- packages
when: ansible_lsb.codename != "bullseye"
- name: install docker packages
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
update_cache: yes
state: latest
environment:
PATH: "{{ ansible_env.PATH }}:/sbin:/usr/sbin"
notify: restart docker
tags:
- packages
when: ansible_lsb.codename != "bullseye"
- name: set docker gid
group:
name: docker
gid: "{{ docker_gid | default(998) }}"
state: present
- name: template daemon.json
template:
dest: /etc/docker/daemon.json
src: daemon.json.j2
owner: root
group: root
mode: 0600
notify: restart docker
tags:
- daemon.json
- name: install pip modules for ansible tasks
pip:
name:
- docker
- docker-compose
executable: pip3
tags:
- packages
- pip
- docker-compose
- name: set up bridged network with dns
docker_network:
name: bridgewithdns
driver: bridge
ipam_config:
- subnet: "{{ bridgewithdns_cidr }}"
gateway: "{{ bridgewithdns.host }}"
internal: no
tags:
- docker-network
- name: install systemd config for container
template:
src: container.service.j2
dest: "/etc/systemd/system/container@.service"
- meta: flush_handlers
# - name: start dockerlogs container
# docker_container:
# name: dockerlogs
# hostname: dockerlogs
# image: benediktkr/dockerlogs:latest
# auto_remove: no
# detach: yes
# pull: yes
# restart_policy: "no"
# state: started
# container_default_behavior: compatibility
# env:
# DOCKERLOGS_OUTPUT_TYPE: udp
# DOCKERLOGS_OUTPUT_URL: "{{ logstash_url }}:{{ logstash_udp }}"
# mounts:
# - type: bind
# source: /var/run/docker.sock
# target: /var/run/docker.sock
# - type: bind
# source: /var/lib/docker/containers
# target: /var/lib/docker/containers
# read_only: yes
# networks_cli_compatible: no
# networks:
# - name: bridgewithdns
# ipv4_address: "{{ bridgewithdns.dockerlogs }}"
# labels:
# dockerlogs_format: "plain" # hmmmm...
# tags:
# - docker-containers
# - dockerlogs
- name: template filebeat config
template:
src: filebeat-docker.yml.j2
dest: "/etc/filebeat/inputs.d/docker.yml"
owner: root
group: root
mode: 0644
tags:
- filebeat
- filebeat-input
- filebeat-docker
notify: restart filebeat
when: false
- name: temp remove filebeat docker input
file:
state: absent
path: /etc/filebeat/inputs.d/docker.yml
tags:
- filebeat
- filebeat-docker
notify: restart filebeat
when: true
- name: make .docker dir
file:
state: directory
path: "{{ systemuserlist[ansible_user].home }}/.docker"
mode: 0700
tags:
- docker-auth
- name: docker auth config
copy:
dest: "{{ systemuserlist[ansible_user].home }}/.docker/config.json"
mode: 0750
content: "{{ docker_config | to_nice_json }}"
tags:
- docker-auth