201 lines
4.3 KiB
YAML
201 lines
4.3 KiB
YAML
---
|
|
|
|
- debug:
|
|
var: ansible_lsb
|
|
|
|
- name: set arch to armhf for raspi
|
|
set_fact:
|
|
arch: armhf
|
|
when: ansible_lsb.id == "Raspbian"
|
|
tags: packages
|
|
|
|
- name: set arch to amd64 if x86_64
|
|
set_fact:
|
|
arch: amd64
|
|
when: ansible_architecture == "x86_64"
|
|
tags: packages
|
|
|
|
- name: set arch to arm64 if aarch64
|
|
set_fact:
|
|
arch: arm64
|
|
when: ansible_architecture == "aarch64"
|
|
tags: packages
|
|
|
|
- name: install docker dependencies for raspbian
|
|
apt:
|
|
name:
|
|
- raspberrypi-kernel
|
|
- raspberrypi-kernel-headers
|
|
state: present
|
|
when: ansible_lsb.id == "Raspbian"
|
|
tags: packages
|
|
|
|
- name: remove packages
|
|
apt:
|
|
name:
|
|
- docker
|
|
- docker.io
|
|
- docker-engine
|
|
- containerd
|
|
state: absent
|
|
tags: packages
|
|
when: ansible_lsb.codename != "bullseye"
|
|
|
|
- name: install debian packages on bullseye
|
|
apt:
|
|
name:
|
|
- docker.io
|
|
- containerd
|
|
state: present
|
|
tags: packages
|
|
when: ansible_lsb.codename == "bullseye"
|
|
|
|
- name: add apt key
|
|
apt_key:
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
state: present
|
|
tags:
|
|
- packages
|
|
when: ansible_lsb.codename != "bullseye"
|
|
|
|
- name: add repo
|
|
apt_repository:
|
|
repo: "deb [arch={{ arch }}] https://download.docker.com/linux/{{ ansible_lsb.id | lower }} {{ ansible_lsb.codename }} stable"
|
|
state: present
|
|
tags:
|
|
- packages
|
|
when: ansible_lsb.codename != "bullseye"
|
|
|
|
- name: install docker packages
|
|
apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
update_cache: yes
|
|
state: latest
|
|
environment:
|
|
PATH: "{{ ansible_env.PATH }}:/sbin:/usr/sbin"
|
|
notify: restart docker
|
|
tags:
|
|
- packages
|
|
when: ansible_lsb.codename != "bullseye"
|
|
|
|
- name: set docker gid
|
|
group:
|
|
name: docker
|
|
gid: "{{ docker_gid | default(998) }}"
|
|
state: present
|
|
|
|
- name: template daemon.json
|
|
template:
|
|
dest: /etc/docker/daemon.json
|
|
src: daemon.json.j2
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
notify: restart docker
|
|
tags:
|
|
- daemon.json
|
|
|
|
- name: install pip modules for ansible tasks
|
|
pip:
|
|
name:
|
|
- docker
|
|
- docker-compose
|
|
executable: pip3
|
|
tags:
|
|
- packages
|
|
- pip
|
|
- docker-compose
|
|
|
|
- name: set up bridged network with dns
|
|
docker_network:
|
|
name: bridgewithdns
|
|
driver: bridge
|
|
ipam_config:
|
|
- subnet: "{{ bridgewithdns_cidr }}"
|
|
gateway: "{{ bridgewithdns.host }}"
|
|
internal: no
|
|
tags:
|
|
- docker-network
|
|
|
|
- name: install systemd config for container
|
|
template:
|
|
src: container.service.j2
|
|
dest: "/etc/systemd/system/container@.service"
|
|
|
|
- meta: flush_handlers
|
|
|
|
# - name: start dockerlogs container
|
|
# docker_container:
|
|
# name: dockerlogs
|
|
# hostname: dockerlogs
|
|
# image: benediktkr/dockerlogs:latest
|
|
# auto_remove: no
|
|
# detach: yes
|
|
# pull: yes
|
|
# restart_policy: "no"
|
|
# state: started
|
|
# container_default_behavior: compatibility
|
|
# env:
|
|
# DOCKERLOGS_OUTPUT_TYPE: udp
|
|
# DOCKERLOGS_OUTPUT_URL: "{{ logstash_url }}:{{ logstash_udp }}"
|
|
# mounts:
|
|
# - type: bind
|
|
# source: /var/run/docker.sock
|
|
# target: /var/run/docker.sock
|
|
# - type: bind
|
|
# source: /var/lib/docker/containers
|
|
# target: /var/lib/docker/containers
|
|
# read_only: yes
|
|
# networks_cli_compatible: no
|
|
# networks:
|
|
# - name: bridgewithdns
|
|
# ipv4_address: "{{ bridgewithdns.dockerlogs }}"
|
|
# labels:
|
|
# dockerlogs_format: "plain" # hmmmm...
|
|
# tags:
|
|
# - docker-containers
|
|
# - dockerlogs
|
|
|
|
- name: template filebeat config
|
|
template:
|
|
src: filebeat-docker.yml.j2
|
|
dest: "/etc/filebeat/inputs.d/docker.yml"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- filebeat
|
|
- filebeat-input
|
|
- filebeat-docker
|
|
notify: restart filebeat
|
|
when: false
|
|
|
|
- name: temp remove filebeat docker input
|
|
file:
|
|
state: absent
|
|
path: /etc/filebeat/inputs.d/docker.yml
|
|
tags:
|
|
- filebeat
|
|
- filebeat-docker
|
|
notify: restart filebeat
|
|
when: true
|
|
|
|
- name: make .docker dir
|
|
file:
|
|
state: directory
|
|
path: "{{ systemuserlist[ansible_user].home }}/.docker"
|
|
mode: 0700
|
|
tags:
|
|
- docker-auth
|
|
|
|
- name: docker auth config
|
|
copy:
|
|
dest: "{{ systemuserlist[ansible_user].home }}/.docker/config.json"
|
|
mode: 0750
|
|
content: "{{ docker_config | to_nice_json }}"
|
|
tags:
|
|
- docker-auth
|