Newer
Older
---
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Install apt-transport-https package
apt:
name: apt-transport-https
install_recommends: false
state: latest
when: ansible_os_family == "Debian"
- name: Install OS packages
package:
name: "{{ packages_to_install }}"
state: latest
async: 120
poll: 10
when: not ansible_check_mode
- name: Check installed OS packages
package:
name: "{{ packages_to_install }}"
state: latest
when: ansible_check_mode
- name: Create /etc/docker repo
file:
name: /etc/docker
state: directory
owner: root
group: root
mode: '0755'
- name: securize docker daemon
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
owner: root
group: root
mode: '0644'
notify: restart docker daemon
- name: Create .docker repo
file:
name: /root/.docker
state: directory
owner: root
group: root
when: docker_registry_auth is defined
- name: add specific repo auth
copy:
content: "{{ docker_registry_auth }}"
dest: /root/.docker/config.json
owner: root
group: root
mode: '0644'
when: docker_registry_auth is defined
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
- name: Create docker repo
file:
name: /home/docker/backups
state: directory
owner: root
group: root
mode: '0755'
## Install Proxy docker
- name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy
file:
name: /home/docker/inverseproxy
state: directory
owner: root
group: root
mode: '0755'
tags: docker_proxy
- name: Install proxy docker
template:
src: inverseproxy.yaml.j2
dest: /home/docker/inverseproxy/docker-compose.yaml
owner: root
group: root
mode: '0644'
tags: docker_proxy
notify:
- start inverseproxy docker
- name: Copy Traefik configuration file
template:
src: traefik.toml.j2
dest: "/home/docker/inverseproxy/traefik.toml"
owner: root
group: root
mode: '0644'
tags: docker_proxy
notify:
- start inverseproxy docker
- name: Copy Docker Facts Collection script on server
template:
src: collect_docker_facts.sh.j2
dest: /root/collect_docker_facts.sh
owner: root
group: root
mode: '0700'
- name: add cron job to check Docker versions every day
cron:
name: collect docker facts
minute: "1"
hour: "2"
job: /root/collect_docker_facts.sh
# Flush handlers in order to be able to restart docker daemon with new config and retrieve vars
- name: Flush handlers
meta: flush_handlers
- name: Enable service docker
ansible.builtin.service:
name: docker
enabled: yes
- name: Start service docker, if not started
ansible.builtin.service:
name: docker
state: started
- name: Retrieve subuid for dockremap
command: grep dockremap /etc/subuid
register: dockremap_subuid_output
- name: Retrieve subgid for dockremap
command: grep dockremap /etc/subgid
register: dockremap_subgid_output
- name: Save uid to hostvars for dockremap user
lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subuid:"
line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
create: true
mode: '0664'
connection: local
become: false
delegate_to: localhost
when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode
- name: Save gid to hostvars for dockremap user
lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subgid:"
line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
create: true
mode: '0664'
connection: local
become: false
delegate_to: localhost
when: docker_userns_remap and dockremap_subgid_output.stdout is defined and not ansible_check_mode