Skip to content
Extraits de code Groupes Projets
Valider e9cc3f0c rédigé par Théo - Le Filament's avatar Théo - Le Filament
Parcourir les fichiers

feat: add network for Metabase

parent 46d826b9
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
--- ---
- name: Restart docker daemon - name: "Restart Docker daemon"
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
state: restarted state: restarted
name: docker recreate: always
pull: missing
- name: Restart inverseproxy container name: "docker"
block:
- name: Remove container
community.docker.docker_compose_v2:
project_src: /home/docker/inverseproxy
remove_orphans: true
state: absent
async: 120 async: 120
poll: 10 poll: 10
listen: "restart inverseproxy container" listen: "restart docker daemon"
- name: Start container - name: "Restart reverse proxy container"
tags:
- "upgrade_proxy"
community.docker.docker_compose_v2: community.docker.docker_compose_v2:
project_src: /home/docker/inverseproxy project_src: "/home/docker/inverseproxy"
recreate: always recreate: always
remove_orphans: true
state: present state: present
async: 120 async: 120
poll: 10 poll: 10
listen: "restart inverseproxy container" listen: "restart reverseproxy container"
when: not ansible_check_mode
--- ---
- name: Include OS-specific variables. - name: "Include OS-specific variables."
ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: Install apt-transport-https package - name: "Install apt-transport-https package"
ansible.builtin.apt: ansible.builtin.apt:
name: apt-transport-https name: "apt-transport-https"
install_recommends: false install_recommends: false
state: latest state: latest
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: Install OS packages - name: "Install OS packages"
ansible.builtin.package: ansible.builtin.package:
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: latest state: latest
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
poll: 10 poll: 10
when: not ansible_check_mode when: not ansible_check_mode
- name: Check installed OS packages - name: "Check installed OS packages"
ansible.builtin.package: ansible.builtin.package:
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: latest state: latest
...@@ -25,149 +25,166 @@ ...@@ -25,149 +25,166 @@
- name: Create /etc/docker repo - name: Create /etc/docker repo
ansible.builtin.file: ansible.builtin.file:
name: /etc/docker name: "/etc/docker"
state: directory state: directory
owner: root owner: "root"
group: root group: "root"
mode: '0755' mode: "0755"
- name: Securize docker daemon - name: "Securize docker daemon"
ansible.builtin.template: ansible.builtin.template:
src: daemon.json.j2 src: "daemon.json.j2"
dest: /etc/docker/daemon.json dest: "/etc/docker/daemon.json"
owner: root owner: "root"
group: root group: "root"
mode: '0644' mode: "0644"
notify: notify:
- Restart docker daemon - "restart docker daemon"
- name: Create .docker repo - name: "Create .docker repo"
ansible.builtin.file: ansible.builtin.file:
name: /root/.docker name: "/root/.docker"
state: directory state: directory
owner: root owner: "root"
group: root group: "root"
mode: '0750' mode: "0750"
when: docker_registry_auth is defined when: docker_registry_auth is defined
- name: Add specific repo auth - name: "Add specific repo auth"
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ docker_registry_auth }}" content: "{{ docker_registry_auth }}"
dest: /root/.docker/config.json dest: "/root/.docker/config.json"
owner: root owner: "root"
group: root group: "root"
mode: '0644' mode: "0644"
when: docker_registry_auth is defined when: docker_registry_auth is defined
- name: Create docker repo - name: "Create docker repo"
tags: tags:
- "backup_odoo" - "backup_odoo"
ansible.builtin.file: ansible.builtin.file:
name: /home/docker/backups name: "/home/docker/backups"
state: directory state: directory
owner: root owner: "root"
group: root group: "root"
mode: '0755' mode: "0755"
## Install Proxy docker ## Install Proxy docker
- name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy - name: "Create Inverse Proxy docker structure on server in /home/docker/inverseproxy"
ansible.builtin.file:
name: /home/docker/inverseproxy
state: directory
owner: root
group: root
mode: '0755'
tags: tags:
- "docker_proxy" - "docker_proxy"
- "metabase" - "metabase"
ansible.builtin.file:
name: "/home/docker/inverseproxy"
state: directory
owner: "root"
group: "root"
mode: "0755"
- name: Install proxy docker - name: "Install proxy docker"
ansible.builtin.template:
src: inverseproxy.yaml.j2
dest: /home/docker/inverseproxy/docker-compose.yaml
owner: root
group: root
mode: '0644'
tags: tags:
- "docker_proxy" - "docker_proxy"
- "metabase" - "metabase"
ansible.builtin.template:
src: "inverseproxy.yaml.j2"
dest: "/home/docker/inverseproxy/docker-compose.yaml"
owner: "root"
group: "root"
mode: "0644"
notify: notify:
- restart inverseproxy container - "restart reverseproxy container"
- name: Copy Traefik configuration file - name: "Copy Traefik configuration file"
ansible.builtin.template:
src: traefik.toml.j2
dest: "/home/docker/inverseproxy/traefik.toml"
owner: root
group: root
mode: '0644'
tags: tags:
- "docker_proxy" - "docker_proxy"
- "metabase" - "metabase"
ansible.builtin.template:
src: "traefik.toml.j2"
dest: "/home/docker/inverseproxy/traefik.toml"
owner: "root"
group: "root"
mode: "0644"
notify: notify:
- restart inverseproxy container - "restart reverseproxy container"
- name: Copy Docker Facts Collection script on server - name: "Copy Docker Facts Collection script on server"
ansible.builtin.template: ansible.builtin.template:
src: collect_docker_facts.sh.j2 src: "collect_docker_facts.sh.j2"
dest: /root/collect_docker_facts.sh dest: "/root/collect_docker_facts.sh"
owner: root owner: "root"
group: root group: "root"
mode: '0700' mode: "0700"
when: inventory_hostname in groups.maintenance_contract when: inventory_hostname in groups.maintenance_contract
- name: Add cron job to check Docker versions every day - name: "Add cron job to check Docker versions every day"
ansible.builtin.cron: ansible.builtin.cron:
name: collect docker facts name: "collect docker facts"
minute: "1" minute: "1"
hour: "2" hour: "2"
job: /root/collect_docker_facts.sh job: "/root/collect_docker_facts.sh"
when: inventory_hostname in groups.maintenance_contract when: inventory_hostname in groups.maintenance_contract
# Flush handlers in order to be able to restart docker daemon with new config and retrieve vars # Flush handlers in order to be able to restart docker daemon with new config and retrieve vars
- name: Flush handlers - name: "Flush handlers"
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Enable service docker - name: "Enable service docker"
ansible.builtin.service: ansible.builtin.service:
name: docker name: "docker"
enabled: true enabled: true
- name: Start service docker, if not started - name: "Start service docker, if not started"
ansible.builtin.service: ansible.builtin.service:
name: docker name: "docker"
state: started state: started
- name: Retrieve subuid for dockremap - name: "Retrieve subuid for dockremap"
ansible.builtin.command: grep dockremap /etc/subuid ansible.builtin.command:
cmd: "grep dockremap /etc/subuid"
register: dockremap_subuid_output register: dockremap_subuid_output
when: docker_userns_remap when: docker_userns_remap
- name: Retrieve subgid for dockremap - name: "Retrieve subgid for dockremap"
ansible.builtin.command: grep dockremap /etc/subgid ansible.builtin.command:
cmd: "grep dockremap /etc/subgid"
register: dockremap_subgid_output register: dockremap_subgid_output
when: docker_userns_remap when: docker_userns_remap
- name: Save uid to hostvars for dockremap user - name: "Save uid to hostvars for dockremap user"
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}" name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subuid:" regexp: "dockremap_subuid:"
line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}" line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
create: true create: true
mode: '0664' mode: "0664"
connection: local connection: local
become: false become: false
delegate_to: localhost delegate_to: localhost
when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode when: >
docker_userns_remap
and dockremap_subuid_output.stdout is defined
and not ansible_check_mode
- name: Save gid to hostvars for dockremap user - name: "Save gid to hostvars for dockremap user"
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}" name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subgid:" regexp: "dockremap_subgid:"
line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}" line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
create: true create: true
mode: '0664' mode: "0664"
connection: local connection: local
become: false become: false
delegate_to: localhost delegate_to: localhost
when: docker_userns_remap and dockremap_subgid_output.stdout is defined and not ansible_check_mode when: >
docker_userns_remap
and dockremap_subgid_output.stdout is defined
and not ansible_check_mode
- name: "Restart reverseproxy"
tags:
- "docker_proxy_restart"
ansible.builtin.debug:
msg: "trigger reverseproxy restart"
changed_when: true
notify:
- "restart reverseproxy container"
...@@ -32,6 +32,9 @@ services: ...@@ -32,6 +32,9 @@ services:
{% endif %} {% endif %}
{% if odoo_instances is defined and odoo_instances.values() | list | selectattr('metabase', 'defined') %} {% if odoo_instances is defined and odoo_instances.values() | list | selectattr('metabase', 'defined') %}
bi: bi:
{% endif %}
{% if metabase_instances is defined %}
metabase:
{% endif %} {% endif %}
smtp: smtp:
private: private:
...@@ -104,6 +107,12 @@ networks: ...@@ -104,6 +107,12 @@ networks:
internal: true internal: true
driver_opts: driver_opts:
encrypted: 1 encrypted: 1
{% endif %}
{% if metabase_instances is defined %}
metabase:
internal: true
driver_opts:
encrypted: 1
{% endif %} {% endif %}
smtp: smtp:
internal: true internal: true
......
0% Chargement en cours ou .
You are about to add 0 people to the discussion. Proceed with caution.
Veuillez vous inscrire ou vous pour commenter