---
- name: Include OS-specific variables.
ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: Install apt-transport-https package
ansible.builtin.apt:
name: apt-transport-https
install_recommends: false
state: latest
when: ansible_os_family == "Debian"
- name: Install OS packages
ansible.builtin.package:
name: "{{ packages_to_install }}"
state: latest
async: 120
poll: 10
when: not ansible_check_mode
- name: Check installed OS packages
ansible.builtin.package:
name: "{{ packages_to_install }}"
state: latest
when: ansible_check_mode
- name: Create /etc/docker repo
ansible.builtin.file:
name: /etc/docker
state: directory
owner: root
group: root
mode: '0755'
- name: Securize docker daemon
ansible.builtin.template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
owner: root
group: root
mode: '0644'
notify:
- Restart docker daemon
- name: Create .docker repo
ansible.builtin.file:
name: /root/.docker
state: directory
owner: root
group: root
mode: '0750'
when: docker_registry_auth is defined
- name: Add specific repo auth
ansible.builtin.copy:
content: "{{ docker_registry_auth }}"
dest: /root/.docker/config.json
owner: root
group: root
mode: '0644'
when: docker_registry_auth is defined
- name: Create docker repo
tags:
- "backup_odoo"
ansible.builtin.file:
name: /home/docker/backups
state: directory
owner: root
group: root
mode: '0755'
## Install Proxy docker
- name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy
ansible.builtin.file:
name: /home/docker/inverseproxy
state: directory
owner: root
group: root
mode: '0755'
tags:
- "docker_proxy"
- "metabase"
- name: Install proxy docker
ansible.builtin.template:
src: inverseproxy.yaml.j2
dest: /home/docker/inverseproxy/docker-compose.yaml
owner: root
group: root
mode: '0644'
tags:
- "docker_proxy"
- "metabase"
notify:
- Start inverseproxy docker
- name: Copy Traefik configuration file
ansible.builtin.template:
src: traefik.toml.j2
dest: "/home/docker/inverseproxy/traefik.toml"
owner: root
group: root
mode: '0644'
tags:
- "docker_proxy"
- "metabase"
notify:
- Start inverseproxy docker
- name: Copy Docker Facts Collection script on server
ansible.builtin.template:
src: collect_docker_facts.sh.j2
dest: /root/collect_docker_facts.sh
owner: root
group: root
mode: '0700'
- name: Add cron job to check Docker versions every day
ansible.builtin.cron:
name: collect docker facts
minute: "1"
hour: "2"
job: /root/collect_docker_facts.sh
# Flush handlers in order to be able to restart docker daemon with new config and retrieve vars
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Enable service docker
ansible.builtin.service:
name: docker
enabled: true
- name: Start service docker, if not started
ansible.builtin.service:
name: docker
state: started
- name: Retrieve subuid for dockremap
ansible.builtin.command: grep dockremap /etc/subuid
register: dockremap_subuid_output
when: docker_userns_remap
- name: Retrieve subgid for dockremap
ansible.builtin.command: grep dockremap /etc/subgid
register: dockremap_subgid_output
when: docker_userns_remap
- name: Save uid to hostvars for dockremap user
ansible.builtin.lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subuid:"
line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
create: true
mode: '0664'
connection: local
become: false
delegate_to: localhost
when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode
- name: Save gid to hostvars for dockremap user
ansible.builtin.lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subgid:"
line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
create: true
mode: '0664'
connection: local
become: false
delegate_to: localhost
when: docker_userns_remap and dockremap_subgid_output.stdout is defined and not ansible_check_mode