docker role

This commit is contained in:
serxoz 2023-09-20 09:49:32 +02:00
parent 5d910363dd
commit eb76f838f0
8 changed files with 141 additions and 0 deletions

7
docker.yml Normal file
View File

@ -0,0 +1,7 @@
- name: Instala Docker
hosts: all
any_errors_fatal: true
become: true
become_user: root
roles:
- docker

21
group_vars/all/access.yml Normal file
View File

@ -0,0 +1,21 @@
---
# my working example, change name, key, full, shell, password_hash and uncomment groups
access_admin_users:
- name: alpine
key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiMj6yG62yNiju2H3FQicX76AsBRZfxpMMfVeCEXEsF sergio@nas
full: Alpine User
shell: /bin/sh
groups:
- admin
- wheel
access_users:
# add application users here as well
- name: consul
shell: /bin/nologin
access_admin_group: admin
# access_user_groups has format as such:
# - name: test_group
# users:
# - bleh
# - blah
access_user_groups: []

View File

@ -0,0 +1,4 @@
docker_plugins:
- identifier: grafana/loki-docker-driver
alias: loki
version: latest

View File

@ -0,0 +1,19 @@
---
- name: install docker apk package
community.general.apk:
name:
- iptables
- docker
state: present
update_cache: yes
become: true
- name: reboot machine to enable iptables module
ansible.builtin.reboot:
- name: enable and start docker
ansible.builtin.service:
name: docker
enabled: true
state: restarted
become: true

View File

@ -0,0 +1,23 @@
---
- name: check if plugin already installed
ansible.builtin.command:
cmd: docker plugin list
register: list_plugins
become: true
- name: debug registered plugins
ansible.builtin.debug:
msg: "{{ list_plugins }}"
- name: enable docker plugin
ansible.builtin.command:
cmd: "docker plugin install {{ item.identifier }}:{{ item.version }} --alias {{ item.alias }} --grant-all-permissions"
register: plugin_install
become: true
when: "item.alias + ':' + item.version not in list_plugins.stdout"
- name: restart docker
ansible.builtin.service:
name: docker
state: restarted
become: true

View File

@ -0,0 +1,52 @@
---
- name: setup docker
ansible.builtin.include_tasks: "{{ ansible_distribution | lower}}.yml"
- name: add users to docker group
ansible.builtin.user:
name: "{{ item.name }}"
groups: docker
append: true
state: present
loop: "{{ access_admin_users }}"
become: true
- name: checking existence of the docker config directory
become: true
stat:
path: "/etc/docker"
register: docker_config_path
- name: creating docker config directory if it doesn't already exists
become: true
file:
path: "/etc/docker"
state: directory
when: not docker_config_path.stat.exists
# Do not install the loki plugin on arm as it's not supported.
- block:
- name: debug docker_plugins
ansible.builtin.debug:
msg: "{{ docker_plugins }}"
- name: install plugins
ansible.builtin.include_tasks: docker_plugin.yml
loop: "{{ lookup('vars', 'docker_plugins') }}"
- name: set docker daemon file with configs
ansible.builtin.template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
become: true
register: docker_daemon_config
- name: restart docker when daemon cfg changed
ansible.builtin.service:
name: docker
state: restarted
become: true
when: docker_daemon_config.changed
when: "'aarch64' != ansible_architecture"

View File

@ -0,0 +1,7 @@
{
"log-driver": "json-file",
"log-opts": {
"max-file": "3",
"max-size": "10m"
}
}

View File

@ -0,0 +1,8 @@
{
"debug": true,
"log-driver": "loki",
"log-opts": {
"loki-url": "http://{{ s3_access_key}}:{{ s3_secret_key }}@loki.service.consul:8880/loki/api/v1/push",
"loki-batch-size": "400"
}
}