docker role

docker.yml

@@ -0,0 +1,7 @@
+- name: Instala Docker
+  hosts: all
+  any_errors_fatal: true
+  become: true
+  become_user: root
+  roles:
+    - docker

group_vars/all/access.yml

@@ -0,0 +1,21 @@
+---
+# my working example, change name, key, full, shell, password_hash and uncomment groups
+access_admin_users:
+  - name: alpine
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiMj6yG62yNiju2H3FQicX76AsBRZfxpMMfVeCEXEsF sergio@nas
+    full: Alpine User
+    shell: /bin/sh
+    groups:
+      - admin
+      - wheel
+access_users:
+  # add application users here as well
+  - name: consul
+    shell: /bin/nologin
+access_admin_group: admin
+# access_user_groups has format as such:
+# - name: test_group
+#    users:
+#      - bleh
+#      - blah
+access_user_groups: []

roles/docker/defaults/main.yml

@@ -0,0 +1,4 @@
+docker_plugins:
+  - identifier: grafana/loki-docker-driver
+    alias: loki
+    version: latest

roles/docker/tasks/alpine.yml

@@ -0,0 +1,19 @@
+---
+- name: install docker apk package
+  community.general.apk:
+    name:
+      - iptables
+      - docker
+    state: present
+    update_cache: yes
+  become: true
+
+- name: reboot machine to enable iptables module
+  ansible.builtin.reboot:
+
+- name: enable and start docker
+  ansible.builtin.service:
+    name: docker
+    enabled: true
+    state: restarted
+  become: true

roles/docker/tasks/docker_plugin.yml

@@ -0,0 +1,23 @@
+---
+- name: check if plugin already installed
+  ansible.builtin.command:
+    cmd: docker plugin list
+  register: list_plugins
+  become: true
+
+- name: debug registered plugins
+  ansible.builtin.debug:
+    msg: "{{ list_plugins }}"
+
+- name: enable docker plugin
+  ansible.builtin.command:
+    cmd: "docker plugin install {{ item.identifier }}:{{ item.version }} --alias {{ item.alias }} --grant-all-permissions"
+  register: plugin_install
+  become: true
+  when: "item.alias + ':' + item.version not in list_plugins.stdout"
+
+- name: restart docker
+  ansible.builtin.service:
+    name: docker
+    state: restarted
+  become: true

roles/docker/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+- name: setup docker
+  ansible.builtin.include_tasks: "{{ ansible_distribution | lower}}.yml"
+
+- name: add users to docker group
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    groups: docker
+    append: true
+    state: present
+  loop: "{{ access_admin_users }}"
+  become: true
+
+- name: checking existence of the docker config directory
+  become: true
+  stat:
+    path: "/etc/docker"
+  register: docker_config_path
+
+- name: creating docker config directory if it doesn't already exists
+  become: true
+  file:
+    path: "/etc/docker"
+    state: directory
+  when: not docker_config_path.stat.exists
+
+# Do not install the loki plugin on arm as it's not supported.
+
+- block:
+  - name: debug docker_plugins
+    ansible.builtin.debug:
+      msg: "{{ docker_plugins }}"
+
+  - name: install plugins
+    ansible.builtin.include_tasks: docker_plugin.yml
+    loop: "{{ lookup('vars', 'docker_plugins') }}"
+
+  - name: set docker daemon file with configs
+    ansible.builtin.template:
+      src: daemon.json.j2
+      dest: /etc/docker/daemon.json
+    become: true
+    register: docker_daemon_config
+
+  - name: restart docker when daemon cfg changed
+    ansible.builtin.service:
+      name: docker
+      state: restarted
+    become: true
+    when: docker_daemon_config.changed
+  when: "'aarch64' != ansible_architecture"
+

roles/docker/templates/daemon.json.j2

@@ -0,0 +1,7 @@
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-file": "3",
+    "max-size": "10m"
+  }
+}

roles/docker/templates/daemon.json.loki.j2

@@ -0,0 +1,8 @@
+{
+  "debug": true,
+  "log-driver": "loki",
+  "log-opts": {
+    "loki-url": "http://{{ s3_access_key}}:{{ s3_secret_key }}@loki.service.consul:8880/loki/api/v1/push",
+    "loki-batch-size": "400"
+  }
+}