---
- name: Install docker packages (Fedora)
dnf:
name:
- moby-engine
- docker-compose
state: present
when:
- ansible_distribution == 'Fedora'
- block:
- name: Enable docker-ce repo (CentOS)
yum_repository:
name: docker-ce
enabled: yes
description: Docker Community Edition
baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
gpgkey: https://download.docker.com/linux/centos/gpg
gpgcheck: yes
- name: Install docker packages (CentOS)
yum:
name:
- docker-ce
- docker-compose-plugin
- python3-requests # for docker_network module
state: present
when:
- ansible_distribution == 'CentOS'
- name: Start/enable docker service
systemd:
name: docker
state: started
enabled: yes
- name: Create docker service folders
file:
path: /root/docker/{{ item }}
state: directory
owner: root
group: root
mode: '0750'
with_items:
- "{{ containers | map(attribute='name') | flatten }}"
- name: Create docker networks
docker_network:
name: "{{ item.name }}"
ipam_config:
- subnet: "{{ item.subnet }}"
gateway: "{{ item.gateway }}"
iprange: "{{ item.ip_range }}"
state: present
with_items:
- "{{ container_networks }}"
when:
- container_networks is defined
loop_control:
label: "{{ item.name }}"
- name: Write docker compose file
template:
src: docker-compose.yml.j2
dest: /root/docker/{{ item }}/docker-compose.yml
owner: root
group: root
mode: '0640'
with_items:
- "{{ containers | map(attribute='name') | flatten }}"
- name: Create container group
group:
name: "{{ container_group }}"
gid: "{{ container_gid }}"
- name: Create container user
user:
name: "{{ container_user }}"
uid: "{{ container_uid }}"
group: "{{ container_group }}"
- name: Generate list of persistent container directories
set_fact:
persistent_container_dirs: "{{ containers | map(attribute='volumes') | flatten | map('regex_replace', ':.*' ) | list }}"
when:
- containers.volumes is defined
changed_when: false
- name: Create persistent container directories
include_tasks: create_dirs.yml # can't loop a block
with_items:
- "{{ persistent_container_dirs }}"
loop_control:
label: "{{ item }}"
when:
- persistent_container_dirs is defined
- name: Copy systemd service file
template:
src: service.j2
dest: /etc/systemd/system/{{ item }}.service
owner: root
group: root
mode: '0640'
notify: Refresh systemd service files
with_items:
- "{{ containers | map(attribute='name') | flatten }}"
- name: Copy script for automated docker pull
template:
src: docker-pull.sh.j2
dest: /usr/local/bin/docker-pull.sh
owner: root
group: root
mode: '0750'
- name: Install docker-pull systemd artifacts
template:
src: docker-pull.{{ item }}.j2
dest: /etc/systemd/system/docker-pull.{{ item }}
owner: root
group: root
mode: '0750'
loop:
- service
- timer
loop_control:
label: docker-pull.{{ item }}
- name: Install docker-purge systemd artifacts
template:
src: docker-purge.{{ item }}.j2
dest: /etc/systemd/system/docker-purge.{{ item }}
owner: root
group: root
mode: '0644'
notify: Refresh systemd service files
loop:
- service
- timer
loop_control:
label: docker-purge.{{ item }}
- meta: flush_handlers
- name: Open up firewall ports
firewalld:
port: "{{ item }}"
permanent: yes
state: enabled
with_items:
- "{{ firewall_ports }}"
- name: Start/enable services
systemd:
name: "{{ item }}"
enabled: yes
state: started
with_items:
- "{{ containers | map(attribute='name') | flatten }}"
- name: Enable docker timers for automated pull & cleanup
systemd:
name: "{{ item }}"
enabled: yes
state: started
loop:
- docker-pull.timer
- docker-purge.timer
- name: Add script for restarting all containers
template:
src: restart-containers.sh.j2
dest: /usr/local/bin/restart-containers.sh
owner: root
group: root
mode: '0750'
- name: Check if dnf-automatic is enabled
stat:
path: /etc/systemd/system/dnf-automatic-install.service.d
register: dnf_automatic
- name: Modify dnf-automatic to turn off containers while updating
template:
src: stop-containers.conf.j2
dest: /etc/systemd/system/dnf-automatic-install.service.d/stop-containers.conf
owner: root
group: root
mode: '0644'
when:
- dnf_automatic.stat.exists
notify:
- Refresh systemd service files