blaine
/
infra


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
							---
- name: Install docker packages (Fedora)
  dnf:
    name:
      - moby-engine
      - docker-compose
    state: present
  when:
    - ansible_distribution == 'Fedora'


- block:
    - name: Enable docker-ce repo (CentOS)
      yum_repository:
        name: docker-ce
        enabled: yes
        description: Docker Community Edition
        baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
        gpgkey: https://download.docker.com/linux/centos/gpg
        gpgcheck: yes

    - name: Install docker packages (CentOS)
      yum:
        name:
          - docker-ce
          - docker-compose-plugin
          - python3-requests # for docker_network module
        state: present
  when:
    - ansible_distribution == 'CentOS'


- name: Start/enable docker service
  systemd:
    name: docker
    state: started
    enabled: yes

- name: Create docker service folders
  file:
    path: /root/docker/{{ item }}
    state: directory
    owner: root
    group: root
    mode: '0750'
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Create docker networks
  docker_network:
    name: "{{ item.name }}"
    ipam_config:
      - subnet: "{{ item.subnet }}"
        gateway: "{{ item.gateway }}"
        iprange: "{{ item.ip_range }}"
    state: present
  with_items:
    - "{{ container_networks }}"
  when:
    - container_networks is defined
  loop_control:
    label: "{{ item.name }}"

- name: Write docker compose file
  template:
    src: docker-compose.yml.j2
    dest: /root/docker/{{ item }}/docker-compose.yml
    owner: root
    group: root
    mode: '0640'
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Create container group
  group:
    name: "{{ container_group }}"
    gid: "{{ container_gid }}"

- name: Create container user
  user:
    name: "{{ container_user }}"
    uid: "{{ container_uid }}"
    group: "{{ container_group }}"

- name: Generate list of persistent container directories
  set_fact:
    persistent_container_dirs: "{{ containers | map(attribute='volumes') | flatten | map('regex_replace', ':.*' ) | list }}"
  when:
    - containers.volumes is defined
  changed_when: false

- name: Create persistent container directories
  include_tasks: create_dirs.yml # can't loop a block
  with_items:
    - "{{ persistent_container_dirs }}"
  loop_control:
    label: "{{ item }}"
  when:
    - persistent_container_dirs is defined

- name: Copy systemd service file
  template:
    src: service.j2
    dest: /etc/systemd/system/{{ item }}.service
    owner: root
    group: root
    mode: '0640'
  notify: Refresh systemd service files
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Copy script for automated docker pull
  template:
    src: docker-pull.sh.j2
    dest: /usr/local/bin/docker-pull.sh
    owner: root
    group: root
    mode: '0750'

- name: Install docker-pull systemd artifacts
  template:
    src: docker-pull.{{ item }}.j2
    dest: /etc/systemd/system/docker-pull.{{ item }}
    owner: root
    group: root
    mode: '0750'
  loop:
    - service
    - timer
  loop_control:
    label: docker-pull.{{ item }}

- name: Install docker-purge systemd artifacts
  template:
    src: docker-purge.{{ item }}.j2
    dest: /etc/systemd/system/docker-purge.{{ item }}
    owner: root
    group: root
    mode: '0644'
  notify: Refresh systemd service files
  loop:
    - service
    - timer
  loop_control:
    label: docker-purge.{{ item }}

- meta: flush_handlers

- name: Open up firewall ports
  firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
  with_items:
    - "{{ firewall_ports }}"

- name: Start/enable services
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Enable docker timers for automated pull & cleanup
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
  loop:
    - docker-pull.timer
    - docker-purge.timer

- name: Add script for restarting all containers
  template:
    src: restart-containers.sh.j2
    dest: /usr/local/bin/restart-containers.sh
    owner: root
    group: root
    mode: '0750'

- name: Check if dnf-automatic is enabled
  stat:
    path: /etc/systemd/system/dnf-automatic-install.service.d
  register: dnf_automatic

- name: Modify dnf-automatic to turn off containers while updating
  template:
    src: stop-containers.conf.j2
    dest: /etc/systemd/system/dnf-automatic-install.service.d/stop-containers.conf
    owner: root
    group: root
    mode: '0644'
  when:
    - dnf_automatic.stat.exists
  notify:
    - Refresh systemd service files