Home Explore Help
Sign In
blaine
/
infra
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a71daafb02
Branches Tags
infra
/
roles
/
docker
/
README.md

README.md 2.4 KB
History Raw

docker

This role will install Docker and given a list of containers to deploy, will do the following:

  1. Create needed docker networks
  2. Open up necessary firewall ports
  3. Generate docker-compose files (1 per container)
  4. Ensure container user/group exists
  5. Ensure container persistent directories exist with correct perms and SELinux contexts
  6. Generate a systemd service file per container
  7. Setup systemd timers to automatically pull new and purge old container images

Requirements

This role is only tested on Fedora/CentOS machines.

Variables

container_user: user name to run containers as (will be generated if not exists) container_uid: uid of above user name container_group: group name of container_user container_gid: gid of above group name

global_env_vars: # will be set on any container which has include_global_env_vars: true
  - PUID={{ container_uid }}
  - PGID={{ container_gid }}
  - TZ=America/Los_Angeles

firewall_ports: # list of ports to open up on the host
  - 80/tcp
  - 443/tcp

Since this role sets up each container individually, if multiple containers need to talk directly to each other container networks must be outlined:

This role sets up each container as an individual docker-compose.yml file with a 1-to-1 relationship with it's systemd service. This means we can not rely on docker-compose's built-in networking feature for connecting multiple containers together.

Outline any networks you need via container_networks:

container_networks:
  - name: backend
    driver: bridge
    subnet: 172.21.10.0/24
    ip_range: 172.21.10.0/24
    gateway: 172.21.10.1

And specify those networks in the corresponding container's dictionary:

containers:
  - name: nginx
    active: true
    image: linuxserver/nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - /opt/nginx:/config
    include_global_env_vars: true
    restart: unless-stopped
    memlimit: 300m
    networks:
      - backend

    - name: mysql
      active: true
      image: mysql
      volumes:
        - /opt/mysql:/var/lib/mysql
      include_global_env_vars: false
      environment:
        - MYSQL_ROOT_PASSWORD="{{ vaulted_mysql_root_password }}"
      restart: unless-stopped
      memlimit: 500m
      networks:
        - backend

License

GPLv3