infra/roles/docker/tasks/main.yml

---
- name: Install docker packages (Fedora)
  dnf:
    name:
      - moby-engine
      - docker-compose
    state: present
  when:
    - ansible_distribution == 'Fedora'


- block:
    - name: Enable docker-ce repo (CentOS)
      yum_repository:
        name: docker-ce
        enabled: yes
        description: Docker Community Edition
        baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
        gpgkey: https://download.docker.com/linux/centos/gpg
        gpgcheck: yes

    - name: Install docker packages (CentOS)
      yum:
        name:
          - docker-ce
          - docker-compose
          - python-docker-py
        state: present
  when:
    - ansible_distribution == 'CentOS'


- name: Start/enable docker service
  systemd:
    name: docker
    state: started
    enabled: yes

- name: Create docker service folders
  file:
    path: /root/docker/{{ item }}
    state: directory
    owner: root
    group: root
    mode: '0750'
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Create docker networks
  docker_network:
    name: "{{ item.name }}"
    ipam_config:
      - subnet: "{{ item.subnet }}"
        gateway: "{{ item.gateway }}"
        iprange: "{{ item.ip_range }}"
    state: present
  with_items:
    - "{{ container_networks }}"
  when:
    - container_networks is defined
  loop_control:
    label: "{{ item.name }}"

- name: Write docker compose file
  template:
    src: docker-compose.yml.j2
    dest: /root/docker/{{ item }}/docker-compose.yml
    owner: root
    group: root
    mode: '0640'
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Create container group
  group:
    name: "{{ container_group }}"
    gid: "{{ container_gid }}"

- name: Create container user
  user:
    name: "{{ container_user }}"
    uid: "{{ container_uid }}"
    group: "{{ container_group }}"

- name: Generate list of persistent container directories
  set_fact:
    persistent_container_dirs: "{{ containers | map(attribute='volumes') | flatten | map('regex_replace', ':.*' ) | list }}"
  changed_when: false

- name: Create persistent container directories
  include_tasks: create_dirs.yml # can't loop a block
  with_items:
    - "{{ persistent_container_dirs }}"
  loop_control:
    label: "{{ item }}"

- name: Copy systemd service file
  template:
    src: service.j2
    dest: /etc/systemd/system/{{ item }}.service
    owner: root
    group: root
    mode: '0640'
  notify: Refresh systemd service files
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Copy script for automated docker pull
  template:
    src: docker-pull.sh.j2
    dest: /usr/local/bin/docker-pull.sh
    owner: root
    group: root
    mode: '0750'

- name: Install docker-pull systemd artifacts
  template:
    src: docker-pull.{{ item }}.j2
    dest: /etc/systemd/system/docker-pull.{{ item }}
    owner: root
    group: root
    mode: '0750'
  loop:
    - service
    - timer
  loop_control:
    label: docker-pull.{{ item }}

- name: Install docker-purge systemd artifacts
  template:
    src: docker-purge.{{ item }}.j2
    dest: /etc/systemd/system/docker-purge.{{ item }}
    owner: root
    group: root
    mode: '0644'
  notify: Refresh systemd service files
  loop:
    - service
    - timer
  loop_control:
    label: docker-purge.{{ item }}

- meta: flush_handlers

- name: Open up firewall ports
  firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
  with_items:
    - "{{ firewall_ports }}"

- name: Start/enable services
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
    - "{{ containers | map(attribute='name') | flatten }}"

- name: Enable docker timers for automated pull & cleanup
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
  loop:
    - docker-pull.timer
    - docker-purge.timer