blaine
/
infra


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
							---
- name: Install docker packages (Fedora)
  dnf:
    name:
      - moby-engine
      - docker-compose
    state: present
  when:
    - ansible_distribution == 'Fedora'


- block:
    - name: Enable docker-ce repo (CentOS)
      yum_repository:
        name: docker-ce
        description: Docker Community Edition
        baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable

    - name: Install docker packages
      yum:
        name:
          - docker-ce
          - docker-compose
          - python-docker-py
        state: present
  when:
    - ansible_distribution == 'CentOS'


- name: Start/enable docker service
  systemd:
    name: docker
    state: started
    enabled: yes

- name: Create docker service folders
  file:
    path: /root/docker/{{ item }}
    state: directory
    owner: root
    group: root
    mode: '0750'
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"

- name: Create docker networks
  docker_network:
    name: "{{ item.name }}"
    ipam_config:
      - subnet: "{{ item.subnet }}"
        gateway: "{{ item.gateway }}"
        iprange: "{{ item.ip_range }}"
    state: present
  with_items:
    - "{{ container_networks }}"
  when:
    - container_networks is defined
  loop_control:
    label: "{{ item.name }}"

- name: Write docker compose file
  template:
    src: docker-compose.yml.j2
    dest: /root/docker/{{ item }}/docker-compose.yml
    owner: root
    group: root
    mode: '0640'
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"

- name: Create container group
  group:
    name: "{{ container_group }}"
    gid: "{{ container_gid }}"

- name: Create container user
  user:
    name: "{{ container_user }}"
    uid: "{{ container_uid }}"
    group: "{{ container_group }}"

- name: Generate list of persistent container directories
  set_fact:
    persistent_container_dirs: "{{ containers | map(attribute='volumes') | flatten | map('regex_replace', ':.*' ) | list }}"
  changed_when: false

- name: Create persistent container directories
  include_tasks: create_dirs.yml # can't loop a block
  with_items:
    - "{{ persistent_container_dirs }}"
  loop_control:
    label: "{{ item }}"

#- name: Modify SELinux contexts for container directories
#  sefcontext:
#    target: "{{ item | quote }}(/.*)?"
#    setype: container_file_t
#    state: present
#  with_items:
#    - "{{ persistent_container_dirs }}"
#  notify: Apply SELinux contexts

- name: Copy systemd service file
  template:
    src: service.j2
    dest: /etc/systemd/system/{{ item }}.service
    owner: root
    group: root
    mode: '0640'
  notify: Refresh systemd service files
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"

- meta: flush_handlers

- name: Open up firewall ports
  firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
  with_items:
    - "{{ firewall_ports }}"

- name: Start/enable services
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"