diff --git a/init.yml b/init.yml new file mode 100644 index 0000000..d8cfbb3 --- /dev/null +++ b/init.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +38363335646465303831393433323130636362373337633537353134626338623039356132373532 +3163393361653937636136383636396431333066343633640a653465333339383239623161333065 +62633632366436316639636638313736306138323633333435343265613332383066623938616636 +6238646363373865640a343564333333363563633531373736316463356539653965346530333366 +35373366313432383466383064373734376639333162386239383533396262383839336231643834 +62616430623339313632643935666364386666386365636536313032663737353066363639366563 +623531396165383437336563643432353562 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 0000000..5c56236 --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,2 @@ +docker_users: + - jd \ No newline at end of file diff --git a/roles/docker/tasks/Debian.yml b/roles/docker/tasks/Debian.yml new file mode 100644 index 0000000..50a33cd --- /dev/null +++ b/roles/docker/tasks/Debian.yml @@ -0,0 +1,323 @@ +- name: Setup docker + become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}" + block: + + + - name: Create apt proxy file + ansible.builtin.copy: + dest: /etc/apt/apt.conf.d/02proxy + content: | + Acquire::http::Proxy "http://192.168.77.101:3142"; + Acquire::https::Proxy "false"; + + - name: Print arch + ansible.builtin.debug: + msg: "{{ ansible_architecture }}" + - name: Install docker dependencies + ansible.builtin.apt: + name: + - ca-certificates + - curl + - telnet + - net-tools + - python3-pip + - python3-dev + state: present + update_cache: true + register: install_docker_deps + until: install_docker_deps is succeeded + retries: 10 + delay: 10 + + - name: Get keys for raspotify + ansible.builtin.command: + install -m 0755 -d /etc/apt/keyrings + + + # - name: Add an Apt signing key to a specific keyring file + # ansible.builtin.apt_key: + # url: https://download.docker.com/linux/debian/gpg + # keyring: /etc/apt/keyrings/docker.asc + # when: + # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + + # - name: Get keys for raspotify + # ansible.builtin.shell: + # curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc + # when: + # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + + - name: Get keys for raspotify + ansible.builtin.shell: + curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc + when: + - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + + - name: Ensure docker keyring directory exists + file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + + - name: Download Docker GPG key + get_url: + url: https://download.docker.com/linux/debian/gpg + dest: /etc/apt/keyrings/docker.asc + mode: "0644" + when: + - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" + + - name: Install docker.sources file + template: + src: docker.sources.j2 + dest: /etc/apt/sources.list.d/docker.sources + owner: root + group: root + mode: "0644" + when: + - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" + + - name: Create docker.sources file + copy: + dest: /etc/apt/sources.list.d/docker.sources + mode: "0644" + content: | + Types: deb + URIs: https://download.docker.com/linux/debian + Suites: {{ ansible_facts['lsb']['codename'] }} + Components: stable + Signed-By: /etc/apt/keyrings/docker.asc + when: + - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" + + - name: Update apt cache + apt: + update_cache: yes + + when: + - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" + + - name: Download Docker GPG key + get_url: + url: https://download.docker.com/linux/debian/gpg + dest: /etc/apt/keyrings/docker.asc + mode: "0644" + when: + - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" + + - name: Add an Apt signing key to a specific keyring file + ansible.builtin.apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + keyring: /etc/apt/keyrings/docker.asc + when: + - ansible_distribution == "Ubuntu" + + # - name: Get keys for raspotify + # ansible.builtin.shell: + # curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc + # when: + # - ansible_distribution == "Ubuntu" + - name: Change file ownership, group and permissions + ansible.builtin.file: + path: /etc/apt/keyrings/docker.asc + owner: root + group: root + mode: '0644' + + # - name: Get keys for raspotify + # ansible.builtin.shell: + # chmod a+r /etc/apt/keyrings/docker.asc + + - name: Get keys for raspotify + ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null + when: + - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + + - name: Get keys for raspotify + ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + when: + - ansible_distribution == "Ubuntu" + + # - name: Install docker + # ansible.builtin.apt: + # name: + # - docker-ce + # - docker-ce-cli + # - containerd.io + # - docker-buildx-plugin + # - docker-compose-plugin + # update_cache: true + - name: Install the version docker1 + ansible.builtin.apt: + name: "{{ item }}" + state: present + when: + - ansible_distribution == "Debian" + loop: + - docker-ce + - docker-ce-cli + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian" + loop: + - containerd.io + + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian" + loop: + - docker-buildx-plugin + + + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}=5:28.5.2-1~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian1" + loop: + - docker-ce + - docker-ce-cli + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}=1.7.28-2~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian1" + loop: + - containerd.io + + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}=0.28.0-0~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian1" + loop: + - docker-buildx-plugin + + - name: Create a directory docker.service.d + ansible.builtin.file: + path: /etc/systemd/system/docker.service.d/ + state: directory + mode: '0755' + + - name: Create a directory for certs + ansible.builtin.file: + path: /etc/docker/certs + state: directory + mode: '0700' + owner: root + group: root + + # - name: Copy files + # ansible.builtin.copy: + # src: server-key.pem + # dest: /etc/docker/certs/ + # mode: '0600' + # owner: root + # group: root + # - name: Copy files + # ansible.builtin.copy: + # src: ca.pem + # dest: /etc/docker/certs/ + # mode: '0600' + # owner: root + # group: root + # - name: Copy files + # ansible.builtin.copy: + # src: server-cert.pem + # dest: /etc/docker/certs/ + # mode: '0600' + # owner: root + # group: root + - name: Creating a file with content + ansible.builtin.copy: + dest: "/etc/systemd/system/docker.service.d/override.conf" + content: | + [Service] + ExecStart= + ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 + mode: '0600' + owner: root + group: root + notify: restart_docker + when: mode == "cert" + + # - name: Creating a file with content + # ansible.builtin.copy: + # dest: "/etc/systemd/system/docker.service.d/override.conf" + # content: | + # [Service] + # ExecStart= + # ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \ + # --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \ + # --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 + # mode: '0600' + # owner: root + # group: root + # notify: restart_docker + # when: mode != "nocert" + + - name: Just force systemd to reread configs + ansible.builtin.systemd: + daemon_reload: true + + - name: Check if file exists + ansible.builtin.stat: + path: /etc/docker/certs/ca.pem + register: file_check + + - name: Print file check result + ansible.builtin.debug: + var: file_check + + - name: Include role only if missing + ansible.builtin.include_role: + name: cert_gen + when: not file_check.stat.exists and mode == "cert" + + + - name: Create docker config file + ansible.builtin.copy: + dest: /etc/docker/daemon.json + content: | + { + "log-driver": "json-file", + "log-opts": { + "max-size": "10m", + "max-file": "3" + }, + "data-root": "/var/lib/docker", + "dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"], + "dns-search": ["lan", "home.lan"] + + } + mode: '0644' + owner: root + group: root + + + - name: Restart docker service + ansible.builtin.service: + name: docker + state: restarted + + # - name: Get keys for raspotify + # ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions + - name: Install a plugin + community.docker.docker_plugin: + plugin_name: grafana/loki-docker-driver + alias: loki + state: enable diff --git a/roles/docker/tasks/RedHat.yml b/roles/docker/tasks/RedHat.yml new file mode 100644 index 0000000..b2c26a6 --- /dev/null +++ b/roles/docker/tasks/RedHat.yml @@ -0,0 +1,130 @@ +- name: Setup docker + become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}" + block: + - name: Facts + ansible.builtin.setup: + + - name: Remove old Docker packages + ansible.builtin.dnf: + name: + - docker + - docker-client + - docker-client-latest + - docker-common + - docker-latest + - docker-latest-logrotate + - docker-logrotate + - docker-engine + state: absent + + - name: Install required packages + ansible.builtin.dnf: + name: + - dnf-plugins-core + - ca-certificates + - curl + - gnupg2 + state: present + + - name: Add Docker repository + ansible.builtin.get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + mode: '0644' + + - name: Install Docker Engine + ansible.builtin.dnf: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: latest + + - name: Add users to docker group + ansible.builtin.user: + name: "{{ item }}" + groups: docker + append: true + loop: "{{ docker_users }}" + when: docker_users | length > 0 + + - name: Create a directory docker.service.d + ansible.builtin.file: + path: /etc/systemd/system/docker.service.d/ + state: directory + mode: '0755' + + - name: Create a directory for certs + ansible.builtin.file: + path: /etc/docker/certs + state: directory + mode: '0700' + owner: root + group: root + + - name: Creating a file with content + ansible.builtin.copy: + dest: "/etc/systemd/system/docker.service.d/override.conf" + content: | + [Service] + ExecStart= + ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 + mode: '0600' + owner: root + group: root + notify: restart_docker + when: mode == "cert" + + - name: Just force systemd to reread configs + ansible.builtin.systemd: + daemon_reload: true + + - name: Check if file exists + ansible.builtin.stat: + path: /etc/docker/certs/ca.pem + register: file_check + + - name: Print file check result + ansible.builtin.debug: + var: file_check + + - name: Include role only if missing + ansible.builtin.include_role: + name: cert_gen + when: not file_check.stat.exists and mode == "cert" + + + - name: Create docker config file + ansible.builtin.copy: + dest: /etc/docker/daemon.json + content: | + { + "log-driver": "json-file", + "log-opts": { + "max-size": "10m", + "max-file": "3" + }, + "data-root": "/var/lib/docker", + "dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"], + "dns-search": ["lan", "home.lan"] + + } + mode: '0644' + owner: root + group: root + + + - name: Restart docker service + ansible.builtin.service: + name: docker + state: restarted + + # - name: Get keys for raspotify + # ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions + - name: Install a plugin + community.docker.docker_plugin: + plugin_name: grafana/loki-docker-driver + alias: loki + state: enable \ No newline at end of file