From ebe1c40855b589b6f1fb9bce3f9028b9e03adaab Mon Sep 17 00:00:00 2001 From: jaydee Date: Wed, 26 Nov 2025 08:51:58 +0100 Subject: [PATCH] build --- all.yml | 3 + hosts_init.yml | 5 +- hosts_roles.yml | 3 + roles/docker/tasks/main.yml | 177 +++++++++++++++++++++++++----------- 4 files changed, 135 insertions(+), 53 deletions(-) diff --git a/all.yml b/all.yml index 713a30d..50e627d 100755 --- a/all.yml +++ b/all.yml @@ -86,3 +86,6 @@ - name: letsgo role: letsgo tags: letsgo + - name: docker_swarm + role: docker_swarm + tags: docker_swarm diff --git a/hosts_init.yml b/hosts_init.yml index 32bd2d8..feaf3be 100755 --- a/hosts_init.yml +++ b/hosts_init.yml @@ -48,11 +48,14 @@ datacenter: vm01.home.lan: vm02.home.lan: vm03.home.lan: + vm04.home.lan: + vm05.home.lan: + vm06.home.lan: vars: ansible_python_interpreter: /usr/bin/python3 ansible_ssh_user: jd ansible_ssh_password: q - become_method: su + ansible_become_method: su ansible_become_password: q ansible_ssh_pass: q ansible_become_user: root \ No newline at end of file diff --git a/hosts_roles.yml b/hosts_roles.yml index d3698e4..31b357f 100755 --- a/hosts_roles.yml +++ b/hosts_roles.yml @@ -188,6 +188,9 @@ datacenter: vm01.home.lan: vm02.home.lan: vm03.home.lan: + vm04.home.lan: + vm05.home.lan: + vm06.home.lan: vars: ansible_python_interpreter: /usr/bin/python3 ansible_ssh_user: jd diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index f6ec81b..1aab9b3 100755 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -18,6 +18,10 @@ - python3-dev state: present update_cache: true + retries: 5 + delay: 10 + until: result is succeeded + - name: Get keys for raspotify ansible.builtin.command: install -m 0755 -d /etc/apt/keyrings @@ -42,23 +46,22 @@ when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" - - name: Ensure docker keyring directory exists - ansible.builtin.file: + file: path: /etc/apt/keyrings state: directory mode: "0755" - name: Download Docker GPG key - ansible.builtin.get_url: + get_url: url: https://download.docker.com/linux/debian/gpg dest: /etc/apt/keyrings/docker.asc mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - + - name: Install docker.sources file - ansible.builtin.template: + template: src: docker.sources.j2 dest: /etc/apt/sources.list.d/docker.sources owner: root @@ -68,7 +71,7 @@ - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Create docker.sources file - ansible.builtin.copy: + copy: dest: /etc/apt/sources.list.d/docker.sources mode: "0644" content: | @@ -78,24 +81,31 @@ Components: stable Signed-By: /etc/apt/keyrings/docker.asc when: - - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" + - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Update apt cache - ansible.builtin.apt: - update_cache: true + apt: + update_cache: yes when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Download Docker GPG key - ansible.builtin.get_url: + get_url: url: https://download.docker.com/linux/debian/gpg dest: /etc/apt/keyrings/docker.asc mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" + + + + + + + - name: Add an Apt signing key to a specific keyring file ansible.builtin.apt_key: url: https://download.docker.com/linux/ubuntu/gpg @@ -128,72 +138,137 @@ ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null when: - ansible_distribution == "Ubuntu" - - name: Pin docker version - ansible.builtin.copy: - dest: /etc/apt/preferences.d/docker.pref - mode: "0644" - content: | - Package: docker-ce - Pin: version 5:28.5.2-1~debian.13~trixie - Pin-Priority: 1001 - - Package: docker-ce-cli - Pin: version 5:28.5.2-1~debian.13~trixie - Pin-Priority: 1001 - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "13" + # - name: Install docker + # ansible.builtin.apt: + # name: + # - docker-ce + # - docker-ce-cli + # - containerd.io + # - docker-buildx-plugin + # - docker-compose-plugin + # update_cache: true - name: Install the version docker1 ansible.builtin.apt: - name: "{{ docker_package }}" + name: "{{ item }}" state: present when: - ansible_distribution == "Debian" - loop_control: - loop_var: docker_package loop: - docker-ce - docker-ce-cli + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian" + loop: - containerd.io + + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian" + loop: + - docker-buildx-plugin + + + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}=5:28.5.2-1~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian1" + loop: + - docker-ce + - docker-ce-cli + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}=1.7.28-2~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian1" + loop: + - containerd.io + + - name: Install the version docker + ansible.builtin.apt: + name: "{{ item }}=0.28.0-0~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" + state: present + allow_downgrade: true + when: + - ansible_distribution == "Debian1" + loop: - docker-buildx-plugin - - docker-compose-plugin - name: Create a directory docker.service.d ansible.builtin.file: path: /etc/systemd/system/docker.service.d/ state: directory mode: '0755' + - name: Create a directory for certs + ansible.builtin.file: + path: /etc/docker/certs + state: directory + mode: '0700' + owner: root + group: root + # - name: Copy files + # ansible.builtin.copy: + # src: server-key.pem + # dest: /etc/docker/certs/ + # mode: '0600' + # owner: root + # group: root + # - name: Copy files + # ansible.builtin.copy: + # src: ca.pem + # dest: /etc/docker/certs/ + # mode: '0600' + # owner: root + # group: root + # - name: Copy files + # ansible.builtin.copy: + # src: server-cert.pem + # dest: /etc/docker/certs/ + # mode: '0600' + # owner: root + # group: root - name: Creating a file with content ansible.builtin.copy: dest: "/etc/systemd/system/docker.service.d/override.conf" content: | [Service] ExecStart= - ExecStart=/usr/bin/dockerd -H fd:// \ - --containerd=/run/containerd/containerd.sock \ - --tlsverify --tlscacert=/etc/docker/certs/ca.pem \ - --tlscert=/etc/docker/certs/server-cert.pem \ - --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 + ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 mode: '0600' owner: root group: root notify: restart_docker when: mode == "cert" - - name: Creating a file with content - ansible.builtin.copy: - dest: "/etc/systemd/system/docker.service.d/override.conf" - content: | - [Service] - ExecStart= - ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H=0.0.0.0:2376 - mode: '0600' - owner: root - group: root - notify: restart_docker - when: mode != "cert" + # - name: Creating a file with content + # ansible.builtin.copy: + # dest: "/etc/systemd/system/docker.service.d/override.conf" + # content: | + # [Service] + # ExecStart= + # ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \ + # --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \ + # --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 + # mode: '0600' + # owner: root + # group: root + # notify: restart_docker + # when: mode != "nocert" - name: Just force systemd to reread configs ansible.builtin.systemd: @@ -204,12 +279,10 @@ name: docker state: restarted - - name: Install Loki plugin with TLS + # - name: Get keys for raspotify + # ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions + - name: Install a plugin community.docker.docker_plugin: - plugin_name: grafana/loki-docker-driver + plugin_name: grafana/loki-docker-driver:3.3.2 alias: loki state: present - environment: - DOCKER_HOST: "tcp://{{ inventory_hostname }}:2376" - DOCKER_TLS_VERIFY: "1" - DOCKER_CERT_PATH: "/tmp/certgen"