mirror of
https://gitlab.sectorq.eu/jaydee/ansible.git
synced 2026-01-29 02:49:44 +01:00
Compare commits
15 Commits
2ffed0ee15
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| b03bad579c | |||
| d9b4dd926d | |||
| 4bab45d3e8 | |||
| fbb972c20d | |||
| 8dc943257d | |||
| cf02eba95a | |||
| e7f2c941fd | |||
| 252190e128 | |||
| de51187e7a | |||
| 3264bd2b79 | |||
| 522f03d128 | |||
| 35c60a8d32 | |||
| 75baca1c9e | |||
| 5e305ed95f | |||
| 4d909bdda2 |
@@ -12,6 +12,7 @@ datacenter:
|
||||
omv.home.lan:
|
||||
192.168.77.101:
|
||||
rack.home.lan:
|
||||
morefine.home.lan:
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ansible_ssh_user: jd
|
||||
@@ -44,13 +45,22 @@ datacenter:
|
||||
# ansible_pass: l4c1!j4yd33?Du5lo1
|
||||
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython312/bin/python3
|
||||
vms:
|
||||
children:
|
||||
debian9:
|
||||
hosts:
|
||||
vm01.home.lan:
|
||||
vm02.home.lan:
|
||||
vm03.home.lan:
|
||||
vm04.home.lan:
|
||||
vm05.home.lan:
|
||||
vm06.home.lan:
|
||||
debian9-vm0[1:9].home.lan:
|
||||
debian9-vm[10:27].home.lan:
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ansible_ssh_user: jd
|
||||
ansible_ssh_password: q
|
||||
ansible_become_method: su
|
||||
ansible_become_password: q
|
||||
ansible_ssh_pass: q
|
||||
ansible_become_user: root
|
||||
rocky9:
|
||||
hosts:
|
||||
rocky9-vm0[1:9].home.lan:
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ansible_ssh_user: jd
|
||||
|
||||
@@ -66,7 +66,7 @@ datacenter:
|
||||
192.168.77.211
|
||||
vars:
|
||||
ansible_user: jd
|
||||
ansible_password: "q"
|
||||
ansible_password: q
|
||||
ansible_connection: winrm
|
||||
ansible_port: 5985
|
||||
ansible_winrm_server_cert_validation: ignore
|
||||
@@ -104,8 +104,7 @@ datacenter:
|
||||
vars:
|
||||
ansible_ssh_user: jd
|
||||
ansible_become_user: root
|
||||
ansible_become_password: q
|
||||
# ansible_ssh_password: q
|
||||
ansible_become_password: l4c1j4yd33Du5lo
|
||||
ansible_ssh_private_key_file: ssh_key.pem
|
||||
proxmox:
|
||||
children:
|
||||
@@ -181,18 +180,22 @@ datacenter:
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ansible_ssh_user: jd
|
||||
ansible_become_password: q
|
||||
ansible_ssh_private_key_file: ssh_key.pem
|
||||
vms:
|
||||
children:
|
||||
debian9:
|
||||
hosts:
|
||||
vm01.home.lan:
|
||||
vm02.home.lan:
|
||||
vm03.home.lan:
|
||||
vm04.home.lan:
|
||||
vm05.home.lan:
|
||||
vm06.home.lan:
|
||||
debian9-vm0[1:9].home.lan:
|
||||
debian9-vm[10:27].home.lan:
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ansible_ssh_user: jd
|
||||
ansible_become_password: l4c1j4yd33Du5lo
|
||||
ansible_ssh_private_key_file: ssh_key.pem
|
||||
rocky9:
|
||||
hosts:
|
||||
rocky9-vm0[1:9].home.lan:
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ansible_ssh_user: jd
|
||||
ansible_ssh_private_key_file: ssh_key.pem
|
||||
|
||||
8
init.yml
Normal file
8
init.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
38363335646465303831393433323130636362373337633537353134626338623039356132373532
|
||||
3163393361653937636136383636396431333066343633640a653465333339383239623161333065
|
||||
62633632366436316639636638313736306138323633333435343265613332383066623938616636
|
||||
6238646363373865640a343564333333363563633531373736316463356539653965346530333366
|
||||
35373366313432383466383064373734376639333162386239383533396262383839336231643834
|
||||
62616430623339313632643935666364386666386365636536313032663737353066363639366563
|
||||
623531396165383437336563643432353562
|
||||
40
jaydee.yml
40
jaydee.yml
@@ -1,20 +1,22 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37663331373063666438653164616534303732366337653238316433326364333765306339373863
|
||||
3461393866633063303730653635356435613163623337650a636639623733346638626239326566
|
||||
37393032353063363735376133333636376262386364383933303133376630353432313136356439
|
||||
6237653563646437660a653764653562626137393363396565316666383064383933323338623838
|
||||
31373234313330663861336537313431616136356234626435383037333966326637313836633561
|
||||
65356437333264393061303263326637643839313732386533366133376534383263643562333636
|
||||
62383736333438663131613563373936623261356666393931326461363336353534623464613733
|
||||
62333636326538623539393634366137663833353137656235356135326435306563393336663866
|
||||
38373563346339386364323063613436326562336337363330656330313436313730356530643237
|
||||
30316463613338613765383235613665383666303135353236663830623639343764313330653937
|
||||
35393132333565386333643534366564306165636235356138313533616261653936333161373135
|
||||
65363333376331653735336133613938313436366530656261366630616330643233353731663931
|
||||
34303632373530663437386130656633376131326538323466643830326266346465666563343364
|
||||
63303631363635303337653135336662346434653166623635633730613639653539626161323636
|
||||
31356164623537386634393534623538373833633732396232613532383163303136386139613730
|
||||
61653534636434616438633030633636343663396636653536386536333866646438633433613931
|
||||
61323833333237333063356331333137616564653636333361353239653738653830633537386661
|
||||
65353763623666326265633164633763323463363237363333373562336434393264356438323634
|
||||
613632373265346632306436633535323731
|
||||
32656139633038623333316637646532643338373330336561346239653564666362323339646165
|
||||
3533356464653662633136393937623230633863303538320a386333363938343131653664636237
|
||||
63616433373136346331373739393631303863343966396635356263666534613662306362646362
|
||||
3366393530313236340a393734623735346564326263626231373866323561633030636333626639
|
||||
36623734623536316564646261653565333537373361326533393535663634373736626431313132
|
||||
33636562636662666239366130643961633230626436313364336233636261653462616462343661
|
||||
35353332643862343533316233333432376462363130393138613364653732363934346431623865
|
||||
32396361363962396135623738333163646434333361373766303366613163396363366134646662
|
||||
36356334326337613536323434643736633236653332353931326135303136353836643532373532
|
||||
62373566376164396133386264613666323732396636646565373939323762626536343934663464
|
||||
62336434353762343664613462363465363239333337616231616266343834323237323061373237
|
||||
30653639626236646435663734346663643432316464313936656233623163656366346537643834
|
||||
36353964363462303630646635633233353838643431396537613430656234383737666661383666
|
||||
37383938323532376662363233376134626538333463393964343432356565633237313563373865
|
||||
36353333396533336434383535663238663437626464616637666234616565323462316663383137
|
||||
32656233343764366338616436633837346264353435333331616335613265653638393738393633
|
||||
36386363623137363433626465356264623463626636386633613436333938666563326264343136
|
||||
35636336316662393232653037356138666636373166626565393531616666643133663763633831
|
||||
37316236313761353564653330613934323336326264386435666366636366613861363539326131
|
||||
31363732386162613536623862333762333365343333316563633238376336643161343731393334
|
||||
3339
|
||||
|
||||
@@ -15,6 +15,10 @@
|
||||
# - name: Pull tasmota
|
||||
# ansible.builtin.shell:
|
||||
# cmd: 'git config --global --add safe.directory /share/docker_data/docker-tasmota/Tasmota'
|
||||
- name: Remove existing directory
|
||||
ansible.builtin.file:
|
||||
path: /share/docker_data/docker-tasmota/Tasmota
|
||||
state: absent
|
||||
|
||||
- name: Checkout a github repo and use refspec to fetch all pull requests
|
||||
ansible.builtin.git:
|
||||
|
||||
@@ -80,6 +80,7 @@
|
||||
name: sshpass
|
||||
state: present
|
||||
when: inventory_hostname != 'nas.home.lan'
|
||||
|
||||
- name: Create cert directory on nas server
|
||||
ansible.builtin.command: |
|
||||
sshpass -p {{ nas_password }} \
|
||||
|
||||
@@ -1,29 +1,31 @@
|
||||
- name: Upgrade
|
||||
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
||||
block:
|
||||
# - name: Hold kubeadm
|
||||
# ansible.builtin.dpkg_selections:
|
||||
# name:
|
||||
# - docker-ce
|
||||
# - docker-compose-plugin
|
||||
# - docker-ce-rootless-extras
|
||||
# - docker-ce-cli
|
||||
# - docker-buildx-plugin
|
||||
# selection: hold
|
||||
- name: Include vault
|
||||
ansible.builtin.include_vars:
|
||||
file: jaydee.yml
|
||||
- name: Include facts
|
||||
ansible.builtin.include_role:
|
||||
name: setup
|
||||
when: ansible_facts.architecture is not defined
|
||||
|
||||
|
||||
- name: Add several users
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
apt-mark hold docker-ce docker-compose-plugin docker-ce-rootless-extras docker-ce-cli docker-buildx-plugin
|
||||
register: logo
|
||||
changed_when: "logo.rc == 0"
|
||||
when: inventory_hostname != 'morefine.home.lan'
|
||||
|
||||
- name: Upgrade the full OS
|
||||
- name: Upgrade Debian
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
upgrade: full
|
||||
when: ansible_facts.os_family == "Debian"
|
||||
|
||||
- name: Upgrade RHEL / Rocky / Alma / CentOS
|
||||
ansible.builtin.dnf:
|
||||
name: "*"
|
||||
state: latest
|
||||
when: ansible_facts.os_family == "RedHat"
|
||||
|
||||
- name: Upgrade SUSE
|
||||
ansible.builtin.zypper:
|
||||
name: "*"
|
||||
state: latest
|
||||
when: ansible_facts.os_family == "Suse"
|
||||
|
||||
- name: Upgrade flatpack
|
||||
ansible.builtin.command: flatpak update -y
|
||||
|
||||
2
roles/docker/defaults/main.yml
Normal file
2
roles/docker/defaults/main.yml
Normal file
@@ -0,0 +1,2 @@
|
||||
docker_users:
|
||||
- jd
|
||||
323
roles/docker/tasks/Debian.yml
Normal file
323
roles/docker/tasks/Debian.yml
Normal file
@@ -0,0 +1,323 @@
|
||||
- name: Setup docker
|
||||
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
||||
block:
|
||||
|
||||
|
||||
- name: Create apt proxy file
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/apt/apt.conf.d/02proxy
|
||||
content: |
|
||||
Acquire::http::Proxy "http://192.168.77.101:3142";
|
||||
Acquire::https::Proxy "false";
|
||||
|
||||
- name: Print arch
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ ansible_architecture }}"
|
||||
- name: Install docker dependencies
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- ca-certificates
|
||||
- curl
|
||||
- telnet
|
||||
- net-tools
|
||||
- python3-pip
|
||||
- python3-dev
|
||||
state: present
|
||||
update_cache: true
|
||||
register: install_docker_deps
|
||||
until: install_docker_deps is succeeded
|
||||
retries: 10
|
||||
delay: 10
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.command:
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
|
||||
|
||||
# - name: Add an Apt signing key to a specific keyring file
|
||||
# ansible.builtin.apt_key:
|
||||
# url: https://download.docker.com/linux/debian/gpg
|
||||
# keyring: /etc/apt/keyrings/docker.asc
|
||||
# when:
|
||||
# - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell:
|
||||
# curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
# when:
|
||||
# - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell:
|
||||
curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
- name: Ensure docker keyring directory exists
|
||||
file:
|
||||
path: /etc/apt/keyrings
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Download Docker GPG key
|
||||
get_url:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
dest: /etc/apt/keyrings/docker.asc
|
||||
mode: "0644"
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Install docker.sources file
|
||||
template:
|
||||
src: docker.sources.j2
|
||||
dest: /etc/apt/sources.list.d/docker.sources
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Create docker.sources file
|
||||
copy:
|
||||
dest: /etc/apt/sources.list.d/docker.sources
|
||||
mode: "0644"
|
||||
content: |
|
||||
Types: deb
|
||||
URIs: https://download.docker.com/linux/debian
|
||||
Suites: {{ ansible_facts['lsb']['codename'] }}
|
||||
Components: stable
|
||||
Signed-By: /etc/apt/keyrings/docker.asc
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Download Docker GPG key
|
||||
get_url:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
dest: /etc/apt/keyrings/docker.asc
|
||||
mode: "0644"
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Add an Apt signing key to a specific keyring file
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
keyring: /etc/apt/keyrings/docker.asc
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell:
|
||||
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
|
||||
# when:
|
||||
# - ansible_distribution == "Ubuntu"
|
||||
- name: Change file ownership, group and permissions
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/keyrings/docker.asc
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell:
|
||||
# chmod a+r /etc/apt/keyrings/docker.asc
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
# - name: Install docker
|
||||
# ansible.builtin.apt:
|
||||
# name:
|
||||
# - docker-ce
|
||||
# - docker-ce-cli
|
||||
# - containerd.io
|
||||
# - docker-buildx-plugin
|
||||
# - docker-compose-plugin
|
||||
# update_cache: true
|
||||
- name: Install the version docker1
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
loop:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
loop:
|
||||
- containerd.io
|
||||
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
loop:
|
||||
- docker-buildx-plugin
|
||||
|
||||
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}=5:28.5.2-1~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian1"
|
||||
loop:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}=1.7.28-2~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian1"
|
||||
loop:
|
||||
- containerd.io
|
||||
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}=0.28.0-0~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian1"
|
||||
loop:
|
||||
- docker-buildx-plugin
|
||||
|
||||
- name: Create a directory docker.service.d
|
||||
ansible.builtin.file:
|
||||
path: /etc/systemd/system/docker.service.d/
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Create a directory for certs
|
||||
ansible.builtin.file:
|
||||
path: /etc/docker/certs
|
||||
state: directory
|
||||
mode: '0700'
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
# - name: Copy files
|
||||
# ansible.builtin.copy:
|
||||
# src: server-key.pem
|
||||
# dest: /etc/docker/certs/
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
# - name: Copy files
|
||||
# ansible.builtin.copy:
|
||||
# src: ca.pem
|
||||
# dest: /etc/docker/certs/
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
# - name: Copy files
|
||||
# ansible.builtin.copy:
|
||||
# src: server-cert.pem
|
||||
# dest: /etc/docker/certs/
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
- name: Creating a file with content
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/systemd/system/docker.service.d/override.conf"
|
||||
content: |
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
|
||||
mode: '0600'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart_docker
|
||||
when: mode == "cert"
|
||||
|
||||
# - name: Creating a file with content
|
||||
# ansible.builtin.copy:
|
||||
# dest: "/etc/systemd/system/docker.service.d/override.conf"
|
||||
# content: |
|
||||
# [Service]
|
||||
# ExecStart=
|
||||
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \
|
||||
# --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \
|
||||
# --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
# notify: restart_docker
|
||||
# when: mode != "nocert"
|
||||
|
||||
- name: Just force systemd to reread configs
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Check if file exists
|
||||
ansible.builtin.stat:
|
||||
path: /etc/docker/certs/ca.pem
|
||||
register: file_check
|
||||
|
||||
- name: Print file check result
|
||||
ansible.builtin.debug:
|
||||
var: file_check
|
||||
|
||||
- name: Include role only if missing
|
||||
ansible.builtin.include_role:
|
||||
name: cert_gen
|
||||
when: not file_check.stat.exists and mode == "cert"
|
||||
|
||||
|
||||
- name: Create docker config file
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/docker/daemon.json
|
||||
content: |
|
||||
{
|
||||
"log-driver": "json-file",
|
||||
"log-opts": {
|
||||
"max-size": "10m",
|
||||
"max-file": "3"
|
||||
},
|
||||
"data-root": "/var/lib/docker",
|
||||
"dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"],
|
||||
"dns-search": ["lan", "home.lan"]
|
||||
|
||||
}
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
|
||||
- name: Restart docker service
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: restarted
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
|
||||
- name: Install a plugin
|
||||
community.docker.docker_plugin:
|
||||
plugin_name: grafana/loki-docker-driver
|
||||
alias: loki
|
||||
state: enable
|
||||
130
roles/docker/tasks/RedHat.yml
Normal file
130
roles/docker/tasks/RedHat.yml
Normal file
@@ -0,0 +1,130 @@
|
||||
- name: Setup docker
|
||||
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
||||
block:
|
||||
- name: Facts
|
||||
ansible.builtin.setup:
|
||||
|
||||
- name: Remove old Docker packages
|
||||
ansible.builtin.dnf:
|
||||
name:
|
||||
- docker
|
||||
- docker-client
|
||||
- docker-client-latest
|
||||
- docker-common
|
||||
- docker-latest
|
||||
- docker-latest-logrotate
|
||||
- docker-logrotate
|
||||
- docker-engine
|
||||
state: absent
|
||||
|
||||
- name: Install required packages
|
||||
ansible.builtin.dnf:
|
||||
name:
|
||||
- dnf-plugins-core
|
||||
- ca-certificates
|
||||
- curl
|
||||
- gnupg2
|
||||
state: present
|
||||
|
||||
- name: Add Docker repository
|
||||
ansible.builtin.get_url:
|
||||
url: https://download.docker.com/linux/centos/docker-ce.repo
|
||||
dest: /etc/yum.repos.d/docker-ce.repo
|
||||
mode: '0644'
|
||||
|
||||
- name: Install Docker Engine
|
||||
ansible.builtin.dnf:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-buildx-plugin
|
||||
- docker-compose-plugin
|
||||
state: latest
|
||||
|
||||
- name: Add users to docker group
|
||||
ansible.builtin.user:
|
||||
name: "{{ item }}"
|
||||
groups: docker
|
||||
append: true
|
||||
loop: "{{ docker_users }}"
|
||||
when: docker_users | length > 0
|
||||
|
||||
- name: Create a directory docker.service.d
|
||||
ansible.builtin.file:
|
||||
path: /etc/systemd/system/docker.service.d/
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Create a directory for certs
|
||||
ansible.builtin.file:
|
||||
path: /etc/docker/certs
|
||||
state: directory
|
||||
mode: '0700'
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Creating a file with content
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/systemd/system/docker.service.d/override.conf"
|
||||
content: |
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
|
||||
mode: '0600'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart_docker
|
||||
when: mode == "cert"
|
||||
|
||||
- name: Just force systemd to reread configs
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Check if file exists
|
||||
ansible.builtin.stat:
|
||||
path: /etc/docker/certs/ca.pem
|
||||
register: file_check
|
||||
|
||||
- name: Print file check result
|
||||
ansible.builtin.debug:
|
||||
var: file_check
|
||||
|
||||
- name: Include role only if missing
|
||||
ansible.builtin.include_role:
|
||||
name: cert_gen
|
||||
when: not file_check.stat.exists and mode == "cert"
|
||||
|
||||
|
||||
- name: Create docker config file
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/docker/daemon.json
|
||||
content: |
|
||||
{
|
||||
"log-driver": "json-file",
|
||||
"log-opts": {
|
||||
"max-size": "10m",
|
||||
"max-file": "3"
|
||||
},
|
||||
"data-root": "/var/lib/docker",
|
||||
"dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"],
|
||||
"dns-search": ["lan", "home.lan"]
|
||||
|
||||
}
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
|
||||
- name: Restart docker service
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: restarted
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
|
||||
- name: Install a plugin
|
||||
community.docker.docker_plugin:
|
||||
plugin_name: grafana/loki-docker-driver
|
||||
alias: loki
|
||||
state: enable
|
||||
@@ -1,325 +1,7 @@
|
||||
- name: Setup docker
|
||||
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
||||
block:
|
||||
- name: Include vault
|
||||
ansible.builtin.include_vars:
|
||||
file: jaydee.yml
|
||||
- name: Facts
|
||||
ansible.builtin.setup:
|
||||
|
||||
- name: Print arch
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ ansible_architecture }}"
|
||||
- name: Install docker dependencies
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- ca-certificates
|
||||
- curl
|
||||
- telnet
|
||||
- net-tools
|
||||
- python3-pip
|
||||
- python3-dev
|
||||
state: present
|
||||
update_cache: true
|
||||
register: install_docker_deps
|
||||
until: install_docker_deps is succeeded
|
||||
retries: 10
|
||||
delay: 10
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.command:
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
|
||||
|
||||
# - name: Add an Apt signing key to a specific keyring file
|
||||
# ansible.builtin.apt_key:
|
||||
# url: https://download.docker.com/linux/debian/gpg
|
||||
# keyring: /etc/apt/keyrings/docker.asc
|
||||
# when:
|
||||
# - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell:
|
||||
# curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
# when:
|
||||
# - ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell:
|
||||
curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
- name: Ensure docker keyring directory exists
|
||||
file:
|
||||
path: /etc/apt/keyrings
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Download Docker GPG key
|
||||
get_url:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
dest: /etc/apt/keyrings/docker.asc
|
||||
mode: "0644"
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Install docker.sources file
|
||||
template:
|
||||
src: docker.sources.j2
|
||||
dest: /etc/apt/sources.list.d/docker.sources
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Create docker.sources file
|
||||
copy:
|
||||
dest: /etc/apt/sources.list.d/docker.sources
|
||||
mode: "0644"
|
||||
content: |
|
||||
Types: deb
|
||||
URIs: https://download.docker.com/linux/debian
|
||||
Suites: {{ ansible_facts['lsb']['codename'] }}
|
||||
Components: stable
|
||||
Signed-By: /etc/apt/keyrings/docker.asc
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
- name: Download Docker GPG key
|
||||
get_url:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
dest: /etc/apt/keyrings/docker.asc
|
||||
mode: "0644"
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "13"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
- name: Add an Apt signing key to a specific keyring file
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
keyring: /etc/apt/keyrings/docker.asc
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell:
|
||||
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
|
||||
# when:
|
||||
# - ansible_distribution == "Ubuntu"
|
||||
- name: Change file ownership, group and permissions
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/keyrings/docker.asc
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell:
|
||||
# chmod a+r /etc/apt/keyrings/docker.asc
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
when:
|
||||
- ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
|
||||
|
||||
- name: Get keys for raspotify
|
||||
ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
# - name: Install docker
|
||||
# ansible.builtin.apt:
|
||||
# name:
|
||||
# - docker-ce
|
||||
# - docker-ce-cli
|
||||
# - containerd.io
|
||||
# - docker-buildx-plugin
|
||||
# - docker-compose-plugin
|
||||
# update_cache: true
|
||||
- name: Install the version docker1
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
loop:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
loop:
|
||||
- containerd.io
|
||||
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
loop:
|
||||
- docker-buildx-plugin
|
||||
|
||||
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}=5:28.5.2-1~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian1"
|
||||
loop:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}=1.7.28-2~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian1"
|
||||
loop:
|
||||
- containerd.io
|
||||
|
||||
- name: Install the version docker
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}=0.28.0-0~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}"
|
||||
state: present
|
||||
allow_downgrade: true
|
||||
when:
|
||||
- ansible_distribution == "Debian1"
|
||||
loop:
|
||||
- docker-buildx-plugin
|
||||
|
||||
- name: Create a directory docker.service.d
|
||||
ansible.builtin.file:
|
||||
path: /etc/systemd/system/docker.service.d/
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Create a directory for certs
|
||||
ansible.builtin.file:
|
||||
path: /etc/docker/certs
|
||||
state: directory
|
||||
mode: '0700'
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
# - name: Copy files
|
||||
# ansible.builtin.copy:
|
||||
# src: server-key.pem
|
||||
# dest: /etc/docker/certs/
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
# - name: Copy files
|
||||
# ansible.builtin.copy:
|
||||
# src: ca.pem
|
||||
# dest: /etc/docker/certs/
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
# - name: Copy files
|
||||
# ansible.builtin.copy:
|
||||
# src: server-cert.pem
|
||||
# dest: /etc/docker/certs/
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
- name: Creating a file with content
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/systemd/system/docker.service.d/override.conf"
|
||||
content: |
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
|
||||
mode: '0600'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart_docker
|
||||
when: mode == "cert"
|
||||
|
||||
# - name: Creating a file with content
|
||||
# ansible.builtin.copy:
|
||||
# dest: "/etc/systemd/system/docker.service.d/override.conf"
|
||||
# content: |
|
||||
# [Service]
|
||||
# ExecStart=
|
||||
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \
|
||||
# --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \
|
||||
# --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
|
||||
# mode: '0600'
|
||||
# owner: root
|
||||
# group: root
|
||||
# notify: restart_docker
|
||||
# when: mode != "nocert"
|
||||
|
||||
- name: Just force systemd to reread configs
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Check if file exists
|
||||
ansible.builtin.stat:
|
||||
path: /etc/docker/certs/ca.pem
|
||||
register: file_check
|
||||
|
||||
- name: Print file check result
|
||||
ansible.builtin.debug:
|
||||
var: file_check
|
||||
|
||||
- name: Include role only if missing
|
||||
ansible.builtin.include_role:
|
||||
name: cert_gen
|
||||
when: not file_check.stat.exists and mode == "cert"
|
||||
|
||||
|
||||
- name: Create docker config file
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/docker/daemon.json
|
||||
content: |
|
||||
{
|
||||
"log-driver": "json-file",
|
||||
"log-opts": {
|
||||
"max-size": "10m",
|
||||
"max-file": "3"
|
||||
},
|
||||
"data-root": "/var/lib/docker",
|
||||
"dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"],
|
||||
"dns-search": ["lan", "home.lan"]
|
||||
|
||||
}
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
|
||||
- name: Restart docker service
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: restarted
|
||||
|
||||
# - name: Get keys for raspotify
|
||||
# ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
|
||||
- name: Install a plugin
|
||||
community.docker.docker_plugin:
|
||||
plugin_name: grafana/loki-docker-driver
|
||||
alias: loki
|
||||
state: present
|
||||
- name: Include OS-specific tasks
|
||||
ansible.builtin.include_tasks: "{{ ansible_facts.os_family }}.yml"
|
||||
@@ -2,19 +2,29 @@
|
||||
become: "{{ 'no' if inventory_hostname in ['sectorq.cloud', 'nas.home.lan'] else 'yes' }}"
|
||||
become_method: su
|
||||
block:
|
||||
|
||||
- name: Include vault
|
||||
ansible.builtin.include_vars:
|
||||
file: jaydee.yml
|
||||
file: init.yml
|
||||
- name: Change password for jd
|
||||
ansible.builtin.user:
|
||||
name: jd
|
||||
password: "{{ jd_password | password_hash('sha512') }}"
|
||||
- name: Check if group exists
|
||||
getent:
|
||||
database: group
|
||||
key: sudo
|
||||
register: group_check
|
||||
ignore_errors: true
|
||||
|
||||
- name: Ensure deploy user exists
|
||||
ansible.builtin.user:
|
||||
name: jd
|
||||
shell: /bin/bash
|
||||
groups: sudo
|
||||
append: true
|
||||
when: group_check is succeeded
|
||||
|
||||
- name: Give deploy sudo access
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/sudoers.d/jd
|
||||
|
||||
Reference in New Issue
Block a user