-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker.yml
140 lines (136 loc) · 3.79 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
---
# file: docker.yml
- hosts: docker
become: true
vars:
default_user: "{{ ansible_user }}"
pre_tasks:
- name: Update apt-cache if needed
apt:
update_cache: yes
cache_valid_time: 3600
- name: Add docker data group
group:
name: "{{ data_user }}"
state: present
gid: "{{ data_id }}"
- name: Add docker data user
user:
name: "{{ data_user }}"
state: present
uid: "{{ data_id }}"
group: "{{ data_user }}"
append: yes
groups:
- "{{ data_user }}"
roles:
- base_server
- docker
- ansible_server
tasks:
- name: Docker macvlan network
docker_network:
name: lan-network
driver: "macvlan"
driver_options:
parent: eth0
ipam_config:
- subnet: "192.168.0.0/24"
gateway: "192.168.0.1"
iprange: "192.168.0.64/26"
- name: Install git
apt:
name:
- git
- acl
state: present
- name: Add devops to "{{ data_user }}"
user:
name: devops
state: present
append: yes
groups:
- "{{ data_user }}"
- name: Setup docker directories
file:
path: "{{item}}"
state: directory
mode: 0775
owner: "{{ data_user }}"
group: "{{ data_user }}"
loop:
- /ctr_cfg
- /ctr_data
- name: Checkout Docker configuration
git:
repo: [email protected]:acbgbca/microserver-docker.git
dest: /ctr_cfg
update: no
accept_hostkey: yes
become: no
register: gitupdate
- name: Fix Git ownership
file:
path: /ctr_cfg
state: directory
mode: 0775
owner: "{{ data_user }}"
group: "{{ data_user }}"
recursive: yes
when: gitupdate.changed
- name: Setup NFS mounts
include_tasks:
file: includes/nfs_mounts.yml
apply:
tags: nfs
with_items: "{{ nfs_mounts }}"
tags: nfs
- name: Setup weekly backup task
template:
src: templates/docker-backup-upgrade
dest: /etc/cron.weekly/docker-backup-upgrade
owner: root
group: root
mode: '0755'
tags:
- backup
# The version of ansible on the server won't currently work with this
# - name: Checkout Ansible playbooks
# git:
# repo: [email protected]:acbgbca/microserver-ansible-playbooks.git
# dest: "/home/{{ ansible_user }}/ansible"
# update: no
# accept_hostkey: yes
# become: no
# - name: Install password file
# copy:
# src: vault_password.txt
# dest: "/home/{{ ansible_user }}/password.txt"
# owner: "{{ ansible_user }}"
# group: "{{ ansible_user }}"
# mode: "0600"
# - name: Install hosts file
# copy:
# src: docker_localhosts
# dest: "/home/{{ ansible_user }}/hosts"
# owner: "{{ ansible_user }}"
# group: "{{ ansible_user }}"
# mode: "0600"
# - name: Install hosts file
# copy:
# src: requirements.yml
# dest: "/home/{{ ansible_user }}/ansible/requirements.yml"
# owner: "{{ ansible_user }}"
# group: "{{ ansible_user }}"
# mode: "0600"
# - name: Install Community Collections
# shell: "ansible-galaxy collection install community.general"
# - name: Install weekly update job
# cron:
# name: Docker backup and upgrade
# minute: 0
# hour: 3
# weekday: 6
# job: "ansible-playbook -i /home/{{ ansible_user }}/hosts /home/{{ ansible_user }}/ansible/docker-backup.yml --vault-password-file /home/{{ ansible_user }}/password.txt"
# cron_file: docker-backup-upgrade
# user: "{{ ansible_user }}"