126 lines
3.8 KiB
YAML
126 lines
3.8 KiB
YAML
---
|
|
- name: Add Docker CE repository
|
|
ansible.builtin.yum_repository:
|
|
name: "docker-ce"
|
|
file: "Docker-CE"
|
|
description: "Docker CE Stable"
|
|
baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable"
|
|
gpgcheck: True
|
|
enabled: True
|
|
gpgkey: "https://download.docker.com/linux/rhel/gpg"
|
|
|
|
- name: Ensure to remove old docker packages
|
|
ansible.builtin.package:
|
|
name:
|
|
- python3-requests
|
|
- docker
|
|
- docker-common
|
|
- docker-engine
|
|
state: absent
|
|
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop: "{{ dockerengine_packages }}"
|
|
|
|
- name: Add namespace group
|
|
ansible.builtin.group:
|
|
name: "{{ dockerengine_nsremap_user }}"
|
|
state: present
|
|
when: dockerengine_usernamespace_enabled | bool
|
|
|
|
- name: Setup namespace user
|
|
ansible.builtin.user:
|
|
name: "{{ dockerengine_nsremap_user }}"
|
|
group: "{{ dockerengine_nsremap_user }}"
|
|
shell: /sbin/nologin
|
|
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
|
|
|
|
- name: Remove namespace group
|
|
ansible.builtin.group:
|
|
name: "{{ dockerengine_nsremap_user }}"
|
|
state: absent
|
|
when: not dockerengine_usernamespace_enabled | bool
|
|
|
|
- name: Configure namespace id range
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ item }}"
|
|
regexp: "^{{ dockerengine_nsremap_user }}:"
|
|
line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}"
|
|
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
|
|
loop:
|
|
- /etc/subuid
|
|
- /etc/subgid
|
|
|
|
- name: Create required directories
|
|
ansible.builtin.file:
|
|
path: "{{ item.name }}"
|
|
state: directory
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- name: /etc/systemd/system/docker.service.d
|
|
mode: "0755"
|
|
- name: /etc/docker
|
|
mode: "0755"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
|
|
- name: Write environment file
|
|
ansible.builtin.template:
|
|
src: etc/sysconfig/docker.j2
|
|
dest: /etc/sysconfig/docker
|
|
mode: "0600"
|
|
notify: __docker_restart
|
|
|
|
- name: Write service override.conf
|
|
ansible.builtin.template:
|
|
src: etc/systemd/system/docker.service.d/override.conf.j2
|
|
dest: /etc/systemd/system/docker.service.d/override.conf
|
|
mode: "0644"
|
|
notify: __docker_restart
|
|
|
|
- name: Write daemon config
|
|
ansible.builtin.copy:
|
|
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
|
|
dest: /etc/docker/daemon.json
|
|
mode: "0600"
|
|
notify: __docker_restart
|
|
|
|
- name: Deploy daemon config
|
|
ansible.builtin.copy:
|
|
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
|
|
dest: /etc/docker/daemon.json
|
|
mode: "0600"
|
|
notify: __docker_restart
|
|
|
|
- name: Ensure docker engine is up and running
|
|
ansible.builtin.service:
|
|
name: "{{ dockerengine_service }}"
|
|
enabled: True
|
|
state: started
|
|
|
|
- name: Handle registry logins
|
|
community.docker.docker_login:
|
|
registry: "{{ item.url | default(omit) }}"
|
|
username: "{{ item.username }}"
|
|
password: "{{ item.password }}"
|
|
reauthorize: "{{ item.reauthorize | default(False) }}"
|
|
state: '{{ item.state | default("present") }}'
|
|
loop: "{{ dockerengine_registries }}"
|
|
loop_control:
|
|
label: "{{ item.url | default('DockerHub') }}"
|
|
|
|
- name: Create docker networks
|
|
community.docker.docker_network:
|
|
name: "{{ item.name }}"
|
|
driver: "{{ item.driver | default('bridge') }}"
|
|
enable_ipv6: "{{ item.enable_ipv6 | default(False) }}"
|
|
ipam_config: "{{ item.ipam_config | default(omit) }}"
|
|
force: "{{ item.force | default(omit) }}"
|
|
state: "{{ item.state | default('present') }}"
|
|
loop: "{{ dockerengine_networks + dockerengine_networks_extra }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
notify: __docker_restart
|