ansible-role-docker_host/tasks/main.yml

- name: Install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: present
  with_items:
    - gpg

- name: Add docker apt-key
  ansible.builtin.apt_key:
    url: https://download.docker.com/linux/debian/gpg
    state: present

- name: Add docker apt repository
  ansible.builtin.apt_repository:
    repo: 'deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
    state: present
    filename: docker
    update_cache: true


- name: Install packages
  ansible.builtin.package:
    name:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - python3-pip
    state: present


- name: Configure user dockremap
  ansible.builtin.user:
    name: dockremap
    state: present
    shell: /bin/false

- name: Configure namespaces dans grub
  ansible.builtin.lineinfile:
    state: present
    dest: /etc/default/grub
    backrefs: true
    regexp: '^GRUB_CMDLINE_LINUX="((.*?)namespace\.unpriv_enable=1 user_namespace\.enable=1)?\s?(.*?)$'
    line: 'GRUB_CMDLINE_LINUX="\2namespace.unpriv_enable=1 user_namespace.enable=1 \3'
  register: _grub_config

- name: Configure update grub
  ansible.builtin.command: "{{ update_grub_command }}"
  when: _grub_config.changed # noqa: no-handler
  changed_when: true

- name: Configure execute handlers maintenant, avant possible reboot
  ansible.builtin.meta: flush_handlers

- name: Configure sysctl user_namespaces
  ansible.posix.sysctl:
    name: user.max_user_namespaces
    value: 15076
    sysctl_set: true
    state: present
    reload: true

- name: Configure docker daemon.json
  ansible.builtin.template:
    src: daemon.json.j2
    dest: /etc/docker/daemon.json
    mode: u=rw,g=r,o=r
  notify:
    - Restart docker

- name: REBOOT IMMEDIAT pour prise en compte configuration, relancer le playbook s'il ne poursuit pas tout seul
  ansible.builtin.reboot:
  when: _grub_config.changed # noqa: no-handler

- name: Active docker
  ansible.builtin.service:
    name: docker
    state: started
    enabled: true

- name: Configure tâche cron pour docker system prune
  ansible.builtin.template:
    src: docker_prune.j2
    dest: /etc/cron.daily/docker_prune
    mode: u=rwx,g=rx,o=rx

- name: Traefik network
  community.docker.docker_network:
    name: traefik
  when: docker_host_traefik_enabled

- name: Traefik dir
  ansible.builtin.file:
    path: /opt/traefik
    state: directory
    mode: u=rwx,g=rx,o=
  when: docker_host_traefik_enabled

- name: Traefik compose
  ansible.builtin.template:
    src: traefik-docker-compose.yml.j2
    dest: /opt/traefik/docker-compose.yml
    mode: u=rw,g=r,o=r
  register: traefik_compose_file
  when: docker_host_traefik_enabled

- name: Traefik run
  ansible.builtin.command: "docker compose up -d"
  args:
    chdir: /opt/traefik/
  when: docker_host_traefik_enabled and traefik_compose_file.changed
Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Install packages`
			`ansible.builtin.package:`
			`name: "{{ item }}"`
			`state: present`
Initial commit 2022-03-21 14:22:19 +01:00			`with_items:`
			`- gpg`

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Add docker apt-key`
			`ansible.builtin.apt_key:`
			`url: https://download.docker.com/linux/debian/gpg`
			`state: present`
Initial commit 2022-03-21 14:22:19 +01:00
Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Add docker apt repository`
			`ansible.builtin.apt_repository:`
			`repo: 'deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'`
			`state: present`
Initial commit 2022-03-21 14:22:19 +01:00			`filename: docker`
Améliorations diverses 2024-04-06 20:21:07 +02:00			`update_cache: true`
Initial commit 2022-03-21 14:22:19 +01:00

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Install packages`
			`ansible.builtin.package:`
			`name:`
			`- docker-ce`
			`- docker-ce-cli`
			`- containerd.io`
			`- python3-pip`
			`state: present`
Initial commit 2022-03-21 14:22:19 +01:00

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Configure user dockremap`
			`ansible.builtin.user:`
Initial commit 2022-03-21 14:22:19 +01:00			`name: dockremap`
			`state: present`
			`shell: /bin/false`

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Configure namespaces dans grub`
			`ansible.builtin.lineinfile:`
Initial commit 2022-03-21 14:22:19 +01:00			`state: present`
			`dest: /etc/default/grub`
Améliorations diverses 2024-04-06 20:21:07 +02:00			`backrefs: true`
			`regexp: '^GRUB_CMDLINE_LINUX="((.?)namespace\.unpriv_enable=1 user_namespace\.enable=1)?\s?(.?)$'`
			`line: 'GRUB_CMDLINE_LINUX="\2namespace.unpriv_enable=1 user_namespace.enable=1 \3'`
			`register: _grub_config`

			`- name: Configure update grub`
			`ansible.builtin.command: "{{ update_grub_command }}"`
			`when: _grub_config.changed # noqa: no-handler`
			`changed_when: true`

			`- name: Configure execute handlers maintenant, avant possible reboot`
			`ansible.builtin.meta: flush_handlers`

			`- name: Configure sysctl user_namespaces`
			`ansible.posix.sysctl:`
			`name: user.max_user_namespaces`
			`value: 15076`
			`sysctl_set: true`
			`state: present`
			`reload: true`

			`- name: Configure docker daemon.json`
			`ansible.builtin.template:`
Initial commit 2022-03-21 14:22:19 +01:00			`src: daemon.json.j2`
			`dest: /etc/docker/daemon.json`
Améliorations diverses 2024-04-06 20:21:07 +02:00			`mode: u=rw,g=r,o=r`
Initial commit 2022-03-21 14:22:19 +01:00			`notify:`
Améliorations diverses 2024-04-06 20:21:07 +02:00			`- Restart docker`
Initial commit 2022-03-21 14:22:19 +01:00
Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: REBOOT IMMEDIAT pour prise en compte configuration, relancer le playbook s'il ne poursuit pas tout seul`
			`ansible.builtin.reboot:`
			`when: _grub_config.changed # noqa: no-handler`
Correction version traefik, correction d'un defaut d'ordre des étapes d'installation, ajout d'un parametre listen_ip pour traefik 2024-01-13 20:09:30 +01:00
Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Active docker`
			`ansible.builtin.service:`
Initial commit 2022-03-21 14:22:19 +01:00			`name: docker`
			`state: started`
Améliorations diverses 2024-04-06 20:21:07 +02:00			`enabled: true`
Initial commit 2022-03-21 14:22:19 +01:00
Ajout d'une tâche planifiée pour réaliser un docker system prune tous les jours 2024-04-21 10:34:03 +02:00			`- name: Configure tâche cron pour docker system prune`
			`ansible.builtin.template:`
			`src: docker_prune.j2`
			`dest: /etc/cron.daily/docker_prune`
			`mode: u=rwx,g=rx,o=rx`

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Traefik network`
			`community.docker.docker_network:`
Initial commit 2022-03-21 14:22:19 +01:00			`name: traefik`
			`when: docker_host_traefik_enabled`

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Traefik dir`
			`ansible.builtin.file:`
Initial commit 2022-03-21 14:22:19 +01:00			`path: /opt/traefik`
			`state: directory`
Améliorations diverses 2024-04-06 20:21:07 +02:00			`mode: u=rwx,g=rx,o=`
Initial commit 2022-03-21 14:22:19 +01:00			`when: docker_host_traefik_enabled`

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Traefik compose`
			`ansible.builtin.template:`
Initial commit 2022-03-21 14:22:19 +01:00			`src: traefik-docker-compose.yml.j2`
			`dest: /opt/traefik/docker-compose.yml`
Améliorations diverses 2024-04-06 20:21:07 +02:00			`mode: u=rw,g=r,o=r`
Initial commit 2022-03-21 14:22:19 +01:00			`register: traefik_compose_file`
			`when: docker_host_traefik_enabled`

Améliorations diverses 2024-04-06 20:21:07 +02:00			`- name: Traefik run`
			`ansible.builtin.command: "docker compose up -d"`
Initial commit 2022-03-21 14:22:19 +01:00			`args:`
			`chdir: /opt/traefik/`
			`when: docker_host_traefik_enabled and traefik_compose_file.changed`