From 2224228ef2c4b267f0ceb103919e3ab51d42611a Mon Sep 17 00:00:00 2001 From: Olivier Navas Date: Tue, 12 Nov 2024 12:14:09 +0100 Subject: [PATCH] =?UTF-8?q?S=C3=A9paration=20des=20roles=20host=20et=20tra?= =?UTF-8?q?efik?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 3 -- README.md | 15 +-------- defaults/main.yml | 3 -- tasks/main.yml | 26 --------------- templates/traefik-docker-compose.yml.j2 | 44 ------------------------- tests/inventory | 2 -- tests/test.yml | 5 --- 7 files changed, 1 insertion(+), 97 deletions(-) delete mode 100644 .gitignore delete mode 100644 templates/traefik-docker-compose.yml.j2 delete mode 100644 tests/inventory delete mode 100644 tests/test.yml diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 5c199eb..0000000 --- a/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -# ---> Ansible -*.retry - diff --git a/README.md b/README.md index 28d4ed6..54b24aa 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Role : docker_host ==================- -Configure un hote de sorte qu'il soit prêt à accueillir des conteneurs docker. Configure également un conteneur traefik prêt à servir de reverse proxy local pour les applications web. +Configure un hote de sorte qu'il soit prêt à accueillir des conteneurs docker. Utilisation @@ -12,18 +12,5 @@ Le rôle s'utilise sans paramètre. Il est cependant possible d'agir sur les par | Paramètre | Valeur par défaut | Description | |---------------------------------|-------------------|--------------------------------------------------------------------------------------------------------| | docker_host_data_dir | /data1/docker | Répertoire de base de stockage par docker des images et conteneurs (valeur par défaut recommandée) | -| docker_host_traefik_trusted_ips | [] | liste des reverse proxy de confiance pour traefik, pour la récupération des entêtes http | -| docker_host_traefik_enabled | true | Indique si le reverse proxy local traefik doit être installé et activé (valeur par défaut recommandée) | -| docker_host_traefik_admin | | Chaine user + mdp chiffré pour l'accès à l'interface de traefik sur le port 8443 | | docker_host_user_namespaces | true | Permet de activer/désactiver les user namespaces docker sur l'hôte | -Par exemple : -```yaml -docker_host_traefik_admin: "admin:$$apr1$$HWiac5ae$$fBaMfNze1G96R2d5ntiID/" -docker_host_traefik_trusted_ips: 10.1.2.3 -``` - -A noter : la valeur de docker_host_traefik_admin pour un compte d'accès "admin" avec mot de passe "4dm1n" s'obtient par : -```sh -echo $(htpasswd -nb admin 4dm1n) | sed -e s/\\$/\\$\\$/g -``` diff --git a/defaults/main.yml b/defaults/main.yml index 13bec48..4038cd8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,8 +1,5 @@ docker_host_data_dir: /data1/docker -docker_host_traefik_enabled: true -docker_host_traefik_trusted_ips: [] docker_host_user_namespaces: true -docker_host_traefik_listen_ip: "0.0.0.0" docker_host_address_pools: - base: 172.18.0.0/16 size: 24 diff --git a/tasks/main.yml b/tasks/main.yml index 134b96d..0238d15 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -82,29 +82,3 @@ src: docker_prune.j2 dest: /etc/cron.daily/docker_prune mode: u=rwx,g=rx,o=rx - -- name: Traefik network - community.docker.docker_network: - name: traefik - when: docker_host_traefik_enabled - -- name: Traefik dir - ansible.builtin.file: - path: /opt/traefik - state: directory - mode: u=rwx,g=rx,o= - when: docker_host_traefik_enabled - -- name: Traefik compose - ansible.builtin.template: - src: traefik-docker-compose.yml.j2 - dest: /opt/traefik/docker-compose.yml - mode: u=rw,g=r,o=r - register: traefik_compose_file - when: docker_host_traefik_enabled - -- name: Traefik run - ansible.builtin.command: "docker compose up -d" - args: - chdir: /opt/traefik/ - when: docker_host_traefik_enabled and traefik_compose_file.changed diff --git a/templates/traefik-docker-compose.yml.j2 b/templates/traefik-docker-compose.yml.j2 deleted file mode 100644 index 7cadff2..0000000 --- a/templates/traefik-docker-compose.yml.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# {{ ansible_managed }} - -networks: - traefik: - external: true - -services: - traefik: - image: traefik:v3 - restart: always - command: - - "--log.level=INFO" - - "--accesslog=true" - - "--accesslog.fields.names.StartUTC=drop" - - "--api=true" - - "--api.dashboard=true" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entryPoints.web.forwardedHeaders.trustedIPs={{ docker_host_traefik_trusted_ips }}" - - "--entrypoints.websecure.address=:443" - - "--entryPoints.websecure.forwardedHeaders.trustedIPs={{ docker_host_traefik_trusted_ips }}" - - "--entrypoints.api.address=:8443" - labels: - - "traefik.enable=true" - - "traefik.docker.network=traefik" - - "traefik.port=8443" - - "traefik.http.routers.api.entrypoints=api" - - "traefik.http.routers.api.rule=(PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - - "traefik.http.routers.api.service=api@internal" - - "traefik.http.routers.api.middlewares=auth" - - "traefik.http.routers.api.tls" - - "traefik.http.middlewares.auth.basicauth.users={{ docker_host_traefik_admin }}" - ports: - - "{{ docker_host_traefik_listen_ip }}:80:80" - - "{{ docker_host_traefik_listen_ip }}:443:443" - - "{{ docker_host_traefik_listen_ip }}:8443:8443" - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - environment: - - TZ=Europe/Paris - networks: - - traefik - userns_mode: "host" diff --git a/tests/inventory b/tests/inventory deleted file mode 100644 index 878877b..0000000 --- a/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/tests/test.yml b/tests/test.yml deleted file mode 100644 index 5f626a7..0000000 --- a/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - ansible-role-docker_host