110 lines
2.8 KiB
YAML
110 lines
2.8 KiB
YAML
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- gpg
|
|
|
|
- name: Add docker apt-key
|
|
ansible.builtin.apt_key:
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
state: present
|
|
|
|
- name: Add docker apt repository
|
|
ansible.builtin.apt_repository:
|
|
repo: 'deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
|
|
state: present
|
|
filename: docker
|
|
update_cache: true
|
|
|
|
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- python3-pip
|
|
state: present
|
|
|
|
|
|
- name: Configure user dockremap
|
|
ansible.builtin.user:
|
|
name: dockremap
|
|
state: present
|
|
shell: /bin/false
|
|
|
|
- name: Configure namespaces dans grub
|
|
ansible.builtin.lineinfile:
|
|
state: present
|
|
dest: /etc/default/grub
|
|
backrefs: true
|
|
regexp: '^GRUB_CMDLINE_LINUX="((.*?)namespace\.unpriv_enable=1 user_namespace\.enable=1)?\s?(.*?)$'
|
|
line: 'GRUB_CMDLINE_LINUX="\2namespace.unpriv_enable=1 user_namespace.enable=1 \3'
|
|
register: _grub_config
|
|
|
|
- name: Configure update grub
|
|
ansible.builtin.command: "{{ update_grub_command }}"
|
|
when: _grub_config.changed # noqa: no-handler
|
|
changed_when: true
|
|
|
|
- name: Configure execute handlers maintenant, avant possible reboot
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Configure sysctl user_namespaces
|
|
ansible.posix.sysctl:
|
|
name: user.max_user_namespaces
|
|
value: 15076
|
|
sysctl_set: true
|
|
state: present
|
|
reload: true
|
|
|
|
- name: Configure docker daemon.json
|
|
ansible.builtin.template:
|
|
src: daemon.json.j2
|
|
dest: /etc/docker/daemon.json
|
|
mode: u=rw,g=r,o=r
|
|
notify:
|
|
- Restart docker
|
|
|
|
- name: REBOOT IMMEDIAT pour prise en compte configuration, relancer le playbook s'il ne poursuit pas tout seul
|
|
ansible.builtin.reboot:
|
|
when: _grub_config.changed # noqa: no-handler
|
|
|
|
- name: Active docker
|
|
ansible.builtin.service:
|
|
name: docker
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Configure tâche cron pour docker system prune
|
|
ansible.builtin.template:
|
|
src: docker_prune.j2
|
|
dest: /etc/cron.daily/docker_prune
|
|
mode: u=rwx,g=rx,o=rx
|
|
|
|
- name: Traefik network
|
|
community.docker.docker_network:
|
|
name: traefik
|
|
when: docker_host_traefik_enabled
|
|
|
|
- name: Traefik dir
|
|
ansible.builtin.file:
|
|
path: /opt/traefik
|
|
state: directory
|
|
mode: u=rwx,g=rx,o=
|
|
when: docker_host_traefik_enabled
|
|
|
|
- name: Traefik compose
|
|
ansible.builtin.template:
|
|
src: traefik-docker-compose.yml.j2
|
|
dest: /opt/traefik/docker-compose.yml
|
|
mode: u=rw,g=r,o=r
|
|
register: traefik_compose_file
|
|
when: docker_host_traefik_enabled
|
|
|
|
- name: Traefik run
|
|
ansible.builtin.command: "docker compose up -d"
|
|
args:
|
|
chdir: /opt/traefik/
|
|
when: docker_host_traefik_enabled and traefik_compose_file.changed
|