IPTables Removed & Some Refactors Applied

hamidyousefi · Dec 21, 2020 · fbfb59d · fbfb59d
1 parent c967a59
commit fbfb59d
Show file tree

Hide file tree

Showing 11 changed files with 153 additions and 144 deletions.
diff --git a/README.md b/README.md
@@ -15,43 +15,52 @@ Right now, these OS distributions and releases are tested:
     - Focal
 
 ## How to Use It
-You can simply install this role on your machine by using the below command:
+You can simply install this role on your machine or hosts by using the below command:
 ```bash
 ansible-galaxy install hamidyousefi.docker
 ```
-Also if you defined your playbook, you can simply add below lines to your `roles/requirements.yml`.
+Also, if you defined your playbook, you can simply add below lines to your `roles/requirements.yml`.
 You can create this file if your playbook doesn't have it yet.
 ```yaml
 - name: hamidyousefi.docker
   version: master
 ```
-Of course `master` is the most updated version of this role. You should prefer to 
-define which version you are going to use just by replacing it with something like `v1.0.0`.
-You can find the versions list and their changelogs from [releases page](https://github.com/hamidyousefi/ansible-docker/releases).
+`master` is the most updated version of this role. You should 
+define which version you are going to use just by replacing it with something like `v1.3.0`.
+You can find the versions list and their changelogs from 
+[releases page](https://github.com/hamidyousefi/ansible-docker/releases).
 
-## Additional Extensions and Configurations
-I added three specific extra feature to this role. `docker-compose` and `iptables` can be set up easily just
-by adding the below block in your `group_vars` related YAML file:
+## Login to Registries
+This role can login the defined users into specified registries. Below code shows how it is possible:
 ```yaml
-configure:
-  compose: yes
-  iptables: yes
-  proxy: no
+docker_registries:
+  - user: linux-user
+    url: registry.domain.tld
+    username: registry-username
+    password: '123456'
 ```
 
+## Additional Extensions and Configurations
+I added few extra features to this role. `docker-compose` and or service level proxy can be set up easily just
+by adding the below block in your `group_vars` or `host_vars` related YAML files.
+
 ### Docker Compose
-You can add your `docker-compose.yml` files to the targeted remote host.
-For such a purpose, you only need to configure the below values in your group or host variables.
+Installing `docker-compose` will be installed by default. If you don't want to install it, add below block to
+your variable:
+```yaml
+extensions: []
+```
+Additionally, You can add your `docker-compose.yml` files to the targeted remote host and paths.
+Configure the below values in your group or host variables.
 ```yaml
 docker_compose:
   - template_path: where-the-template-placed/docker-compose.yml.j2
     destination_path: path-to-place/docker-compose.yml
 ```
 
-## HTTP(S) Proxies
-If you have to configure http and (or) https proxy on your docker, you can change
-the ```proxy``` parameter in above section from ```no``` to ```yes```, and add below
-variables into necessary host or group variables.
+### HTTP(S) Proxy
+If you want to configure http and (or) https proxy on your docker, you can add below
+variables:
 ```yaml
 docker_proxy:
   http: 'http://your-server:80'

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,13 +1,11 @@
 ---
 extensions:
-  - compose:
+  compose:
     version: 1.27.4
 
-configure:
-  compose: no
-  iptables: no
-  proxy: no
-
 docker_proxy:
   http: ''
   https: ''
+
+docker_compose: []
+docker_registries: []
diff --git a/tasks/compose.yml b/tasks/compose.yml
@@ -1,34 +1,36 @@
 ---
 - name: installing compose extension
   get_url:
-    url: "https://github.com/docker/compose/releases/download/{{ compose.version | default ('1.27.4') }}/docker-compose-Linux-x86_64"
+    url: "https://github.com/docker/compose/releases/download/{{ extensions.compose.version | default ('1.27.4') }}/docker-compose-Linux-x86_64"
     dest: /usr/local/bin/docker-compose
     owner: root
     group: root
     mode: '0655'
 
-- name: create necessary directories for placing docker compose manifests
-  file:
-    path: "{{ item.destination_path | dirname }}"
-    state: directory
-    owner: root
-    group: root
-    mode: '0644'
-  with_items: "{{ docker_compose }}"
-  when: docker_compose is defined
+- name: upload defined compose files
+  block:
+    - name: create necessary directories for placing docker compose manifests
+      file:
+        path: "{{ item.destination_path | dirname }}"
+        state: directory
+        owner: root
+        group: root
+        mode: '0644'
+      with_items: "{{ docker_compose }}"
 
-- name: transfer defined compose files based on the domain in srv directory
-  template:
-    src: "{{ item.template_path }}"
-    dest: "{{ item.destination_path }}"
-    owner: root
-    group: root
-    mode: '0644'
-  with_items: "{{ docker_compose }}"
-  when: docker_compose is defined
+    - name: transfer defined compose files based on the domain in srv directory
+      template:
+        src: "{{ item.template_path }}"
+        dest: "{{ item.destination_path }}"
+        owner: root
+        group: root
+        mode: '0644'
+      with_items: "{{ docker_compose }}"
 
-- name: bring up the containers based on docker composes
-  command: docker-compose up -d
-  args:
-    chdir: "{{ item.destination_path | dirname }}"
-  with_items: "{{ docker_compose }}"
+    - name: bring up the containers based on docker composes
+      command: docker-compose up -d
+      args:
+        chdir: "{{ item.destination_path | dirname }}"
+      with_items: "{{ docker_compose }}"
+  when:
+    - docker_compose | length > 0
diff --git a/tasks/distributions/debian.yml b/tasks/distributions/debian.yml
@@ -1,11 +1,18 @@
 ---
+- name: installing necessary packages
+  apt:
+    name: "{{ docker_dependencies }}"
+    update_cache: yes
+    state: present
+    force_apt_get: yes
+
 - name: adding docker gpg key
   apt_key:
     url: https://download.docker.com/linux/debian/gpg
     state: present
   environment:
     http_proxy: "{{ docker_proxy.http }}"
-    https_proxy: "{{ docker_proxy.https }}"
+    https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}"
 
 - name: adding docker repository
   apt_repository:
@@ -15,15 +22,13 @@
     filename: docker
   environment:
     http_proxy: "{{ docker_proxy.http }}"
-    https_proxy: "{{ docker_proxy.https }}"
+    https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}"
 
 - name: installing main packages
   apt:
+    name: "{{ docker_packages }}"
+    update_cache: yes
     force_apt_get: yes
-    name:
-      - docker-ce
-      - docker-ce-cli
-      - containerd.io
   environment:
     http_proxy: "{{ docker_proxy.http }}"
-    https_proxy: "{{ docker_proxy.https }}"
+    https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}"
diff --git a/tasks/distributions/ubuntu.yml b/tasks/distributions/ubuntu.yml
@@ -1,20 +1,34 @@
 ---
+- name: installing necessary packages
+  apt:
+    name: "{{ docker_dependencies }}"
+    update_cache: yes
+    state: present
+    force_apt_get: yes
+
 - name: adding docker gpg key
   apt_key:
     url: https://download.docker.com/linux/ubuntu/gpg
     state: present
+  environment:
+    http_proxy: "{{ docker_proxy.http }}"
+    https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}"
 
 - name: adding docker repository
   apt_repository:
     repo: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable'
     update_cache: yes
     state: present
     filename: docker
+  environment:
+    http_proxy: "{{ docker_proxy.http }}"
+    https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}"
 
 - name: installing main packages
   apt:
+    name: "{{ docker_packages }}"
+    update_cache: yes
     force_apt_get: yes
-    name:
-      - docker-ce
-      - docker-ce-cli
-      - containerd.io
+  environment:
+    http_proxy: "{{ docker_proxy.http }}"
+    https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}"
diff --git a/tasks/iptables.yml b/tasks/iptables.yml
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,58 +1,18 @@
 ---
-- name: installing necessary packages
-  apt:
-    name:
-      - apt-transport-https
-      - ca-certificates
-      - curl
-      - gnupg-agent
-      - software-properties-common
-      - python3-docker
-      - gnupg2
-      - pass
-    update_cache: yes
-    state: present
-    force_apt_get: yes
-  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-
-- include: distributions/debian.yml
-  when: ansible_distribution == 'Debian'
-
-- include: distributions/ubuntu.yml
-  when: ansible_distribution == 'Ubuntu'
+- include_tasks: 'distributions/{{ ansible_distribution | lower }}.yml'
 
 - name: configure proxy if defined
-  block:
-    - name: create systemd necessary directory
-      file:
-        path: /etc/systemd/system/docker.service.d
-        state: directory
-        owner: root
-        group: root
-        mode: '0755'
-
-    - name: create systemd service config file
-      template:
-        src: proxy.conf.j2
-        dest: /etc/systemd/system/docker.service.d/proxy.conf
-        owner: root
-        group: root
-        mode: '0644'
-
-    - name: reload systemd daemon
-      systemd:
-        name: docker
-        daemon_reload: yes
-        state: restarted
-  when: configure.proxy
-
-- name: login to specified registries
-  shell: "set -o pipefail && echo '{{ item.password }}' | docker login {{ item.url }} --username={{ item.username}} --password-stdin"
-  with_items: "{{ docker_registries }}"
-  when: docker_registries is defined
-
-- include: compose.yml
-  when: configure.compose
-
-- include: iptables.yml
-  when: configure.iptables
+  include_tasks: proxy.yml
+  when:
+    - docker_proxy.http is defined
+    - docker_proxy.http != ''
+
+- name: login to defined registries
+  include_tasks: registries.yml
+  when:
+    - docker_registries | length > 0
+
+- name: install and configure compose extension
+  include_tasks: compose.yml
+  when:
+    - extensions.compose is defined
diff --git a/tasks/proxy.yml b/tasks/proxy.yml
@@ -0,0 +1,22 @@
+---
+- name: create systemd necessary directory
+  file:
+    path: /etc/systemd/system/docker.service.d
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: create systemd service config file
+  template:
+    src: proxy.conf.j2
+    dest: /etc/systemd/system/docker.service.d/proxy.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: reload systemd daemon
+  systemd:
+    name: docker
+    daemon_reload: yes
+    state: restarted
diff --git a/tasks/registries.yml b/tasks/registries.yml
@@ -0,0 +1,14 @@
+---
+- name: add necessary users to docker group
+  user:
+    name: "{{ item.user }}"
+    groups:
+      - docker
+  with_items: "{{ docker_registries }}"
+
+- name: login to specified registries
+  shell: "echo '{{ item.password }}' | docker login {{ item.url }} --username={{ item.username }} --password-stdin"
+  become: yes
+  become_method: sudo
+  become_user: '{{ item.user }}'
+  with_items: "{{ docker_registries }}"
diff --git a/templates/proxy.conf.j2 b/templates/proxy.conf.j2
@@ -1,3 +1,3 @@
 [Service]
 Environment="HTTP_PROXY={{ docker_proxy.http }}"
-Environment="HTTPS_PROXY={{ docker_proxy.https }}"
+Environment="HTTPS_PROXY={{ docker_proxy.https | default(docker_proxy.http) }}"
diff --git a/vars/main.yml b/vars/main.yml
@@ -0,0 +1,14 @@
+---
+docker_dependencies:
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - gnupg-agent
+  - software-properties-common
+  - python3-docker
+  - gnupg2
+
+docker_packages:
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io