diff --git a/README.md b/README.md index 2b38767..a125ef3 100644 --- a/README.md +++ b/README.md @@ -15,43 +15,52 @@ Right now, these OS distributions and releases are tested: - Focal ## How to Use It -You can simply install this role on your machine by using the below command: +You can simply install this role on your machine or hosts by using the below command: ```bash ansible-galaxy install hamidyousefi.docker ``` -Also if you defined your playbook, you can simply add below lines to your `roles/requirements.yml`. +Also, if you defined your playbook, you can simply add below lines to your `roles/requirements.yml`. You can create this file if your playbook doesn't have it yet. ```yaml - name: hamidyousefi.docker version: master ``` -Of course `master` is the most updated version of this role. You should prefer to -define which version you are going to use just by replacing it with something like `v1.0.0`. -You can find the versions list and their changelogs from [releases page](https://github.com/hamidyousefi/ansible-docker/releases). +`master` is the most updated version of this role. You should +define which version you are going to use just by replacing it with something like `v1.3.0`. +You can find the versions list and their changelogs from +[releases page](https://github.com/hamidyousefi/ansible-docker/releases). -## Additional Extensions and Configurations -I added three specific extra feature to this role. `docker-compose` and `iptables` can be set up easily just -by adding the below block in your `group_vars` related YAML file: +## Login to Registries +This role can login the defined users into specified registries. Below code shows how it is possible: ```yaml -configure: - compose: yes - iptables: yes - proxy: no +docker_registries: + - user: linux-user + url: registry.domain.tld + username: registry-username + password: '123456' ``` +## Additional Extensions and Configurations +I added few extra features to this role. `docker-compose` and or service level proxy can be set up easily just +by adding the below block in your `group_vars` or `host_vars` related YAML files. + ### Docker Compose -You can add your `docker-compose.yml` files to the targeted remote host. -For such a purpose, you only need to configure the below values in your group or host variables. +Installing `docker-compose` will be installed by default. If you don't want to install it, add below block to +your variable: +```yaml +extensions: [] +``` +Additionally, You can add your `docker-compose.yml` files to the targeted remote host and paths. +Configure the below values in your group or host variables. ```yaml docker_compose: - template_path: where-the-template-placed/docker-compose.yml.j2 destination_path: path-to-place/docker-compose.yml ``` -## HTTP(S) Proxies -If you have to configure http and (or) https proxy on your docker, you can change -the ```proxy``` parameter in above section from ```no``` to ```yes```, and add below -variables into necessary host or group variables. +### HTTP(S) Proxy +If you want to configure http and (or) https proxy on your docker, you can add below +variables: ```yaml docker_proxy: http: 'http://your-server:80' diff --git a/defaults/main.yml b/defaults/main.yml index 1fb201a..add3fc7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,13 +1,11 @@ --- extensions: - - compose: + compose: version: 1.27.4 -configure: - compose: no - iptables: no - proxy: no - docker_proxy: http: '' https: '' + +docker_compose: [] +docker_registries: [] diff --git a/tasks/compose.yml b/tasks/compose.yml index 72e3baf..5fd8feb 100644 --- a/tasks/compose.yml +++ b/tasks/compose.yml @@ -1,34 +1,36 @@ --- - name: installing compose extension get_url: - url: "https://github.com/docker/compose/releases/download/{{ compose.version | default ('1.27.4') }}/docker-compose-Linux-x86_64" + url: "https://github.com/docker/compose/releases/download/{{ extensions.compose.version | default ('1.27.4') }}/docker-compose-Linux-x86_64" dest: /usr/local/bin/docker-compose owner: root group: root mode: '0655' -- name: create necessary directories for placing docker compose manifests - file: - path: "{{ item.destination_path | dirname }}" - state: directory - owner: root - group: root - mode: '0644' - with_items: "{{ docker_compose }}" - when: docker_compose is defined +- name: upload defined compose files + block: + - name: create necessary directories for placing docker compose manifests + file: + path: "{{ item.destination_path | dirname }}" + state: directory + owner: root + group: root + mode: '0644' + with_items: "{{ docker_compose }}" -- name: transfer defined compose files based on the domain in srv directory - template: - src: "{{ item.template_path }}" - dest: "{{ item.destination_path }}" - owner: root - group: root - mode: '0644' - with_items: "{{ docker_compose }}" - when: docker_compose is defined + - name: transfer defined compose files based on the domain in srv directory + template: + src: "{{ item.template_path }}" + dest: "{{ item.destination_path }}" + owner: root + group: root + mode: '0644' + with_items: "{{ docker_compose }}" -- name: bring up the containers based on docker composes - command: docker-compose up -d - args: - chdir: "{{ item.destination_path | dirname }}" - with_items: "{{ docker_compose }}" + - name: bring up the containers based on docker composes + command: docker-compose up -d + args: + chdir: "{{ item.destination_path | dirname }}" + with_items: "{{ docker_compose }}" + when: + - docker_compose | length > 0 diff --git a/tasks/distributions/debian.yml b/tasks/distributions/debian.yml index 4bbda8f..196eceb 100644 --- a/tasks/distributions/debian.yml +++ b/tasks/distributions/debian.yml @@ -1,11 +1,18 @@ --- +- name: installing necessary packages + apt: + name: "{{ docker_dependencies }}" + update_cache: yes + state: present + force_apt_get: yes + - name: adding docker gpg key apt_key: url: https://download.docker.com/linux/debian/gpg state: present environment: http_proxy: "{{ docker_proxy.http }}" - https_proxy: "{{ docker_proxy.https }}" + https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}" - name: adding docker repository apt_repository: @@ -15,15 +22,13 @@ filename: docker environment: http_proxy: "{{ docker_proxy.http }}" - https_proxy: "{{ docker_proxy.https }}" + https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}" - name: installing main packages apt: + name: "{{ docker_packages }}" + update_cache: yes force_apt_get: yes - name: - - docker-ce - - docker-ce-cli - - containerd.io environment: http_proxy: "{{ docker_proxy.http }}" - https_proxy: "{{ docker_proxy.https }}" + https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}" diff --git a/tasks/distributions/ubuntu.yml b/tasks/distributions/ubuntu.yml index caef7f7..6f38d35 100644 --- a/tasks/distributions/ubuntu.yml +++ b/tasks/distributions/ubuntu.yml @@ -1,8 +1,18 @@ --- +- name: installing necessary packages + apt: + name: "{{ docker_dependencies }}" + update_cache: yes + state: present + force_apt_get: yes + - name: adding docker gpg key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present + environment: + http_proxy: "{{ docker_proxy.http }}" + https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}" - name: adding docker repository apt_repository: @@ -10,11 +20,15 @@ update_cache: yes state: present filename: docker + environment: + http_proxy: "{{ docker_proxy.http }}" + https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}" - name: installing main packages apt: + name: "{{ docker_packages }}" + update_cache: yes force_apt_get: yes - name: - - docker-ce - - docker-ce-cli - - containerd.io + environment: + http_proxy: "{{ docker_proxy.http }}" + https_proxy: "{{ docker_proxy.https | default(docker_proxy.http) }}" diff --git a/tasks/iptables.yml b/tasks/iptables.yml deleted file mode 100644 index 66090f2..0000000 --- a/tasks/iptables.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: configuring iptables - block: - - name: creating DOCKER-USER chain - shell: set -o pipefail && iptables -n --list DOCKER-USER >/dev/null 2>&1 || iptables -N DOCKER-USER - - - name: creating DOCKER-WHITELIST chain - shell: set -o pipefail && iptables -n --list DOCKER-WHITELIST >/dev/null 2>&1 || iptables -N DOCKER-WHITELIST - - - name: flushing existing DOCKER-WHITELIST chain - iptables: - chain: DOCKER-WHITELIST - flush: yes - - - name: adding DOCKER-WHITELIST into DOCKER-USER - iptables: - chain: DOCKER-USER - jump: DOCKER-WHITELIST - action: insert - register: change - - - name: persisting created basic iptables rules - shell: "set -o pipefail && {{ item }}" - with_items: - - iptables-save > /etc/iptables/rules.v4 - - ip6tables-save > /etc/iptables/rules.v6 - when: change.changed - when: configure.iptables - tags: iptables diff --git a/tasks/main.yml b/tasks/main.yml index 904c672..d3719a0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,58 +1,18 @@ --- -- name: installing necessary packages - apt: - name: - - apt-transport-https - - ca-certificates - - curl - - gnupg-agent - - software-properties-common - - python3-docker - - gnupg2 - - pass - update_cache: yes - state: present - force_apt_get: yes - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - -- include: distributions/debian.yml - when: ansible_distribution == 'Debian' - -- include: distributions/ubuntu.yml - when: ansible_distribution == 'Ubuntu' +- include_tasks: 'distributions/{{ ansible_distribution | lower }}.yml' - name: configure proxy if defined - block: - - name: create systemd necessary directory - file: - path: /etc/systemd/system/docker.service.d - state: directory - owner: root - group: root - mode: '0755' - - - name: create systemd service config file - template: - src: proxy.conf.j2 - dest: /etc/systemd/system/docker.service.d/proxy.conf - owner: root - group: root - mode: '0644' - - - name: reload systemd daemon - systemd: - name: docker - daemon_reload: yes - state: restarted - when: configure.proxy - -- name: login to specified registries - shell: "set -o pipefail && echo '{{ item.password }}' | docker login {{ item.url }} --username={{ item.username}} --password-stdin" - with_items: "{{ docker_registries }}" - when: docker_registries is defined - -- include: compose.yml - when: configure.compose - -- include: iptables.yml - when: configure.iptables + include_tasks: proxy.yml + when: + - docker_proxy.http is defined + - docker_proxy.http != '' + +- name: login to defined registries + include_tasks: registries.yml + when: + - docker_registries | length > 0 + +- name: install and configure compose extension + include_tasks: compose.yml + when: + - extensions.compose is defined diff --git a/tasks/proxy.yml b/tasks/proxy.yml new file mode 100644 index 0000000..05f62ff --- /dev/null +++ b/tasks/proxy.yml @@ -0,0 +1,22 @@ +--- +- name: create systemd necessary directory + file: + path: /etc/systemd/system/docker.service.d + state: directory + owner: root + group: root + mode: '0755' + +- name: create systemd service config file + template: + src: proxy.conf.j2 + dest: /etc/systemd/system/docker.service.d/proxy.conf + owner: root + group: root + mode: '0644' + +- name: reload systemd daemon + systemd: + name: docker + daemon_reload: yes + state: restarted diff --git a/tasks/registries.yml b/tasks/registries.yml new file mode 100644 index 0000000..75fce81 --- /dev/null +++ b/tasks/registries.yml @@ -0,0 +1,14 @@ +--- +- name: add necessary users to docker group + user: + name: "{{ item.user }}" + groups: + - docker + with_items: "{{ docker_registries }}" + +- name: login to specified registries + shell: "echo '{{ item.password }}' | docker login {{ item.url }} --username={{ item.username }} --password-stdin" + become: yes + become_method: sudo + become_user: '{{ item.user }}' + with_items: "{{ docker_registries }}" diff --git a/templates/proxy.conf.j2 b/templates/proxy.conf.j2 index f4f3a7a..767c644 100644 --- a/templates/proxy.conf.j2 +++ b/templates/proxy.conf.j2 @@ -1,3 +1,3 @@ [Service] Environment="HTTP_PROXY={{ docker_proxy.http }}" -Environment="HTTPS_PROXY={{ docker_proxy.https }}" +Environment="HTTPS_PROXY={{ docker_proxy.https | default(docker_proxy.http) }}" diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..e6bf442 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,14 @@ +--- +docker_dependencies: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + - python3-docker + - gnupg2 + +docker_packages: + - docker-ce + - docker-ce-cli + - containerd.io