From 0771787c983d2f2e9c9b4f262c3be05cc52201a1 Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Sun, 20 Apr 2025 19:43:33 +0200 Subject: [PATCH] feat(docker): add ansible role --- galaxy.yml | 1 + playbooks/docker.yml | 6 +++++ roles/docker/README.md | 13 +++++++++++ roles/docker/defaults/main/debian.yml | 31 ++++++++++++++++++++++++++ roles/docker/defaults/main/main.yml | 13 +++++++++++ roles/docker/defaults/main/systemd.yml | 5 +++++ roles/docker/handlers/main.yml | 6 +++++ roles/docker/tasks/configure.yml | 18 +++++++++++++++ roles/docker/tasks/install-debian.yml | 30 +++++++++++++++++++++++++ roles/docker/tasks/main.yml | 29 ++++++++++++++++++++++++ roles/docker/vars/main.yml | 3 +++ 11 files changed, 155 insertions(+) create mode 100644 playbooks/docker.yml create mode 100644 roles/docker/README.md create mode 100644 roles/docker/defaults/main/debian.yml create mode 100644 roles/docker/defaults/main/main.yml create mode 100644 roles/docker/defaults/main/systemd.yml create mode 100644 roles/docker/handlers/main.yml create mode 100644 roles/docker/tasks/configure.yml create mode 100644 roles/docker/tasks/install-debian.yml create mode 100644 roles/docker/tasks/main.yml create mode 100644 roles/docker/vars/main.yml diff --git a/galaxy.yml b/galaxy.yml index 83e5224..4aa096c 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -18,3 +18,4 @@ tags: - minio - nginx - restic + - docker diff --git a/playbooks/docker.yml b/playbooks/docker.yml new file mode 100644 index 0000000..0a00d5e --- /dev/null +++ b/playbooks/docker.yml @@ -0,0 +1,6 @@ +--- +- name: Install and configure docker daemon + hosts: "{{ docker_hosts | default('docker', true) }}" + become: "{{ docker_become | default(false, true) }}" + roles: + - role: finallycoffee.base.docker diff --git a/roles/docker/README.md b/roles/docker/README.md new file mode 100644 index 0000000..db8ff31 --- /dev/null +++ b/roles/docker/README.md @@ -0,0 +1,13 @@ +# `finallycoffee.base.docker` ansible role + +Install and configure the docker daemon. + +## Configuration + +- `docker_daemon_config` - configuration for the docker daemon +- `docker_remove_legacy_packages` - clean up old versions of docker (see https://docs.docker.com/engine/install/debian/#uninstall-old-versions) + +## Plugins + +- `docker_plugin_buildx_enable` - enable the buildx plugin +- `docker_plugin_compose_enable` - enable docker compose diff --git a/roles/docker/defaults/main/debian.yml b/roles/docker/defaults/main/debian.yml new file mode 100644 index 0000000..c100c08 --- /dev/null +++ b/roles/docker/defaults/main/debian.yml @@ -0,0 +1,31 @@ +--- +docker_apt_key_url: "https://download.docker.com/linux/debian/gpg" +docker_apt_key_id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88" + +docker_apt_arch: amd64 +docker_apt_release_channel: stable +docker_apt_repository_url: "https://download.docker.com/linux/debian" +docker_apt_repository: >-2 + deb [arch={{ docker_apt_arch }}] {{ docker_apt_repository_url }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }} +docker_apt_cli_package: "docker-ce-cli" +docker_apt_plugin_buildx_package: "docker-buildx-plugin" +docker_apt_plugin_compose_package: "docker-compose-plugin" +docker_apt_base_packages: + - "docker-ce" + - "docker-ce-cli" + - "containerd.io" +docker_apt_packages: >-2 + {{ + docker_apt_base_packages + + (docker_plugin_buildx_enable | default(false) + | ternary([ docker_apt_plugin_buildx_package ], [])) + + (docker_plugin_compose_enable | default(false) + | ternary([ docker_apt_plugin_compose_package ], [])) + }} +docker_apt_legacy_packages: + - "docker.io" + - "docker-compose" + - "docker-doc" + - "podman-docker" + - "containerd" + - "runc" diff --git a/roles/docker/defaults/main/main.yml b/roles/docker/defaults/main/main.yml new file mode 100644 index 0000000..f77e6a5 --- /dev/null +++ b/roles/docker/defaults/main/main.yml @@ -0,0 +1,13 @@ +--- +docker_state: "present" + +docker_daemon_config: {} +docker_daemon_config_file: "/etc/docker/daemon.json" +docker_daemon_config_file_mode: "0644" +docker_daemon_config_owner: root +docker_daemon_config_group: "{{ docker_daemon_config_owner }}" + +docker_plugin_buildx_enable: false +docker_plugin_compose_enable: false + +docker_remove_legacy_packages: true diff --git a/roles/docker/defaults/main/systemd.yml b/roles/docker/defaults/main/systemd.yml new file mode 100644 index 0000000..33ab4f7 --- /dev/null +++ b/roles/docker/defaults/main/systemd.yml @@ -0,0 +1,5 @@ +--- +docker_systemd_service_name: "docker.service" +docker_systemd_service_state: >-2 + {{ (docker_state == 'present') | ternary('started', 'stopped') }} +docker_systemd_service_enabled: "{{ (docker_state == 'present') }}" diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml new file mode 100644 index 0000000..8896e14 --- /dev/null +++ b/roles/docker/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart docker daemon + ansible.builtin.systemd_service: + name: "{{ docker_systemd_service_name }}" + state: "restarted" + listen: "docker-restart" diff --git a/roles/docker/tasks/configure.yml b/roles/docker/tasks/configure.yml new file mode 100644 index 0000000..be897ab --- /dev/null +++ b/roles/docker/tasks/configure.yml @@ -0,0 +1,18 @@ +--- +- name: Ensure config directory '{{ docker_daemon_config_file | dirname }}' is present + ansible.builtin.file: + path: "{{ docker_daemon_config_file | dirname }}" + state: "directory" + mode: "0755" + owner: "{{ docker_daemon_config_owner }}" + group: "{{ docker_daemon_config_group }}" + +- name: Configure docker daemon using '{{ docker_daemon_config_file }}' + ansible.builtin.copy: + content: "{{ docker_daemon_config | to_json }}" + dest: "{{ docker_daemon_config_file }}" + mode: "{{ docker_daemon_config_file_mode }}" + owner: "{{ docker_daemon_config_owner }}" + group: "{{ docker_daemon_config_group }}" + when: docker_daemon_config | string | length > 0 + notify: docker-restart diff --git a/roles/docker/tasks/install-debian.yml b/roles/docker/tasks/install-debian.yml new file mode 100644 index 0000000..7b0c254 --- /dev/null +++ b/roles/docker/tasks/install-debian.yml @@ -0,0 +1,30 @@ +--- +- name: Ensure legacy docker packages are removed + ansible.builtin.apt: + name: "{{ docker_apt_legacy_packages }}" + state: absent + when: docker_remove_legacy_packages + +- name: Add apt key for docker repository + ansible.builtin.apt_key: + id: "{{ docker_apt_key_id }}" + url: "{{ docker_apt_key_url }}" + state: "{{ docker_state }}" + +- name: Add apt repository for docker + ansible.builtin.apt_repository: + repo: "{{ docker_apt_repository }}" + state: "{{ docker_state }}" + register: docker_apt_repository_info + +- name: Update apt cache if repository was newly added + ansible.builtin.apt: + update_cache: true + when: + - docker_state == 'present' + - docker_apt_repository_info.changed + +- name: Install apt packages for docker + ansible.builtin.apt: + name: "{{ docker_apt_packages }}" + state: "{{ docker_state }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..7b7bad7 --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: Check if target OS is supported + ansible.builtin.fail: + msg: >-2 + OS Family '{{ docker_os_family }}' is not supported! + when: docker_os_family not in docker_supported_os_families + vars: + docker_os_family: "{{ ansible_os_family | lower }}" + +- name: Ensure docker is {{ docker_state }} on {{ ansible_os_family }}-family + ansible.builtin.include_tasks: + file: "install-{{ ansible_os_family | lower }}.yml" + +- name: Configure docker daemon + ansible.builtin.include_tasks: + file: "configure.yml" + when: docker_state == 'present' + +- name: Ensure docker daemon is {{ docker_systemd_service_enabled | ternary('enabled', 'disabled') }} + ansible.builtin.systemd_service: + name: "{{ docker_systemd_service_name }}" + enabled: "{{ docker_systemd_service_enabled }}" + when: ansible_facts['service_mgr'] == 'systemd' + +- name: Ensure docker daemon is {{ docker_systemd_service_state }} + ansible.builtin.systemd_service: + name: "{{ docker_systemd_service_name }}" + state: "{{ docker_systemd_service_state }}" + when: ansible_facts['service_mgr'] == 'systemd' diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml new file mode 100644 index 0000000..a1b0f0d --- /dev/null +++ b/roles/docker/vars/main.yml @@ -0,0 +1,3 @@ +--- +docker_supported_os_families: + - 'debian'