Slavi Pantaleev af1c9ae59d Do not force firewalld on people
In most cases, there's not really a need to touch the system
firewall, as Docker manages iptables by itself
(see https://docs.docker.com/network/iptables/).

All ports exposed by Docker containers are automatically whitelisted
in iptables and wired to the correct container.

This made installing firewalld and whitelisting ports pointless,
as far as this playbook's services are concerned.

People that wish to install firewalld (for other reasons), can do so
manually from now on.

This is inspired by and fixes #97 (Github Issue).
2019-04-03 11:37:20 +03:00

80 lines
1.9 KiB
YAML

---
- name: Ensure Docker repository is enabled (CentOS)
template:
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
dest: "/etc/yum.repos.d/{{ item }}"
owner: "root"
group: "root"
mode: 0644
with_items:
- docker-ce.repo
when: ansible_distribution == 'CentOS'
- name: Ensure Docker's RPM key is trusted
rpm_key:
state: present
key: https://download.docker.com/linux/centos/gpg
when: ansible_distribution == 'CentOS'
- name: Ensure yum packages are installed (CentOS)
yum:
name:
- bash-completion
- docker-ce
- docker-python
- ntp
- fuse
state: latest
update_cache: yes
when: ansible_distribution == 'CentOS'
- name: Ensure APT usage dependencies are installed (Debian)
apt:
name:
- apt-transport-https
- ca-certificates
state: present
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure Docker's APT key is trusted (Debian)
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: true
when: ansible_os_family == 'Debian'
- name: Ensure Docker repository is enabled (Debian)
apt_repository:
repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure APT packages are installed (Debian)
apt:
name:
- bash-completion
- docker-ce
- python-docker
- ntp
- fuse
state: latest
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure Docker is started and autoruns
service:
name: docker
state: started
enabled: yes
- name: Ensure ntpd is started and autoruns
service:
name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}"
state: started
enabled: yes