chatton
/
ansible-homelab
mirror of https://github.com/chatton/ansible-homelab
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use geerlingguy docker (#33)

Browse Source
pull/35/head
Cian Hatton 3 years ago committed by GitHub
parent 52bfef9d2d
commit 4bd4eb886f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
52 changed files with 1181 additions and 195 deletions
Show Stats Download Patch File Download Diff File

2
.github/workflows/lint.yml vendored
Unescape Escape View File

@ -25,7 +25,7 @@ jobs:
- name: Install dependencies
run: make deps
- name: Test Directory
run: ansible-lint ${{ matrix.directory }} --exclude roles/sprat.mergerfs --exclude roles/docker_restore_container
run: make lint dir=${{ matrix.directory }}
format:
runs-on: ubuntu-latest

11
Makefile
Unescape Escape View File

@ -29,11 +29,14 @@ deps:
format:
scripts/format_all_yaml.sh
lint-all:
make lint dir=host_vars
make lint dir=group_vars
make lint dir=roles
make lint dir=playbooks
lint:
ansible-lint host_vars
ansible-lint group_vars
ansible-lint roles --exclude roles/sprat.mergerfs --exclude roles/docker_restore_container
ansible-lint playbooks
ansible-lint $(dir) --exclude "roles/sprat.*" --exclude roles/docker_restore_container --exclude "roles/geerlingguy.*"
backup: deps
ansible-playbook playbooks/backup-docker-volumes.yml

7
group_vars/docker.yml
Unescape Escape View File

@ -0,0 +1,7 @@
---
pip_install_packages:
- name: docker
docker_users:
- cianhatton
- ansible

5
group_vars/linodes.yml
Unescape Escape View File

@ -16,8 +16,3 @@ services:
# any additional docker networks that should be created
docker_networks:
- mariadb_net
# use docker compose
container_deployment_mode: compose
restore_from_s3: false

9
group_vars/servers.yml
Unescape Escape View File

@ -3,15 +3,13 @@ backups:
monthly: monthly
nightly: nightly
homelab_user: cianhatton
homelab_user: &main_user cianhatton
configure_mergerfs: false
configure_samba: false
samba_group: smbgroup
samba_user: smbuser
users:
- name: cianhatton
group: cianhatton
- name: *main_user
group: *main_user
passwordless_sudo: true
shares:
@ -40,7 +38,6 @@ desired_docker_images:
- ubuntu:latest
portainer_endpoint: -1
portainer_host: false
portainer_base_url: "http://qnap:9000"
external_docker_networks: []
portainer_required_files: []

11
host_vars/qnap.yml
Unescape Escape View File

@ -1,7 +1,6 @@
# all encrypted variables should go in the linked file.
vault_file: vault_vars/qnap-vault.yml
# any qnap specific variables go here
configure_mergerfs: true
mounts:
- path: /mnt/mergerfs
state: mounted
@ -12,9 +11,6 @@ mounts:
options: allow_other,use_ino
configure_samba: true
portainer_host: true
cron_hour: "5"
devices:
@ -51,9 +47,7 @@ services:
image: gitea/gitea
tag: 1.16.9
- name: mealie
template_vars: {}
- name: overseerr
template_vars: {}
- name: nextcloud
template_vars:
default_network: mariadb_net
@ -63,13 +57,9 @@ services:
dashdot: true
glances: true
- name: nginx-proxy-manager
template_vars: {}
- name: plex
template_vars: {}
- name: uptime-kuma
template_vars: {}
- name: vpn-stack
template_vars: {}
- name: mariadb
template_vars:
default_network: mariadb_net
@ -77,5 +67,4 @@ services:
template_vars:
default_network: mariadb_net
- name: olivetin
template_vars: {}
- name: pihole

7
host_vars/snunmu.yml
Unescape Escape View File

@ -4,7 +4,6 @@ vault_file: vault_vars/qnap-vault.yml
portainer_endpoint: 23
services:
- name: linkding
template_vars: {}
- name: pihole
- name: dashboards
template_vars:
@ -15,3 +14,9 @@ services:
ansible_pull_path: /usr/local/bin/ansible-pull
cron_hour: "4"
# docker options
docker_daemon_options:
hosts:
- "tcp://0.0.0.0:2375"
- "unix:///var/run/docker.sock"

11
hosts.ini
Unescape Escape View File

@ -11,10 +11,19 @@ qnap
[snunmus]
snunmu
[dockerhosts]
[portainer]
qnap
[docker]
qnap
snunmu
[mergerfs]
qnap
[samba]
qnap
# BEGIN ANSIBLE MANAGED BLOCK
[linodes]
# END ANSIBLE MANAGED BLOCK

53
playbooks/setup-homelab.yml
Unescape Escape View File

@ -1,5 +1,5 @@
---
- name: Update packages and ensure users on all hosts
- name: Update packages and ensure users on all hosts.
hosts: all
become: true
pre_tasks:
@ -10,41 +10,50 @@
roles:
- role: setup_users
- name: Setup and deploy services.
hosts: servers
become: true
pre_tasks:
- name: Include vault variables.
ansible.builtin.include_vars: '../{{ vault_file }}'
tags: [always]
- name: Configure mergerfs pools.
hosts: mergerfs
become: true
roles:
- role: setup_mergerfs
tags: [mergerfs]
when: configure_mergerfs
- name: Configure samba shares.
hosts: samba
become: true
roles:
- role: setup_samba
when: configure_samba
tags: [samba]
- role: setup_docker
tags: [setup, docker]
- name: Install Docker on Docker hosts.
hosts: docker
become: true
roles:
- geerlingguy.pip
- geerlingguy.docker
- name: Install Portainer on Portainer host.
hosts: portainer
become: true
pre_tasks:
- name: Include vault variables.
ansible.builtin.include_vars: '../{{ vault_file }}'
tags: [always]
roles:
- role: setup_portainer
when: portainer_host
tags: [services, portainer]
- role: setup_hosted_services
tags: [services]
- name: Setup home lab on linode instances.
hosts: linodes
- name: Setup and deploy services.
hosts: servers
become: true
pre_tasks:
- name: Include vault variables.
ansible.builtin.include_vars: '../{{ vault_file }}'
tags: [always]
roles:
- role: setup_samba
tags: [samba]
- role: setup_docker
tags: [docker]
- role: setup_hosted_services
tags: [services]

2
requirements.yml
Unescape Escape View File

@ -1,6 +1,8 @@
---
roles:
- src: sprat.mergerfs
- src: geerlingguy.pip
- src: geerlingguy.docker
collections:
- name: https://github.com/chatton/ansible-portainer.git

4
roles/geerlingguy.docker/.ansible-lint
Unescape Escape View File

@ -0,0 +1,4 @@
skip_list:
- 'yaml'
- 'risky-shell-pipe'
- 'role-name'

4
roles/geerlingguy.docker/.github/FUNDING.yml vendored
Unescape Escape View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

57
roles/geerlingguy.docker/.github/stale.yml vendored
Unescape Escape View File

@ -0,0 +1,57 @@
# Configuration for probot-stale - https://github.com/probot/stale
---
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- bug
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

72
roles/geerlingguy.docker/.github/workflows/ci.yml vendored
Unescape Escape View File

@ -0,0 +1,72 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 7 * * 0"
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- rockylinux8
- centos7
- ubuntu2204
- ubuntu2004
- ubuntu1804
- debian11
- debian10
- fedora34
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
roles/geerlingguy.docker/.github/workflows/release.yml vendored
Unescape Escape View File

@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

5
roles/geerlingguy.docker/.gitignore vendored
Unescape Escape View File

@ -0,0 +1,5 @@
*.retry
*/__pycache__
*.pyc
.cache

11
roles/geerlingguy.docker/.yamllint
Unescape Escape View File

@ -0,0 +1,11 @@
---
extends: default
rules:
line-length:
max: 200
level: warning
ignore: |
.github/stale.yml
.travis.yml

20
roles/geerlingguy.docker/LICENSE
Unescape Escape View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

128
roles/geerlingguy.docker/README.md
Unescape Escape View File

@ -0,0 +1,128 @@
# Ansible Role: Docker
[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI)
An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_packages:
- "docker-{{ docker_edition }}"
- "docker-{{ docker_edition }}-cli"
- "docker-{{ docker_edition }}-rootless-extras"
docker_packages_state: present
The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition).
You can also specify a specific version of Docker to install using the distribution-specific format:
Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>` (Note: you have to add this to all packages);
Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>` (Note: you have to add this to all packages).
You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
docker_service_manage: true
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
docker_install_compose_plugin: false
docker_compose_package: docker-compose-plugin
docker_compose_package_state: present
Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
docker_install_compose: true
docker_compose_version: "1.26.0"
docker_compose_arch: x86_64
docker_compose_path: /usr/local/bin/docker-compose
Docker Compose installation options.
docker_repo_url: https://download.docker.com/linux
The main Docker repo URL, common between Debian and RHEL systems.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: True
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
Usually in combination with changing `docker_apt_repository` as well.
docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
Usually in combination with changing `docker_yum_repository` as well.
docker_users:
- user1
- user2
A list of system users to be added to the `docker` group (so they can use Docker on the server).
docker_daemon_options:
storage-driver: "devicemapper"
log-opts:
max-size: "100m"
Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
## Use with Ansible (and `docker` Python library)
Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:
```yaml
- hosts: all
vars:
pip_install_packages:
- name: docker
roles:
- geerlingguy.pip
- geerlingguy.docker
```
## Dependencies
None.
## Example Playbook
```yaml
- hosts: all
roles:
- geerlingguy.docker
```
## License
MIT / BSD
## Sponsors
* [We Manage](https://we-manage.de): Helping start-ups and grown-ups scaling their infrastructure in a sustainable way.
The above sponsor(s) are supporting Jeff Geerling on [GitHub Sponsors](https://github.com/sponsors/geerlingguy). You can sponsor Jeff's work too, to help him continue improving these Ansible open source projects!
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

49
roles/geerlingguy.docker/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,49 @@
---
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_packages:
- "docker-{{ docker_edition }}"
- "docker-{{ docker_edition }}-cli"
- "docker-{{ docker_edition }}-rootless-extras"
- "containerd.io"
docker_packages_state: present
# Service options.
docker_service_manage: true
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
# Docker Compose Plugin options.
docker_install_compose_plugin: false
docker_compose_package: docker-compose-plugin
docker_compose_package_state: present
# Docker Compose options.
docker_install_compose: true
docker_compose_version: "v2.4.1"
docker_compose_arch: x86_64
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
docker_compose_path: /usr/local/bin/docker-compose
# Docker repo URL.
docker_repo_url: https://download.docker.com/linux
# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: true
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
# Used only for RedHat/CentOS/Fedora.
docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
# A list of users who will be added to the docker group.
docker_users: []
# Docker daemon options as a dict
docker_daemon_options: {}

7
roles/geerlingguy.docker/handlers/main.yml
Unescape Escape View File

@ -0,0 +1,7 @@
---
- name: restart docker
service:
name: docker
state: "{{ docker_restart_handler_state }}"
ignore_errors: "{{ ansible_check_mode }}"
when: docker_service_manage | bool

2
roles/geerlingguy.docker/meta/.galaxy_install_info
Unescape Escape View File

@ -0,0 +1,2 @@
install_date: Fri 9 Sep 15:08:34 2022
version: 5.2.0

41
roles/geerlingguy.docker/meta/main.yml
Unescape Escape View File

@ -0,0 +1,41 @@
---
dependencies: []
galaxy_info:
role_name: docker
author: geerlingguy
description: Docker for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 7
- 8
- name: Fedora
versions:
- all
- name: Debian
versions:
- buster
- bullseye
- name: Ubuntu
versions:
- bionic
- focal
- jammy
- name: Alpine
version:
- all
- name: Arch
versions:
- all
galaxy_tags:
- web
- system
- containers
- docker
- orchestration
- compose
- server

24
roles/geerlingguy.docker/molecule/default/converge.yml
Unescape Escape View File

@ -0,0 +1,24 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Wait for systemd to complete initialization. # noqa 303
command: systemctl is-system-running
register: systemctl_status
until: >
'running' in systemctl_status.stdout or
'degraded' in systemctl_status.stdout
retries: 30
delay: 5
when: ansible_service_mgr == 'systemd'
changed_when: false
failed_when: systemctl_status.rc > 1
roles:
- role: geerlingguy.docker

18
roles/geerlingguy.docker/molecule/default/molecule.yml
Unescape Escape View File

@ -0,0 +1,18 @@
---
role_name_check: 1
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

29
roles/geerlingguy.docker/tasks/docker-compose.yml
Unescape Escape View File

@ -0,0 +1,29 @@
---
- name: Check current docker-compose version.
command: "{{ docker_compose_path }} --version"
register: docker_compose_vsn
check_mode: false
changed_when: false
failed_when: false
- set_fact:
docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}"
when: docker_compose_vsn.stdout is defined
- name: Delete existing docker-compose version if it's different.
file:
path: "{{ docker_compose_path }}"
state: absent
when: >
docker_compose_current_version is defined
and (docker_compose_version | regex_replace('v', '')) not in docker_compose_current_version
- name: Install Docker Compose (if configured).
get_url:
url: "{{ docker_compose_url }}"
dest: "{{ docker_compose_path }}"
mode: 0755
when: >
(docker_compose_current_version is not defined)
or (docker_compose_current_version|length == 0)
or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<'))

10
roles/geerlingguy.docker/tasks/docker-users.yml
Unescape Escape View File

@ -0,0 +1,10 @@
---
- name: Ensure docker users are added to the docker group.
user:
name: "{{ item }}"
groups: docker
append: true
with_items: "{{ docker_users }}"
- name: Reset ssh connection to apply user changes.
meta: reset_connection

98
roles/geerlingguy.docker/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,98 @@
---
- name: Load OS-specific vars.
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- '{{ansible_distribution}}.yml'
- '{{ansible_os_family}}.yml'
- main.yml
paths:
- 'vars'
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- name: Install Docker packages.
package:
name: "{{ docker_packages }}"
state: "{{ docker_packages_state }}"
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian']"
- name: Install Docker packages (with downgrade option).
package:
name: "{{ docker_packages }}"
state: "{{ docker_packages_state }}"
allow_downgrade: true
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']"
- name: Install docker-compose plugin.
package:
name: "{{ docker_compose_package }}"
state: "{{ docker_compose_package_state }}"
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "docker_install_compose_plugin | bool == true and (ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian'])"
- name: Install docker-compose-plugin (with downgrade option).
package:
name: "{{ docker_compose_package }}"
state: "{{ docker_compose_package_state }}"
allow_downgrade: true
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "docker_install_compose_plugin | bool == true and ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']"
- name: Ensure /etc/docker/ directory exists.
file:
path: /etc/docker
state: directory
mode: 0755
when: docker_daemon_options.keys() | length > 0
- name: Configure Docker daemon options.
copy:
content: "{{ docker_daemon_options | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
when: docker_daemon_options.keys() | length > 0
notify: restart docker
- name: Ensure Docker is started and enabled at boot.
service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
ignore_errors: "{{ ansible_check_mode }}"
when: docker_service_manage | bool
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers
- include_tasks: docker-compose.yml
when: docker_install_compose | bool
- name: Get docker group info using getent.
getent:
database: group
key: docker
split: ':'
when: docker_users | length > 0
- name: Check if there are any users to add to the docker group.
set_fact:
at_least_one_user_to_modify: true
when:
- docker_users | length > 0
- item not in ansible_facts.getent_group["docker"][2]
with_items: "{{ docker_users }}"
- include_tasks: docker-users.yml
when: at_least_one_user_to_modify is defined

51
roles/geerlingguy.docker/tasks/setup-Debian.yml
Unescape Escape View File

@ -0,0 +1,51 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name:
- docker
- docker-engine
state: absent
- name: Ensure dependencies are installed.
apt:
name:
- apt-transport-https
- ca-certificates
state: present
- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems).
apt:
name: gnupg2
state: present
when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04', '<')
- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
apt:
name: gnupg
state: present
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')
- name: Add Docker apt key.
apt_key:
url: "{{ docker_apt_gpg_key }}"
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: "{{ docker_apt_ignore_key_error }}"
- name: Ensure curl is present (on older systems without SNI).
package: name=curl state=present
when: add_repository_key is failed
- name: Add Docker apt key (alternative for older systems without SNI).
shell: >
curl -sSL {{ docker_apt_gpg_key }} | apt-key add -
args:
warn: false
when: add_repository_key is failed
- name: Add Docker repository.
apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
update_cache: true

52
roles/geerlingguy.docker/tasks/setup-RedHat.yml
Unescape Escape View File

@ -0,0 +1,52 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name:
- docker
- docker-common
- docker-engine
state: absent
- name: Add Docker GPG key.
rpm_key:
key: "{{ docker_yum_gpg_key }}"
state: present
- name: Add Docker repository.
get_url:
url: "{{ docker_yum_repo_url }}"
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
owner: root
group: root
mode: 0644
- name: Configure Docker Nightly repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-nightly'
option: enabled
value: '{{ docker_yum_repo_enable_nightly }}'
mode: 0644
no_extra_spaces: true
- name: Configure Docker Test repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-test'
option: enabled
value: '{{ docker_yum_repo_enable_test }}'
mode: 0644
no_extra_spaces: true
- name: Configure containerd on RHEL 8.
block:
- name: Ensure container-selinux is installed.
package:
name: container-selinux
state: present
- name: Ensure containerd.io is installed.
package:
name: containerd.io
state: present
when: ansible_distribution_major_version | int == 8

2
roles/geerlingguy.docker/vars/Alpine.yml
Unescape Escape View File

@ -0,0 +1,2 @@
---
docker_package: "docker"

2
roles/geerlingguy.docker/vars/main.yml
Unescape Escape View File

@ -0,0 +1,2 @@
---
# Empty file

3
roles/geerlingguy.pip/.ansible-lint
Unescape Escape View File

@ -0,0 +1,3 @@
skip_list:
- 'yaml'
- 'role-name'

4
roles/geerlingguy.pip/.github/FUNDING.yml vendored
Unescape Escape View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

57
roles/geerlingguy.pip/.github/stale.yml vendored
Unescape Escape View File

@ -0,0 +1,57 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- bug
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

69
roles/geerlingguy.pip/.github/workflows/ci.yml vendored
Unescape Escape View File

@ -0,0 +1,69 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 4 * * 5"
defaults:
run:
working-directory: 'geerlingguy.pip'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- rockylinux8
- fedora34
- ubuntu2004
- ubuntu1804
- debian10
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
roles/geerlingguy.pip/.github/workflows/release.yml vendored
Unescape Escape View File

@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.pip'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

5
roles/geerlingguy.pip/.gitignore vendored
Unescape Escape View File

@ -0,0 +1,5 @@
*.retry
*/__pycache__
*.pyc
.cache

10
roles/geerlingguy.pip/.yamllint
Unescape Escape View File

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml

20
roles/geerlingguy.pip/LICENSE
Unescape Escape View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

80
roles/geerlingguy.pip/README.md
Unescape Escape View File

@ -0,0 +1,80 @@
# Ansible Role: Pip (for Python)
[![CI](https://github.com/geerlingguy/ansible-role-pip/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-pip/actions?query=workflow%3ACI)
An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux.
## Requirements
On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
pip_package: python3-pip
The name of the packge to install to get `pip` on the system. For older systems that don't have Python 3 available, you can set this to `python-pip`.
pip_executable: pip3
The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`.
pip_install_packages: []
A list of packages to install with pip. Examples below:
pip_install_packages:
# Specify names and versions.
- name: docker
version: "1.2.3"
- name: awscli
version: "1.11.91"
# Or specify bare packages to get the latest release.
- docker
- awscli
# Or uninstall a package.
- name: docker
state: absent
# Or update a package to the latest version.
- name: docker
state: latest
# Or force a reinstall.
- name: docker
state: forcereinstall
# Or install a package in a particular virtualenv.
- name: docker
virtualenv: /my_app/venv
# Or pass through any extra arguments.
- name: my_special_package_from_my_special_repo
extra_args: --extra-index-url https://my-domain/pypi/pypi-master/simple
## Dependencies
None.
## Example Playbook
- hosts: all
vars:
pip_install_packages:
- name: docker
- name: awscli
roles:
- geerlingguy.pip
## License
MIT / BSD
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

6
roles/geerlingguy.pip/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,6 @@
---
# For Python 3, use python3-pip.
pip_package: python3-pip
pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"
pip_install_packages: []

2
roles/geerlingguy.pip/meta/.galaxy_install_info
Unescape Escape View File

@ -0,0 +1,2 @@
install_date: Fri 9 Sep 15:08:33 2022
version: 2.2.0

31
roles/geerlingguy.pip/meta/main.yml
Unescape Escape View File

@ -0,0 +1,31 @@
---
dependencies: []
galaxy_info:
role_name: pip
author: geerlingguy
description: Pip (Python package manager) for Linux.
issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
company: "Midwestern Mac, LLC"
license: "MIT"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- system
- server
- packaging
- python
- pip
- tools

28
roles/geerlingguy.pip/molecule/default/converge.yml
Unescape Escape View File

@ -0,0 +1,28 @@
---
- name: Converge
hosts: all
become: true
vars:
pip_install_packages:
# Test installing a specific version of a package.
- name: ipaddress
version: "1.0.18"
# Test installing a package by name.
- colorama
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Set package name for older OSes.
set_fact:
pip_package: python-pip
when: >
(ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int < 8)
or (ansible_distribution == 'Debian') and (ansible_distribution_major_version | int < 10)
or (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version | int < 18)
roles:
- role: geerlingguy.pip

18
roles/geerlingguy.pip/molecule/default/molecule.yml
Unescape Escape View File

@ -0,0 +1,18 @@
---
role_name_check: 1
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

15
roles/geerlingguy.pip/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,15 @@
---
- name: Ensure Pip is installed.
package:
name: "{{ pip_package }}"
state: present
- name: Ensure pip_install_packages are installed.
pip:
name: "{{ item.name | default(item) }}"
version: "{{ item.version | default(omit) }}"
virtualenv: "{{ item.virtualenv | default(omit) }}"
state: "{{ item.state | default(omit) }}"
extra_args: "{{ item.extra_args | default(omit) }}"
executable: "{{ pip_executable }}"
loop: "{{ pip_install_packages }}"

25
roles/setup_docker/README.md
Unescape Escape View File

@ -1,25 +0,0 @@
# setup_docker
Role to install docker. It also installs the docker and docker compose python modules.
## Table of content
- [Dependencies](#dependencies)
- [License](#license)
- [Author](#author)
---
## Dependencies
None.
## License
license (GPL-2.0-or-later, MIT, etc)
## Author
Cian Hatton

12
roles/setup_docker/meta/main.yml
Unescape Escape View File

@ -1,12 +0,0 @@
galaxy_info:
author: Cian Hatton
namespace: chatton
description: Setup Docker
license: MIT
min_ansible_version: "2.1"
galaxy_tags: []
platforms:
- name: Debian
versions:
- all
dependencies: []

50
roles/setup_docker/tasks/main.yml
Unescape Escape View File

@ -1,50 +0,0 @@
# @meta author: Cian Hatton
# @meta description: >
# Role to install docker. It also installs the docker and docker compose python
# modules.
# @end
# following official instructions here: https://docs.docker.com/engine/install/debian/
- name: Install packages using apt
ansible.builtin.apt:
name:
- ca-certificates
- curl
- gnupg2
- lsb-release
- pip
state: present
update_cache: true
- name: Add Docker GPG apt Key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
# TODO: paramaterize this
- name: Add Docker Repository
ansible.builtin.apt_repository:
repo: deb https://download.docker.com/linux/debian buster stable
state: present
- name: Install docker packages using apt
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
state: present
update_cache: true
- name: Install Docker Modules for Python
ansible.builtin.pip:
name:
- docker
- docker-compose
- name: Ensure docker is started
ansible.builtin.service:
name: docker
state: started

21
roles/setup_hosted_services/templates/docker-volume-backup.j2
Unescape Escape View File

@ -1,21 +0,0 @@
---
# https://app.idrivee2.com/region/IE/buckets/backups/object-storage
version: "3"
services:
docker-volume-backup:
container_name: docker-volume-backup
restart: always
image: {{dockervolumebackup.image}}:{{dockervolumebackup.tag}}
command: periodic-backups
environment:
AWS_ACCESS_KEY_ID: {{ docker_volume_backup.aws_access_key_id }}
AWS_SECRET_ACCESS_KEY: {{ docker_volume_backup.aws_secret_access_key }}
AWS_DEFAULT_REGION: {{ docker_volume_backup.aws_default_region }}
AWS_BUCKET: {{ docker_volume_backup.aws_bucket }}
AWS_ENDPOINT: {{ docker_volume_backup.aws_endpoint }}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- {{directories.backups_dir}}:/backups
- /tmp:/tmp
- {{dockervolumebackup.config_directory}}/config.yml:{{dockervolumebackup.config_directory}}/config.yml

36
roles/setup_hosted_services/templates/docker-volume-backup/config.j2
Unescape Escape View File

@ -1,36 +0,0 @@
---
periodic_backups:
- name: "Nightly Volume Backups"
schedule: "0 3 * * *"
schedule_key: {{ backups.schedule_keys.nightly }}
backups:
- name: "Nightly backup to local filesystem"
type: "filesystem"
filesystem_options:
host_path: {{ directories.backups_dir }}
- name: "Backup to iDrive E2"
type: "s3"
s3_options:
host_path: {{ directories.backups_dir }}
aws_access_key_id: {{ docker_volume_backup.aws_access_key_id }}
aws_secret_access_key: {{ docker_volume_backup.aws_secret_access_key }}
aws_default_region: {{ docker_volume_backup.aws_default_region }}
aws_bucket: {{ docker_volume_backup.aws_bucket }}
aws_endpoint: {{ docker_volume_backup.aws_endpoint }}
- name: "Monthly Volume Backups"
schedule: "0 0 1 * *"
schedule_key: {{ backups.schedule_keys.monthly }}
backups:
- name: "Monthly backup to local filesystem"
type: "filesystem"
filesystem_options:
host_path: {{ directories.backups_dir }}
- name: "Backup to iDrive E2"
type: "s3"
s3_options:
host_path: {{ directories.backups_dir }}
aws_access_key_id: {{ docker_volume_backup.aws_access_key_id }}
aws_secret_access_key: {{ docker_volume_backup.aws_secret_access_key }}
aws_default_region: {{ docker_volume_backup.aws_default_region }}
aws_bucket: {{ docker_volume_backup.aws_bucket }}
aws_endpoint: {{ docker_volume_backup.aws_endpoint }}
Write Preview
Loading…
Cancel
Save