forked from evolix/ansible-roles
956ecd4700
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks).
113 lines
2.5 KiB
YAML
113 lines
2.5 KiB
YAML
# This role installs the docker daemon
|
|
---
|
|
- name: Remove older docker packages
|
|
apt:
|
|
name:
|
|
- docker
|
|
- docker-engine
|
|
- docker.io
|
|
state: absent
|
|
|
|
- name: Install source requirements
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg2
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Add Docker repository
|
|
apt_repository:
|
|
repo: 'deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
|
|
state: present
|
|
update_cache: no
|
|
filename: docker.list
|
|
|
|
- import_tasks: jessie_backports.yml
|
|
when: ansible_distribution_release == 'jessie'
|
|
|
|
- name: Add Docker's official GPG key
|
|
copy:
|
|
src: docker-debian.asc
|
|
dest: /etc/apt/trusted.gpg.d/docker-debian.asc
|
|
force: yes
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Install Docker
|
|
apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
update_cache: yes
|
|
|
|
- name: python-docker is installed
|
|
apt:
|
|
name: python-docker
|
|
state: present
|
|
when: ansible_python_version is version('3', '<')
|
|
|
|
- name: python3-docker is installed
|
|
apt:
|
|
name: python3-docker
|
|
state: present
|
|
when: ansible_python_version is version('3', '>=')
|
|
|
|
- name: Copy Docker daemon configuration file
|
|
template:
|
|
src: daemon.json.j2
|
|
dest: /etc/docker/daemon.json
|
|
notify: restart docker
|
|
|
|
- name: Create override directory for docker unit
|
|
file:
|
|
name: /etc/systemd/system/docker.service.d/
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Remove options in ExecStart from docker unit
|
|
copy:
|
|
src: docker.conf
|
|
dest: /etc/systemd/system/docker.service.d/
|
|
mode: "0644"
|
|
notify: reload systemd
|
|
|
|
- name: Creating Docker tmp directory
|
|
file:
|
|
path: "{{ docker_tmpdir }}"
|
|
state: directory
|
|
mode: "0644"
|
|
owner: root
|
|
|
|
- name: Creating Docker TLS directory
|
|
file:
|
|
path: "{{ docker_tls_path }}"
|
|
state: directory
|
|
mode: "0644"
|
|
owner: root
|
|
when: docker_tls_enabled | bool
|
|
|
|
- name: Copy shellpki utility to Docker TLS directory
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "{{ docker_tls_path }}/{{ item }}"
|
|
mode: "0744"
|
|
loop:
|
|
- shellpki.sh
|
|
- openssl.cnf
|
|
when: docker_tls_enabled | bool
|
|
|
|
- name: Check if certs are already created
|
|
stat:
|
|
path: "{{ docker_tls_path }}/certs"
|
|
register: tls_certs_stat
|
|
|
|
- name: Creating a CA, server key
|
|
command: "{{ docker_tls_path }}/shellpki.sh init"
|
|
when:
|
|
- docker_tls_enabled | bool
|
|
- not tls_certs_stat.stat.isdir
|