-
Notifications
You must be signed in to change notification settings - Fork 30
/
deploy-docker.yml
186 lines (160 loc) · 5.48 KB
/
deploy-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
---
#Author: Naveen Joy
#Deploy docker to the hosts with specified roles
#Set up docker client to talk to docker daemon
#Run: ansible-playbook -i scripts/inventory.py deploy-docker.yml
- hosts:
- localhost
tasks:
- name: set base directory
set_fact:
ansible_base_dir: "{{ ansible_env.PWD }}"
tags:
- docker
- name: Ensure certificate directory exists locally to store issued certs
file: "path={{ ansible_base_dir }}/certs state=directory mode=0740"
tags:
- docker
- hosts:
- k8s_master
- k8s_worker
become_user: root
become: yes
vars_files:
- settings.yaml
vars:
docker0: false
tasks:
- name: Ensure certificate directory is present locally for each docker host
file: "path={{ hostvars['localhost']['ansible_base_dir'] }}/certs/{{ ansible_hostname }} state=directory mode=0740"
become: no
delegate_to: localhost
tags:
- docker
- name: create local docker client environment files
script: "./scripts/create_docker_env.py {{ ansible_hostname }}"
environment:
PYTHONPATH: "{{ lookup('env','PYTHONPATH') }}:./scripts"
DOCKER_CERT_PATH: "{{ hostvars['localhost']['ansible_base_dir'] }}/certs/{{ ansible_hostname }}"
become: no
delegate_to: localhost
tags:
- docker
- name: Add docker repo apt-key to authenticate packages
command: "apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 {% if http_proxy is defined -%}--keyserver-options http-proxy={{ http_proxy }} {% endif -%} --recv-keys 58118E89F3A912897C070ADBF76221572C52609D"
tags:
- docker
- name: Update apt sources to use packages in the docker repo
apt_repository: "repo='deb https://apt.dockerproject.org/repo {{ ansible_distribution | lower }}-{{ ansible_distribution_release }} main' state=present"
register: add_apt_source_docker
environment:
http_proxy: "{{ http_proxy|default('') }}"
https_proxy: "{{ https_proxy|default('') }}"
no_proxy: "{{ no_proxy|default('') }}"
tags:
- docker
- name: update apt cache
apt: update_cache=yes
environment:
http_proxy: "{{ http_proxy|default('') }}"
https_proxy: "{{ https_proxy|default('') }}"
no_proxy: "{{ no_proxy|default('') }}"
when: add_apt_source_docker.changed
tags:
- docker
- name: "install linux-image-extra-{{ ansible_kernel }} and bridge-utils package"
apt: "name={{ item }} state=present"
with_items:
- "linux-image-extra-{{ ansible_kernel }}"
- "bridge-utils"
environment:
http_proxy: "{{ http_proxy|default('') }}"
https_proxy: "{{ https_proxy|default('') }}"
no_proxy: "{{ no_proxy|default('') }}"
tags:
- docker
- name: install latest docker
apt: "name=docker-engine state=latest"
environment:
http_proxy: "{{ http_proxy|default('') }}"
https_proxy: "{{ https_proxy|default('') }}"
no_proxy: "{{ no_proxy|default('') }}"
tags:
- docker
- name: Ensure /etc/docker is present
file: path=/etc/docker state=directory mode=0744
tags:
- docker
- name: Update docker options file
template: src=./templates/etc-default-docker.j2 dest=/etc/default/docker owner=root group=root mode=0644
notify:
- restart docker
register: docker_options
tags:
- docker
- name: Get docker bridge
command: "brctl show"
register: docker_bridge
tags:
- docker
- name: Set docker0 to true if present
set_fact:
docker0: true
when: "'docker0' in docker_bridge.stdout"
tags:
- docker
- name: docker bridge
debug: msg="System {{ inventory_hostname }} has docker_bridge {{ docker_bridge }}"
tags: debug
- name: docker0
debug: msg="System {{ inventory_hostname }} has docker0 {{ docker0 }}"
tags: debug
- name: stop docker to update docker options and bridge
service: name=docker state=stopped
when: docker_options.changed or docker0
tags:
- docker
- name: replace default docker0 bridge with the container bridge:cbr0
script: "./scripts/create-bridge.sh {{ node_pod_cidr[item] }}"
with_items: "{{ ansible_hostname }}"
when: docker0
tags:
- docker
- name: persist cbr0 configs across reboots
template: src=./templates/cbr0.cfg.j2 dest=/etc/network/interfaces.d/cbr0.cfg
with_items: "{{ ansible_hostname }}"
tags:
- docker
- name: Ensure the docker group is present
group: name=docker state=present
tags:
- docker
- name: Ensure docker daemon is started
service: name=docker state=started
tags:
- docker
- name: Ensure ntp is present
apt: name=ntp state=present
environment:
http_proxy: "{{ http_proxy|default('') }}"
https_proxy: "{{ https_proxy|default('') }}"
no_proxy: "{{ no_proxy|default('') }}"
tags:
- docker
- ntp
- name: Configure ntp file
template: src=./templates/ntp.conf.j2 dest=/etc/ntp.conf
notify: restart ntp
tags:
- docker
- ntp
- name: Start the ntp service
service: name=ntp state=started enabled=yes
tags:
- docker
- ntp
handlers:
- name: restart ntp
service: name=ntp state=restarted
- name: restart docker
service: name=docker state=restarted