Imported playbook and roles from our previously separate docker-swarm…

… repository to bring up the swarm instance.

docker_nodes_provision.yml

@@ -0,0 +1,12 @@
+- hosts: docker_nodes
+  roles:
+    - role: docker_node
+
+- hosts: docker_swarm_nodes
+  roles:
+    - role: docker_swarm_node
+
+# the build node needs git installed for the build process to be able to fetch git repositories
+- hosts: docker_build_hosts
+  roles:
+    - role: git

roles/docker_node/handlers/main.yml

@@ -0,0 +1,6 @@
+- name: Enable and start or restart docker
+  service:
+    name: docker
+    enabled: yes
+    state: restarted
+  become: true

roles/docker_node/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: docker_package_repository
+  - role: docker_python

roles/docker_node/tasks/main.yml

@@ -0,0 +1,14 @@
+- name: install docker
+  package:
+    name: docker-ce
+    state: present
+  become: true
+    - Enable and start or restart docker
+
+- name: install /etc/docker/daemon.json
+  template:
+    src: daemon.json
+    dest: /etc/docker/daemon.json
+  become: true
+  notify:
+    - Enable and start or restart docker

roles/docker_node/templates/daemon.json

@@ -0,0 +1 @@
+{{ docker_daemon_config | to_nice_json(indent=2) }}

roles/docker_package_repository/tasks/main.yml

@@ -0,0 +1,9 @@
+- name: add docker repository for RedHat
+  yum_repository:
+    name: docker
+    state: present
+    baseurl: "{{ redhat.baseurl }}"
+    description: Docker Repository
+    gpgkey: "{{ redhat.gpgkey }}"
+  become: true
+  when: ansible_os_family == 'RedHat'

roles/docker_package_repository/vars/main.yml

@@ -0,0 +1,3 @@
+redhat:
+  baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
+  gpgkey: https://download.docker.com/linux/centos/gpg

roles/docker_python/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - role: pip

roles/docker_python/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: install docker python library
+  pip:
+    name: docker
+    state: present
+  become: true

roles/docker_swarm_node/tasks/existing_join_tokens.yml

@@ -0,0 +1,21 @@
+- name: fetch swarm status of all nodes
+  docker_swarm:
+    state: inspect
+  register: swarm_info
+  become: true
+
+- name: grab first join token and manager to join
+  set_fact:
+    manager_join_token: "{{ hostvars[item]['swarm_info']['swarm_facts']['JoinTokens']['Manager'] }}"
+    worker_join_token: "{{ hostvars[item]['swarm_info']['swarm_facts']['JoinTokens']['Worker'] }}"
+    swarm_join_member: "{{ item }}"
+  loop: "{{ groups['docker_swarm_managers'] }}"
+  run_once: true
+  when: "('swarm_facts' in hostvars[item]['swarm_info']) and (manager_join_token is not defined)"
+
+- name: check for conflicting join tokens
+  fail:
+    msg: conflicting join tokens found!
+  loop: "{{ groups['docker_swarm_managers'] }}"
+  run_once: true
+  when: "('swarm_facts' in hostvars[item]['swarm_info']) and (manager_join_token is defined) and (manager_join_token!=hostvars[item]['swarm_info']['swarm_facts']['JoinTokens']['Manager'])"

roles/docker_swarm_node/tasks/join_swarm.yml

@@ -0,0 +1,20 @@
+- name: bring up managers not currently in the swarm
+  docker_swarm:
+    state: join
+    advertise_addr: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+    remote_addrs:
+      - "{{ hostvars[swarm_join_member]['ansible_default_ipv4']['address'] }}"
+    join_token: "{{ manager_join_token }}"
+  when: "('docker_swarm_managers' in group_names) and ('swarm_facts' not in swarm_info)"
+  become: true
+
+# workers don't return swarm_facts, so this runs even for workers already in the swarm
+- name: bring up workers
+  docker_swarm:
+    state: join
+    advertise_addr: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+    remote_addrs:
+      - "{{ hostvars[swarm_join_member]['ansible_default_ipv4']['address'] }}"
+    join_token: "{{ worker_join_token }}"
+  when: "'docker_swarm_workers' in group_names"
+  become: true

roles/docker_swarm_node/tasks/main.yml

@@ -0,0 +1,10 @@
+- include_tasks: swarm_firewall_ports.yml
+
+- include_tasks: existing_join_tokens.yml
+
+- when: "('docker_swarm_managers' in group_names) and (manager_join_token is not defined)"
+  include_tasks: new_swarm.yml
+
+- include_tasks: existing_join_tokens.yml
+
+- include_tasks: join_swarm.yml

roles/docker_swarm_node/tasks/new_swarm.yml

@@ -0,0 +1,6 @@
+- name: bring up first swarm member
+  docker_swarm:
+    state: present
+  become: true
+  run_once: true
+  register: new_swarm_info

roles/docker_swarm_node/tasks/swarm_firewall_ports.yml

@@ -0,0 +1,13 @@
+- name: allow docker swarm ports between docker nodes
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: yes
+    state: enabled
+    immediate: yes
+  loop:
+    - port: 2376/tcp
+    - port: 2377/tcp
+    - port: 7946/tcp
+    - port: 7946/udp
+    - port: 4789/udp
+  become: yes

roles/epel-release/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: install epel-release
+  package:
+    name: epel-release
+    state: present
+  become: true

roles/git/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: install git
+  package:
+    name: git
+    state: present
+  become: yes

roles/pip/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: epel-release
+  - role: setuptools

roles/pip/tasks/main.yml

@@ -0,0 +1,4 @@
+- name: install pip
+  package:
+    name: python2-pip
+  become: true

roles/setuptools/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: install setuptools
+  package:
+    name: python-setuptools
+    state: present
+  become: true