-
Notifications
You must be signed in to change notification settings - Fork 5
/
docker.yml
156 lines (137 loc) · 4.23 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
---
- hosts: homelab
vars:
application: docker
handlers:
- name: Restart
ansible.builtin.service:
name: docker
state: restarted
- name: Update grub
ansible.builtin.command: update-grub
changed_when: true
tasks:
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
cache_valid_time: 600
changed_when: false
# Based on https://docs.docker.com/engine/install/ubuntu/
- name: Uninstall old versions
ansible.builtin.apt:
name:
- docker.io
- docker-compose
- docker-compose-v2
- docker-doc
- podman-docker
- containerd
- runc
state: absent
- name: Install dependencies
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- lsb-release
state: present
register: result
until: result is success
retries: 5
delay: 5
- name: Add Docker's official GPG key
ansible.builtin.get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: "/etc/apt/trusted.gpg.d/{{ application }}"
owner: "{{ common_root_id }}"
group: "{{ common_root_group }}"
mode: "0644"
register: result
until: result is success
retries: 5
delay: 5
- name: Add Docker Repository
ansible.builtin.apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/{{ application }}] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
register: __apt_repository
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
when: __apt_repository.changed
register: result
until: result is success
retries: 5
delay: 5
- name: Install Docker
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: present
register: result
until: result is success
retries: 5
delay: 5
- name: Install docker-compose
ansible.builtin.get_url:
url: "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}"
dest: /usr/local/bin/docker-compose
mode: "0755"
- name: Start Docker
ansible.builtin.service:
name: docker
state: started
enabled: true
- name: Add user to Docker group
ansible.builtin.user:
name: "{{ common_user }}"
groups: docker
append: true
- name: Install docker pip package
ansible.builtin.apt:
name: python3-docker
- name: Create Docker networks
community.docker.docker_network:
name: "{{ item.value.name }}"
driver: "{{ item.value.driver }}"
ipam_config:
- gateway: "{{ item.value.subnet | ansible.utils.ipaddr('address') }}"
subnet: "{{ item.value.subnet | ansible.utils.ipaddr('0') }}"
iprange: "{{ item.value.iprange }}"
driver_options:
parent: "{{ item.value.parent }}.{{ item.value.vlan }}"
loop: "{{ networks | dict2items }}"
notify: Restart
- name: Enable swap limit support
ansible.builtin.lineinfile:
dest: /etc/default/grub
state: present
regex: '^GRUB_CMDLINE_LINUX='
line: 'GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"'
notify: Update grub
# https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
- name: Configure daemon
ansible.builtin.copy:
content: |
{
"dns": ["192.168.1.1"],
"live-restore": true,
"ipv6": false,
"experimental": false
}
dest: "/etc/docker/daemon.json"
owner: "root"
group: "root"
mode: "0755"
notify: Restart
- name: Prune images daily
ansible.builtin.cron:
name: "docker image prune"
hour: "1"
minute: "0"
job: "docker image prune --filter 'label!=skip.prune=true' --all --force > /dev/null 2>&1"