blob: b99437d97197c063ec3f18cbf83d2c0ed40e2988 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
---
- name: Install dependencies
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
state: present
update_cache: true
- name: Docker GPG key
become: true
ansible.builtin.apt_key:
url: >
https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present
- name: Repository docker
ansible.builtin.apt_repository:
repo: >
deb https://download.docker.com/linux/{{ ansible_distribution | lower }}
{{ ansible_distribution_release }} stable
state: present
- name: Make docker group id deterministic
ansible.builtin.group:
name: docker
gid: "{{ docker_gid }}"
state: present
- name: Install docker
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
state: present
update_cache: true
notify:
- Enable docker
- name: Copy docker rollout script
ansible.builtin.copy:
src: docker-rollout
dest: /usr/local/bin/docker-rollout
mode: 0755
- name: Copy docker-compose@.service
ansible.builtin.copy:
src: docker-compose@.service
dest: /etc/systemd/system/docker-compose@.service
- name: Ensure /etc/docker/compose exist
ansible.builtin.file:
path: /etc/docker/compose
state: directory
mode: 0700
- name: Allow all traffic from Docker subnets
community.general.ufw:
rule: allow
from_ip: "172.16.0.0/12"
to_ip: "any"
notify:
- Reload ufw
|
