Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • fejao/c3infodesk-deployment-role-dependencies
1 result
Show changes
Commits on Source (4)
Hide whitespace changes
Inline Side-by-side
Showing
with 954 additions and 73 deletions
.gitignore 0 → 100644
View file @ 062295b3
*OLD*
.gitlab-ci.yml 0 → 100644
View file @ 062295b3
---
###
### VARIABLES
###
variables:
AUTHOR: fejao
IMAGE_NAME_LINT: python:3.10.15-bullseye
PATH_ENV_DIR: "/builds/fejao/c3infodesk-deployment-role-dependencies"
PATH_PYTHON_REQ_FILE: "/builds/fejao/c3infodesk-deployment-role-dependencies/ci-cd/python_requirements.txt"
PATH_PLAYBOOK: "/builds/fejao/c3infodesk-deployment-role-dependencies/ci-cd/playbook_role_test.yml"
###
### STAGES
###
stages:
- yamllint
- upstream-trigger
###
### SCRIPTS
###
.install_dependencies: &install_dependencies
# Install python and it's requirements
- apt-get update && apt-get install -y python3-pip && apt-get clean && rm -rf /var/lib/apt/lists/*
- pip3 install -r $PYTHON_REQ_FILE_PATH
### Correct the permissions on the build environment directory.
### See https://github.com/ansible/ansible/pull/42142/files
- chmod 700 $PATH_ENV_DIR
###
### JOBS
###
yamllint-test:
stage: yamllint
image: $IMAGE_NAME_LINT
variables:
PYTHON_REQ_FILE_PATH: $PATH_PYTHON_REQ_FILE
PLAYBOOK_PATH: $PATH_PLAYBOOK
before_script:
- *install_dependencies
script:
- echo "This is the 'yamllint' test from the 'dependencies' role"
- yamllint .
trigger-pipeline:
stage: upstream-trigger
variables:
RUN_UPSTREAM_FOR_ROLE_DEPENDENCIES: true
trigger:
project: fejao/c3infodesk-deployment
branch: main
strategy: depend
.yamllint 0 → 100644
View file @ 062295b3
---
# https://ansible.readthedocs.io/projects/lint/rules/yaml/
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
rules:
anchors: enable
# braces: enable
# braces: disable
braces:
max-spaces-inside: 1
brackets: enable
colons: enable
commas: enable
comments:
level: warning
min-spaces-from-content: 1
comments-indentation: false
document-end: disable
document-start:
level: warning
empty-lines: enable
empty-values: disable
float-values: disable
hyphens: enable
# indentation: enable
indentation: disable
key-duplicates: enable
key-ordering: disable
# line-length: enable
line-length:
# max: 160
### roles/dependencies/defaults/main.yml:72 --> 232 characters
max: 240
new-line-at-end-of-file: enable
new-lines: enable
# octal-values: disable
quoted-strings: disable
trailing-spaces: enable
truthy:
level: warning
####
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
# var-naming: disable
# var-naming:
# no-role-prefix: disable
README.md
View file @ 062295b3
# c3infodesk-deployment-role-dependencies
# dependencies role
This ansible-role for dealing with installing the dependencies for deploying the system used from **c3infodesk**.
## Mentions
This role uses great part of it from [geerlingguy](https://github.com/geerlingguy) for installing **docker** at the target host.
The original code used can be found at: [https://github.com/geerlingguy/ansible-role-docker](https://github.com/geerlingguy/ansible-role-docker)
## Requirements
- To have [ansible](https://docs.ansible.com/ansible/latest/installation_guide/installation_distros.html) installed at your system.
## Configuration
You need to set some configuration for this to work
- ### ansible.cfg
You have to edit the **ansible.cfg** file to your needs for accessing your target.
- #### remote_user
You need to set the **remote_user** configuration for accessing the target host.
Example: [remote_user](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/ansible.cfg#L227)
- ### HOST_VARS
In order to access your target host, you need to create/edit your **inventories/host_vars/<YOUR_HOST_NAME>.yml**
- #### ansible_become_pass
You need to set the **sudo** password from the user setted on **remote_user** for installing packages and etc. at the target.
Example: [ansible_become_pass](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/inventories/host_vars/example_server.yml#L5)
## Getting started
- ### HOSTS
You need to provide a **group** in which your target belongs to with the same name setted for **inventories/host_vars/<YOUR_HOST_NAME>.yml**.
To make it easy for you to get started with GitLab, here's a list of recommended next steps.
There you can add/edit the target address/IP.
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
Example: [hosts](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/inventories/hosts)
## Add your files
## Role Variables
Here are the variables setted:
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
- ### From: inventories/host_vars/<TARGET_NAME>
Here are the variables that you should be changing for your own deployment.
- **docker_users**: DEFAULT="[test-user]"
- The users to be added to the docker group.
- These users should should contain at least the same user setted on **ansible.cfg** at the **remote_user**
- **ansible_become_pass**: DEFAULT="Please change this"
- The password used from the user setted on **ansible.cfg** at the **remote_user**
- ### From: inventories/group_vars/<TARGET_GROUP>
This role needs no variable setted on **group_vars**
- ### From: roles/clone-repositories/defaults/main.yml
Here are the variables used for this role. Please don't change then here but instead in **inventories/host_vars/<TARGET_NAME>**
```
cd existing_repo
git remote add origin https://git.cccv.de/fejao/c3infodesk-deployment-role-dependencies.git
git branch -M main
git push -uf origin main
```
- **docker_users**
- **ansible_become_pass**
- **os_dependencies_packages**
- **docker_edition**
- **docker_packages**
- **docker_packages_state**
- **docker_obsolete_packages**
- **docker_obsolete_packages**
- **docker_service_manage**
- **docker_service_state**
- **docker_service_enabled**
- **docker_restart_handler_state**
- **docker_install_compose_plugin**
- **docker_compose_package**
- **docker_compose_package_state**
- **docker_install_compose**
- **docker_compose_version**
- **docker_compose_arch**
- **docker_compose_url**
- **docker_compose_path**
- **docker_add_repo**
- **docker_apt_release_channel**
- **docker_apt_ansible_distribution**
- **docker_apt_arch**
- **docker_apt_repository**
- **docker_apt_ignore_key_error**
- **docker_apt_gpg_key**
- **docker_apt_gpg_key_checksum**
- **docker_apt_filename**
- **docker_yum_repo_url**
- **docker_yum_repo_enable_nightly**
- **docker_yum_repo_enable_test**
- **docker_yum_gpg_key**
- **docker_daemon_options**
## Integrate with your tools
- ### From: roles/dependencies/vars/main.yml
- **docker_packages**
- **docker_compose_package**
- [ ] [Set up project integrations](https://git.cccv.de/fejao/c3infodesk-deployment-role-dependencies/-/settings/integrations)
## Collaborate with your team
## Dependencies
This role have no dependency from any another role.
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Set auto-merge](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
## Example Playbook
Use the built-in continuous integration in GitLab.
- ### Using the provided example
For using the example playbook **[playbooks/examples/example_02_dependencies.yml](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/playbooks/examples/example_02_dependencies.yml)** file you only need to:
- Change the user at the **[ansible.cfg](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/ansible.cfg)** file at the field **[remote_user](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/ansible.cfg#L227)** for acessing your target.
- Update the file **[inventories/host_vars/example_server.yml](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/inventories/host_vars/example_server.yml)** and change the value for **[ansible_become_pass](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/inventories/host_vars/example_server.yml#L5)** from the **[remote_user](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/ansible.cfg#L227)**
- Update the **[inventories/hosts](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/inventories/hosts)** file and change the **[example_server](https://git.cccv.de/fejao/c3infodesk-deployment/-/blob/main/inventories/hosts#L2)** with the IP address from your target.
And run the command:
```bash
ansible-playbook -i inventories/hosts playbooks/examples/example_02_dependencies.yml
```
- ### Setting your own example
After setting your variables at **inventories/host_vars/<HOST_NAME>**, you can add this role to your playbook as a regular role.
Here is an example using the **<HOST_NAME>** as **test_servers**
```yaml
- hosts:
- test_servers
roles:
- roles/c3infodesk-deployment-role-dependencies
```
And call the playbook as:
```bash
ansible-playbook -i <INVENTORY> <PLAYBOOK_NAME>.yml
```
## Testing
You can test this locally using **DIND (docker in docker)** at your own computer using [ansible molecule](https://ansible.readthedocs.io/projects/molecule/installation/)
- ### Testing requirements
You need docker installed at your system and the [ansible molecule](https://ansible.readthedocs.io/projects/molecule/installation/).
You might have to set DIND at your system, for linux, you can create the file **/etc/docker/daemon.json**
And add the content and restart docker.
```json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"features": {
"buildkit": true
},
"experimental": true,
"cgroup-parent": "docker.slice"
}
```
- ### Using molecule
Just go to the root of the role **roles/dependencies** and run the command:
```bash
molecule test
```
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thanks to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
## Name
Choose a self-explaining name for your project.
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
## License
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
MIT / BSD
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
## Author Information
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
[https://chaos.social/@fejao](https://chaos.social/@fejao)
ci-cd/python_requirements.txt 0 → 100644
View file @ 062295b3
yamllint
ansible
ansible-dev-tools
ansible-lint
defaults/main.yml 0 → 100644
View file @ 062295b3
---
# defaults file for dependencies
###
### DEPLOYMENT USER
###
# This should be the password from the deployment user setted on ansible.cfg
ansible_become_pass: "UPDATE THIS FOR THE HOSTS"
# A list of users who will be added to the docker group.
docker_users: []
###
### install_packages.yml
###
os_dependencies_packages:
- bash-completion
- git
- htop
- vim
- tree
###
### install_docker.yml
###
docker_installed: false
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_packages:
- "docker-{{ docker_edition }}"
- "docker-{{ docker_edition }}-cli"
- "docker-{{ docker_edition }}-rootless-extras"
- "containerd.io"
- docker-buildx-plugin
docker_packages_state: present
docker_obsolete_packages:
- docker
- docker.io
- docker-engine
- docker-doc
- podman-docker
- containerd
- runc
# Service options.
docker_service_manage: true
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
# Docker Compose Plugin options.
docker_install_compose_plugin: true
docker_compose_package: docker-compose-plugin
docker_compose_package_state: present
# Docker Compose options.
docker_install_compose: false
docker_compose_version: "v2.32.1"
docker_compose_arch: "{{ ansible_architecture }}"
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
docker_compose_path: /usr/local/bin/docker-compose
# Enable repo setup
docker_add_repo: true
# Docker repo URL.
docker_repo_url: https://download.docker.com/linux
# Used only for Debian/Ubuntu/Pop!_OS/Linux Mint. Switch 'stable' to 'nightly' if needed.
docker_apt_release_channel: stable
# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
# and is only necessary until Docker officially supports them.
docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}"
docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}"
docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: true
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
docker_apt_filename: "docker"
# Used only for RedHat/CentOS/Fedora.
docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/docker-{{ docker_edition }}.repo"
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
# Docker daemon options as a dict
docker_daemon_options: {}
handlers/main.yml 0 → 100644
View file @ 062295b3
---
# handlers file for dependencies
- name: HANDLER_RESTART_DOCKER
ansible.builtin.systemd_service:
name: docker
state: restarted
daemon_reload: true
when: docker_service_manage | bool
become: true
meta/main.yml 0 → 100644
View file @ 062295b3
---
galaxy_info:
role_name: dependencies
description: Role to install the dependencies from the c3InfoDesk sytems
author: fejao
company: cccv.de
license: "MIT / BSD"
min_ansible_version: '2.10'
galaxy_tags: []
dependencies: []
molecule/README.md 0 → 100644
View file @ 062295b3
## ansible molecule tests for role: dependencies
## Why to use it
It's allways a good idea to test your things.
With **ansible molecule** you can test your role locally without the need of using a **real server** but a local **docker container**.
## Dependencies
- ### molecule
You need to have [ansible molecule](https://ansible.readthedocs.io/projects/molecule/installation/) installed.
- ### DIND (docker in docker)
For using the tests, you will to have **docker** installed locally and and set it for using **DIND (docker in docker)**
- ### DIND linux
You have to create/edit the file **/etc/docker/daemon.json** with the content:
```json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"features": {
"buildkit": true
},
"experimental": true,
"cgroup-parent": "docker.slice"
}
```
## Configuration
There's not much for configuring for using the tests
## Running the tests
For running the **molecule tests** you just need to run the command:
```bash
molecule test
```
molecule/default/converge.yml 0 → 100644
View file @ 062295b3
---
- name: MOLECULE | Converge
hosts: all
pre_tasks:
- name: MOLECULE | COVERGE | PRE-TASKS | VARIABLES | From -> ../../defaults
ansible.builtin.include_vars:
dir: ../../defaults
depth: 1
extensions:
- 'yml'
- name: MOLECULE | COVERGE | PRE-TASKS | VARIABLES | From -> ../../vars
ansible.builtin.include_vars:
dir: ../../vars
depth: 1
extensions:
- 'yml'
- name: MOLECULE | COVERGE | PRE-TASKS | VARIABLES | From -> ../../../../inventories/group_vars
ansible.builtin.include_vars:
dir: ../../../../inventories/group_vars
extensions:
- 'yml'
- name: MOLECULE | COVERGE | PRE-TASKS | VARIABLES | From -> ../../../../inventories/host_vars
ansible.builtin.include_vars:
dir: ../../../../inventories/host_vars
extensions:
- 'yml'
tasks:
- name: MOLECULE | CONVERGE | Call the 'dependencies' role.
ansible.builtin.include_role:
# name: dependencies
name: c3infodesk-deployment-role-dependencies
molecule/default/molecule.yml 0 → 100644
View file @ 062295b3
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: molecule_dependencies
### At the moment I'm not running at the latest kernel, please use always with a older kernel than the host
# image: docker.io/geerlingguy/docker-ubuntu2204-ansible
image: geerlingguy/docker-ubuntu2204-ansible:latest
command: /usr/sbin/init
pre_build_image: true
cgroupns_mode: host
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- /var/lib/containerd
provisioner:
name: ansible
lint: |
ansible-lint --exclude molecule/default/
scenario:
name: default
create_sequence:
- dependency
- create
- prepare
check_sequence:
- dependency
- cleanup
- destroy
- create
- prepare
- converge
- check
- destroy
converge_sequence:
- dependency
- create
- prepare
- converge
destroy_sequence:
- dependency
- cleanup
- destroy
test_sequence:
# - lint
# - dependency
# - cleanup
- destroy
- syntax
- create
# - prepare
- converge
- verify
- idempotence
# - side_effect
# - cleanup
- destroy
verifier:
name: ansible
molecule/default/verify.yml 0 → 100644
View file @ 062295b3
---
- name: VERIFY | Test role for debugging variables
hosts: all
vars:
package_name_docker: 'docker'
package_name_docker_ce: 'docker-ce'
package_name_docker_compose: 'docker-compose'
package_name_docker_compose_plugin: 'docker-compose-plugin'
pre_tasks:
- name: MOLECULE | VERIFY | PRE-TASKS | VARIABLES | From -> ../../defaults
ansible.builtin.include_vars:
dir: ../../defaults
depth: 1
extensions:
- 'yml'
- name: MOLECULE | VERIFY | PRE-TASKS | VARIABLES | From -> ../../vars
ansible.builtin.include_vars:
dir: ../../vars
depth: 1
extensions:
- 'yml'
- name: MOLECULE | VERIFY | PRE-TASKS | VARIABLES | From -> ../../../../inventories/group_vars
ansible.builtin.include_vars:
dir: ../../../../inventories/group_vars
extensions:
- 'yml'
- name: MOLECULE | VERIFY | PRE-TASKS | VARIABLES | From -> ../../../../inventories/host_vars
ansible.builtin.include_vars:
dir: ../../../../inventories/host_vars
extensions:
- 'yml'
tasks:
###
### POPULATE
###
- name: MOLECULE | VERIFY | POPULATE | Gather the package facts
ansible.builtin.package_facts:
manager: auto
# - name: MOLECULE | VERIFY | POPULATE | Gather service facts
# ansible.builtin.service_facts:
###
### TESTS - PACKAGES
###
- name: MOLECULE | VERIFY | TEST | Check that the packages from 'os_dependencies_packages' are installed.
ansible.builtin.debug:
msg: "Package: '{{ package_name }}' is installed"
loop: "{{ os_dependencies_packages }}"
loop_control:
loop_var: package_name
failed_when: package_name not in ansible_facts.packages
- name: MOLECULE | VERIFY | TEST | Check that docker is installed.
ansible.builtin.debug:
msg: "Package: 'docker' is installed"
failed_when:
- package_name_docker not in ansible_facts.packages
- package_name_docker_ce not in ansible_facts.packages
- name: MOLECULE | VERIFY | TEST | Check that docker-compose is installed.
ansible.builtin.debug:
msg: "Package: 'docker-cokmpose' is installed"
failed_when:
- package_name_docker_compose not in ansible_facts.packages
- package_name_docker_compose_plugin not in ansible_facts.packages
###
### TESTS - DOCKER
###
- name: MOLECULE | VERIFY | TEST | Get docker service state.
ansible.builtin.systemd:
name: "docker"
register: docker_service
- name: MOLECULE | VERIFY | TEST | Check that docker is running.
ansible.builtin.debug:
msg: "Docker IS running..."
failed_when: "'active' != docker_service.status.ActiveState"
###
### TESTS - ADDED USERS
###
- name: MOLECULE | VERIFY | TEST | Get added users infos.
ansible.builtin.user:
name: "{{ item }}"
loop: "{{ docker_users }}"
check_mode: true
register: test_users
- name: MOLECULE | VERIFY | TEST | Check if users exists
ansible.builtin.debug:
msg: "User {{ item.item }} {{ 'exists' if item.state | d('') == 'present' else 'does not exist' }}"
loop: "{{ test_users.results }}"
loop_control:
label: "{{ item.item }}"
- name: MOLECULE | VERIFY | TEST | Get the groups that the users belongs to.
ansible.builtin.command:
cmd: "id -Gn {{ item.item }}"
loop: "{{ test_users.results }}"
loop_control:
label: "{{ item.item }}"
register: user_groups
changed_when: false
- name: MOLECULE | VERIFY | TEST | Check that the users are at the 'docker' group.
ansible.builtin.debug:
msg: "User '{{ item.item.item }}' belongs to the docker group"
with_items: "{{ user_groups.results }}"
failed_when: "'docker' not in item.stdout"
tasks/docker/install_compose.yml 0 → 100644
View file @ 062295b3
---
- name: DOCKER | COMPOSE | Check current docker-compose version.
ansible.builtin.command: "{{ docker_compose_path }} --version"
register: docker_compose_vsn
check_mode: false
changed_when: false
failed_when: false
- name: Setting the docker compose version
ansible.builtin.set_fact:
docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}"
when: >
docker_compose_vsn.stdout is defined
and (docker_compose_vsn.stdout | length > 0)
- name: DOCKER | COMPOSE | Delete existing docker-compose version if it's different.
ansible.builtin.file:
path: "{{ docker_compose_path }}"
state: absent
when: >
docker_compose_current_version is defined
and (docker_compose_version | regex_replace('v', '')) not in docker_compose_current_version
- name: DOCKER | COMPOSE | Install Docker Compose (if configured).
ansible.builtin.get_url:
url: "{{ docker_compose_url }}"
dest: "{{ docker_compose_path }}"
mode: "0755"
when: >
(docker_compose_current_version is not defined)
or (docker_compose_current_version | length == 0)
or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<'))
tasks/docker/install_docker_users.yml 0 → 100644
View file @ 062295b3
---
- name: DOCKER | USERS | Ensure docker users are added to the docker group.
ansible.builtin.user:
name: "{{ item }}"
groups: docker
append: true
with_items: "{{ docker_users }}"
become: true
- name: DOCKER | USERS | Reset ssh connection to apply user changes.
ansible.builtin.meta: reset_connection
tasks/docker/setup-Debian.yml 0 → 100644
View file @ 062295b3
---
- name: DOCKER | DEBIAN | Ensure apt key is not present in trusted.gpg.d
ansible.builtin.file:
path: /etc/apt/trusted.gpg.d/docker.asc
state: absent
- name: DOCKER | DEBIAN | Ensure old apt source list is not present in /etc/apt/sources.list.d
ansible.builtin.file:
path: /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list
state: absent
- name: DOCKER | DEBIAN | Ensure the repo referencing the previous trusted.gpg.d key is not present
ansible.builtin.apt_repository:
repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
state: absent
filename: "{{ docker_apt_filename }}"
update_cache: true
when: docker_add_repo | bool
# See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
- name: DOCKER | DEBIAN | Ensure old versions of Docker are not installed.
ansible.builtin.package:
name: "{{ docker_obsolete_packages }}"
state: absent
- name: DOCKER | DEBIAN | Ensure dependencies are installed.
become: true
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
state: present
when: docker_add_repo | bool
- name: DOCKER | DEBIAN | Ensure directory exists for /etc/apt/keyrings
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
- name: DOCKER | DEBIAN | Add Docker apt key.
ansible.builtin.get_url:
url: "{{ docker_apt_gpg_key }}"
dest: /etc/apt/keyrings/docker.asc
mode: "0644"
force: false
checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
register: add_repository_key
ignore_errors: "{{ docker_apt_ignore_key_error }}"
when: docker_add_repo | bool
become: true
- name: DOCKER | DEBIAN | Ensure curl is present (on older systems without SNI).
ansible.builtin.apt:
name: curl
state: present
when: add_repository_key is failed and docker_add_repo | bool
- name: DOCKER | DEBIAN | Add Docker apt key (alternative for older systems without SNI).
ansible.builtin.shell: >
set -o pipefail &&
curl -sSL {{ docker_apt_gpg_key }} | apt-key add -
when: add_repository_key is failed and docker_add_repo | bool
register: ret_add_docker_key
changed_when: ret_add_docker_key.rc != 0
- name: DOCKER | DEBIAN | Add Docker repository.
ansible.builtin.apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
filename: "{{ docker_apt_filename }}"
update_cache: true
when: docker_add_repo | bool
become: true
tasks/docker/setup-RedHat.yml 0 → 100644
View file @ 062295b3
---
- name: DOCKER | RED-HAT | Ensure old versions of Docker are not installed.
ansible.builtin.package:
name:
- docker
- docker-common
- docker-engine
state: absent
- name: DOCKER | RED-HAT | Add Docker GPG key.
ansible.builtin.rpm_key:
key: "{{ docker_yum_gpg_key }}"
state: present
when: docker_add_repo | bool
- name: DOCKER | RED-HAT | Add Docker repository.
ansible.builtin.get_url:
url: "{{ docker_yum_repo_url }}"
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
owner: root
group: root
mode: "0644"
when: docker_add_repo | bool
- name: DOCKER | RED-HAT | Configure Docker Nightly repo.
community.general.ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-nightly'
option: enabled
value: '{{ docker_yum_repo_enable_nightly }}'
mode: "0644"
no_extra_spaces: true
when: docker_add_repo | bool
- name: DOCKER | RED-HAT | Configure Docker Test repo.
community.general.ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-test'
option: enabled
value: '{{ docker_yum_repo_enable_test }}'
mode: "0644"
no_extra_spaces: true
when: docker_add_repo | bool
- name: DOCKER | RED-HAT | Configure containerd on RHEL 8.
when: ansible_distribution_major_version | int == 8
block:
- name: Ensure runc is not installed.
ansible.builtin.package:
name: runc
state: absent
- name: Ensure container-selinux is installed.
ansible.builtin.package:
name: container-selinux
state: present
- name: Ensure containerd.io is installed.
ansible.builtin.package:
name: containerd.io
state: present
tasks/install_docker.yml 0 → 100644
View file @ 062295b3
---
- name: DOCKER | Load OS-specific vars.
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- '{{ ansible_distribution }}.yml'
- '{{ ansible_os_family }}.yml'
- main.yml
paths:
- 'vars'
- name: DOCKER | Installing for RedHat OS family
ansible.builtin.include_tasks: docker/setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- name: DOCKER | Installing for Debian OS family
ansible.builtin.include_tasks: docker/setup-Debian.yml
when: ansible_os_family == 'Debian'
- name: DOCKER | Install Docker packages.
ansible.builtin.package:
name: "{{ docker_packages }}"
state: "{{ docker_packages_state }}"
notify: HANDLER_RESTART_DOCKER
ignore_errors: "{{ ansible_check_mode }}"
when: "ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian']"
become: true
- name: DOCKER | Install Docker packages (with downgrade option).
ansible.builtin.package:
name: "{{ docker_packages }}"
state: "{{ docker_packages_state }}"
allow_downgrade: true
notify: HANDLER_RESTART_DOCKER
ignore_errors: "{{ ansible_check_mode }}"
when: "ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']"
become: true
- name: DOCKER | Install docker-compose plugin.
ansible.builtin.package:
name: "{{ docker_compose_package }}"
state: "{{ docker_compose_package_state }}"
notify: HANDLER_RESTART_DOCKER
ignore_errors: "{{ ansible_check_mode }}"
when:
- docker_install_compose_plugin | bool
- ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian']
become: true
- name: DOCKER | Install docker-compose-plugin (with downgrade option).
ansible.builtin.package:
name: "{{ docker_compose_package }}"
state: "{{ docker_compose_package_state }}"
allow_downgrade: true
notify: HANDLER_RESTART_DOCKER
ignore_errors: "{{ ansible_check_mode }}"
when:
- docker_install_compose_plugin | bool
- ansible_version.full is version_compare('2.12', '>=')
- ansible_os_family in ['RedHat', 'Debian']
become: true
- name: DOCKER | Ensure /etc/docker/ directory exists.
ansible.builtin.file:
path: /etc/docker
state: directory
mode: "0755"
when: docker_daemon_options.keys() | length > 0
- name: DOCKER | Configure Docker daemon options.
ansible.builtin.copy:
content: "{{ docker_daemon_options | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: "0644"
when: docker_daemon_options.keys() | length > 0
notify: HANDLER_RESTART_DOCKER
- name: DOCKER | Ensure Docker is started and enabled at boot.
ansible.builtin.service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
ignore_errors: "{{ ansible_check_mode }}"
when: docker_service_manage | bool
- name: DOCKER | Ensure handlers are notified now to avoid firewall conflicts.
ansible.builtin.meta: flush_handlers
- name: Installing 'docker compose'
ansible.builtin.include_tasks: docker/install_compose.yml
when: docker_install_compose | bool
- name: DOCKER | Get docker group info using getent.
ansible.builtin.getent:
database: group
key: docker
split: ':'
when: docker_users | length > 0
- name: DOCKER | Check if there are any users to add to the docker group.
ansible.builtin.set_fact:
at_least_one_user_to_modify: true
when:
- docker_users | length > 0
- item not in ansible_facts.getent_group["docker"][2]
with_items: "{{ docker_users }}"
- name: DOCKER | Adding users to the docker group
ansible.builtin.include_tasks: docker/install_docker_users.yml
when: at_least_one_user_to_modify is defined
tasks/install_packages.yml 0 → 100644
View file @ 062295b3
---
- name: INSTALL_PACKAGES | Installing the packages from list
ansible.builtin.package:
name: "{{ package_name }}"
state: present
update_cache: true
loop: "{{ os_dependencies_packages }}"
loop_control:
loop_var: package_name
become: true
tasks/main.yml 0 → 100644
View file @ 062295b3
---
# tasks file for dependencies
- name: Importing the 'install_packages.yml' tasks
ansible.builtin.import_tasks: install_packages.yml
- name: Get docker service state.
ansible.builtin.systemd:
name: "docker"
register: docker_service
- name: Set fact if docker already installed and active.
ansible.builtin.set_fact:
docker_installed: true
when:
- docker_service is defined
- "'active' == docker_service.status.ActiveState"
- name: Importing the 'install_docker.yml' tasks if docker not installed.
ansible.builtin.import_tasks: install_docker.yml
when: docker_installed | bool is false
vars/Alpine.yml 0 → 100755
View file @ 062295b3
---
docker_packages: "docker"

Impressum - Datenschutzerklärung