-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
122 lines (111 loc) · 4.31 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
---
# @todo Improvement: Complete documentation
# @todo Test: Complete
- name: Include variables based on the operating system
include_vars: '{{ ansible_os_family }}.yml'
- name: Ensure old versions of Docker are not installed
become: true
block:
- name: Ensure "docker" is not installed
package:
name: docker
state: absent
- name: Ensure "docker-common" is not installed
package:
name: docker-common
state: absent
- name: Ensure "docker-engine" is not installed
package:
name: docker-engine
state: absent
when: ansible_os_family not in ('Windows', 'Darwin')
# @action Ensures Docker is installed
# Installs Docker on the target machine.
# @action Ensures Docker is installed
# Ensures Docker is started on boot.
- name: Include tasks based on the operating system
become: true
become_method: "{{ 'runas' if ansible_os_family == 'Windows' else 'sudo' }}"
become_user: "{{ ansible_user if ansible_os_family == 'Windows' else omit }}"
block:
- include_tasks: 'install-{{ ansible_os_family }}.yml'
when: not docker_snap_install
- name: Ensure Docker plugins are installed if configured
become: true
block:
- include_tasks: plugins.yml
when:
- ansible_system == 'Linux'
- not docker_no_plugins
# @action Ensures Docker is installed
# If the target Docker host is a Linux machine and the `docker_snap_install` variable
# is set to true, then Docker will be installed as a snap package.
- name: Install Docker via snap
become: true
community.general.snap:
name: docker
when:
- ansible_os_family not in ('Windows', 'Darwin')
- docker_snap_install
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers
# @action Installs docker-compose
# Installs docker-compose if the `docker_install_compose` variable is set to true.
# docker-compose allows you to configure Docker containers in groups.
- name: Install Docker Compose (based on OS)
become: true
become_method: "{{ 'runas' if ansible_os_family == 'Windows' else 'sudo' }}"
become_user: "{{ ansible_user if ansible_os_family == 'Windows' else omit }}"
block:
- include_tasks: 'compose-{{ ansible_os_family }}.yml'
when: docker_install_compose | bool
# @action Adds specified users to docker group
# If the variable `docker_users` is set to an array of usernames then those users
# will be added to the docker group which allows them access to Docker.
- name: Add users to the "docker" group (based on OS)
become: true
become_method: "{{ 'runas' if ansible_os_family == 'Windows' else 'sudo' }}"
become_user: "{{ ansible_user if ansible_os_family == 'Windows' else omit }}"
block:
- include_tasks: 'users-{{ ansible_os_family }}.yml'
when: docker_users | length > 0
# @action Generates TLS certificates
# Generates TLS/HTTPS certificates so that the Docker host can be controlled remotely.
# This is useful if you are using a centralized method of controlling all of your
# Docker hosts (like Portainer). This step only runs if the `docker_tls` variable is
# set to true.
# @action Generates TLS certificates
# The certificates required for connecting to the Docker host are copied to the
# Ansible host's `~/.docker` folder.
- name: Determine whether TLS certificates need to be generated (non-Windows)
become: true
stat:
path: "{{ '/etc/ssl/private/docker-ca.pem' if ansible_system == 'Linux' else '/usr/local/share/.docker/certs.d/ca.pem' }}"
register: docker_ca_pem
when:
- ansible_os_family != 'Windows'
- docker_tls | bool
- not docker_snap_install
- name: Determine whether TLS certificates need to be generated (Windows)
become_method: runas
become_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
ansible.windows.win_stat:
path: '%PROGRAMDATA%\docker\certs.d\ca.pem'
register: docker_ca_pem_win
when:
- ansible_os_family == 'Windows'
- docker_tls | bool
- not docker_snap_install
- name: Generate TLS certificates
include_tasks: 'tls-{{ ansible_os_family }}.yml'
when:
- docker_tls | bool
- ansible_os_family != 'Windows'
- not docker_ca_pem.stat.exists
- not docker_snap_install
- name: Generate TLS certificates for Windows
include_tasks: tls-Windows.yml
when:
- docker_tls | bool
- ansible_os_family == 'Windows'
- not docker_ca_pem_win.stat.exists