How the vagrant process work:
When ansible is defined as the provisioner in the Vagrantfile it use the mentioned playbook to config the guest machine.
So it's vagrant (not ansible) that execute that playbook on guest machines.
When hit vagrant up
it creates an inventory for ansible:
➜ Ansible-exercise git:(master) ✗ cat .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
# Generated by Vagrant
node1 ansible_host=127.0.0.1 ansible_port=2222 ansible_user='vagrant' ansible_ssh_private_key_file='/home/giogio/Documents/Ansible-exercise/.vagrant/machines/node1/virtualbox/private_key'
node2 ansible_host=127.0.0.1 ansible_port=2200 ansible_user='vagrant' ansible_ssh_private_key_file='/home/giogio/Documents/Ansible-exercise/.vagrant/machines/node2/virtualbox/private_key'
- Create
daemon.json
file in/etc/docker
:
{"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
- Add
/etc/systemd/system/docker.service.d/override.conf
[Service] ExecStart= ExecStart=/usr/bin/dockerd
- Reload the systemd daemon:
systemctl daemon-reload
- Restart docker:
systemctl restart docker.service
The role tls_api
rapresent all the command explained here:
https://docs.docker.com/engine/security/https/
Here another useful resources: https://gist.github.com/kekru/4e6d49b4290a4eebc7b597c07eaf61f2
After the VMs provisioning we will have certs inside a a folder on our machine with the same name as the vm hostname (node1/ and node2/)
With
docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
-H=node1:2376 version
we can use the api from host.
(It works, but expose the same port as the guest, not the one specified in the Vagrantfile.)
ansible-playbook -i inventory.ini playbook-swarm.yml
It's better to specify the ssh private key by command line. By default vagrant put that file in .vagrant/machines/node1/virtualbox/private_key
in the same folder of the Vagrantfile.
Alternatively, in the inventory.ini like this:
ansible_ssh_private_key_file='.vagrant/machines/node1/virtualbox/private_key'
The role docker_swarm_init
just init a swarm with docker_swarm module.
The docker_swarm_worker
needs from the master:
- the join-token worker
- the ip address of the master
We obtain them thank to delegate_to
and run_once
options.
#TODO new branch, pull request:
- tlsverify client
- no password in vars
- inventory key from command line - X
1557e0bd35f95c99adcc7ed42cae65f83f9524f3