refactor: split ansible book into roles
This commit is contained in:
parent
89a7bfa789
commit
22d7e4a318
14 changed files with 983 additions and 215 deletions
94
roles/docker/tasks/main.yaml
Normal file
94
roles/docker/tasks/main.yaml
Normal file
|
|
@ -0,0 +1,94 @@
|
|||
- name: Start docker service
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Setup Docker Swarm
|
||||
when: docker_swarm_manager | bool
|
||||
block:
|
||||
- name: Enable Docker Swarm mode
|
||||
community.docker.docker_swarm:
|
||||
state: present
|
||||
|
||||
- name: Create Traefik network
|
||||
community.docker.docker_network:
|
||||
name: reverse-proxy
|
||||
driver: overlay
|
||||
attachable: true
|
||||
|
||||
- name: Deploy Traefik service
|
||||
community.docker.docker_compose_v2:
|
||||
remove_orphans: true
|
||||
project_name: reverse-proxy
|
||||
definition:
|
||||
networks:
|
||||
reverse-proxy:
|
||||
external: true
|
||||
services:
|
||||
traefik:
|
||||
container_name: traefix-proxy
|
||||
image: 'traefik:latest'
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- reverse-proxy
|
||||
ports:
|
||||
# listen on host ports without ingress network
|
||||
- target: 80
|
||||
published: 80
|
||||
protocol: tcp
|
||||
mode: host
|
||||
- target: 443
|
||||
published: 443
|
||||
protocol: tcp
|
||||
mode: host
|
||||
- target: 8080
|
||||
published: 8080
|
||||
protocol: tcp
|
||||
mode: host
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
healthcheck:
|
||||
test: 'wget -qO- http://localhost:80/ping || exit 1'
|
||||
interval: 4s
|
||||
timeout: 2s
|
||||
retries: 5
|
||||
command:
|
||||
- '--ping=true'
|
||||
- '--ping.entrypoint=http'
|
||||
- '--api.dashboard=true'
|
||||
- '--api.insecure=true'
|
||||
- '--entrypoints.http.address=:80'
|
||||
- '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
|
||||
- '--entrypoints.http.http.encodequerysemicolons=true'
|
||||
- '--entryPoints.http.http2.maxConcurrentStreams=50'
|
||||
# - "--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375"
|
||||
- --providers.swarm.exposedByDefault=false
|
||||
- --providers.swarm.network=reverse-proxy
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- node.role==manager
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.traefik.entrypoints=http
|
||||
- traefik.http.routers.traefik.service=api@internal
|
||||
- traefik.http.services.traefik.loadbalancer.server.port=8080
|
||||
|
||||
- name: Check if Docker context exists
|
||||
local_action: ansible.builtin.command docker context inspect {{ ansible_hostname }}
|
||||
register: context_exists
|
||||
ignore_errors: true
|
||||
|
||||
- name: Create Docker context for each Swarm manager machine
|
||||
local_action: >
|
||||
ansible.builtin.command docker context create {{ ansible_hostname }} --docker "host=ssh://{{ ansible_default_ipv4.address }}"
|
||||
when: context_exists.stderr != ''
|
||||
|
||||
- name: Join Docker Swarm as a worker
|
||||
community.docker.docker_swarm:
|
||||
state: join
|
||||
join_token: "{{ hostvars['manager']['docker_swarm_worker_token'] }}"
|
||||
remote_addrs: ["{{ hostvars['manager']['ansible_default_ipv4']['address'] }}"]
|
||||
when: not docker_swarm_manager | bool
|
||||
Loading…
Add table
Add a link
Reference in a new issue