66 lines
2.1 KiB
YAML
66 lines
2.1 KiB
YAML
# yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/tasks.json
|
|
---
|
|
- name: Enable Docker Swarm mode
|
|
register: swarm_info
|
|
community.docker.docker_swarm:
|
|
state: present
|
|
subnet_size: 24
|
|
default_addr_pool:
|
|
- 10.20.0.0/16
|
|
|
|
- name: Disable workload on managers
|
|
community.docker.docker_node:
|
|
hostname: "{{ ansible_hostname }}"
|
|
role: manager
|
|
availability: drain
|
|
|
|
- name: Create Docker context for each Swarm manager machine
|
|
ignore_errors: true
|
|
local_action: >
|
|
ansible.builtin.command docker context create {{ ansible_hostname }} --docker "host=ssh://{{ ansible_default_ipv4.address }}"
|
|
|
|
- name: Create reverse-proxy network
|
|
community.docker.docker_network:
|
|
name: reverse_proxy
|
|
driver: overlay
|
|
|
|
- name: Deploy Traefik service
|
|
community.docker.docker_stack:
|
|
prune: true
|
|
name: reverse_proxy
|
|
compose:
|
|
- networks:
|
|
reverse_proxy:
|
|
external: true
|
|
services:
|
|
traefik:
|
|
image: 'traefik:v3.2'
|
|
restart: unless-stopped
|
|
deploy:
|
|
mode: global
|
|
networks:
|
|
- reverse_proxy
|
|
ports:
|
|
- target: 80
|
|
published: 80
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 443
|
|
published: 443
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 8080
|
|
published: 8080
|
|
protocol: tcp
|
|
mode: host
|
|
command:
|
|
- '--api.dashboard=true'
|
|
- '--api.insecure=true'
|
|
- '--entrypoints.http.address=:80'
|
|
- '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
|
|
- '--entrypoints.http.http.encodequerysemicolons=true'
|
|
- '--entryPoints.http.http2.maxConcurrentStreams=50'
|
|
- '--providers.swarm=true'
|
|
- '--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375'
|
|
- '--providers.swarm.exposedByDefault=false'
|
|
- '--providers.swarm.network=reverse_proxy'
|