159 lines
4.4 KiB
YAML
159 lines
4.4 KiB
YAML
---
|
|
- name: Manage Docker environment
|
|
hosts: docker_hosts
|
|
become: true
|
|
vars:
|
|
docker_users:
|
|
- chester
|
|
docker_daemon_options:
|
|
log-driver: "json-file"
|
|
log-opts:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
storage-driver: "overlay2"
|
|
docker_cleanup_enabled: false
|
|
docker_cleanup_older_than_days: 30
|
|
|
|
tasks:
|
|
- name: Install Docker prerequisite packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- curl
|
|
- gnupg
|
|
- lsb-release
|
|
- python3-pip
|
|
- python3-docker
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Add Docker apt signing key
|
|
ansible.builtin.apt_key:
|
|
url: "https://download.docker.com/linux/ubuntu/gpg"
|
|
state: present
|
|
|
|
- name: Add Docker apt repository
|
|
ansible.builtin.apt_repository:
|
|
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
|
|
state: present
|
|
|
|
- name: Install Docker Engine packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- docker-buildx-plugin
|
|
- docker-compose-plugin
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Ensure Docker service is enabled and started
|
|
ansible.builtin.systemd:
|
|
name: docker
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Configure Docker daemon options
|
|
ansible.builtin.copy:
|
|
content: "{{ docker_daemon_options | to_nice_json }}"
|
|
dest: /etc/docker/daemon.json
|
|
mode: '0644'
|
|
notify: Restart Docker
|
|
|
|
- name: Add configured users to docker group
|
|
ansible.builtin.user:
|
|
name: "{{ item }}"
|
|
groups: docker
|
|
append: true
|
|
loop: "{{ docker_users }}"
|
|
|
|
- name: Ensure Docker networks directory exists
|
|
ansible.builtin.file:
|
|
path: /etc/docker/networks
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Gather Docker host information
|
|
community.docker.docker_host_info:
|
|
register: docker_info
|
|
|
|
- name: Show Docker version
|
|
ansible.builtin.debug:
|
|
msg: "Docker version {{ docker_info.host_info.ServerVersion }}"
|
|
|
|
- name: Ensure required Docker networks exist
|
|
community.docker.docker_network:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- backend
|
|
- frontend
|
|
|
|
- name: Check Docker disk usage
|
|
ansible.builtin.command: docker system df
|
|
register: docker_disk_usage
|
|
changed_when: false
|
|
|
|
- name: Show Docker disk usage output
|
|
ansible.builtin.debug:
|
|
var: docker_disk_usage.stdout_lines
|
|
|
|
- name: Check for unhealthy containers
|
|
ansible.builtin.command: docker ps --filter health=unhealthy --format '{{"{{.Names}}\t{{.Status}}"}}'
|
|
register: unhealthy_containers
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Report unhealthy containers
|
|
ansible.builtin.debug:
|
|
msg: "Unhealthy containers detected: {{ unhealthy_containers.stdout_lines }}"
|
|
when: unhealthy_containers.stdout | length > 0
|
|
|
|
- name: Prune Docker resources when cleanup is enabled
|
|
community.docker.docker_prune:
|
|
containers: true
|
|
images: true
|
|
images_filters:
|
|
until: "{{ docker_cleanup_older_than_days * 24 }}h"
|
|
networks: true
|
|
volumes: true
|
|
when: docker_cleanup_enabled
|
|
register: docker_prune_result
|
|
|
|
- name: Show Docker cleanup results
|
|
ansible.builtin.debug:
|
|
var: docker_prune_result
|
|
when: docker_cleanup_enabled
|
|
|
|
- name: Create Docker backup directory
|
|
ansible.builtin.file:
|
|
path: /opt/docker-backups
|
|
state: directory
|
|
mode: '0750'
|
|
|
|
- name: Find docker-compose files
|
|
ansible.builtin.find:
|
|
paths:
|
|
- /opt
|
|
- /home
|
|
patterns: "docker-compose*.yml"
|
|
recurse: true
|
|
register: compose_files
|
|
|
|
- name: Back up docker-compose files
|
|
ansible.builtin.copy:
|
|
src: "{{ item.path }}"
|
|
dest: "/opt/docker-backups/{{ item.path | basename }}.{{ ansible_date_time.date }}"
|
|
remote_src: true
|
|
mode: '0644'
|
|
loop: "{{ compose_files.files }}"
|
|
when: compose_files.files | length > 0
|
|
|
|
handlers:
|
|
- name: Restart Docker
|
|
ansible.builtin.systemd:
|
|
name: docker
|
|
state: restarted
|