Copy over some initial stuff
commit
18ae3aaf4e
|
@ -0,0 +1,38 @@
|
|||
# ansible-docker-swarm
|
||||
|
||||
This repository contains a complete Ansible config for setting up a Docker
|
||||
Swarm on Debian 10-based nodes. I personally use it for a swarm of Raspberry
|
||||
Pi's, but in theory it should work with other hosts as well.
|
||||
|
||||
## Inventory file
|
||||
|
||||
A template for the inventory file can be found in `hosts.template.ini`. The
|
||||
hosts consists of three main groups:
|
||||
|
||||
* `admin`: the admin is the host that initializes the Swarm. It serves several
|
||||
functions:
|
||||
* It's used to initialize the Swarm.
|
||||
* It serves as the entrypoint to the Swarm.
|
||||
* It hosts the NFS share that's used for persistent storage.
|
||||
* `managers`: these are the nodes that should be added as manager.
|
||||
* `workers`: these nodes will be added as workers.
|
||||
|
||||
## Roles
|
||||
|
||||
The config is divided into several roles to make management easier:
|
||||
|
||||
* `install-python3`: replaces Python 2 with Python 3. This role currently
|
||||
crashes, because Ansible doesn't like it when you change the Python install
|
||||
during a run, but a consecutive run does work.
|
||||
* `install-net-security`: installs UFW & Fail2Ban & configures them
|
||||
* `install-docker`: installs Docker & any Docker-related tools
|
||||
* `init-docker-swarm`: initializes the Swarm on the `admin` host
|
||||
* `add-docker-swarm-managers`: adds the manager nodes to the swarm
|
||||
* `add-docker-swarm-workers`: adds the worker nodes to the swarm
|
||||
* `deploy-portainer`: deploys Portainer
|
||||
|
||||
## Use of Portainer
|
||||
|
||||
Portainer is a tool created for managing Docker engines, and in particular
|
||||
Docker Swarm. Because I use Portainer for setting up all other services, it's
|
||||
the only Docker service that I actually set up using Ansible.
|
|
@ -0,0 +1,2 @@
|
|||
[defaults]
|
||||
inventory = hosts.ini
|
|
@ -0,0 +1,7 @@
|
|||
# The admin is the main host that initializes the swarm
|
||||
admin ansible_host=
|
||||
|
||||
[managers]
|
||||
|
||||
|
||||
[workers]
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: Initalize base server.
|
||||
hosts: all
|
||||
become: yes
|
||||
roles:
|
||||
- net-security
|
||||
tags: base
|
||||
|
||||
# TODO set up samba
|
||||
|
||||
# Runs last because it changes the Python symlink
|
||||
- name: Replace Python 2 with Python 3.
|
||||
hosts: all
|
||||
become: yes
|
||||
roles:
|
||||
- replace-python2
|
||||
tags: base
|
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
- name: Ensure older Docker versions aren't installed.
|
||||
apt:
|
||||
name:
|
||||
- docker
|
||||
- docker-engine
|
||||
- docker.io
|
||||
- containerd
|
||||
- runc
|
||||
state: absent
|
||||
|
||||
- name: Install Docker PPA dependencies.
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- gnupg
|
||||
- lsb-release
|
||||
state: present
|
||||
|
||||
- name: Add Docker GPG key.
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
state: present
|
||||
|
||||
- name: Add Docker PPA.
|
||||
apt_repository:
|
||||
# https://gist.github.com/rbq/886587980894e98b23d0eee2a1d84933
|
||||
repo: deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
|
||||
state: present
|
||||
|
||||
- name: Install Docker, docker-compose & cron.
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-compose
|
||||
- cron
|
||||
state: present
|
||||
|
||||
- name: Ensure Docker is running & enabled.
|
||||
service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Add Docker prune cronjob.
|
||||
cron:
|
||||
name: Prune the Docker system.
|
||||
hour: 4
|
||||
minute: 0
|
||||
job: docker system prune -f
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- name: export file systems
|
||||
command: exportfs -a
|
||||
- name: restart nfs server
|
||||
service:
|
||||
name: nfs-kernel-server
|
||||
state: restarted
|
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
- name: Install NFS server.
|
||||
apt:
|
||||
name: nfs-kernel-server
|
||||
state: present
|
||||
|
||||
- name: Create directory to share.
|
||||
file:
|
||||
path: /mnt/data
|
||||
state: directory
|
||||
mode: '755'
|
||||
owner: 1000
|
||||
group: 1000
|
||||
|
||||
- name: Create directory structure.
|
||||
file:
|
||||
path: /mnt/data/{{ item }}
|
||||
state: directory
|
||||
mode: '755'
|
||||
owner: 1000
|
||||
group: 1000
|
||||
loop:
|
||||
- portainer/data
|
||||
- podgrab/assets
|
||||
- podgrab/config
|
||||
|
||||
- name: Copy over exports file.
|
||||
template:
|
||||
src: exports.j2
|
||||
dest: /etc/exports
|
||||
notify:
|
||||
- export file systems
|
||||
- restart nfs server
|
||||
|
||||
- name: Ensure NFS server is running & enabled.
|
||||
service:
|
||||
name: nfs-kernel-server
|
||||
state: started
|
||||
enabled: yes
|
|
@ -0,0 +1 @@
|
|||
/mnt/data {{ ansible_host }}/24(rw,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000)
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
- name: Install NFS client.
|
||||
apt:
|
||||
name: nfs-common
|
||||
state: present
|
||||
|
||||
- name: Mount NFS share.
|
||||
ansible.posix.mount:
|
||||
src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data
|
||||
path: /mnt/data
|
||||
fstype: nfs4
|
||||
opts: defaults,user,exec
|
||||
state: mounted
|
|
@ -0,0 +1,14 @@
|
|||
- name: Install fail2ban.
|
||||
apt:
|
||||
name: fail2ban
|
||||
state: present
|
||||
|
||||
# TODO add proper fail2ban config
|
||||
|
||||
- name: Ensure fail2ban is started & enabled.
|
||||
service:
|
||||
name: fail2ban
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
# TODO install UFW
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: 'Install Python 3'
|
||||
apt:
|
||||
name:
|
||||
- python3
|
||||
- python3-pip
|
||||
state: present
|
||||
|
||||
- name: 'Remove Python 2.'
|
||||
apt:
|
||||
name:
|
||||
- python
|
||||
- python2
|
||||
- python2.7
|
||||
- python-minimal
|
||||
- python2-minimal
|
||||
- python2.7-minimal
|
||||
state: absent
|
||||
purge: true
|
Loading…
Reference in New Issue