Copy over some initial stuff
commit
18ae3aaf4e
|
@ -0,0 +1,38 @@
|
||||||
|
# ansible-docker-swarm
|
||||||
|
|
||||||
|
This repository contains a complete Ansible config for setting up a Docker
|
||||||
|
Swarm on Debian 10-based nodes. I personally use it for a swarm of Raspberry
|
||||||
|
Pi's, but in theory it should work with other hosts as well.
|
||||||
|
|
||||||
|
## Inventory file
|
||||||
|
|
||||||
|
A template for the inventory file can be found in `hosts.template.ini`. The
|
||||||
|
hosts consists of three main groups:
|
||||||
|
|
||||||
|
* `admin`: the admin is the host that initializes the Swarm. It serves several
|
||||||
|
functions:
|
||||||
|
* It's used to initialize the Swarm.
|
||||||
|
* It serves as the entrypoint to the Swarm.
|
||||||
|
* It hosts the NFS share that's used for persistent storage.
|
||||||
|
* `managers`: these are the nodes that should be added as manager.
|
||||||
|
* `workers`: these nodes will be added as workers.
|
||||||
|
|
||||||
|
## Roles
|
||||||
|
|
||||||
|
The config is divided into several roles to make management easier:
|
||||||
|
|
||||||
|
* `install-python3`: replaces Python 2 with Python 3. This role currently
|
||||||
|
crashes, because Ansible doesn't like it when you change the Python install
|
||||||
|
during a run, but a consecutive run does work.
|
||||||
|
* `install-net-security`: installs UFW & Fail2Ban & configures them
|
||||||
|
* `install-docker`: installs Docker & any Docker-related tools
|
||||||
|
* `init-docker-swarm`: initializes the Swarm on the `admin` host
|
||||||
|
* `add-docker-swarm-managers`: adds the manager nodes to the swarm
|
||||||
|
* `add-docker-swarm-workers`: adds the worker nodes to the swarm
|
||||||
|
* `deploy-portainer`: deploys Portainer
|
||||||
|
|
||||||
|
## Use of Portainer
|
||||||
|
|
||||||
|
Portainer is a tool created for managing Docker engines, and in particular
|
||||||
|
Docker Swarm. Because I use Portainer for setting up all other services, it's
|
||||||
|
the only Docker service that I actually set up using Ansible.
|
|
@ -0,0 +1,2 @@
|
||||||
|
[defaults]
|
||||||
|
inventory = hosts.ini
|
|
@ -0,0 +1,7 @@
|
||||||
|
# The admin is the main host that initializes the swarm
|
||||||
|
admin ansible_host=
|
||||||
|
|
||||||
|
[managers]
|
||||||
|
|
||||||
|
|
||||||
|
[workers]
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: Initalize base server.
|
||||||
|
hosts: all
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- net-security
|
||||||
|
tags: base
|
||||||
|
|
||||||
|
# TODO set up samba
|
||||||
|
|
||||||
|
# Runs last because it changes the Python symlink
|
||||||
|
- name: Replace Python 2 with Python 3.
|
||||||
|
hosts: all
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- replace-python2
|
||||||
|
tags: base
|
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
- name: Ensure older Docker versions aren't installed.
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- docker
|
||||||
|
- docker-engine
|
||||||
|
- docker.io
|
||||||
|
- containerd
|
||||||
|
- runc
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Install Docker PPA dependencies.
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- apt-transport-https
|
||||||
|
- ca-certificates
|
||||||
|
- gnupg
|
||||||
|
- lsb-release
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add Docker GPG key.
|
||||||
|
apt_key:
|
||||||
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add Docker PPA.
|
||||||
|
apt_repository:
|
||||||
|
# https://gist.github.com/rbq/886587980894e98b23d0eee2a1d84933
|
||||||
|
repo: deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install Docker, docker-compose & cron.
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
- docker-compose
|
||||||
|
- cron
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure Docker is running & enabled.
|
||||||
|
service:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Add Docker prune cronjob.
|
||||||
|
cron:
|
||||||
|
name: Prune the Docker system.
|
||||||
|
hour: 4
|
||||||
|
minute: 0
|
||||||
|
job: docker system prune -f
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: export file systems
|
||||||
|
command: exportfs -a
|
||||||
|
- name: restart nfs server
|
||||||
|
service:
|
||||||
|
name: nfs-kernel-server
|
||||||
|
state: restarted
|
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
- name: Install NFS server.
|
||||||
|
apt:
|
||||||
|
name: nfs-kernel-server
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create directory to share.
|
||||||
|
file:
|
||||||
|
path: /mnt/data
|
||||||
|
state: directory
|
||||||
|
mode: '755'
|
||||||
|
owner: 1000
|
||||||
|
group: 1000
|
||||||
|
|
||||||
|
- name: Create directory structure.
|
||||||
|
file:
|
||||||
|
path: /mnt/data/{{ item }}
|
||||||
|
state: directory
|
||||||
|
mode: '755'
|
||||||
|
owner: 1000
|
||||||
|
group: 1000
|
||||||
|
loop:
|
||||||
|
- portainer/data
|
||||||
|
- podgrab/assets
|
||||||
|
- podgrab/config
|
||||||
|
|
||||||
|
- name: Copy over exports file.
|
||||||
|
template:
|
||||||
|
src: exports.j2
|
||||||
|
dest: /etc/exports
|
||||||
|
notify:
|
||||||
|
- export file systems
|
||||||
|
- restart nfs server
|
||||||
|
|
||||||
|
- name: Ensure NFS server is running & enabled.
|
||||||
|
service:
|
||||||
|
name: nfs-kernel-server
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
|
@ -0,0 +1 @@
|
||||||
|
/mnt/data {{ ansible_host }}/24(rw,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000)
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- name: Install NFS client.
|
||||||
|
apt:
|
||||||
|
name: nfs-common
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Mount NFS share.
|
||||||
|
ansible.posix.mount:
|
||||||
|
src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data
|
||||||
|
path: /mnt/data
|
||||||
|
fstype: nfs4
|
||||||
|
opts: defaults,user,exec
|
||||||
|
state: mounted
|
|
@ -0,0 +1,14 @@
|
||||||
|
- name: Install fail2ban.
|
||||||
|
apt:
|
||||||
|
name: fail2ban
|
||||||
|
state: present
|
||||||
|
|
||||||
|
# TODO add proper fail2ban config
|
||||||
|
|
||||||
|
- name: Ensure fail2ban is started & enabled.
|
||||||
|
service:
|
||||||
|
name: fail2ban
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
# TODO install UFW
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: 'Install Python 3'
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- python3
|
||||||
|
- python3-pip
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: 'Remove Python 2.'
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- python
|
||||||
|
- python2
|
||||||
|
- python2.7
|
||||||
|
- python-minimal
|
||||||
|
- python2-minimal
|
||||||
|
- python2.7-minimal
|
||||||
|
state: absent
|
||||||
|
purge: true
|
Loading…
Reference in New Issue