forked from mrlesmithjr/ansible-docker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.yml
More file actions
353 lines (295 loc) · 11 KB
/
main.yml
File metadata and controls
353 lines (295 loc) · 11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
---
# defaults file for ansible-docker
# Defines docker service name
docker_service_name: docker
# Defines if users defined in docker_users should be added to docker group
docker_config_users: false
# Defines users to be added to docker group to allow non sudo access to docker
docker_users: []
# - vagrant
# Defines if images defined in docker_images are pulled
docker_pull_images: false
# Defines docker images to be installed
docker_images: []
# Defines image name
# ex. docker hub image name
# - centos
# - elasticsearch
# - fedora
# - ubuntu
# Defines if docker service should be configured
docker_config_service: false
# Defines default file to be configured
docker_default_file: /etc/default/docker
# Defines daemon json file to be configured
docker_daemon_file: /etc/docker/daemon.json
# Defines just for docker_opts
# Defines swarm interface
docker_opt_swarm_interface: enp0s8
# Defines swarm address
docker_opt_swarm_addr: "{{ hostvars[inventory_hostname]['ansible_' + docker_opt_swarm_interface]['ipv4']['address'] }}"
# Defines interface to capture address from for docker_opt_cluster_addr
docker_opt_cluster_interface: "{{ docker_opt_swarm_interface }}"
# Defines address of cluster address
# Not the same as Swarm Cluster address
# Ex. Consul
docker_opt_cluster_addr: "{{ hostvars[inventory_hostname]['ansible_' + docker_opt_cluster_interface]['ipv4']['address'] }}"
# Defines address of cluster port
docker_opt_cluster_port: 2376
# Defines docker service options to be configured in /etc/docker/daemon.json
# Configure each option the same naming/format as the variables are set as at
# https://docs.docker.com/engine/reference/commandline/dockerd/
# The values are converted directly to proper JSON using the Jinja2 template
docker_opts:
# Only define bridge or bip if you want to use either one of these
# They cannot be used together
# Specify network bridge IP
# bip: 172.17.0.1/8
# Attach containers to a network bridge
# bridge: docker0
# Address or interface name to advertise
# cluster-advertise: "{{ docker_opt_cluster_addr }}:{{ docker_opt_cluster_port }}"
# Set cluster store options
# cluster-store: "consul://192.168.250.10:8500"
# Enable debug mode
debug: false
# Container default gateway IPv4 address
# default-gateway: 10.10.10.1
# Default ulimits for containers
# default-ulimit:
# - nofile: "64000:64000"
# DNS server to use
# dns:
# - 8.8.8.8
# - 8.8.4.4
# DNS search domains to use
# dns-search:
# - etsbv.internal
# - etsbv.test
# Enable insecure registry communication
# insecure-registries:
# - "gitlab.etsbv.internal:5000"
# Default IP when binding container ports
# ip: 0.0.0.0
# Enable net.ipv4.ip_forward
ip-forward: true
# Enable IP masquerading
ip-masq: true
# Enable addition of iptables rules
iptables: true
# Set key=value labels to the daemon
# label:
# - environment: test
# - datacenter: atlanta
# Default driver for container logs
# Default is json-file
# log-driver: json-file
# Fluentd log driver setup
# log-driver: fluentd
# log-opts:
# fluentd-address: "fluentdhost:24224"
# fluentd-address: tcp://fluentdhost:24224
# End of Fluentd log driver setup
# GELF (Graylog) log driver setup
# log-driver: egelf
# log-opts:
# gelf-address: "udp://1.2.3.4:12201"
# tag: "{% raw %}{{.Name}}/{{.FullID}}{% endraw %}"
# labels: location
# env: TEST
# End of GELF (Graylog) log driver setup
# Splunk log driver setup
# log-driver: splunk
# log-opts:
# splunk-token: 176FCEBF-4CF5-4EDF-91BC-703796522D20
# splunk-url: "https://splunkhost:8088"
# splunk-capath: /path/to/cert/cacert.pem
# splunk-caname: SplunkServerDefaultCert
# tag: "{% raw %}{{.Name}}/{{.FullID}}{% endraw %}"
# labels: location
# env: TEST
# End of Splunk log driver setup
# Syslog log driver setup
# log-driver: syslog
# log-opts:
# Define syslog address or leave commented out for logging to host local
# syslog.
# syslog-address: "udp://1.2.3.4:1111"
# tag: "{% raw %}{{.Name}}/{{.FullID}}{% endraw %}"
# labels: location
# env: TEST
# Set the logging level
# log-level: info
# Set the max concurrent downloads for each pull
max-concurrent-downloads: 3
# Set the max concurrent uploads for each push
max-concurrent-uploads: 5
# Set the containers network MTU
# mtu: 1500
# Enable selinux support
selinux-enabled: false
# Storage driver to use
# aufs, devicemapper, btrfs, zfs, overlay and overlay2
# storage-driver: aufs
# Set default address or interface for swarm advertised address
swarm-default-advertise-addr: "{{ docker_opt_swarm_addr }}"
# Use TLS; implied by –tlsverify
# tls: false
# Defines which repo to install from
# Stable gives you reliable updates every quarter
# Edge gives you new features every month
# define as stable or edge
docker_release_channel: stable
# Defines mapping between ansible architecture and docker architecture
docker_architecture_mapping:
x86_64: x86_64
aarch64: aarch64
ppc64le: ppc64le
s390x: s390x
# Defines docker package architecture
docker_architecture: "{{ docker_architecture_mapping[ansible_architecture] | default(ansible_architecture) }}"
# Defines distribution
docker_distribution: "{{ ansible_distribution | lower }}"
# Defines mapping between ansible distribution release and docker codename
docker_codename_mapping: {}
# Defines codename
docker_codename: "{{ docker_codename_mapping[ansible_distribution_release] | default(ansible_distribution_major_version) }}"
# Defines alpine apk repo url for installing from
docker_alpine_apk_repo_url: "http://dl-cdn.alpinelinux.org/alpine/edge/community"
# Defines alpine apk package name for check exists
docker_alpine_apk_check_package: docker
# Defines alpine apk installing version package
docker_alpine_apk_present_versioned_packages:
- "docker-{{ role_docker_version_pkg }}"
# Defines alpine apk installing latest package
docker_alpine_apk_present_latest_packages:
- docker
# Defines debian apt pre-requisites package
docker_debian_apt_pre_reqs:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
# Defines debian apt removing package
docker_debian_apt_absent_packages:
- containerd
- docker
- docker-engine
- docker.io
- lxc-docker
- runc
# Define use apt or deb822 add docker repository
docker_debian_repo_type: apt
# Defines debian apt repo info for installing from
docker_debian_apt_repo_info:
id: 0EBFCD88
# keyserver: "hkp://p80.pool.sks-keyservers.net:80"
repo: "deb [arch={{ docker_architecture }}] https://download.docker.com/linux/{{ docker_distribution }} {{ ansible_distribution_release }} {{ docker_release_channel }}"
url: "https://download.docker.com/linux/{{ docker_distribution }}/gpg"
# https://www.jeffgeerling.com/blog/2022/aptkey-deprecated-debianubuntu-how-fix-ansible
docker_debian_deb822_repo_info:
uris: "https://download.docker.com/linux/{{ docker_distribution }}"
suites: "{{ ansible_distribution_release }}"
components: "{{ docker_release_channel }}"
architectures: "{{ docker_architecture }}"
signed_by: "https://download.docker.com/linux/{{ docker_distribution }}/gpg"
# Defines debian apt package name for check exists
docker_debian_apt_check_package: docker-ce
# Defines debian apt installing version package
docker_debian_apt_present_versioned_packages:
- containerd.io
- "docker-ce={{ role_docker_version_pkg }}"
# Defines debian apt installing latest package
docker_debian_apt_present_latest_packages:
- containerd.io
- docker-ce
# Defines if docker memory limits should be added to grub boot loader
docker_debian_set_grub_memory_limit: true
# Defines redhat removing package
docker_redhat_package_absent_packages:
- docker
- docker-client
- docker-client-latest
- docker-common
- docker-latest
- docker-latest-logrotate
- docker-logrotate
- docker-engine
- podman
- runc
# Defines redhat yum package name for check exists
docker_redhat_yum_check_package: docker-ce
# Defines redhat yum repo uri
docker_redhat_yum_repo_info:
- key: docker-ce-stable
name: "Docker CE Stable - $basearch"
baseurl: https://download.docker.com/linux/{{ docker_distribution }}/$releasever/$basearch/stable
enabled: 1
gpgcheck: 1
gpgkey: "https://download.docker.com/linux/{{ docker_distribution }}/gpg"
# Defines redhat installing version package
docker_redhat_package_present_versioned_packages:
- containerd.io
- "docker-ce-{{ role_docker_version_pkg }}"
# Defines redhat installing latest package
docker_redhat_package_present_latest_packages:
- containerd.io
- docker-ce
# Defines suse removing package
docker_suse_zypper_absent_packages: []
# Defines suse zypper repo info for installing from
docker_suse_zypper_repo_info: []
# - repo: https://download.opensuse.org/repositories/security:/SELinux/openSUSE_Factory/security:SELinux.repo
# Defines suse zypper package name for check exists
docker_suse_zypper_check_package: docker
# Defines suse zypper installing version package
docker_suse_zypper_present_versioned_packages:
- containerd.io
- "docker-ce-{{ role_docker_version_pkg }}"
# Defines suse zypper installing latest package
docker_suse_zypper_present_latest_packages:
- docker
# Defines dsm synopkg package name for check exists
docker_dsm_synopkg_check_package: Docker
# Defines dsm synopkg repo uri
docker_dsm_synopkg_repo_url: "https://global.synologydownload.com/download/Package/spk/{{ docker_dsm_synopkg_check_package }}/{{ docker_version }}"
# Defines dsm installing version package
docker_dsm_synopkg_present_versioned_package: "{{ role_docker_version_pkg }}"
# Defines openwrt opkg package name for check exists
docker_openwrt_opkg_check_package: dockerd
# Defines openwrt opkg installing latest package
docker_openwrt_opkg_present_latest_packages:
- dockerd
- docker
- docker-compose
- luci-app-dockerman
# Defines windows winget pre-reqs
docker_windows_winget_pre_reqs:
- id: Microsoft.WSL
# Defines windows winget name for check exists
docker_windows_winget_check_package: Docker.DockerDesktop
# Defines windows winget custom options for docker
docker_windows_winget_custom: "--accept-license --always-run-service"
# Defines windows timeout for reboot
docker_windows_reboot_timeout: 600
# Defines if Linux birdge-utils will get installed.
docker_install_bridge_utils: true
# Define Docker version to install
#
# 1.11.0|1.11.1|1.11.2|1.12.0|1.12.1|1.12.2|1.12.3|1.12.4|1.12.5|1.12.6|1.13.0|1.13.1
# 17.03.0|17.03.1|17.03.2|17.04.0|17.05.0|17.06.0|17.12.0|18.03.1
#
# You may also set docker_version to latest(default)
# Currently as of 06/03/2017 17.04.0 and 17.05.0 must be installed from the
# edge channel. Change docker_release_channel: 'edge'
#
# docker_version: 18.03.1
docker_version: latest
# Define version mapping file for getting package version from docker version
docker_version_file: "NONE"
# Define OS-specific vars file for override default
# If enabled, some variables will be overridden by those in the `vars` path.
docker_os_specific_vars_included: true
# Define OS-specific vars path for override default
docker_os_specific_vars_path: "NONE"