If you are using GitLab outside of the ILL, then you will need to use HTTPS and not SSH for clone/push/pull operations. If you are using the VPN, then SSH will work normally.

Commit a4ae635d authored by eric pellegrini's avatar eric pellegrini

added playbook and associated roles for setting up docker

parent c3803df4
---
- hosts: all
remote_user: root
roles:
- role: roles/install-docker
- role: roles/configure-docker
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"bip": "10.142.242.1/24"
}
[Service]
Environment="HTTP_PROXY=http://proxy.ill.fr:8888/"
---
# handlers file for setup-docker
- name: Docker restart
service:
name: docker
state: restarted
---
# tasks file for setup-docker
- include: install-docker.yml
- include: configure-docker.yml
- name: create docker config dir
file:
state: directory
path: /etc/docker
owner: root
mode: 0750
- name: configure Docker default network
copy:
src: daemon.json
dest: /etc/docker/daemon.json
mode: 0644
owner: root
notify: Docker restart
- name: create Docker service config directory
file:
state: directory
path: /etc/systemd/system/docker.service.d/
mode: 0755
owner: root
- name: configure http proxy for Docker daemon
copy:
src: http-proxy.conf
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
mode: 0644
owner: root
notify: Docker restart
- name: start and enable docker daemon now that it is configured
service:
name: docker
state: started
enabled: yes
- name: create user docker
user:
create_home: yes
home: /docker
group: docker
name: docker
shell: /bin/bash
state: present
#!/bin/sh
echo "All runlevel operations denied by policy" >&2
exit 101
---
- name: Docker restart
service:
name: docker
state: restarted
- name: copy docker service file to proper location
copy:
src: /lib/systemd/system/docker.service
dest: /etc/systemd/system/
- name: add ILL proxy settings to docker service environment
lineinfile:
path: /etc/systemd/system/docker.service
line: Environment="HTTP_PROXY=http://proxy.ill.fr:8888/" "HTTPS_PROXY=http://proxy.ill.fr:8888/" "NO_PROXY=localhost,127.0.0.1,ill.fr,ill.eu"
state: present
insertbefore: ^ExecStart
- name: add ILL-specific hack
lineinfile:
path: /etc/systemd/system/docker.service
line: ExecStart=/usr/bin/dockerd --bip=10.10.10.1/24 --dns=195.83.126.2 -H fd://
state: present
regexp: ^ExecStart
# set systemd as the cgroup driver to avoid kubernetes warning about potentially conflicting drivers
# see https://kubernetes.io/docs/setup/production-environment/container-runtimes/
- name: set systemd as the default docker cgroup driver
copy:
src: docker-daemon.json
dest: /etc/docker/daemon.json
- name: restart docker
systemd:
name: docker
state: restarted
daemon_reload: yes
---
# tasks file for install-docker
- name: install apt dependencies
apt:
name: "{{ item }}"
update_cache: true
loop:
- apache2
- apt-transport-https
- ca-certificates
- curl
- gnupg2
- software-properties-common
- python-docker
- python3-docker
- python-pip
- name: fetch and install the gpg key for docker
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: prevent docker daemon from starting when docker get installed
copy:
src: policy-rc.d
dest: /usr/sbin/policy-rc.d
mode: 0755
owner: root
- name: add docker repository from ppa
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ansible_distribution_release}} stable
state: present
update_cache: yes
- name: install docker
apt:
name: docker-ce
update_cache: true
- name: install docker-compose (pip)
pip:
name: docker-compose
state: present
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment