initial commit

.gitignore

@@ -0,0 +1 @@
+.cache/

.gitlab-ci.yml

@@ -0,0 +1,14 @@
+---
+stages:
+  - validate
+
+.template:
+  interruptible: true
+  stage: validate
+  tags:
+    - ansible
+
+yamllint:
+  extends: .template
+  script:
+    - yamllint -c .yamllint .

.yamllint

@@ -0,0 +1,8 @@
+---
+extends: default
+
+ignore: |
+  .cache/
+
+rules:
+  line-length: disable

LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) NoxInmortus (Alban E.G.)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,101 @@
+# Ansible Role: Docker
+
+An Ansible Role that installs [Docker](https://www.docker.com) for Debian. This role allows to add `docker` group to users, can also manage docker networks and containers.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+### Docker package
+```yaml
+# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
+docker_edition: 'ce'
+docker_package: "docker-{{ docker_edition }}"
+docker_package_state: present
+```
+
+You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
+
+### Docker service state
+```yaml
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+```
+
+Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`.
+
+### Docker installation
+```yaml
+    docker_apt_release_channel: stable
+    docker_apt_arch: amd64
+    docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+```
+
+You can switch the channel to `edge` if you want to use the Edge release.
+
+### Docker users
+```yaml
+docker_users:
+  - user1
+  - user2
+```
+
+A list of system users to be added to the `docker` group (so they can use Docker on the server).
+
+### Docker networks
+See official documentation for `docker_network` module for more informations.
+
+```yaml
+docker_networks:
+  - name: network1
+  - name: network2
+    state: absent
+```
+
+A list of docker networks to manage.
+
+### Docker containers
+See official documentation for `docker_container` module for more informations.
+```yaml
+docker_containers:
+  - name:           postgres
+    image:          postgres:9.6
+    state:          started
+    restart_policy: unless-stopped
+    env:
+      POSTGRES_USER:     foo
+      POSTGRES_PASSWORD: bar
+      POSTGRES_DB:       baz
+  - name:           memcached
+    image:          memcached:alpine
+    state:          started
+    restart_policy: unless-stopped
+  - name:           elasticsearch
+    image:          docker.elastic.co/elasticsearch/elasticsearch:5.6.13
+    state:          started
+    restart_policy: unless-stopped
+    memory:         1g
+    ulimits:
+      - memlock:-1:-1 # <type>:<soft>:<hard>    
+```
+
+### Tags
+
+| Tag                   | DESCRIPTION             |
+|-----------------------|-------------------------|
+| docker                | Global tag |
+| docker_asserts        | Asserts tasks |
+| docker_install        | Install docker |
+| docker_users          | Configure docker users |
+| docker_networks       | Configure docker networks |
+| docker_containers     | Deploy docker containers |
+
+## License
+MIT view [LICENSE](LICENSE)
+
+## Sources
+- https://github.com/geerlingguy/ansible-role-docker
+- https://github.com/manala/ansible-roles/tree/master/manala.docker
+- https://docs.ansible.com/ansible/latest/modules/docker_container_module.html
+- https://github.com/atosatto/ansible-dockerswarm/

defaults/main.yml

@@ -0,0 +1,35 @@
+---
+# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
+docker_edition: 'ce'
+docker_package: "docker-{{ docker_edition }}"
+docker_package_state: present
+
+# Packages dependencies
+docker_apt_dependencies:
+  - ca-certificates
+  - curl
+docker_pip_dependencies:
+  - docker
+
+# Service options.
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+
+# Switch 'stable' to 'edge' if needed.
+docker_apt_release_channel: stable
+docker_apt_arch: amd64
+docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+
+# Swarm options
+docker_swarm_enable: false
+# Docker swarm network can be define in order to be sure that
+# swarm cluster doesn't overlap with you infrastructure
+# docker_swarm_network: 10.10.8.0/24
+
+# You can set any interface, that is listened by docker engine.
+# e.g. docker_swarm_interface: "eth1"
+docker_swarm_interface: "{{ ansible_default_ipv4['interface'] }}"
+docker_swarm_addr: "{{ hostvars[inventory_hostname]['ansible_' + docker_swarm_interface]['ipv4']['address'] }}"
+docker_swarm_master: "{{ groups['docker_swarm_manager'][0] }}"
+docker_swarm_port: 2377

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart_docker
+  service:
+    name: docker
+    state: "{{ docker_restart_handler_state }}"

meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: 'Sun 16 Jun 2024 04:56:38 PM '
+version: ''

meta/main.yml

@@ -0,0 +1,13 @@
+---
+galaxy_info:
+  author: Alban E.
+  description: Docker for Linux.
+  company: Imperium
+  license: MIT
+  min_ansible_version: 2.4
+  platforms:
+    - name: Debian
+      versions:
+        - jessie
+        - stretch
+        - buster

tasks/install.yml

@@ -0,0 +1,60 @@
+---
+- include_vars: python2.yml
+  when: ansible_python_version[:1] == '2'
+  tags:
+    - docker
+    - docker_install
+
+- include_vars: python3.yml
+  when: ansible_python_version[:1] == '3'
+  tags:
+    - docker
+    - docker_install
+
+- name: Docker install | Add Docker apt key
+  get_url:
+    url: https://download.docker.com/linux/debian/gpg
+    dest: /etc/apt/keyrings/docker.asc
+    checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570
+  tags:
+    - docker
+    - docker_install
+
+- name: Docker install | Add Docker repository
+  apt_repository:
+    repo: '{{ docker_apt_repository }}'
+    update_cache: true
+  tags:
+    - docker
+    - docker_install
+
+- name: Docker install | Install apt packages
+  package:
+    name: '{{ item }}'
+    state: '{{ docker_package_state }}'
+  with_items:
+    - '{{ docker_package }}'
+    - '{{ docker_apt_dependencies }}'
+    - '{{ docker_apt_python_dependencies }}'
+  tags:
+    - docker
+    - docker_install
+
+- name: Docker install | Install Docker Python library
+  pip:
+    name: '{{ docker_pip_dependencies }}'
+    state: '{{ docker_package_state }}'
+    executable: '{{ docker_pip_executable }}'
+  tags:
+    - docker
+    - docker_install
+  when: ansible_python_version[:1] == '2'
+
+- name: Docker install | Ensure Docker is started and enabled at boot
+  service:
+    name: docker
+    state: '{{ docker_service_state }}'
+    enabled: '{{ docker_service_enabled }}'
+  tags:
+    - docker
+    - docker_install

tasks/main.yml

@@ -0,0 +1,77 @@
+---
+- name: Docker | Check if ansible version >= 2.4
+  assert:
+    that: "ansible_version.full is version_compare(2.4, '>=')"
+    msg: "Ansible 2.4 or superior version is required."
+  tags:
+    - docker
+    - docker_asserts
+    - docker_install
+    - docker_users
+    - docker_networks
+    - docker_containers
+
+- include_tasks: install.yml
+  tags:
+    - docker
+    - docker_install
+
+- name: Docker | Ensure docker users are added to the docker group
+  user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  with_items: "{{ docker_users|default([]) }}"
+  when: docker_users
+  tags:
+    - docker
+    - docker_users
+
+- include_tasks: swarm.yml
+  when: docker_swarm_enable
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Assign default labels to swarm nodes
+  docker_node:
+    debug: '{{ docker_node.debug|default(omit) }}'
+    hostname: '{{ docker_node.hostname|default(inventory_hostname) }}'
+    labels: '{{ docker_node.labels|default(omit) }}'
+    role: '{{ docker_node.role|default(omit) }}'
+    availability: '{{ docker_node.availability|default(omit) }}'
+    labels_state: '{{ docker_node.labels_state|default(omit) }}'
+    labels_to_remove: '{{ docker_node.labels_to_remove|default(omit) }}'
+  delegate_to: "{{ groups['docker_swarm_manager'][0] }}"
+  when: docker_swarm_enable
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_labels
+
+- name: Docker | Create docker networks
+  docker_network:
+    "{{ item }}"
+  loop: "{{ docker_networks|default([]) }}"
+  tags:
+    - docker
+    - docker_networks
+
+- name: Docker | Create docker containers
+  docker_container:
+    "{{ item }}"
+  loop: "{{ docker_containers|default([]) }}"
+  tags:
+    - docker
+    - docker_containers
+
+- name: Docker | Create docker swarm services
+  docker_swarm_service:
+    "{{ item }}"
+  loop: "{{ docker_swarm_services|default([]) }}"
+  when: docker_swarm_enable
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_services

tasks/swarm.yml

@@ -0,0 +1,105 @@
+---
+- name: Create a custom Swarm network.
+  docker_network:
+    name: docker_gwbridge
+    driver_options:
+      com.docker.network.bridge.enable_icc: "false"
+      com.docker.network.bridge.enable_ip_masquerade: "true"
+      com.docker.network.bridge.name: docker_gwbridge
+    ipam_options:
+      subnet: "{{ docker_swarm_network }}"
+      gateway: "{{ docker_swarm_network | ipaddr('net') | ipaddr('1') | ipaddr('ip') }}"
+  when: docker_swarm_network is defined and docker_swarm_network | ipaddr('net')
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Check if "Swarm Mode" is enabled.
+  shell: docker info
+  changed_when: false
+  check_mode: false
+  register: docker_info
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Init "Swarm Mode" on the first manager.
+  shell: docker swarm init
+        --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
+        --advertise-addr {{ docker_swarm_addr }}
+  when: "docker_info.stdout.find('Swarm: active') == -1
+    and inventory_hostname == groups['docker_swarm_manager'][0]"
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Get the worker join-token.
+  shell: docker swarm join-token -q worker
+  changed_when: false
+  check_mode: false
+  register: docker_worker_token
+  delegate_to: "{{ groups['docker_swarm_manager'][0] }}"
+  delegate_facts: true
+  when: "'docker_swarm_worker' in group_names"
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Get the manager join-token.
+  shell: docker swarm join-token -q manager
+  changed_when: false
+  check_mode: false
+  register: docker_manager_token
+  delegate_to: "{{ groups['docker_swarm_manager'][0] }}"
+  delegate_facts: true
+  when: "'docker_swarm_manager' in group_names
+    and inventory_hostname != groups['docker_swarm_manager'][0]"
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Declare the address of the first Swarm manager as a fact.
+  set_fact:
+    docker_manager_address: "{{ groups['docker_swarm_manager'][0] }}:{{ docker_swarm_port }}"
+  check_mode: false
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Join the pending Swarm worker nodes.
+  shell: docker swarm join
+        --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
+        --advertise-addr {{ docker_swarm_addr }}
+        --token "{{ docker_worker_token.stdout }}"
+        {{ docker_manager_address }}
+  changed_when: false
+  when: "docker_info.stdout.find('Swarm: active') == -1
+    and docker_info.stdout.find('Swarm: pending') == -1
+    and 'docker_swarm_worker' in group_names
+    and 'docker_swarm_manager' not in group_names"
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init
+
+- name: Join the pending Swarm manager nodes.
+  shell: docker swarm join
+        --listen-addr {{ docker_swarm_addr }}:{{ docker_swarm_port }}
+        --advertise-addr {{ docker_swarm_addr }}
+        --token "{{ docker_manager_token.stdout }}"
+        {{ docker_manager_address }}
+  changed_when: false
+  when: "docker_info.stdout.find('Swarm: active') == -1
+    and docker_info.stdout.find('Swarm: pending') == -1
+    and 'docker_swarm_manager' in group_names
+    and inventory_hostname != groups['docker_swarm_manager'][0]"
+  tags:
+    - docker
+    - docker_swarm
+    - docker_swarm_init

vars/python2.yml

@@ -0,0 +1,7 @@
+---
+docker_apt_python_dependencies:
+  - python
+  - python-pip
+  - python-backports.ssl-match-hostname
+
+docker_pip_executable: pip2

vars/python3.yml

@@ -0,0 +1,5 @@
+---
+docker_apt_python_dependencies:
+  - python3
+  - python3-pip
+  - python3-docker