The role installs Docker (stable or test), docker-compose and required python modules. It can do:
- log in registries
- setup loki log driver
- setup userns mod
- deploy compose files
- init docker swarm
- deploy swarm stacks
- create networks, volumes, containers
Stable branch:
- role: dockerTest branch:
- role: docker
repo_branch: test - role: docker
docker_setup: configureOption is incompatible with swarm mode!
- role: docker
live_restore: trueThe list in the ansible vault file with one private registry:
docker_registries:
- registry: project-registry.ossbuild.ru
user: project-ro
password: passThe list in the vault with two private registries and dockerhub private registry:
docker_registries:
- registry: project-registry.ossbuild.ru
user: project-ro
password: pass
- registry: registry.project.com
user: user
password: pass
- user: dockerhub-user
password: dockerhub-passSection in the playbook:
- role: docker
registries: "{{ docker_registries }}"log.max_size. default50mlog.max_file. default10
Installation only:
- role: docker
loki: trueInstallation and setup as default log driver for docker daemon:
- role: docker
loki:
host: https://loki_hostOptional parameters:
loki.uri. default/loki/api/v1/pushloki.external_labels. defaultcontainer_name={{.Name}}loki.batch_size. default102400loki.timeout. default10sloki.batch-wait. default1sloki.min_backoff. default100msloki.max_backoff. default10sloki.retries. default10
Log options for Loki:
log.mode. defaultnon-blockinglog.max_buffer_size. default5m
Loki docker log driver documentation
Should be in vault:
docker_deploy_envs:
VAR1: value
VAR2: valueSection in the playbook:
- role: docker
deploy_envs: "{{ docker_deploy_envs }}"Usage in compose/stack files:
service:
image: alpine:latest
command: command with $VAR1
environment:
SOMETHING_SECRET: $VAR2Repository structure:
.
├── docker-compose
│ ├── compose-project-name.yml
│ └── compose-project2-name.yml
├── inventory
├── server.yml
├── README.md
├── requirements.yml
└── vault.yml
compose-project-name.yml and compose-project2-name.yml - these are docker compose files
Section in the playbook:
- role: docker
composes:
- name: compose-project-name
- name: compose-project2-nameRepository structure:
.
├── docker-stack
│ ├── stack1.yml
│ └── stack2.yml
├── inventory
├── server.yml
├── README.md
├── requirements.yml
└── vault.yml
stack1.yml and stack2.yml - these are docker compose files
Section in the playbook:
- role: docker
stacks:
- name: stack1
- name: stack2 - role: docker
swarm_init: true networks:
- {name: network_name} volumes:
- {name: volume_name} - role: docker
containers:
- command: redis-server --appendonly true
exposed_ports: [6379]
image: redis
name: redis
networks:
- {name: testnet}
published_ports: ['6379:6379']
state: absent
- image: portainer/portainer
name: portainer
published_ports: ['9000:9000']
volumes: ['/var/run/docker.sock:/var/run/docker.sock', 'portainer_data:/data']
- capabilities: [SYS_PTRACE]
env: {PGID: 999}
image: firehol/netdata
name: netdata
published_ports: ['19999:19999']
security_opts: [apparmor=unconfined]
volumes: ['/proc:/host/proc:ro', '/sys:/host/sys:ro', '/var/run/docker.sock:/var/run/docker.sock:ro']- add docker swarm stacks support (join)
- add overload module (load dynamically plus insert into /etc/modules?)
- add testing on VMs instead of LXC (can't start any container in case of LXD nesting, apparmor issues)