From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 25 Jun 2023 09:52:36 -0400 Subject: Initial Commit --- roles/services/docker_rootless/defaults/main.yml | 18 +++++ roles/services/docker_rootless/handlers/main.yml | 6 ++ roles/services/docker_rootless/tasks/main.yml | 93 ++++++++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 roles/services/docker_rootless/defaults/main.yml create mode 100644 roles/services/docker_rootless/handlers/main.yml create mode 100644 roles/services/docker_rootless/tasks/main.yml (limited to 'roles/services/docker_rootless') diff --git a/roles/services/docker_rootless/defaults/main.yml b/roles/services/docker_rootless/defaults/main.yml new file mode 100644 index 0000000..064825f --- /dev/null +++ b/roles/services/docker_rootless/defaults/main.yml @@ -0,0 +1,18 @@ +docker_packages: + - docker-ce + - acl + - docker-ce-cli + - docker-ce-rootless-extras + - docker-compose-plugin + - uidmap + - dbus-user-session + - slirp4netns + - fuse-overlayfs + +docker_username: docker_rootless +docker_uid: 2000 + +docker_home: /srv/docker +docker_config: /srv/docker/config +docker_data: /srv/docker/data + diff --git a/roles/services/docker_rootless/handlers/main.yml b/roles/services/docker_rootless/handlers/main.yml new file mode 100644 index 0000000..510db7b --- /dev/null +++ b/roles/services/docker_rootless/handlers/main.yml @@ -0,0 +1,6 @@ +- name: update repos + apt: + update_cache: yes + register: apt_upgrade + retries: 100 + until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg) diff --git a/roles/services/docker_rootless/tasks/main.yml b/roles/services/docker_rootless/tasks/main.yml new file mode 100644 index 0000000..9b2e527 --- /dev/null +++ b/roles/services/docker_rootless/tasks/main.yml @@ -0,0 +1,93 @@ +- name: install packages + package: + name: + - extrepo + - nginx + - python3-docker + state: latest + +- name: allow http (80/tcp) traffic + ufw: + rule: allow + port: '80' + proto: tcp + +- name: allow https (443/tcp) traffic + ufw: + rule: allow + port: '443' + proto: tcp + +- name: enable docker-ce repo + register: result + changed_when: result.stdout | regex_search("skipped") | bool + notify: update repos + command: + cmd: extrepo enable docker-ce + creates: /etc/apt/sources.list.d/extrepo_docker-ce.sources + +- meta: flush_handlers + +- name: enable docker-ce repo + changed_when: false + command: + cmd: extrepo update docker-ce + +- name: create docker user + user: + name: "{{ docker_username }}" + shell: /bin/bash + uid: "{{ docker_uid }}" + home: "{{ docker_home }}" + create_home: yes + +- name: add XDG_RUNTIME_DIR to docker user bash profile + lineinfile: + path: "{{ docker_home }}/.bash_profile" + line: "export XDG_RUNTIME_DIR=/run/user/{{ docker_uid }}" + insertbefore: EOF + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: "0644" + create: yes + +- name: install docker packages + package: + name: "{{ docker_packages }}" + state: latest + +- name: add docker user to /etc/subuid + lineinfile: + path: /etc/subuid + line: "{{ docker_username }}:100000:65536" + insertbefore: EOF + +- name: add docker user to /etc/subgid + lineinfile: + path: /etc/subgid + line: "{{ docker_username }}:100000:65536" + insertbefore: EOF + +- name: enable lingering for docker user + command: + cmd: loginctl enable-linger "{{ docker_username }}" + creates: "/var/lib/systemd/linger/{{ docker_username }}" + +- name: run docker rootless setup script + become_user: "{{ docker_username }}" + register: setup_script + command: + cmd: /usr/bin/dockerd-rootless-setuptool.sh install --force + creates: "{{ docker_home }}/.config/systemd/user/docker.service" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + +- name: enable and start docker service + become_user: "{{ docker_username }}" + systemd: + name: docker + enabled: yes + state: started + scope: user + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" -- cgit v1.2.3