From 591e40a2839c82f219d2f7924a37e9174c0ec473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6rz=2C=20Friedrich?= Date: Fri, 21 Jan 2022 15:50:25 +0000 Subject: [PATCH] DEV-310: git-rm docker-role from geerlingguy - can be used via include... --- roles/ansible-role-docker/LICENSE | 20 ---- roles/ansible-role-docker/README.md | 97 ------------------- roles/ansible-role-docker/defaults/main.yml | 31 ------ roles/ansible-role-docker/handlers/main.yml | 3 - roles/ansible-role-docker/meta/main.yml | 35 ------- .../molecule/default/converge.yml | 24 ----- .../molecule/default/molecule.yml | 21 ---- .../tasks/docker-compose.yml | 20 ---- .../tasks/docker-users.yml | 7 -- roles/ansible-role-docker/tasks/main.yml | 33 ++----- .../tasks/setup-Debian.yml | 40 -------- .../tasks/setup-RedHat.yml | 54 ----------- roles/kubernetes/apps/defaults/main.yml | 2 +- 13 files changed, 10 insertions(+), 377 deletions(-) delete mode 100644 roles/ansible-role-docker/LICENSE delete mode 100644 roles/ansible-role-docker/README.md delete mode 100644 roles/ansible-role-docker/defaults/main.yml delete mode 100644 roles/ansible-role-docker/handlers/main.yml delete mode 100644 roles/ansible-role-docker/meta/main.yml delete mode 100644 roles/ansible-role-docker/molecule/default/converge.yml delete mode 100644 roles/ansible-role-docker/molecule/default/molecule.yml delete mode 100644 roles/ansible-role-docker/tasks/docker-compose.yml delete mode 100644 roles/ansible-role-docker/tasks/docker-users.yml delete mode 100644 roles/ansible-role-docker/tasks/setup-Debian.yml delete mode 100644 roles/ansible-role-docker/tasks/setup-RedHat.yml diff --git a/roles/ansible-role-docker/LICENSE b/roles/ansible-role-docker/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/ansible-role-docker/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/ansible-role-docker/README.md b/roles/ansible-role-docker/README.md deleted file mode 100644 index e6e9e43..0000000 --- a/roles/ansible-role-docker/README.md +++ /dev/null @@ -1,97 +0,0 @@ -# Ansible Role: Docker - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-docker.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-docker) - -An Ansible Role that installs [Docker](https://www.docker.com) on Linux. - -## Requirements - -None. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). - docker_edition: 'ce' - docker_package: "docker-{{ docker_edition }}" - docker_package_state: present - -The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-`; Debian/Ubuntu: `docker-{{ docker_edition }}=`. - -You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play). - - docker_service_state: started - docker_service_enabled: true - docker_restart_handler_state: restarted - -Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`. - - docker_install_compose: true - docker_compose_version: "1.26.0" - docker_compose_path: /usr/local/bin/docker-compose - -Docker Compose installation options. - - docker_apt_release_channel: stable - docker_apt_arch: amd64 - docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" - docker_apt_ignore_key_error: True - docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg - -(Used only for Debian/Ubuntu.) You can switch the channel to `edge` if you want to use the Edge release. - -You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. -Usually in combination with changing `docker_apt_repository` as well. - - docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo - docker_yum_repo_enable_edge: '0' - docker_yum_repo_enable_test: '0' - docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg - -(Used only for RedHat/CentOS.) You can enable the Edge or Test repo by setting the respective vars to `1`. - -You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. -Usually in combination with changing `docker_yum_repository` as well. - - docker_users: - - user1 - - user2 - -A list of system users to be added to the `docker` group (so they can use Docker on the server). - -## Use with Ansible (and `docker` Python library) - -Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role: - -```yaml -- hosts: all - - vars: - pip_install_packages: - - name: docker - - roles: - - geerlingguy.pip - - geerlingguy.docker -``` - -## Dependencies - -None. - -## Example Playbook - -```yaml -- hosts: all - roles: - - geerlingguy.docker -``` - -## License - -MIT / BSD - -## Author Information - -This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/ansible-role-docker/defaults/main.yml b/roles/ansible-role-docker/defaults/main.yml deleted file mode 100644 index fc8d79e..0000000 --- a/roles/ansible-role-docker/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). -docker_edition: 'ce' -docker_package: "docker-{{ docker_edition }}" -docker_package_state: present - -# Service options. -docker_service_state: started -docker_service_enabled: true -docker_restart_handler_state: restarted - -# Docker Compose options. -docker_install_compose: true -docker_compose_version: "1.26.0" -docker_compose_path: /usr/local/bin/docker-compose - -# Used only for Debian/Ubuntu. Switch 'stable' to 'edge' if needed. -docker_apt_release_channel: stable -docker_apt_arch: amd64 -docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" -docker_apt_ignore_key_error: true -docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg - -# Used only for RedHat/CentOS/Fedora. -docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo -docker_yum_repo_enable_edge: '0' -docker_yum_repo_enable_test: '0' -docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg - -# A list of users who will be added to the docker group. -docker_users: [] diff --git a/roles/ansible-role-docker/handlers/main.yml b/roles/ansible-role-docker/handlers/main.yml deleted file mode 100644 index 7847bc1..0000000 --- a/roles/ansible-role-docker/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart docker - service: "name=docker state={{ docker_restart_handler_state }}" diff --git a/roles/ansible-role-docker/meta/main.yml b/roles/ansible-role-docker/meta/main.yml deleted file mode 100644 index fc01727..0000000 --- a/roles/ansible-role-docker/meta/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: docker - author: geerlingguy - description: Docker for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - 7 - - 8 - - name: Fedora - versions: - - all - - name: Debian - versions: - - stretch - - buster - - name: Ubuntu - versions: - - xenial - - bionic - - focal - galaxy_tags: - - web - - system - - containers - - docker - - orchestration - - compose - - server diff --git a/roles/ansible-role-docker/molecule/default/converge.yml b/roles/ansible-role-docker/molecule/default/converge.yml deleted file mode 100644 index 629095b..0000000 --- a/roles/ansible-role-docker/molecule/default/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - - - name: Wait for systemd to complete initialization. # noqa 303 - command: systemctl is-system-running - register: systemctl_status - until: > - 'running' in systemctl_status.stdout or - 'degraded' in systemctl_status.stdout - retries: 30 - delay: 5 - when: ansible_service_mgr == 'systemd' - changed_when: false - failed_when: systemctl_status.rc > 1 - - roles: - - role: geerlingguy.docker diff --git a/roles/ansible-role-docker/molecule/default/molecule.yml b/roles/ansible-role-docker/molecule/default/molecule.yml deleted file mode 100644 index 2da47dd..0000000 --- a/roles/ansible-role-docker/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/ansible-role-docker/tasks/docker-compose.yml b/roles/ansible-role-docker/tasks/docker-compose.yml deleted file mode 100644 index 92cf4f2..0000000 --- a/roles/ansible-role-docker/tasks/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Check current docker-compose version. - command: docker-compose --version - register: docker_compose_current_version - changed_when: false - failed_when: false - -- name: Delete existing docker-compose version if it's different. - file: - path: "{{ docker_compose_path }}" - state: absent - when: > - docker_compose_current_version.stdout is defined - and docker_compose_version not in docker_compose_current_version.stdout - -- name: Install Docker Compose (if configured). - get_url: - url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64 - dest: "{{ docker_compose_path }}" - mode: 0755 diff --git a/roles/ansible-role-docker/tasks/docker-users.yml b/roles/ansible-role-docker/tasks/docker-users.yml deleted file mode 100644 index b3b6e0f..0000000 --- a/roles/ansible-role-docker/tasks/docker-users.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Ensure docker users are added to the docker group. - user: - name: "{{ item }}" - groups: docker - append: true - with_items: "{{ docker_users }}" diff --git a/roles/ansible-role-docker/tasks/main.yml b/roles/ansible-role-docker/tasks/main.yml index 56449ef..dfcb38c 100644 --- a/roles/ansible-role-docker/tasks/main.yml +++ b/roles/ansible-role-docker/tasks/main.yml @@ -1,27 +1,12 @@ --- -- include_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' -- include_tasks: setup-Debian.yml - when: ansible_os_family == 'Debian' +- name: "Install docker via include_role" + include_role: + name: geerlingguy.docker -- name: Install Docker. - package: - name: "{{ docker_package }}" - state: "{{ docker_package_state }}" - notify: restart docker - -- name: Ensure Docker is started and enabled at boot. - service: - name: docker - state: "{{ docker_service_state }}" - enabled: "{{ docker_service_enabled }}" - -- name: Ensure handlers are notified now to avoid firewall conflicts. - meta: flush_handlers - -- include_tasks: docker-compose.yml - when: docker_install_compose | bool - -- include_tasks: docker-users.yml - when: docker_users | length > 0 +- name: "Create crontab entry to remove unused docker objects" + ansible.builtin.cron: + name: "remove unused docker objects" + minute: "0" + hour: "1" + job: "docker system prune -af" diff --git a/roles/ansible-role-docker/tasks/setup-Debian.yml b/roles/ansible-role-docker/tasks/setup-Debian.yml deleted file mode 100644 index d701135..0000000 --- a/roles/ansible-role-docker/tasks/setup-Debian.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Ensure old versions of Docker are not installed. - package: - name: - - docker - - docker-engine - state: absent - -- name: Ensure dependencies are installed. - apt: - name: - - apt-transport-https - - ca-certificates - - gnupg2 - state: present - -- name: Add Docker apt key. - apt_key: - url: "{{ docker_apt_gpg_key }}" - id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 - state: present - register: add_repository_key - ignore_errors: "{{ docker_apt_ignore_key_error }}" - -- name: Ensure curl is present (on older systems without SNI). - package: name=curl state=present - when: add_repository_key is failed - -- name: Add Docker apt key (alternative for older systems without SNI). - shell: > - curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add - - args: - warn: false - when: add_repository_key is failed - -- name: Add Docker repository. - apt_repository: - repo: "{{ docker_apt_repository }}" - state: present - update_cache: true diff --git a/roles/ansible-role-docker/tasks/setup-RedHat.yml b/roles/ansible-role-docker/tasks/setup-RedHat.yml deleted file mode 100644 index f6cf7bc..0000000 --- a/roles/ansible-role-docker/tasks/setup-RedHat.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Ensure old versions of Docker are not installed. - package: - name: - - docker - - docker-common - - docker-engine - state: absent - -- name: Add Docker GPG key. - rpm_key: - key: "{{ docker_yum_gpg_key }}" - state: present - -- name: Add Docker repository. - get_url: - url: "{{ docker_yum_repo_url }}" - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - owner: root - group: root - mode: 0644 - -- name: Configure Docker Edge repo. - ini_file: - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - section: 'docker-{{ docker_edition }}-edge' - option: enabled - value: '{{ docker_yum_repo_enable_edge }}' - mode: 0644 - -- name: Configure Docker Test repo. - ini_file: - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - section: 'docker-{{ docker_edition }}-test' - option: enabled - value: '{{ docker_yum_repo_enable_test }}' - mode: 0644 - -- name: Configure containerd on RHEL 8. - block: - - name: Ensure container-selinux is installed. - package: - name: container-selinux - state: present - - - name: Disable container-tools module. - command: dnf -y module disable container-tools - changed_when: false - - - name: Ensure containerd.io is installed. - package: - name: containerd.io - state: present - when: ansible_distribution_major_version | int == 8 diff --git a/roles/kubernetes/apps/defaults/main.yml b/roles/kubernetes/apps/defaults/main.yml index 3901fe6..c81e4cd 100644 --- a/roles/kubernetes/apps/defaults/main.yml +++ b/roles/kubernetes/apps/defaults/main.yml @@ -104,7 +104,7 @@ k8s_prometheus_helm__release_values: k8s_argocd_helm__release_values: global: hostAliases: - - ip: "{{ shared_service_docker_ip }}" + - ip: "{{ shared_service_harbor_ip }}" hostnames: - "{{ shared_service_harbor_hostname }}" - ip: "{{ shared_service_keycloak_ip }}"