Refactor netdata to use docker_compose directive
Add docker socket proxy for security
This commit is contained in:
parent
2e3cd4c8b0
commit
73cc8cbbb3
|
@ -49,6 +49,7 @@ hedgedoc:
|
|||
|
||||
netdata:
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/netdata"
|
||||
|
||||
docker_registry:
|
||||
domain: "docker.{{ base_domain }}"
|
||||
|
|
|
@ -1,27 +1,59 @@
|
|||
---
|
||||
- name: create netdata volume folders
|
||||
file:
|
||||
name: "{{ netdata.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "config"
|
||||
- "lib"
|
||||
- "cache"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: setup netdata docker container for system monitoring
|
||||
docker_container:
|
||||
name: netdata
|
||||
image: netdata/netdata
|
||||
restart_policy: unless-stopped
|
||||
- name: "setup netdata for system monitoring"
|
||||
docker_compose:
|
||||
project_name: "netdata"
|
||||
pull: "yes"
|
||||
definition:
|
||||
services:
|
||||
netdata:
|
||||
image: "netdata/netdata"
|
||||
restart: "unless-stopped"
|
||||
hostname: "hevonen.servers.{{ base_domain }}"
|
||||
capabilities:
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opts:
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- "{{ netdata.volume_folder }}/config:/etc/netdata"
|
||||
- "{{ netdata.volume_folder }}/lib:/var/lib/netdata"
|
||||
- "{{ netdata.volume_folder }}/cache:/var/cache/netdata"
|
||||
- "/etc/passwd:/host/etc/passwd:ro"
|
||||
- "/etc/group:/host/etc/group:ro"
|
||||
- "/proc:/host/proc:ro"
|
||||
- "/sys:/host/sys:ro"
|
||||
- "/etc/os-release:/host/etc/os-release:ro"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
- external_services
|
||||
- docker_proxy
|
||||
environment:
|
||||
VIRTUAL_HOST : "{{ netdata.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
PGID: "999"
|
||||
DOCKER_HOST: "proxy:2375"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
|
||||
proxy:
|
||||
image: "tecnativa/docker-socket-proxy"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
environment:
|
||||
CONTAINERS : 1
|
||||
networks:
|
||||
- docker_proxy
|
||||
networks:
|
||||
docker_proxy:
|
||||
external_services:
|
||||
external: true
|
||||
|
|
Loading…
Reference in a new issue