lab-ansible/roles/docker/tasks/main.yml

# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Add Docker repository
  ansible.builtin.yum_repository:
    name: docker-ce-stable
    description: Docker CE Stable - $basearch
    file: docker-ce
    baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
    gpgkey: https://download.docker.com/linux/centos/gpg
    gpgcheck: true
    enabled: true
    state: present

- name: Install Docker and Docker Compose
  ansible.builtin.dnf:
    name:
      - docker-ce
      - docker-ce-cli
      - docker-compose-plugin
      - containerd.io
    state: present

- name: Create Docker data root directory
  ansible.builtin.file:
    path: "{{ docker_data_root }}"
    owner: root
    group: root
    mode: u=rwx,g=x,o=
    seuser: system_u
    serole: object_r
    setype: container_var_lib_t
    selevel: s0
    state: directory

- name: Copy Docker daemon config file
  ansible.builtin.template:
    src: daemon.json.j2
    dest: /etc/docker/daemon.json
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: Reload Docker daemon

- name: Ensure Docker daemon is enabled and running
  ansible.builtin.service:
    name: docker
    enabled: true
    state: started

- name: Configure cron job to prune unused Docker data daily
  ansible.builtin.cron:
    name: Prune unused Docker data
    cron_file: ansible_docker_prune
    job: 'docker system prune -fa && docker volume prune -fa'
    special_time: daily
    user: root
    state: present
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`# vim: ft=yaml.ansible`
			`# code: language=ansible`
			`---`
Switch to Rocky Linux 2023-11-12 15:41:59 +00:00			`- name: Add Docker repository`
			`ansible.builtin.yum_repository:`
			`name: docker-ce-stable`
			`description: Docker CE Stable - $basearch`
			`file: docker-ce`
			`baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable`
			`gpgkey: https://download.docker.com/linux/centos/gpg`
			`gpgcheck: true`
			`enabled: true`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`state: present`

Switch to Rocky Linux 2023-11-12 15:41:59 +00:00			`- name: Install Docker and Docker Compose`
			`ansible.builtin.dnf:`
			`name:`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`- docker-ce`
Switch to Rocky Linux 2023-11-12 15:41:59 +00:00			`- docker-ce-cli`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`- docker-compose-plugin`
Switch to Rocky Linux 2023-11-12 15:41:59 +00:00			`- containerd.io`
			`state: present`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00
Change Docker data-root 2024-01-07 16:29:46 +00:00			`- name: Create Docker data root directory`
			`ansible.builtin.file:`
			`path: "{{ docker_data_root }}"`
			`owner: root`
Add explicit group specification 2024-01-30 18:15:51 +00:00			`group: root`
Change Docker data-root 2024-01-07 16:29:46 +00:00			`mode: u=rwx,g=x,o=`
Fix SELinux context for Docker data root 2024-01-07 17:21:48 +00:00			`seuser: system_u`
			`serole: object_r`
			`setype: container_var_lib_t`
			`selevel: s0`
Change Docker data-root 2024-01-07 16:29:46 +00:00			`state: directory`

Apply fixes after testing 2023-12-25 20:49:17 +00:00			`- name: Copy Docker daemon config file`
Change Docker data-root 2024-01-07 16:29:46 +00:00			`ansible.builtin.template:`
			`src: daemon.json.j2`
Apply fixes after testing 2023-12-25 20:49:17 +00:00			`dest: /etc/docker/daemon.json`
			`owner: root`
Add explicit group specification 2024-01-30 18:15:51 +00:00			`group: root`
Apply fixes after testing 2023-12-25 20:49:17 +00:00			`mode: u=rw,g=r,o=r`
			`notify: Reload Docker daemon`

Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`- name: Ensure Docker daemon is enabled and running`
			`ansible.builtin.service:`
			`name: docker`
			`enabled: true`
			`state: started`

Allow passwordless sudo 2023-11-11 15:35:14 +00:00			`- name: Configure cron job to prune unused Docker data daily`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`ansible.builtin.cron:`
			`name: Prune unused Docker data`
			`cron_file: ansible_docker_prune`
			`job: 'docker system prune -fa && docker volume prune -fa'`
Allow passwordless sudo 2023-11-11 15:35:14 +00:00			`special_time: daily`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`user: root`
			`state: present`