diff --git a/Ansible/Playbooks/Docker-Swarm/ansible.cfg b/Ansible/Playbooks/Docker-Swarm/ansible.cfg new file mode 100644 index 0000000..0567a6a --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +inventory = inventory/inventory.yaml +host_key_checking = false \ No newline at end of file diff --git a/Ansible/Playbooks/Docker-Swarm/collections/requirements.yaml b/Ansible/Playbooks/Docker-Swarm/collections/requirements.yaml new file mode 100644 index 0000000..223992c --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/collections/requirements.yaml @@ -0,0 +1,6 @@ +--- +collections: + - name: ansible.utils + - name: community.general + - name: ansible.posix + - name: community.docker.docker_stack \ No newline at end of file diff --git a/Ansible/Playbooks/Docker-Swarm/inventory/group_vars/all.yaml b/Ansible/Playbooks/Docker-Swarm/inventory/group_vars/all.yaml new file mode 100644 index 0000000..679b8e8 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/inventory/group_vars/all.yaml @@ -0,0 +1,12 @@ +# ansible vars +ansible_user: ubuntu +ansible_become: true +ansible_become_method: sudo + +# nfs vars +nfs_server: 192.168.6.2 +nfs_share: /mnt/share/swarm +mount_point: /share + +# portainer vars +portainer_data: /share/portainer_data \ No newline at end of file diff --git a/Ansible/Playbooks/Docker-Swarm/inventory/inventory.yaml b/Ansible/Playbooks/Docker-Swarm/inventory/inventory.yaml new file mode 100644 index 0000000..2f7b3ca --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/inventory/inventory.yaml @@ -0,0 +1,16 @@ +all: + children: + managers: + hosts: + manager1: + ansible_host: 192.168.200.71 + manager2: + ansible_host: 192.168.200.72 + manager3: + ansible_host: 192.168.200.73 + workers: + hosts: + worker1: + ansible_host: 192.168.200.74 + worker2: + ansible_host: 192.168.200.75 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/docker_install/handlers/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/handlers/main.yaml new file mode 100644 index 0000000..303ef11 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Restart Docker + ansible.builtin.systemd: + name: docker + state: restarted diff --git a/Ansible/Playbooks/Docker-Swarm/roles/docker_install/tasks/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/tasks/main.yaml new file mode 100644 index 0000000..a8cc071 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/tasks/main.yaml @@ -0,0 +1,41 @@ +--- +- name: Ensure apt is using HTTPS + ansible.builtin.apt: + name: "{{ item }}" + state: present + loop: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + +- name: Add Docker GPG key + ansible.builtin.apt_key: + url: "https://download.docker.com/linux/ubuntu/gpg" + state: present + +- name: Add Docker repository + ansible.builtin.apt_repository: + repo: "{{ docker_apt_repository }}" + state: present + +- name: Install Docker CE + ansible.builtin.apt: + name: docker-ce + state: present + update_cache: true + +- name: Configure Docker daemon options + ansible.builtin.template: + src: "templates/docker_daemon.json.j2" + dest: "/etc/docker/daemon.json" + owner: 'root' + group: 'root' + mode: '0755' # Optional file permissions + notify: Restart Docker + +- name: Ensure Docker service is enabled and running + ansible.builtin.systemd: + name: docker + enabled: true + state: started diff --git a/Ansible/Playbooks/Docker-Swarm/roles/docker_install/templates/docker_daemon.json.j2 b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/templates/docker_daemon.json.j2 new file mode 100644 index 0000000..7858f8e --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/templates/docker_daemon.json.j2 @@ -0,0 +1,3 @@ +{ + "storage-driver": "{{ docker_daemon_options['storage-driver'] }}" +} diff --git a/Ansible/Playbooks/Docker-Swarm/roles/docker_install/vars/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/vars/main.yaml new file mode 100644 index 0000000..5105d78 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/docker_install/vars/main.yaml @@ -0,0 +1,5 @@ +--- +docker_apt_release_channel: "stable" +docker_apt_repository: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" +docker_daemon_options: + storage-driver: "overlay2" diff --git a/Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/handlers/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/handlers/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/tasks/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/tasks/main.yaml new file mode 100644 index 0000000..e9320a5 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/tasks/main.yaml @@ -0,0 +1,25 @@ +--- +- name: Check if Swarm is already initialized + ansible.builtin.command: + cmd: docker info + register: swarm_check + changed_when: false + +- name: Initialize Docker Swarm + ansible.builtin.command: + cmd: docker swarm init --advertise-addr {{ ansible_host }} + when: "'Swarm: inactive' in swarm_check.stdout" + register: swarm_init + changed_when: swarm_init.rc == 0 + +- name: Get Swarm join token for managers + ansible.builtin.command: + cmd: docker swarm join-token -q manager + register: manager_token + changed_when: false + +- name: Get Swarm join token for workers + ansible.builtin.command: + cmd: docker swarm join-token -q worker + register: worker_token + changed_when: false diff --git a/Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/vars/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/vars/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/handlers/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/handlers/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/tasks/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/tasks/main.yaml new file mode 100644 index 0000000..f65a2b6 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/tasks/main.yaml @@ -0,0 +1,20 @@ +--- +- name: Check if Swarm is already initialized + ansible.builtin.command: + cmd: docker info + register: swarm_check + changed_when: false + +- name: Retrieve manager join token from manager + ansible.builtin.set_fact: + manager_token: "{{ hostvars[groups['managers'][0]]['manager_token'].stdout }}" + when: "'Swarm: inactive' in swarm_check.stdout" + +- name: Join manager to Swarm + ansible.builtin.command: + cmd: docker swarm join --token {{ manager_token }} {{ hostvars[groups['managers'][0]].ansible_host }}:2377 + when: + - manager_token is defined + - "'Swarm: inactive' in swarm_check.stdout" + register: swarm_join + changed_when: "'This node joined a swarm as a manager' in swarm_join.stdout" diff --git a/Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/vars/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/vars/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/handlers/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/handlers/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/tasks/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/tasks/main.yaml new file mode 100644 index 0000000..b87c063 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/tasks/main.yaml @@ -0,0 +1,30 @@ +--- +- name: Ensure NFS utilities are installed + ansible.builtin.apt: + name: nfs-common + state: present + update_cache: true + +- name: Reload systemd to recognize NFS changes + ansible.builtin.systemd: + daemon_reload: true + +- name: Check if NFS mount point exists + ansible.builtin.stat: + path: "{{ mount_point }}" + register: mount_point_stat + +- name: Create mount point for NFS if it doesn't exist + ansible.builtin.file: + path: "{{ mount_point }}" + state: directory + mode: '0777' + when: not mount_point_stat.stat.exists + +- name: Mount NFS share + ansible.posix.mount: + path: "{{ mount_point }}" + src: "{{ nfs_server }}:{{ nfs_share }}" + fstype: "nfs" + opts: "vers=4,proto=tcp,nolock" + state: mounted diff --git a/Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/vars/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/vars/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/handlers/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/handlers/main.yaml new file mode 100644 index 0000000..c2c1aae --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/handlers/main.yaml @@ -0,0 +1,6 @@ +--- +- name: Start Portainer + community.docker.docker_compose: + project_src: /home/ubuntu/docker-compose/portainer + state: present + restarted: true diff --git a/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/tasks/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/tasks/main.yaml new file mode 100644 index 0000000..40e687c --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/tasks/main.yaml @@ -0,0 +1,41 @@ +--- +- name: Ensure docker-compose is installed + ansible.builtin.package: + name: docker-compose + state: present + +- name: Ensure Docker service is running + ansible.builtin.service: + name: docker + state: started + enabled: true + +- name: Setup Portainer directory + ansible.builtin.file: + path: /home/ubuntu/docker-compose/portainer + state: directory + mode: '0755' # Optional file permissions + owner: ubuntu # Optional ownership + group: ubuntu # Optional group ownership + +- name: Copy compose from template to host + ansible.builtin.template: + src: "templates/docker_compose.yaml.j2" + dest: "/home/ubuntu/docker-compose/portainer/docker-compose.yaml" + mode: '0755' # Optional file permissions + owner: ubuntu # Optional ownership + group: ubuntu # Optional group ownership + notify: + - Start Portainer + +- name: Create Portainer storage on NFS if it doesn't exist + ansible.builtin.file: + path: "{{ portainer_data }}" + state: directory + mode: '0755' + +- name: Deploy Portainer stack + ansible.builtin.command: + cmd: docker stack deploy -c /home/ubuntu/docker-compose/portainer/docker-compose.yaml portainer + register: swarm_check + changed_when: false diff --git a/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/templates/docker_compose.yaml.j2 b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/templates/docker_compose.yaml.j2 new file mode 100644 index 0000000..02d71e2 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/templates/docker_compose.yaml.j2 @@ -0,0 +1,36 @@ +version: '3.2' + +services: + agent: + image: portainer/agent:2.21.5 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + networks: + - agent_network + deploy: + mode: global + placement: + constraints: [node.platform.os == linux] + + portainer: + image: portainer/portainer-ce:2.21.5 + command: -H tcp://tasks.agent:9001 --tlsskipverify + ports: + - "9443:9443" + - "9000:9000" + - "8000:8000" + volumes: + - /share/portainer_data:/data + networks: + - agent_network + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + +networks: + agent_network: + driver: overlay + attachable: true \ No newline at end of file diff --git a/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/vars/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/vars/main.yaml new file mode 100644 index 0000000..204bbe2 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/vars/main.yaml @@ -0,0 +1,2 @@ +--- +portainer_version: "latest" diff --git a/Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/handlers/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/handlers/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/tasks/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/tasks/main.yaml new file mode 100644 index 0000000..a17acc6 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/tasks/main.yaml @@ -0,0 +1,25 @@ +--- +- name: Check if Swarm is already initialized + ansible.builtin.command: + cmd: docker info + register: swarm_check + changed_when: false + +- name: Retrieve worker join token from manager + ansible.builtin.set_fact: + worker_token: "{{ hostvars[groups['managers'][0]]['worker_token'].stdout }}" + when: "'Swarm: inactive' in swarm_check.stdout" + +- name: Join worker to Swarm + ansible.builtin.command: + argv: + - docker + - swarm + - join + - --token + - "{{ worker_token }}" + - "{{ hostvars[groups['managers'][0]].ansible_host }}:2377" + when: + - worker_token is defined + - "'Swarm: inactive' in swarm_check.stdout" + changed_when: true diff --git a/Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/vars/main.yaml b/Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/vars/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/Ansible/Playbooks/Docker-Swarm/site.yaml b/Ansible/Playbooks/Docker-Swarm/site.yaml new file mode 100644 index 0000000..fd27866 --- /dev/null +++ b/Ansible/Playbooks/Docker-Swarm/site.yaml @@ -0,0 +1,31 @@ +--- +- name: Setup Docker & NFS on Ubuntu + hosts: all + become: true + roles: + - docker_install + - mount_nfs + +- name: Init Docker Swarm + hosts: managers[0] + become: true + roles: + - init_docker_swarm + +- name: Join Managers + hosts: managers + become: true + roles: + - manager_join_docker_swarm + +- name: Join Workers + hosts: workers + become: true + roles: + - worker_join_docker_swarm + +- name: Deploy Portainer + hosts: managers[0] + become: true + roles: + - portainer_deploy