docker-swarm

Ansible/Playbooks/Docker-Swarm/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory/inventory.yaml
+host_key_checking = false

Ansible/Playbooks/Docker-Swarm/collections/requirements.yaml

@@ -0,0 +1,6 @@
+---
+collections:
+  - name: ansible.utils
+  - name: community.general
+  - name: ansible.posix
+  - name: community.docker.docker_stack

Ansible/Playbooks/Docker-Swarm/inventory/group_vars/all.yaml

@@ -0,0 +1,12 @@
+# ansible vars
+ansible_user: ubuntu
+ansible_become: true
+ansible_become_method: sudo
+
+# nfs vars
+nfs_server: 192.168.6.2
+nfs_share: /mnt/share/swarm
+mount_point: /share
+
+# portainer vars
+portainer_data: /share/portainer_data

Ansible/Playbooks/Docker-Swarm/inventory/inventory.yaml

@@ -0,0 +1,16 @@
+all:
+  children:
+    managers:
+      hosts:
+        manager1:
+          ansible_host: 192.168.200.71
+        manager2:
+          ansible_host: 192.168.200.72
+        manager3:
+          ansible_host: 192.168.200.73
+    workers:
+      hosts:
+        worker1:
+          ansible_host: 192.168.200.74
+        worker2:
+          ansible_host: 192.168.200.75

Ansible/Playbooks/Docker-Swarm/roles/docker_install/handlers/main.yaml

@@ -0,0 +1,5 @@
+---
+- name: Restart Docker
+  ansible.builtin.systemd:
+    name: docker
+    state: restarted

Ansible/Playbooks/Docker-Swarm/roles/docker_install/tasks/main.yaml

@@ -0,0 +1,41 @@
+---
+- name: Ensure apt is using HTTPS
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - software-properties-common
+
+- name: Add Docker GPG key
+  ansible.builtin.apt_key:
+    url: "https://download.docker.com/linux/ubuntu/gpg"
+    state: present
+
+- name: Add Docker repository
+  ansible.builtin.apt_repository:
+    repo: "{{ docker_apt_repository }}"
+    state: present
+
+- name: Install Docker CE
+  ansible.builtin.apt:
+    name: docker-ce
+    state: present
+    update_cache: true
+
+- name: Configure Docker daemon options
+  ansible.builtin.template:
+    src: "templates/docker_daemon.json.j2"
+    dest: "/etc/docker/daemon.json"
+    owner: 'root'
+    group: 'root'
+    mode: '0755'  # Optional file permissions
+  notify: Restart Docker
+
+- name: Ensure Docker service is enabled and running
+  ansible.builtin.systemd:
+    name: docker
+    enabled: true
+    state: started

Ansible/Playbooks/Docker-Swarm/roles/docker_install/templates/docker_daemon.json.j2

@@ -0,0 +1,3 @@
+{
+    "storage-driver": "{{ docker_daemon_options['storage-driver'] }}"
+}

Ansible/Playbooks/Docker-Swarm/roles/docker_install/vars/main.yaml

@@ -0,0 +1,5 @@
+---
+docker_apt_release_channel: "stable"
+docker_apt_repository: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+docker_daemon_options:
+  storage-driver: "overlay2"

Ansible/Playbooks/Docker-Swarm/roles/init_docker_swarm/tasks/main.yaml

@@ -0,0 +1,25 @@
+---
+- name: Check if Swarm is already initialized
+  ansible.builtin.command:
+    cmd: docker info
+  register: swarm_check
+  changed_when: false
+
+- name: Initialize Docker Swarm
+  ansible.builtin.command:
+    cmd: docker swarm init --advertise-addr {{ ansible_host }}
+  when: "'Swarm: inactive' in swarm_check.stdout"
+  register: swarm_init
+  changed_when: swarm_init.rc == 0
+
+- name: Get Swarm join token for managers
+  ansible.builtin.command:
+    cmd: docker swarm join-token -q manager
+  register: manager_token
+  changed_when: false
+
+- name: Get Swarm join token for workers
+  ansible.builtin.command:
+    cmd: docker swarm join-token -q worker
+  register: worker_token
+  changed_when: false

Ansible/Playbooks/Docker-Swarm/roles/manager_join_docker_swarm/tasks/main.yaml

@@ -0,0 +1,20 @@
+---
+- name: Check if Swarm is already initialized
+  ansible.builtin.command:
+    cmd: docker info
+  register: swarm_check
+  changed_when: false
+
+- name: Retrieve manager join token from manager
+  ansible.builtin.set_fact:
+    manager_token: "{{ hostvars[groups['managers'][0]]['manager_token'].stdout }}"
+  when: "'Swarm: inactive' in swarm_check.stdout"
+
+- name: Join manager to Swarm
+  ansible.builtin.command:
+    cmd: docker swarm join --token {{ manager_token }} {{ hostvars[groups['managers'][0]].ansible_host }}:2377
+  when:
+    - manager_token is defined
+    - "'Swarm: inactive' in swarm_check.stdout"
+  register: swarm_join
+  changed_when: "'This node joined a swarm as a manager' in swarm_join.stdout"

Ansible/Playbooks/Docker-Swarm/roles/mount_nfs/tasks/main.yaml

@@ -0,0 +1,30 @@
+---
+- name: Ensure NFS utilities are installed
+  ansible.builtin.apt:
+    name: nfs-common
+    state: present
+    update_cache: true
+
+- name: Reload systemd to recognize NFS changes
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Check if NFS mount point exists
+  ansible.builtin.stat:
+    path: "{{ mount_point }}"
+  register: mount_point_stat
+
+- name: Create mount point for NFS if it doesn't exist
+  ansible.builtin.file:
+    path: "{{ mount_point }}"
+    state: directory
+    mode: '0777'
+  when: not mount_point_stat.stat.exists
+
+- name: Mount NFS share
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ nfs_server }}:{{ nfs_share }}"
+    fstype: "nfs"
+    opts: "vers=4,proto=tcp,nolock"
+    state: mounted

Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: Start Portainer
+  community.docker.docker_compose:
+    project_src: /home/ubuntu/docker-compose/portainer
+    state: present
+    restarted: true

Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/tasks/main.yaml

@@ -0,0 +1,41 @@
+---
+- name: Ensure docker-compose is installed
+  ansible.builtin.package:
+    name: docker-compose
+    state: present
+
+- name: Ensure Docker service is running
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true
+
+- name: Setup Portainer directory
+  ansible.builtin.file:
+    path: /home/ubuntu/docker-compose/portainer
+    state: directory
+    mode: '0755'  # Optional file permissions
+    owner: ubuntu  # Optional ownership
+    group: ubuntu  # Optional group ownership
+
+- name: Copy compose from template to host
+  ansible.builtin.template:
+    src: "templates/docker_compose.yaml.j2"
+    dest: "/home/ubuntu/docker-compose/portainer/docker-compose.yaml"
+    mode: '0755'  # Optional file permissions
+    owner: ubuntu  # Optional ownership
+    group: ubuntu  # Optional group ownership
+  notify:
+    - Start Portainer
+
+- name: Create Portainer storage on NFS if it doesn't exist
+  ansible.builtin.file:
+    path: "{{ portainer_data }}"
+    state: directory
+    mode: '0755'
+
+- name: Deploy Portainer stack
+  ansible.builtin.command:
+    cmd: docker stack deploy -c /home/ubuntu/docker-compose/portainer/docker-compose.yaml portainer
+  register: swarm_check
+  changed_when: false

Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/templates/docker_compose.yaml.j2

@@ -0,0 +1,36 @@
+version: '3.2'
+
+services:
+  agent:
+    image: portainer/agent:2.21.5
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+    networks:
+      - agent_network
+    deploy:
+      mode: global
+      placement:
+        constraints: [node.platform.os == linux]
+
+  portainer:
+    image: portainer/portainer-ce:2.21.5
+    command: -H tcp://tasks.agent:9001 --tlsskipverify
+    ports:
+      - "9443:9443"
+      - "9000:9000"
+      - "8000:8000"
+    volumes:
+      - /share/portainer_data:/data
+    networks:
+      - agent_network
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints: [node.role == manager]
+
+networks:
+  agent_network:
+    driver: overlay
+    attachable: true

Ansible/Playbooks/Docker-Swarm/roles/portainer_deploy/vars/main.yaml

@@ -0,0 +1,2 @@
+---
+portainer_version: "latest"

Ansible/Playbooks/Docker-Swarm/roles/worker_join_docker_swarm/tasks/main.yaml

@@ -0,0 +1,25 @@
+---
+- name: Check if Swarm is already initialized
+  ansible.builtin.command:
+    cmd: docker info
+  register: swarm_check
+  changed_when: false
+
+- name: Retrieve worker join token from manager
+  ansible.builtin.set_fact:
+    worker_token: "{{ hostvars[groups['managers'][0]]['worker_token'].stdout }}"
+    when: "'Swarm: inactive' in swarm_check.stdout"
+
+- name: Join worker to Swarm
+  ansible.builtin.command:
+    argv:
+      - docker
+      - swarm
+      - join
+      - --token
+      - "{{ worker_token }}"
+      - "{{ hostvars[groups['managers'][0]].ansible_host }}:2377"
+  when:
+    - worker_token is defined
+    - "'Swarm: inactive' in swarm_check.stdout"
+  changed_when: true

Ansible/Playbooks/Docker-Swarm/site.yaml

@@ -0,0 +1,31 @@
+---
+- name: Setup Docker & NFS on Ubuntu
+  hosts: all
+  become: true
+  roles:
+    - docker_install
+    - mount_nfs
+
+- name: Init Docker Swarm
+  hosts: managers[0]
+  become: true
+  roles:
+    - init_docker_swarm
+
+- name: Join Managers
+  hosts: managers
+  become: true
+  roles:
+    - manager_join_docker_swarm
+
+- name: Join Workers
+  hosts: workers
+  become: true
+  roles:
+    - worker_join_docker_swarm
+
+- name: Deploy Portainer
+  hosts: managers[0]
+  become: true
+  roles:
+    - portainer_deploy