diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..4958385 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,24 @@ +--- +kind: pipeline +type: docker +name: pull_request +image_pull_secrets: + - dockerconfigjson + +steps: + - name: lint yaml + image: registry.fedy95.com/baseimage-yamllint:latest + commands: + - yamllint -c /yamllint/relaxed.yaml group_vars/all.yml + - yamllint -c /yamllint/relaxed.yaml roles/common/tasks/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker/defaults/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker/handlers/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker/tasks/docker.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker/tasks/docker-compose.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker/tasks/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker/vars/main.yml + - yamllint -c /yamllint/relaxed.yaml .drone.yml + - yamllint -c /yamllint/relaxed.yaml ansible-desktop.yml + when: + event: pull_request +... diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1e9ca9d --- /dev/null +++ b/Makefile @@ -0,0 +1,29 @@ +MAKEFLAGS += --silent +.PHONY: * + +REGISTRY=registry.fedy95.com +YAMLLINT_TAG=baseimage-yamllint:latest + +lint: lint-yaml + +LINT-YAML-CMD=docker run --rm -it -v $(PWD):/data ${REGISTRY}/${YAMLLINT_TAG} +lint-yaml: + docker pull ${REGISTRY}/${YAMLLINT_TAG} + $(LINT-YAML-CMD) group_vars/all.yml + $(LINT-YAML-CMD) roles/common/tasks/main.yml + $(LINT-YAML-CMD) roles/docker/defaults/main.yml + $(LINT-YAML-CMD) roles/docker/handlers/main.yml + $(LINT-YAML-CMD) roles/docker/tasks/docker.yml + $(LINT-YAML-CMD) roles/docker/tasks/docker-compose.yml + $(LINT-YAML-CMD) roles/docker/tasks/main.yml + $(LINT-YAML-CMD) roles/docker/vars/main.yml + $(LINT-YAML-CMD) .drone.yml + $(LINT-YAML-CMD) ansible-desktop.yml + +run: + ansible-playbook ansible-desktop.yml -i hosts --ask-become-pass + +ping: + ansible -i hosts all -m ping + +.DEFAULT_GOAL := lint diff --git a/README.md b/README.md index 781ca69..740ffed 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ -### template [![Build Status](https://drone.fedy95.com/api/badges/infra/template/status.svg)](https://drone.fedy95.com/infra/template) +### ansible-servers [![Build Status](https://drone.fedy95.com/api/badges/infra/ansible-servers/status.svg)](https://drone.fedy95.com/infra/ansible-servers) -Base repository for new infra-repos +### docs +- [ansible](https://www.ansible.com/) + +### how to run +- see Makefile diff --git a/ansible-desktop.yml b/ansible-desktop.yml new file mode 100644 index 0000000..ff719d8 --- /dev/null +++ b/ansible-desktop.yml @@ -0,0 +1,7 @@ +--- +- name: Base playbook + hosts: docker-units + roles: + - { role: common, become: true } + - { role: docker, become: true } +... diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..f89b190 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +hostfile = hosts +nocows = 1 + +[privilege_escalation] +become_method = sudo diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..4eda9d0 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,5 @@ +--- +aptcachetime: 3600 +locale: "en_US.UTF-8" +timezone: "Europe/Moscow" +... diff --git a/hosts b/hosts new file mode 100644 index 0000000..a45e710 --- /dev/null +++ b/hosts @@ -0,0 +1,8 @@ +[docker-units] +10.10.10.6 +192.168.1.151 + +[docker-units:vars] +ansible_connection=ssh +ansible_ssh_private_key_file=/home/fedy95/.ssh/id_rsa +ansible_user=fedy95 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..e4c0b45 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Ensure the system can use the HTTPS transport for APT + stat: path=/usr/lib/apt/methods/https + register: apt_https_transport + +- name: Install HTTPS transport for APT + apt: pkg=apt-transport-https state=installed + when: not apt_https_transport.stat.exists + +- name: Enable all repositories in sources.list + replace: dest=/etc/apt/sources.list regexp='^#\s?deb(.+)http://(.+)/ubuntu(.+)$' replace='deb\1http://\2/ubuntu\3' backup=yes + +- name: Ensure that Aptitude repositories are up to date + apt: + update_cache: yes + cache_valid_time: "{{ aptcachetime }}" + +- name: Install common packages + apt: + name: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: "{{ aptcachetime }}" + loop: [ 'git', 'make', 'nano', 'net-tools' ] + +- name: Upgrade installed packages + apt: upgrade=yes +... diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 0000000..7f6eb16 --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,5 @@ +--- +docker: + start: false + service_enabled: no +... diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml new file mode 100644 index 0000000..82f39c5 --- /dev/null +++ b/roles/docker/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Restart Docker + service: "name=docker state={{ docker_restart_handler_state }}" +... diff --git a/roles/docker/tasks/docker-compose.yml b/roles/docker/tasks/docker-compose.yml new file mode 100644 index 0000000..7de3731 --- /dev/null +++ b/roles/docker/tasks/docker-compose.yml @@ -0,0 +1,24 @@ +--- +- name: Check current docker-compose version + command: "{{ docker_compose_bin }} --version" + register: docker_compose_current_version + changed_when: false + failed_when: false + +- name: Renew existing docker-compose version if it's different + file: + path: "{{ docker_compose_bin }}" + state: absent + when: > + docker_compose_current_version.stdout is defined + and docker_compose_version not in docker_compose_current_version.stdout + +- name: Install Docker Compose + get_url: + url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64 + dest: "{{ docker_compose_bin }}" + mode: 0755 + when: > + docker_compose_current_version.stdout is not defined + or docker_compose_version not in docker_compose_current_version.stdout +... diff --git a/roles/docker/tasks/docker.yml b/roles/docker/tasks/docker.yml new file mode 100644 index 0000000..92c19bf --- /dev/null +++ b/roles/docker/tasks/docker.yml @@ -0,0 +1,52 @@ +--- +- name: Update apt cache + apt: + update_cache: yes + cache_valid_time: "{{ aptcachetime }}" + +- name: Upgrade all apt packages + apt: upgrade=dist + +- name: Install docker packages + apt: + name: "{{ item }}" + state: present + update_cache: yes + loop: + - 'apt-transport-https' + - 'ca-certificates' + - 'curl' + - 'gnupg' + - 'lsb-release' + +- name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + +- name: Add deb repository + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable + state: present + update_cache: yes + +- name: Install docker + apt: + name: "{{ item }}" + state: present + update_cache: yes + loop: + - 'docker-ce' + - 'docker-ce-cli' + - 'containerd.io' + +- name: Ensure docker users are added to the docker group. + user: + name: "{{ item }}" + groups: docker + append: true + with_items: "{{ ansible_env.USER }}" + +- name: "Ensure Docker is {{ docker.start | ternary('started','stopped') }}" + service: name=docker state={{ docker.start | ternary('restarted','stopped') }} enabled={{ docker.service_enabled }} +... diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..9e33dc7 --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- include_tasks: docker.yml +- include_tasks: docker-compose.yml +... diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml new file mode 100644 index 0000000..25c0dd1 --- /dev/null +++ b/roles/docker/vars/main.yml @@ -0,0 +1,4 @@ +--- +docker_compose_version: "1.29.1" +docker_compose_bin: "/usr/local/bin/docker-compose" +... diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..69d2467 --- /dev/null +++ b/run.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +ansible-playbook ansible-desktop.yml -i hosts --ask-become-pass