| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- ---
- - name: "Docker Certs enable"
- hosts: "{{ my_hosts | d([]) }}"
- become: true
- vars:
- certs_path: "/root/docker-certs"
- tasks:
- - name: Check if docker certs are existing
- ansible.builtin.stat:
- path: "{{ certs_path }}"
- register: certs_dir
- - name: Fail if docker certs are not existing
- ansible.builtin.fail:
- msg: "Docker certificates are not existing in /root/docker-certs."
- when: not certs_dir.stat.exists
- - name: Get machine's primary internal ip address from eth0 interface
- ansible.builtin.setup:
- register: ip_address
- - name: Set machine's primary internal ip address
- ansible.builtin.set_fact:
- ip_address: "{{ ip_address.ansible_facts.ansible_default_ipv4.address }}"
- - name: Check if ip_address is a valid ip address
- ansible.builtin.assert:
- that:
- - ip_address is match("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
- fail_msg: "ip_address is not a valid ip address."
- success_msg: "ip_address is a valid ip address."
- - name: Change docker daemon to use certs
- ansible.builtin.lineinfile:
- path: /lib/systemd/system/docker.service
- line: >
- ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
- -H tcp://{{ ip_address }}:2376 --tlsverify --tlscacert={{ certs_path }}/ca.pem
- --tlscert={{ certs_path }}/server-cert.pem --tlskey={{ certs_path }}/server-key.pem
- regexp: '^ExecStart='
- state: present
- - name: Reload systemd daemon
- ansible.builtin.systemd:
- daemon_reload: true
- - name: Restart docker daemon
- ansible.builtin.systemd:
- name: docker
- state: restarted
- enabled: true
|
