| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- ---
- - name: {{ playbook_name }}
- hosts: {{ target_hosts }}
- {% if become %}
- become: true
- {% endif %}
- {% if options_enabled and not gather_facts %}
- gather_facts: false
- {% endif %}
- {% if secrets_enabled %}
- vars_files:
- - {{ secrets_file }}
- {% endif %}
- vars:
- certs_path: {{ certs_path }}
- tasks:
- - name: Check if docker certs are existing
- ansible.builtin.stat:
- path: {{ '{{' }} certs_path {{ '}}' }}
- register: certs_dir
- - name: Fail if docker certs are not existing
- ansible.builtin.fail:
- msg: "Docker certificates are not existing in /root/docker-certs."
- when: not certs_dir.stat.exists
- - name: Get machine's primary internal ip address from eth0 interface
- ansible.builtin.setup:
- register: ip_address
- - name: Set machine's primary internal ip address
- ansible.builtin.set_fact:
- ip_address: {{ '{{' }} ip_address.ansible_facts.ansible_default_ipv4.address {{ '}}' }}
- - name: Check if ip_address is a valid ip address
- ansible.builtin.assert:
- that:
- - ip_address is match("^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$")
- fail_msg: "ip_address is not a valid ip address."
- success_msg: "ip_address is a valid ip address."
- - name: Change docker daemon to use certs
- ansible.builtin.lineinfile:
- path: /lib/systemd/system/docker.service
- line: >
- ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
- -H tcp://{{ '{{' }} ip_address {{ '}}' }}:2376 --tlsverify --tlscacert={{ '{{' }} certs_path {{ '}}' }}/ca.pem
- --tlscert={{ '{{' }} certs_path {{ '}}' }}/server-cert.pem --tlskey={{ '{{' }} certs_path {{ '}}' }}/server-key.pem
- regexp: '^ExecStart='
- state: present
- - name: Reload systemd daemon
- ansible.builtin.systemd:
- daemon_reload: true
- - name: Restart docker daemon
- ansible.builtin.systemd:
- name: docker
- state: restarted
- enabled: true
|
