1 files changed, 52 insertions, 0 deletions

diff --git a/roles/docker-swarm-manager/tasks/main.yml b/roles/docker-swarm-manager/tasks/main.yml
new file mode 100644
index 00000000..385d7564
--- /dev/null
+++ b/roles/docker-swarm-manager/tasks/main.yml
@@ -0,0 +1,52 @@
+---
+
+- name: Create TLS host certificate for Docker
+  local_action:
+    module: command ./create_cert {{inventory_hostname}} {{ansible_host}}
+    args:
+        creates: "{{inventory_hostname}}-cert.pem"
+        chdir: secrets/files/docker-tls/
+  become: false
+
+- name: Install Docker TLS certificate
+  copy:
+    src: secrets/files/docker-tls/{{item}}
+    dest: /etc/ssl/certs/{{item}}
+  with_items:
+   - ca.pem
+   - "{{inventory_hostname}}-key.pem"
+   - "{{inventory_hostname}}-cert.pem"
+  notify:
+  ignore_errors: '{{ ansible_check_mode }}'
+
+- name: Create swarm database
+  template:
+    src: swarm.txt.j2
+    dest: /etc/swarm.txt
+
+- name: create swarm manager
+  docker_container:
+      name: swarm-manager
+      image: swarm
+      state: started
+      restart_policy: unless-stopped
+      pull: yes
+      networks:
+        - name: jenkins
+      volumes:
+        - "/etc/ssl/certs/{{inventory_hostname}}-key.pem:/certs/key.pem:ro"
+        - "/etc/ssl/certs/{{inventory_hostname}}-cert.pem:/certs/cert.pem:ro"
+        - "/etc/ssl/certs/ca.pem:/certs/ca.pem:ro"
+        - "/etc/swarm.txt:/etc/swarm.txt:ro"
+      published_ports:
+          - "2376:2375"
+      command: manage --tlsverify --tlscacert=/certs/ca.pem --tlscert=/certs/cert.pem --tlskey=/certs/key.pem file://etc/swarm.txt
+
+- name: allow swarm traffic nodes
+  ufw:
+      rule: allow
+      proto: tcp
+      port: 3375
+      src: "{{hostvars[item].ansible_host}}"
+  with_items: "{{groups['swarm_nodes']}}"
+