diff options
Diffstat (limited to 'roles/docker-swarm-manager/tasks/main.yml')
-rw-r--r-- | roles/docker-swarm-manager/tasks/main.yml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/roles/docker-swarm-manager/tasks/main.yml b/roles/docker-swarm-manager/tasks/main.yml new file mode 100644 index 00000000..385d7564 --- /dev/null +++ b/roles/docker-swarm-manager/tasks/main.yml @@ -0,0 +1,52 @@ +--- + +- name: Create TLS host certificate for Docker + local_action: + module: command ./create_cert {{inventory_hostname}} {{ansible_host}} + args: + creates: "{{inventory_hostname}}-cert.pem" + chdir: secrets/files/docker-tls/ + become: false + +- name: Install Docker TLS certificate + copy: + src: secrets/files/docker-tls/{{item}} + dest: /etc/ssl/certs/{{item}} + with_items: + - ca.pem + - "{{inventory_hostname}}-key.pem" + - "{{inventory_hostname}}-cert.pem" + notify: + ignore_errors: '{{ ansible_check_mode }}' + +- name: Create swarm database + template: + src: swarm.txt.j2 + dest: /etc/swarm.txt + +- name: create swarm manager + docker_container: + name: swarm-manager + image: swarm + state: started + restart_policy: unless-stopped + pull: yes + networks: + - name: jenkins + volumes: + - "/etc/ssl/certs/{{inventory_hostname}}-key.pem:/certs/key.pem:ro" + - "/etc/ssl/certs/{{inventory_hostname}}-cert.pem:/certs/cert.pem:ro" + - "/etc/ssl/certs/ca.pem:/certs/ca.pem:ro" + - "/etc/swarm.txt:/etc/swarm.txt:ro" + published_ports: + - "2376:2375" + command: manage --tlsverify --tlscacert=/certs/ca.pem --tlscert=/certs/cert.pem --tlskey=/certs/key.pem file://etc/swarm.txt + +- name: allow swarm traffic nodes + ufw: + rule: allow + proto: tcp + port: 3375 + src: "{{hostvars[item].ansible_host}}" + with_items: "{{groups['swarm_nodes']}}" + |