zailon/olimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 2 files

Browse Source 
- /roles/docker/tasks/main.yml
- /group_vars/all.yml
This commit is contained in:
Administrator 2026-03-24 16:27:24 +05:00
parent 090a12eb3c
commit 496472e3f8
2 changed files with 98 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
group_vars/all.yml
View File

@ -7,6 +7,18 @@ system_locale: ru_RU.UTF-8
x11_display_host: "192.168.1.101"
admin_user: zailon
# Включить мониторинг Docker для Node Exporter
enable_docker_monitoring: true
# Безопасные версии пакетов Docker для LXC (чтобы apt upgrade не сломал)
docker_ce_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
docker_ce_cli_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
containerd_io_version: "1.7.28-1~ubuntu.{{ ansible_distribution_release }}~noble"
runc_safe_version: "1.1.12-0ubuntu3"
# Включить фиксацию версий Docker в LXC
lxc_docker_pin_enabled: true
# Базовые пакеты для всех серверов
base_packages:
- curl

167
roles/docker/tasks/main.yml
View File

@ -1,6 +1,9 @@
---
# =============================================================================
# DOCKER
# =============================================================================
# ========== Cleanup conflicting Docker repo configs (LXC safety) ==========
# ========== 1. Cleanup conflicting Docker configs ==========
- name: Remove conflicting Docker repository files
file:
path: "{{ item }}"
@ -18,23 +21,26 @@
state: absent
loop:
- /etc/apt/keyrings/docker.gpg
- /etc/apt/keyrings/docker.asc
- /usr/share/keyrings/docker-archive-keyring.gpg
- /usr/share/keyrings/docker.gpg
become: yes
tags: [docker, deploy_docker]
# ========== Fix runc BEFORE Docker install (LXC safety) ==========
- name: Ensure runc at safe version before Docker install (LXC only)
- name: Clean apt cache
apt:
name: "runc=1.1.12-0ubuntu3"
state: present
allow_downgrade: yes
allow_change_held_packages: yes
clean: yes
become: yes
tags: [docker, deploy_docker]
when: ansible_virtualization_type in ['lxc', 'container']
# ========== Install Docker ==========
- name: Remove apt lists cache
file:
path: /var/lib/apt/lists
state: absent
become: yes
tags: [docker, deploy_docker]
# ========== 2. Install Docker dependencies ==========
- name: Install Docker dependencies
apt:
name:
@ -48,6 +54,7 @@
become: yes
tags: [docker, deploy_docker]
# ========== 3. Setup GPG key ==========
- name: Create keyrings directory
file:
path: /etc/apt/keyrings
@ -56,36 +63,61 @@
become: yes
tags: [docker, deploy_docker]
- name: Add Docker GPG key
apt_key:
- name: Download Docker GPG key
get_url:
url: https://download.docker.com/linux/ubuntu/gpg
keyring: /etc/apt/keyrings/docker.gpg
state: present
dest: /etc/apt/keyrings/docker.asc
mode: '0644'
force: yes
become: yes
tags: [docker, deploy_docker]
- name: Add Docker repository (without cache update)
apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
filename: docker
state: present
update_cache: no # ← Важно: не обновлять кэш здесь!
- name: Dearmor Docker GPG key
shell: gpg --dearmor -o /etc/apt/keyrings/docker.gpg /etc/apt/keyrings/docker.asc
args:
creates: /etc/apt/keyrings/docker.gpg
become: yes
tags: [docker, deploy_docker]
- name: Set permissions on Docker GPG key
file:
path: /etc/apt/keyrings/docker.gpg
mode: 'a+r'
become: yes
tags: [docker, deploy_docker]
# ========== 4. Add Docker repository ==========
- name: Add Docker repository
copy:
content: |
deb [arch={{ ansible_architecture }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
dest: /etc/apt/sources.list.d/docker.list
mode: '0644'
become: yes
tags: [docker, deploy_docker]
- name: Update apt cache after adding Docker repo
apt:
update_cache: yes
cache_valid_time: 3600
cache_valid_time: 0
become: yes
tags: [docker, deploy_docker]
- name: Install Docker packages
# ========== 5. Install Docker packages ==========
- name: Install docker-ce and docker-ce-cli first
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- "docker-ce=5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
- "docker-ce-cli=5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
state: present
allow_downgrade: yes
allow_change_held_packages: yes
become: yes
tags: [docker, deploy_docker]
- name: Install containerd.io (after docker-ce to preserve runc)
apt:
name: "containerd.io=1.7.28-1~ubuntu.{{ ansible_distribution_release }}~noble"
state: present
allow_downgrade: yes
allow_change_held_packages: yes
@ -93,13 +125,7 @@
notify: restart docker
tags: [docker, deploy_docker]
- name: Install Docker Compose plugin
apt:
name: docker-compose-plugin
state: present
become: yes
tags: [docker, deploy_docker]
# ========== 6. Start Docker and configure user ==========
- name: Start and enable Docker service
systemd:
name: docker
@ -109,11 +135,21 @@
become: yes
tags: [docker, deploy_docker]
- name: Wait for Docker to start
pause:
seconds: 5
- name: Wait for Docker socket to be available
wait_for:
path: /var/run/docker.sock
timeout: 30
tags: [docker, deploy_docker]
- name: Add admin user to docker group
user:
name: "{{ admin_user | default('zailon') }}"
groups: docker
append: yes
become: yes
tags: [docker, deploy_docker]
# ========== 7. Verify installation ==========
- name: Verify Docker installation
command: docker --version
register: docker_version
@ -136,16 +172,20 @@
msg: "Docker Compose version: {{ docker_compose_version.stdout }}"
tags: [docker, deploy_docker]
# ========== Docker Monitoring Setup ==========
- name: Setup Docker monitoring
block:
- name: Create scripts directory
file:
path: /opt/scripts
state: directory
mode: '0755'
become: yes
- name: Test Docker with docker ps
command: docker ps
register: docker_ps_test
changed_when: false
tags: [docker, deploy_docker]
- name: Show Docker containers
debug:
msg: "Docker is working! Containers: {{ docker_ps_test.stdout_lines | default(['none']) }}"
tags: [docker, deploy_docker]
# ========== 8. Docker monitoring (optional) ==========
- name: Setup Docker monitoring for Node Exporter
block:
- name: Deploy Docker metrics script
copy:
content: |
@ -169,33 +209,6 @@
mode: '0755'
become: yes
- name: Create systemd service for Docker metrics
copy:
content: |
[Unit]
Description=Docker metrics script
After=docker.service
[Service]
User=root
ExecStart=/opt/scripts/docker_metrics.sh
dest: /etc/systemd/system/docker-metrics.service
mode: '0644'
become: yes
- name: Create systemd timer for Docker metrics
copy:
content: |
[Unit]
Description=Run Docker metrics every 30 seconds
[Timer]
OnBootSec=1min
OnUnitActiveSec=30s
[Install]
WantedBy=timers.target
dest: /etc/systemd/system/docker-metrics.timer
mode: '0644'
become: yes
- name: Ensure Node Exporter textfile directory exists
file:
path: /var/lib/node_exporter/textfile_collector
@ -205,20 +218,12 @@
mode: '0755'
become: yes
- name: Enable and start Docker metrics timer
- name: Enable Docker metrics timer
systemd:
name: docker-metrics.timer
enabled: yes
state: started
daemon_reload: yes
become: yes
- name: Test Docker metrics script
command: /opt/scripts/docker_metrics.sh
register: metrics_test
changed_when: false
- name: Show Docker metrics test result
debug:
var: metrics_test.stdout
tags: [docker, deploy_docker, monitoring]
when: enable_docker_monitoring | default(true)
tags: [docker, monitoring]