diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index b1b7089..cf767d9 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,222 +1,288 @@ ---- -- name: Install Docker dependencies - apt: - name: - - apt-transport-https - - ca-certificates - - curl - - gnupg - - lsb-release - state: present - update_cache: yes - -- name: Add Docker GPG key - apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: present - -- name: Add Docker repository - apt_repository: - repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" - state: present - -- name: Install Docker - apt: - name: - - docker-ce - - docker-ce-cli - - containerd.io - state: present - update_cache: yes - -- name: Install Docker Compose - apt: - name: docker-compose-plugin - state: present - -- name: Start and enable Docker service - systemd: - name: docker - state: started - enabled: yes - -- name: Wait for Docker to start - pause: - seconds: 5 - -- name: Verify Docker installation - command: docker --version - register: docker_version - changed_when: false - -- name: Show Docker version - debug: - msg: "Docker version: {{ docker_version.stdout }}" - -- name: Verify Docker Compose installation - command: docker compose version - register: docker_compose_version - changed_when: false - -- name: Show Docker Compose version - debug: - msg: "Docker Compose version: {{ docker_compose_version.stdout }}" - -- name: Setup Docker monitoring - block: - - name: Create scripts directory - file: - path: /opt/scripts - state: directory - mode: '0755' - become: yes - - - name: Deploy Docker metrics script - copy: - content: | - #!/bin/bash - # Docker metrics script for Node Exporter textfile collector - - OUTFILE="/var/lib/node_exporter/textfile_collector/docker_metrics.prom" - - # Get container counts - TOTAL_CONTAINERS=$(docker ps -a -q 2>/dev/null | wc -l) - RUNNING_CONTAINERS=$(docker ps -q 2>/dev/null | wc -l) - EXITED_CONTAINERS=$((TOTAL_CONTAINERS - RUNNING_CONTAINERS)) - - # Write metrics in Prometheus format - cat << EOF > $OUTFILE - # HELP docker_containers_total Total number of Docker containers - # TYPE docker_containers_total gauge - docker_containers_total $TOTAL_CONTAINERS - # HELP docker_containers_running Number of running Docker containers - # TYPE docker_containers_running gauge - docker_containers_running $RUNNING_CONTAINERS - # HELP docker_containers_exited Number of exited Docker containers - # TYPE docker_containers_exited gauge - docker_containers_exited $EXITED_CONTAINERS - EOF - dest: /opt/scripts/docker_metrics.sh - mode: '0755' - become: yes - - - name: Create systemd service for Docker metrics - copy: - content: | - [Unit] - Description=Docker metrics script - After=docker.service - - [Service] - User=root - ExecStart=/opt/scripts/docker_metrics.sh - dest: /etc/systemd/system/docker-metrics.service - mode: '0644' - become: yes - - - name: Create systemd timer for Docker metrics - copy: - content: | - [Unit] - Description=Run Docker metrics every 30 seconds - - [Timer] - OnBootSec=1min - OnUnitActiveSec=30s - - [Install] - WantedBy=timers.target - dest: /etc/systemd/system/docker-metrics.timer - mode: '0644' - become: yes - - - name: Ensure Node Exporter textfile directory exists - file: - path: /var/lib/node_exporter/textfile_collector - state: directory - owner: node_exporter - group: node_exporter - mode: '0755' - become: yes - - - name: Enable and start Docker metrics timer - systemd: - name: docker-metrics.timer - enabled: yes - state: started - daemon_reload: yes - become: yes - - - name: Test Docker metrics script - command: /opt/scripts/docker_metrics.sh - register: metrics_test - changed_when: false - - - name: Show Docker metrics test result - debug: - var: metrics_test.stdout - -# ========== Fix Docker runc version ========== -- name: Check current runc version - command: runc --version - register: runc_version_check - ignore_errors: yes - changed_when: false - become: yes - -- name: Download and update runc to v1.2.4 if needed - block: - - name: Download runc v1.2.4 - get_url: - url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64 - dest: /tmp/runc.amd64 - mode: '0755' - become: yes - - - name: Stop docker service - systemd: - name: docker - state: stopped - become: yes - - - name: Backup existing runc - command: mv /usr/bin/runc /usr/bin/runc.bak - args: - creates: /usr/bin/runc.bak - become: yes - - - name: Install new runc - copy: - src: /tmp/runc.amd64 - dest: /usr/bin/runc - remote_src: yes - mode: '0755' - become: yes - - - name: Start docker service - systemd: - name: docker - state: started - become: yes - - - name: Clean up temporary runc file - file: - path: /tmp/runc.amd64 - state: absent - become: yes - - - name: Verify new runc version - command: runc --version - register: new_runc_version - become: yes - - - name: Show runc update result - debug: - msg: "runc updated to version: {{ new_runc_version.stdout }}" - become: yes - - when: - - runc_version_check is failed or - "'1.2.4' not in runc_version_check.stdout" - - ansible_architecture == "x86_64" - become: yes \ No newline at end of file +--- +- name: Install Docker dependencies + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + state: present + update_cache: yes + +- name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + +- name: Add Docker repository + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + state: present + +- name: Install Docker + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + state: present + update_cache: yes + +- name: Install Docker Compose + apt: + name: docker-compose-plugin + state: present + +- name: Start and enable Docker service + systemd: + name: docker + state: started + enabled: yes + +- name: Wait for Docker to start + pause: + seconds: 5 + +- name: Verify Docker installation + command: docker --version + register: docker_version + changed_when: false + +- name: Show Docker version + debug: + msg: "Docker version: {{ docker_version.stdout }}" + +- name: Verify Docker Compose installation + command: docker compose version + register: docker_compose_version + changed_when: false + +- name: Show Docker Compose version + debug: + msg: "Docker Compose version: {{ docker_compose_version.stdout }}" + +- name: Setup Docker monitoring + block: + - name: Create scripts directory + file: + path: /opt/scripts + state: directory + mode: '0755' + become: yes + + - name: Deploy Docker metrics script + copy: + content: | + #!/bin/bash + # Docker metrics script for Node Exporter textfile collector + + OUTFILE="/var/lib/node_exporter/textfile_collector/docker_metrics.prom" + + # Get container counts + TOTAL_CONTAINERS=$(docker ps -a -q 2>/dev/null | wc -l) + RUNNING_CONTAINERS=$(docker ps -q 2>/dev/null | wc -l) + EXITED_CONTAINERS=$((TOTAL_CONTAINERS - RUNNING_CONTAINERS)) + + # Write metrics in Prometheus format + cat << EOF > $OUTFILE + # HELP docker_containers_total Total number of Docker containers + # TYPE docker_containers_total gauge + docker_containers_total $TOTAL_CONTAINERS + # HELP docker_containers_running Number of running Docker containers + # TYPE docker_containers_running gauge + docker_containers_running $RUNNING_CONTAINERS + # HELP docker_containers_exited Number of exited Docker containers + # TYPE docker_containers_exited gauge + docker_containers_exited $EXITED_CONTAINERS + EOF + dest: /opt/scripts/docker_metrics.sh + mode: '0755' + become: yes + + - name: Create systemd service for Docker metrics + copy: + content: | + [Unit] + Description=Docker metrics script + After=docker.service + + [Service] + User=root + ExecStart=/opt/scripts/docker_metrics.sh + dest: /etc/systemd/system/docker-metrics.service + mode: '0644' + become: yes + + - name: Create systemd timer for Docker metrics + copy: + content: | + [Unit] + Description=Run Docker metrics every 30 seconds + + [Timer] + OnBootSec=1min + OnUnitActiveSec=30s + + [Install] + WantedBy=timers.target + dest: /etc/systemd/system/docker-metrics.timer + mode: '0644' + become: yes + + - name: Ensure Node Exporter textfile directory exists + file: + path: /var/lib/node_exporter/textfile_collector + state: directory + owner: node_exporter + group: node_exporter + mode: '0755' + become: yes + + - name: Enable and start Docker metrics timer + systemd: + name: docker-metrics.timer + enabled: yes + state: started + daemon_reload: yes + become: yes + + - name: Test Docker metrics script + command: /opt/scripts/docker_metrics.sh + register: metrics_test + changed_when: false + + - name: Show Docker metrics test result + debug: + var: metrics_test.stdout + +# ========== Fix Docker runc version ========== +- name: Check current runc version + command: runc --version + register: runc_version_check + ignore_errors: yes + changed_when: false + become: yes + +- name: Download and update runc to v1.2.4 if needed + block: + - name: Download runc v1.2.4 + get_url: + url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64 + dest: /tmp/runc.amd64 + mode: '0755' + become: yes + + - name: Stop docker service + systemd: + name: docker + state: stopped + become: yes + + - name: Backup existing runc + command: mv /usr/bin/runc /usr/bin/runc.bak + args: + creates: /usr/bin/runc.bak + become: yes + + - name: Install new runc + copy: + src: /tmp/runc.amd64 + dest: /usr/bin/runc + remote_src: yes + mode: '0755' + become: yes + + - name: Start docker service + systemd: + name: docker + state: started + become: yes + + - name: Clean up temporary runc file + file: + path: /tmp/runc.amd64 + state: absent + become: yes + + - name: Verify new runc version + command: runc --version + register: new_runc_version + become: yes + + - name: Show runc update result + debug: + msg: "runc updated to version: {{ new_runc_version.stdout }}" + become: yes + + when: + - runc_version_check is failed or + "'1.2.4' not in runc_version_check.stdout" + - ansible_architecture == "x86_64" + become: yes +# ========== Portainer Agent Deployment ========== +- name: Deploy Portainer Agent + block: + - name: Create Portainer Agent directory + file: + path: /mnt/portainer-agent + state: directory + mode: '0755' + become: yes + + - name: Deploy docker-compose.yml for Portainer Agent + copy: + content: | + + services: + portainer_agent: + image: portainer/agent:latest + container_name: portainer_agent + restart: unless-stopped + ports: + - "9001:9001" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + networks: + - portainer_agent_net + + networks: + portainer_agent_net: + driver: bridge + name: portainer_agent_net + dest: /mnt/portainer-agent/docker-compose.yml + mode: '0644' + become: yes + notify: Restart Portainer Agent + + - name: Ensure Portainer Agent is running + community.docker.docker_compose_v2: + project_src: /mnt/portainer-agent + state: present + detached: yes + become: yes + + - name: Verify Portainer Agent is running + command: docker ps --filter name=portainer_agent --format "{{ '{{' }}.Status{{ '}}' }}" + register: agent_status + changed_when: false + + - name: Show Portainer Agent status + debug: + msg: "Portainer Agent on {{ inventory_hostname }}: {{ agent_status.stdout }}" + + when: deploy_portainer_agent | default(false) + tags: + - portainer + - agent + +# ========== Handlers ========== +handlers: + - name: Restart Portainer Agent + community.docker.docker_compose_v2: + project_src: /mnt/portainer-agent + state: present + restarted: yes + detached: yes + become: yes \ No newline at end of file