tokenbridge/deployment/roles/dependencies/tasks/main.yml

75 lines
1.8 KiB
YAML
Raw Normal View History

- name: Install the gpg key for docker
apt_key:
url: "https://download.docker.com/linux/ubuntu/gpg"
state: present
- name: Install the docker repos
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
- name: Install apt dependencies
apt:
update_cache: yes
name: "{{ item }}"
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- docker-ce
- git
- "{{ (ansible_python_interpreter | default ('python')).split('/')[-1] }}-pip"
- name: Install Docker Compose
get_url:
url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64"
dest: "/usr/local/bin/docker-compose"
force: True
owner: "root"
group: "root"
mode: "0755"
- name: Install python docker library
pip:
name: "{{ item }}"
with_items:
- docker
- docker-compose
- name: Add user to run docker-compose
user:
name: "{{ compose_service_user }}"
comment: user to run docker-compose
group: docker
createhome: yes
- name: Install auditd
apt:
name: auditd
update_cache: yes
- name: Configure auditd
blockinfile:
path: /etc/audit/audit.rules
block: |
-w /usr/bin/docker -p wa
-w /var/lib/docker -p wa
-w /etc/docker -p wa
-w /lib/systemd/system/docker.service -p wa
-w /lib/systemd/system/docker.socket -p wa
-w /etc/default/docker -p wa
-w /etc/docker/daemon.json -p wa
-w /usr/bin/docker-containerd -p wa
-w /usr/bin/docker-runc -p wa
notify: restart auditd
- name: Configure docker engine
copy:
src: daemon.json
dest: /etc/docker/daemon.json
owner: root
group: root
mode: 0640
notify: restart docker