tokenbridge/deployment/roles/common/tasks/dependencies.yml

76 lines
1.8 KiB
YAML

---
- name: Install the gpg key for docker
apt_key:
url: "https://download.docker.com/linux/ubuntu/gpg"
state: present
- name: Install the docker repos
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
- name: Install apt dependencies
apt:
update_cache: yes
name: "{{ item }}"
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- docker-ce
- git
- python3
- python3-pip
- name: Install Docker Compose
get_url:
url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64"
dest: "/usr/local/bin/docker-compose"
force: True
owner: "root"
group: "root"
mode: "0755"
- name: Upgrade pip version
shell: pip3 install --upgrade pip==19.3.1
- name: Install python docker library
shell: pip3 install docker docker-compose setuptools
- name: Add user to run docker-compose
user:
name: "{{ compose_service_user }}"
comment: user to run docker-compose
group: docker
createhome: yes
- name: Install auditd
apt:
name: auditd
update_cache: yes
- name: Configure auditd
blockinfile:
path: /etc/audit/audit.rules
block: |
-w /usr/bin/docker -p wa
-w /var/lib/docker -p wa
-w /etc/docker -p wa
-w /lib/systemd/system/docker.service -p wa
-w /lib/systemd/system/docker.socket -p wa
-w /etc/default/docker -p wa
-w /etc/docker/daemon.json -p wa
-w /usr/bin/docker-containerd -p wa
-w /usr/bin/docker-runc -p wa
notify: restart auditd
- name: Configure docker engine
copy:
src: daemon.json
dest: /etc/docker/
owner: root
group: root
mode: 0640
notify: restart docker