76 lines
1.8 KiB
YAML
76 lines
1.8 KiB
YAML
---
|
|
- name: Install the gpg key for docker
|
|
apt_key:
|
|
url: "https://download.docker.com/linux/ubuntu/gpg"
|
|
state: present
|
|
|
|
- name: Install the docker repos
|
|
apt_repository:
|
|
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
|
|
state: present
|
|
|
|
- name: Install apt dependencies
|
|
apt:
|
|
update_cache: yes
|
|
name: "{{ item }}"
|
|
with_items:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- curl
|
|
- software-properties-common
|
|
- docker-ce
|
|
- git
|
|
- python3
|
|
- python3-pip
|
|
|
|
- name: Install Docker Compose
|
|
get_url:
|
|
url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64"
|
|
dest: "/usr/local/bin/docker-compose"
|
|
force: True
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
|
|
- name: Upgrade pip version
|
|
shell: pip3 install --upgrade pip==19.3.1
|
|
|
|
- name: Install python docker library
|
|
shell: pip3 install docker docker-compose setuptools
|
|
|
|
- name: Add user to run docker-compose
|
|
user:
|
|
name: "{{ compose_service_user }}"
|
|
comment: user to run docker-compose
|
|
group: docker
|
|
createhome: yes
|
|
|
|
- name: Install auditd
|
|
apt:
|
|
name: auditd
|
|
update_cache: yes
|
|
|
|
- name: Configure auditd
|
|
blockinfile:
|
|
path: /etc/audit/audit.rules
|
|
block: |
|
|
-w /usr/bin/docker -p wa
|
|
-w /var/lib/docker -p wa
|
|
-w /etc/docker -p wa
|
|
-w /lib/systemd/system/docker.service -p wa
|
|
-w /lib/systemd/system/docker.socket -p wa
|
|
-w /etc/default/docker -p wa
|
|
-w /etc/docker/daemon.json -p wa
|
|
-w /usr/bin/docker-containerd -p wa
|
|
-w /usr/bin/docker-runc -p wa
|
|
notify: restart auditd
|
|
|
|
- name: Configure docker engine
|
|
copy:
|
|
src: daemon.json
|
|
dest: /etc/docker/
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
notify: restart docker
|