# Ansible role: Docker Swarm [![Version](https://img.shields.io/badge/latest_version-1.1.0-green.svg)](https://code.waks.be/nishiki/ansible-role-swarm/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-swarm/src/branch/main/LICENSE) [![Build](https://code.waks.be/nishiki/ansible-role-swarm/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-swarm/actions?workflow=molecule.yml) Install and configure docker with swarm ## Requirements - Ansible >= 2.10 - Debian Bookworm ## Role variables | Name | Type | Required | Default | Comment | | ------------------------ | --------- | -------- | ------- | ----------------------------------------------------------------------- | | swarm_init | bool | no | false | init the cluster, run once with the ansible option `-e swarm_init=true` | | swarm_manager | bool | no | false | set the cluster role | | swarm_advertise_addr | str | no | | listen address | | swarm_join_token_manager | str | no | | join token for manager | | swarm_join_token_worker | str | no | | join token for worker | | swarm_remote_addrs | str | no | | manager addresses for slave node | | swarm_networks | dict | no | | array with the docker networks | | swarm_services | dict | no | | hash with the service to manage | | swarm_registry_logins | dict | no | | hash with the registry logins | | swarm_proxy_url | str | no | | set a proxy url for http and https requests | | swarm_proxy_ignore | list(str) | no | | array with ignore host or subnet | ### swarm_networks | Name | Type | Required | Default | Comment | | ------ | ---- | -------- | ------- | ---------------------------------------------- | | key | str | yes | | network name | | driver | str | no | overlay | docker drive to use | | state | str | no | present | create network if present, or delete if absent | Example: ```yaml proxy: state: present ``` ### swarm_services | Name | Type | Required | Default | Comment | | ---------------- | ---------- | -------- | ------- | ----------------------------------------------------------- | | key | str | yes | | Service name | | image | str | yes | | Service image path and tag | | args | list(str) | no | | List arguments to be passed to the container | | mounts | list(dict) | no | | List of dictionaries describing the service mounts | | networks | list(str) | no | | List of the service networks name | | publish | list(dict) | no | | List of dictionaries describing the service published ports | | replicas | int | no | 1 | Number of containers instantiated in the service | | limits | dict | no | | Configures service resource limits | | env | dict | no | | List or dictionary of the service environment variables | | container_labels | dict | no | | Dictionary of key value pairs. | | state | str | no | present | | Example: ```yaml wordpress: image: wordpress:latest args: - "--api" mounts: - source: /opt/data target: /usr/local/data type: bind networks: - net publish: - published_port: 80 target_port: 8000 replicas: 3 limits: cpus: 0.5 memory: 100M env: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress container_labels: region: FR state: present ``` #### swarm_services -> mounts See all options [documentation](https://docs.ansible.com/ansible/2.9/modules/docker_swarm_service_module.html#parameter-mounts) | Name | Type | Required | Default | Comment | | ------ | ---- | -------- | ------- | ------------------------------------------------------ | | source | str | no | | Mount source, must be specified if type is not `tmpfs` | | target | str | yes | | Container path | | type | str | no | bind | The mount type | #### swarm_services -> publish | Name | Type | Required | Default | Comment | | -------------- | ---- | -------- | ------- | --------------------------------------------- | | mode | str | yes | | What publish mode to use. `ingress` or `host` | | protocol | str | no | tcp | What protocol to use. `tcp` or `udp` | | published_port | int | yes | | The port to make externally available | | target_port | int | yes | | The port inside the container to expose | #### swarm_services -> limits | Name | Type | Required | Default | Comment | | ------ | ----- | -------- | ------- | ------------------------------------------------- | | cpus | float | no | | Service CPU limit | | memory | str | no | | Service memory limit in format `[]` | ### swarm_registry_logins | Name | Type | Required | Default | Comment | | ----------------- | ---- | -------- | --------------- | -------------------------------------- | | key | str | yes | | registry name | | registry_url | str | yes | | registry url | | registry_username | str | yes | | registry username for authentification | | registry_password | str | yes | | registry password | | user | str | no | ansible_user_id | | Example: ```yaml gitlab: registry_url: registry.gitlab.com registry_username: myaccount registry_password: secret user: www-data ``` ## How to use - On the first machine, init cluster `ansible-playbook swarm.yml -e swarm_init=true` - Get docker manager and worker join token and set variable `docker_swarm_join_token_manager` and `dockerèswarm_joint_token_worker` ```sh docker swarm join-token manager -q docker swarm join-token worker -q ``` - Run playbook normally on other machine ```yaml - hosts: server roles: - swarm swarm_manager: true swarm_remote_addrs: - 192.168.0.1 - 192.168.0.2 - 192.168.0.3 swarm_init: true swarm_join_token_worker: SWMTKN-1-2z1gzk9jdbpfw1paskodk6zc1fm5g0n5c293oz1taqii310a8u-1mjm55313up7tiksb0s3nr9lr swarm_join_token_manager: SWMTKN-1-2z1gzk9jdbpfw1paskodk6zc1fm5g0n5c293oz1taqii310a8u-5644pyqmiexexfke6e1ycn11z swarm_networks: proxy: driver: overlay scope: swarm swarm_services: traefik: image: traefik:3.0 networks: - proxy args: - "--providers.swarm=true" - "--providers.swarm.network=proxy" - "--entrypoints.http.address=:80" publish: - published_port: 80 target_port: 80 mounts: - source: /var/run/docker.sock target: /var/run/docker.sock ``` ## Development ### Test with molecule and docker - install [docker](https://docs.docker.com/engine/installation/) - install `python3` and `python3-pip` - install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint` - run `molecule test` ## License ``` Copyright (c) 2018 Adrien Waksberg Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ```