No description
| .forgejo/workflows | ||
| defaults | ||
| handlers | ||
| meta | ||
| molecule/default | ||
| tasks | ||
| templates | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .rubocop.yml | ||
| .yamllint | ||
| CHANGELOG.md | ||
| LICENSE | ||
| README.md | ||
Ansible role: Docker Swarm
Install and configure docker with swarm
Requirements
- Ansible >= 2.10
- Debian Bookworm
Role variables
| Name | Type | Required | Default | Comment |
|---|---|---|---|---|
| swarm_init | bool | no | false | init the cluster, run once with the ansible option -e swarm_init=true |
| swarm_manager | bool | no | false | set the cluster role |
| swarm_advertise_addr | str | no | listen address | |
| swarm_join_token_manager | str | no | join token for manager | |
| swarm_join_token_worker | str | no | join token for worker | |
| swarm_remote_addrs | str | no | manager addresses for slave node | |
| swarm_networks | dict | no | array with the docker networks | |
| swarm_services | dict | no | hash with the service to manage | |
| swarm_registry_logins | dict | no | hash with the registry logins | |
| swarm_proxy_url | str | no | set a proxy url for http and https requests | |
| swarm_proxy_ignore | list(str) | no | array with ignore host or subnet |
swarm_networks
| Name | Type | Required | Default | Comment |
|---|---|---|---|---|
| key | str | yes | network name | |
| driver | str | no | overlay | docker drive to use |
| state | str | no | present | create network if present, or delete if absent |
Example:
proxy:
state: present
swarm_services
| Name | Type | Required | Default | Comment |
|---|---|---|---|---|
| key | str | yes | Service name | |
| image | str | yes | Service image path and tag | |
| args | list(str) | no | List arguments to be passed to the container | |
| mounts | list(dict) | no | List of dictionaries describing the service mounts | |
| networks | list(str) | no | List of the service networks name | |
| publish | list(dict) | no | List of dictionaries describing the service published ports | |
| replicas | int | no | 1 | Number of containers instantiated in the service |
| limits | dict | no | Configures service resource limits | |
| env | dict | no | List or dictionary of the service environment variables | |
| container_labels | dict | no | Dictionary of key value pairs. | |
| state | str | no | present |
Example:
wordpress:
image: wordpress:latest
args:
- "--api"
mounts:
- source: /opt/data
target: /usr/local/data
type: bind
networks:
- net
publish:
- published_port: 80
target_port: 8000
replicas: 3
limits:
cpus: 0.5
memory: 100M
env:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
container_labels:
region: FR
state: present
swarm_services -> mounts
See all options documentation
| Name | Type | Required | Default | Comment |
|---|---|---|---|---|
| source | str | no | Mount source, must be specified if type is not tmpfs |
|
| target | str | yes | Container path | |
| type | str | no | bind | The mount type |
swarm_services -> publish
| Name | Type | Required | Default | Comment |
|---|---|---|---|---|
| mode | str | yes | What publish mode to use. ingress or host |
|
| protocol | str | no | tcp | What protocol to use. tcp or udp |
| published_port | int | yes | The port to make externally available | |
| target_port | int | yes | The port inside the container to expose |
swarm_services -> limits
| Name | Type | Required | Default | Comment |
|---|---|---|---|---|
| cpus | float | no | Service CPU limit | |
| memory | str | no | Service memory limit in format <number>[<unit>] |
swarm_registry_logins
| Name | Type | Required | Default | Comment |
|---|---|---|---|---|
| key | str | yes | registry name | |
| registry_url | str | yes | registry url | |
| registry_username | str | yes | registry username for authentification | |
| registry_password | str | yes | registry password | |
| user | str | no | ansible_user_id |
Example:
gitlab:
registry_url: registry.gitlab.com
registry_username: myaccount
registry_password: secret
user: www-data
How to use
-
On the first machine, init cluster
ansible-playbook swarm.yml -e swarm_init=true -
Get docker manager and worker join token and set variable
docker_swarm_join_token_manageranddockerèswarm_joint_token_workerdocker swarm join-token manager -q docker swarm join-token worker -q -
Run playbook normally on other machine
- hosts: server
roles:
- swarm
swarm_manager: true
swarm_remote_addrs:
- 192.168.0.1
- 192.168.0.2
- 192.168.0.3
swarm_init: true
swarm_join_token_worker: SWMTKN-1-2z1gzk9jdbpfw1paskodk6zc1fm5g0n5c293oz1taqii310a8u-1mjm55313up7tiksb0s3nr9lr
swarm_join_token_manager: SWMTKN-1-2z1gzk9jdbpfw1paskodk6zc1fm5g0n5c293oz1taqii310a8u-5644pyqmiexexfke6e1ycn11z
swarm_networks:
proxy:
driver: overlay
scope: swarm
swarm_services:
traefik:
image: traefik:3.0
networks:
- proxy
args:
- "--providers.swarm=true"
- "--providers.swarm.network=proxy"
- "--entrypoints.http.address=:80"
publish:
- published_port: 80
target_port: 80
mounts:
- source: /var/run/docker.sock
target: /var/run/docker.sock
Development
Test with molecule and docker
- install docker
- install
python3andpython3-pip - install molecule and dependencies
pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint - run
molecule test
License
Copyright (c) 2018 Adrien Waksberg
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.