extern/christianlempa-boilerplates
1
0
Fork 0
mirror of https://github.com/ChristianLempa/boilerplates.git synced 2025-02-25 15:00:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
afa03943fb
christianlempa-boilerplates/ansible/docker/docker-certs-enable.yaml
Christian Lempa 267299c088 reorganization and docker certs update to ansible
2024-12-18 14:19:23 +01:00

53 lines
1.7 KiB
YAML
Raw Blame History

---
- name: "Docker Certs enable"
hosts: "{{ my_hosts | d([]) }}"
become: true
vars:
certs_path: "/root/docker-certs"
tasks:
- name: Check if docker certs are existing
ansible.builtin.stat:
path: "{{ certs_path }}"
register: certs_dir
- name: Fail if docker certs are not existing
ansible.builtin.fail:
msg: "Docker certificates are not existing in /root/docker-certs."
when: not certs_dir.stat.exists
- name: Get machine's primary internal ip address from eth0 interface
ansible.builtin.setup:
register: ip_address
- name: Set machine's primary internal ip address
ansible.builtin.set_fact:
ip_address: "{{ ip_address.ansible_facts.ansible_default_ipv4.address }}"
- name: Check if ip_address is a valid ip address
ansible.builtin.assert:
that:
- ip_address is match("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
fail_msg: "ip_address is not a valid ip address."
success_msg: "ip_address is a valid ip address."
- name: Change docker daemon to use certs
ansible.builtin.lineinfile:
path: /lib/systemd/system/docker.service
line: >
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
-H tcp://{{ ip_address }}:2376 --tlsverify --tlscacert={{ certs_path }}/ca.pem
--tlscert={{ certs_path }}/server-cert.pem --tlskey={{ certs_path }}/server-key.pem
regexp: '^ExecStart='
state: present
- name: Reload systemd daemon
ansible.builtin.systemd:
daemon_reload: true
- name: Restart docker daemon
ansible.builtin.systemd:
name: docker
state: restarted
enabled: true
Reference in New Issue View Git Blame Copy Permalink