r/ouranos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
856d7e2ef2e046bc9e153113d55ed014c1ec12f5
ouranos/ansible/docker/deploy.yml
Robert Helewka 042df52bca Refactor user management in Ansible playbooks to standardize on keeper_user 
- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user.
- Modified PostgreSQL deployment to create directories and manage files under keeper_user's home.
- Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks.
- Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support.
- Added staging playbook for preparing release tarballs from local repositories.
- Created templates for XRDP configuration and environment activation scripts.
- Removed obsolete sunwait documentation.
2026-03-05 10:37:41 +00:00

100 lines
2.6 KiB
YAML
Raw Blame History

---
- name: Deploy Docker
hosts: ubuntu
become: true
tasks:
- name: Check if host has docker service
ansible.builtin.set_fact:
has_docker_service: "{{'docker' in services}}"
- name: Skip hosts without docker service
ansible.builtin.meta: end_host
when: not has_docker_service
- name: Add Docker repository
ansible.builtin.deb822_repository:
name: docker
types: [deb]
uris: https://download.docker.com/linux/ubuntu
suites: ["{{ ansible_distribution_release }}"]
components: [stable]
signed_by: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Update apt and install docker-ce
ansible.builtin.apt:
name: docker-ce
state: latest
update_cache: true
- name: Enable and start docker service
ansible.builtin.systemd:
name: docker
enabled: true
state: started
- name: Add keeper_user to docker group
ansible.builtin.user:
name: "{{keeper_user}}"
groups: docker
append: true
- name: Check if Docker API should be enabled
ansible.builtin.set_fact:
enable_docker_api: "{{ docker_api_enabled | default(false) }}"
- name: Configure Docker daemon for API exposure
ansible.builtin.copy:
content: |
{
"hosts": ["unix:///var/run/docker.sock", "tcp://{{ docker_api_host }}:{{ docker_api_port }}"],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
dest: /etc/docker/daemon.json
owner: root
group: root
mode: '644'
when: enable_docker_api
notify: restart docker
- name: Create systemd override directory
ansible.builtin.file:
path: /etc/systemd/system/docker.service.d
state: directory
mode: '755'
- name: Create AppArmor workaround for Incus nested Docker
ansible.builtin.copy:
content: |
[Service]
Environment=container="setmeandforgetme"
dest: /etc/systemd/system/docker.service.d/apparmor-workaround.conf
owner: root
group: root
mode: '644'
notify: restart docker
- name: Create systemd override for Docker API
ansible.builtin.copy:
content: |
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
dest: /etc/systemd/system/docker.service.d/override.conf
owner: root
group: root
mode: '644'
when: enable_docker_api
notify: restart docker
handlers:
- name: restart docker
ansible.builtin.systemd:
name: docker
state: restarted
daemon_reload: true
Reference in New Issue View Git Blame Copy Permalink