Michael Schiemer
3b623e7afb
- Create AnsibleDeployStage using framework's Process module for secure command execution - Integrate AnsibleDeployStage into DeploymentPipelineCommands for production deployments - Add force_deploy flag support in Ansible playbook to override stale locks - Use PHP deployment module as orchestrator (php console.php deploy:production) - Fix ErrorAggregationInitializer to use Environment class instead of $_ENV superglobal Architecture: - BuildStage → AnsibleDeployStage → HealthCheckStage for production - Process module provides timeout, error handling, and output capture - Ansible playbook supports rollback via rollback-git-based.yml - Zero-downtime deployments with health checks
171 lines
4.5 KiB
YAML
171 lines
4.5 KiB
YAML
---
|
|
# Docker Setup Playbook
|
|
# Ensures Docker and Docker Compose are installed and configured
|
|
#
|
|
# Usage:
|
|
# ansible-playbook -i inventories/production/hosts.yml playbooks/setup-docker.yml
|
|
|
|
- name: Setup Docker for Production
|
|
hosts: web_servers
|
|
become: true
|
|
|
|
vars:
|
|
app_user: deploy
|
|
docker_compose_version: "2.24.0"
|
|
|
|
tasks:
|
|
# ==========================================
|
|
# 1. Verify Docker Installation
|
|
# ==========================================
|
|
|
|
- name: Check if Docker is installed
|
|
command: docker --version
|
|
register: docker_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Display Docker version
|
|
debug:
|
|
msg: "Docker is already installed: {{ docker_check.stdout }}"
|
|
when: docker_check.rc == 0
|
|
|
|
- name: Install Docker if not present
|
|
block:
|
|
- name: Update apt cache
|
|
apt:
|
|
update_cache: yes
|
|
|
|
- name: Install prerequisites
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- curl
|
|
- gnupg
|
|
- lsb-release
|
|
state: present
|
|
|
|
- name: Add Docker GPG key
|
|
apt_key:
|
|
url: https://download.docker.com/linux/ubuntu/gpg
|
|
state: present
|
|
|
|
- name: Add Docker repository
|
|
apt_repository:
|
|
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
|
|
state: present
|
|
|
|
- name: Install Docker
|
|
apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
state: present
|
|
update_cache: yes
|
|
when: docker_check.rc != 0
|
|
|
|
# ==========================================
|
|
# 2. Configure Docker
|
|
# ==========================================
|
|
|
|
- name: Add deploy user to docker group
|
|
user:
|
|
name: "{{ app_user }}"
|
|
groups: docker
|
|
append: yes
|
|
|
|
- name: Ensure Docker service is enabled and started
|
|
systemd:
|
|
name: docker
|
|
enabled: yes
|
|
state: started
|
|
|
|
# ==========================================
|
|
# 3. Install Docker Compose Plugin
|
|
# ==========================================
|
|
|
|
- name: Check if Docker Compose plugin is installed
|
|
command: docker compose version
|
|
register: compose_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Display Docker Compose version
|
|
debug:
|
|
msg: "Docker Compose is already installed: {{ compose_check.stdout }}"
|
|
when: compose_check.rc == 0
|
|
|
|
# ==========================================
|
|
# 4. Configure Docker Daemon
|
|
# ==========================================
|
|
|
|
- name: Create Docker daemon configuration
|
|
copy:
|
|
dest: /etc/docker/daemon.json
|
|
content: |
|
|
{
|
|
"log-driver": "json-file",
|
|
"log-opts": {
|
|
"max-size": "10m",
|
|
"max-file": "3"
|
|
},
|
|
"live-restore": true
|
|
}
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Restart Docker
|
|
|
|
# ==========================================
|
|
# 5. Firewall Configuration
|
|
# ==========================================
|
|
|
|
- name: Allow HTTP traffic
|
|
ufw:
|
|
rule: allow
|
|
port: '80'
|
|
proto: tcp
|
|
|
|
- name: Allow HTTPS traffic
|
|
ufw:
|
|
rule: allow
|
|
port: '443'
|
|
proto: tcp
|
|
|
|
# ==========================================
|
|
# 6. Verification
|
|
# ==========================================
|
|
|
|
- name: Get Docker info
|
|
command: docker info
|
|
register: docker_info
|
|
changed_when: false
|
|
|
|
- name: Get Docker Compose version
|
|
command: docker compose version
|
|
register: compose_version
|
|
changed_when: false
|
|
|
|
- name: Display setup summary
|
|
debug:
|
|
msg:
|
|
- "=========================================="
|
|
- "Docker Setup Complete"
|
|
- "=========================================="
|
|
- "Docker Version: {{ docker_check.stdout }}"
|
|
- "Docker Compose: {{ compose_version.stdout }}"
|
|
- "User '{{ app_user }}' added to docker group"
|
|
- "Firewall: HTTP (80) and HTTPS (443) allowed"
|
|
- "=========================================="
|
|
- ""
|
|
- "Next Steps:"
|
|
- "1. Log out and back in for docker group to take effect"
|
|
- "2. Run deployment playbook to start containers"
|
|
|
|
handlers:
|
|
- name: Restart Docker
|
|
systemd:
|
|
name: docker
|
|
state: restarted
|