100 lines
3.2 KiB
YAML
100 lines
3.2 KiB
YAML
---
|
|
- name: portainer
|
|
hosts: all
|
|
tasks:
|
|
|
|
- name: Create portainer dir
|
|
ansible.builtin.file:
|
|
path: /home/docker/portainer
|
|
owner: root
|
|
group: docker
|
|
state: directory
|
|
mode: '0770'
|
|
|
|
- name: /home/docker/portainer.{{inventory_hostname}}/genpw.sh (generate Random)
|
|
blockinfile:
|
|
path: /home/docker/portainer.{{inventory_hostname}}/genpw.sh
|
|
create: yes
|
|
mode: 0550
|
|
owner: root
|
|
group: docker
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
cd /home/docker/portainer.{{inventory_hostname}}
|
|
|
|
if [ -f env ]
|
|
then
|
|
. ./env
|
|
echo "${WEBPASSWDCRYPT}"
|
|
else
|
|
webpassword=$(pwgen -s 32 1)
|
|
webpasswordcrypted=$(htpasswd -nbB foo $webpassword | cut -d: -f2 | sed -e s/\\$/\\$\\$/g)
|
|
|
|
echo "WEBUSER=admin
|
|
WEBPASSWD=${webpassword}
|
|
WEBPASSWDCRYPT=${webpasswordcrypted}
|
|
" >env
|
|
|
|
chmod 440 env
|
|
chown root:docker env
|
|
echo "${webpasswordcrypted}"
|
|
fi
|
|
|
|
backup: yes
|
|
validate: /bin/bash -n %s
|
|
|
|
- name: /home/docker/portainer.{{inventory_hostname}}/genpw.sh shebang
|
|
lineinfile:
|
|
path: /home/docker/portainer.{{inventory_hostname}}/genpw.sh
|
|
insertbefore: BOF
|
|
line: "#!/bin/bash -e"
|
|
|
|
- name: Get crypted PW
|
|
shell: bash /home/docker/portainer.{{inventory_hostname}}/genpw.sh
|
|
register: cryptpw
|
|
changed_when: false
|
|
|
|
- name: /home/docker/portainer.{{inventory_hostname}}/docker-compose.yml Portainer Container Configuration
|
|
blockinfile:
|
|
path: /home/docker/portainer.{{inventory_hostname}}/docker-compose.yml
|
|
create: yes
|
|
mode: 0440
|
|
owner: root
|
|
group: docker
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
|
|
services:
|
|
portainer:
|
|
image: portainer/portainer-ce:latest
|
|
command: --admin-password {{ cryptpw.stdout }}
|
|
restart: unless-stopped
|
|
networks:
|
|
- traefik
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./data:/data
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.portainer.rule=Host(`portainer.{{inventory_hostname}}`)
|
|
- traefik.http.routers.portainer.entrypoints=https
|
|
- traefik.http.routers.portainer.middlewares=secHeaders@file
|
|
- traefik.http.services.portainer.loadbalancer.server.port=9000
|
|
- traefik.http.routers.portainer.service=portainer
|
|
- traefik.http.routers.portainer.tls=true
|
|
- traefik.http.routers.portainer.tls.certresolver=letsencrypt
|
|
- traefik.http.middlewares.to-https.redirectscheme.scheme=https
|
|
networks:
|
|
traefik:
|
|
external: true
|
|
backup: yes
|
|
notify: Restart portainer
|
|
|
|
|
|
handlers:
|
|
|
|
- name: Restart portainer
|
|
ansible.builtin.shell: docker-compose up -d --force-recreate
|
|
args:
|
|
chdir: /home/docker/portainer.{{inventory_hostname}}
|