# Author: Martin Ptacek # run this playbook against new linux server - name: Install example server stack for prometheus-exporter-android hosts: android_prometheus_exporter_target_server remote_user: root vars: new_user_name: androidexporter new_user_password: change-this-in-production tasks: - name: Assert linux distribution is some RedHat linux ansible.builtin.assert: that: - ansible_os_family == "RedHat" - (ansible_distribution_major_version | int == 8) or (ansible_distribution_major_version | int == 9) - name: Install docker and docker compose block: - name: Uninstall distribution docker if present ansible.builtin.dnf: name: "{{ item }}" state: absent loop: - docker - docker-common - docker-engine - name: Add docker repository ansible.builtin.yum_repository: name: docker-ce state: present description: Docker ce repo by docker enabled: true baseurl: "{{ 'https://download.docker.com/linux/centos/' + ansible_distribution_major_version + '/x86_64/stable' }}" gpgcheck: true gpgkey: "https://download.docker.com/linux/centos/gpg" - name: Install Docker CE and docker compose from official docker repository ansible.builtin.yum: name: - docker-ce - docker-ce-cli - containerd.io - docker-compose-plugin state: present update_cache: true - name: Install or update pip ansible.builtin.dnf: name: - python-pip - python3-pip state: present - name: Install 'docker' package from pip for ansible commands ansible.builtin.pip: name: "{{ item }}" state: present loop: - docker - docker-compose - name: Enable and start docker service ansible.builtin.service: name: docker.service state: started enabled: true - name: Add user androidexporter to docker group ansible.builtin.user: name: androidexporter groups: docker append: true register: add_docker_group - name: Reset ssh connection for user group changes to take place ansible.builtin.meta: reset_connection - name: Install passlib for new user creation ansible.builtin.pip: name: passlib state: present - name: Create new user ansible.builtin.user: name: "{{ new_user_name }}" shell: /bin/bash update_password: on_create groups: wheel append: true password: "{{ new_user_password | password_hash('sha512') }}" - name: Execute the following as the new user become: true become_user: "{{ new_user_name }}" tags: configuration block: - name: Copy configuration files ansible.builtin.copy: src: ./configuration dest: "{{ '/home/' + new_user_name + '/' }}" owner: "{{ new_user_name }}" group: "{{ new_user_name }}" mode: 0644 force: true register: config_files tags: config - name: Copy docker-compose.yaml ansible.builtin.copy: src: ./docker-compose.yaml dest: "{{ '/home/' + new_user_name + '/docker-compose.yaml' }}" owner: "{{ new_user_name }}" group: "{{ new_user_name }}" mode: 0644 force: true register: compose_file tags: config - name: Pull images community.docker.docker_compose: pull: true project_src: "{{ '/home/' + new_user_name }}" tags: config - name: Start docker compose community.docker.docker_compose: state: present project_src: "{{ '/home/' + new_user_name }}" restarted: "{{ (config_files.changed | bool) or (compose_file.changed | bool) }}" tags: config - name: Create docker compose systemd service to start docker compose on boot block: - name: Copy docker compose unit file ansible.builtin.template: src: ./configuration/docker_compose.service.j2 dest: /etc/systemd/system/docker_compose.service owner: root group: root force: true mode: 0644 - name: Enable and start systemd docker compose service ansible.builtin.service: name: docker_compose.service state: started enabled: true