--- - name: server initial command hosts: 'all' become: yes become_method: sudo become_user: root vars_files: - var/registry.yml tasks: - name: set hosts file copy: src: hosts dest: /etc/hosts mode: '0644' - name: disable ufw shell: ufw disable - name: disable swap shell: swapoff -a ### sudo ufw allow 2376/tcp && sudo ufw allow 7946/udp && sudo ufw allow 7946/tcp && sudo ufw allow 80/tcp && sudo ufw allow 2377/tcp && sudo ufw allow 4789/udp - name: flush iptables shell: | iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X - name: iptables for masters when: inventory_hostname in groups['masters'] shell: | iptables -I INPUT -p tcp --dport 80 -j ACCEPT iptables -I INPUT -p tcp --dport 443 -j ACCEPT iptables -I INPUT -p tcp --dport 22 -j ACCEPT iptables -I INPUT -p tcp --dport 53 -j ACCEPT iptables -I INPUT -p tcp --dport 2376 -j ACCEPT iptables -I INPUT -p tcp --dport 7946 -j ACCEPT iptables -I INPUT -p udp --dport 7946 -j ACCEPT iptables -I INPUT -p tcp --dport 2377 -j ACCEPT iptables -I INPUT -p udp --dport 4789 -j ACCEPT iptables -I INPUT -p tcp --dport 25196 -j ACCEPT iptables-save >> /etc/iptables.rules.v4 - name: iptables for workers when: inventory_hostname in groups['workers'] shell: | iptables -I INPUT -p tcp --dport 80 -j ACCEPT iptables -I INPUT -p tcp --dport 25196 -j ACCEPT iptables-save >> /etc/iptables.rules.v4 - name: sid swap off in fstab shell: sed -i '/swap/d' /etc/fstab - name: set timezone shell: timedatectl set-timezone Asia/Tehran - name: apt-get update apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 - name: installing docker dependencies apt: name: "{{item}}" state: present update_cache: yes with_items: - ca-certificates - curl - gnupg - lsb-release - name: add docker key and add docker repo shell: | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" - name: installing docker-ce and docker-ce-cli and apt: name: "{{item}}" state: present update_cache: yes with_items: - docker-ce - docker-ce-cli - containerd.io - name: start and enable docker and containerd service: name: "{{item}}" state: started enabled: yes with_items: - docker - containerd - name: create the docker user account user: name=dockerman append=yes state=present createhome=yes shell=/bin/bash - name: allow 'dockerman' to use sudo without needing a password lineinfile: dest: /etc/sudoers line: 'dockerman ALL=(ALL) NOPASSWD: ALL' validate: 'visudo -cf %s' - name: add user to docker group user: name: dockerman groups: docker state: present - name: reset and enable docker shell: | systemctl daemon-reload systemctl restart docker systemctl enable docker - name: Get active primary interface name shell: ip route | awk '/default/ { print $5 }' register: interface - name: Get active primary interface IP shell: ip -o -4 addr show dev {{ interface.stdout_lines[0] }} | awk '{print $4}' | cut -d/ -f1 register: ip_address # add docker home to enviroment variable - name: add docker home to enviroment variable shell: echo "export HOST_IP={{ ip_address.stdout_lines[0] }}" >> /home/dockerman/.bashrc - name: add docker home to enviroment variable shell: echo "export INT_NAME={{ interface.stdout_lines[0] }}" >> /home/dockerman/.bashrc - name: nfs common when: inventory_hostname in groups['workers'] apt: name: nfs-common state: present update_cache: yes - name: login docker become: dockerman shell: docker login -u {{ registry_user }} -p {{ registry_password }} {{ registry_url }} - name: reboot shell: reboot ignore_errors: yes - name: add enviroments to all servers shell: | echo "export ADMIN_USER=nerdguy" >> /etc/environment echo "export ADMIN_PASSWORD=RbBmIu1LCgIqKcMmopc1Ie21+1OKsX1ktNCAeiViNIb6HAKkzjJ+GhZlLysItwgm" >> /etc/environment