pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup/setup_base.yml
Slavi Pantaleev 9f163b2bf5 Do not disable SELinux on RedHat systems 
It looks like SELinux can be left running without any (so far) negative
effects on our Matrix services.

There's no need to use `:z` or `:Z` options when mounting volumes either.
This means that files we create are labeled with a default context
(which may not be ideal if we only want them used from containers),
but it's compatible and doesn't cause issues.

Relabelling files is probably something we wish to stay away from,
especially for things like the media store, which contains lots of
files and is possibly on a fuse-mounted (S3/goofys) filesystem.
2018-12-20 15:30:43 +02:00

82 lines
2.1 KiB
YAML
Raw Blame History

---
- name: Ensure Docker repository is enabled (CentOS)
template:
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
dest: "/etc/yum.repos.d/{{ item }}"
owner: "root"
group: "root"
mode: 0644
with_items:
- docker-ce.repo
when: ansible_distribution == 'CentOS'
- name: Ensure Docker's RPM key is trusted
rpm_key:
state: present
key: https://download.docker.com/linux/centos/gpg
when: ansible_distribution == 'CentOS'
- name: Ensure yum packages are installed (CentOS)
yum:
name:
- bash-completion
- docker-ce
- docker-python
- firewalld
- ntp
- fuse
state: latest
update_cache: yes
when: ansible_distribution == 'CentOS'
- name: Ensure APT usage dependencies are installed (Debian)
apt:
name:
- apt-transport-https
- ca-certificates
state: present
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure Docker's APT key is trusted (Debian)
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: true
when: ansible_os_family == 'Debian'
- name: Ensure Docker repository is enabled (Debian)
apt_repository:
repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure APT packages are installed (Debian)
apt:
name:
- bash-completion
- docker-ce
- python-docker
- ntp
- fuse
state: latest
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure firewalld is started and autoruns
service: name=firewalld state=started enabled=yes
when: ansible_os_family == 'RedHat'
- name: Ensure Docker is started and autoruns
service: name=docker state=started enabled=yes
- name: Ensure ntpd is started and autoruns
service:
name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}"
state: started
enabled: yes
Reference in a new issue View git blame Copy permalink