Murat ÖZDEMİR
51933afea6
Moves `iklimco-net` overlay network creation to be managed by the Docker Swarm stack, ensuring reliable embedded DNS resolution for inter-service communication. This resolves issues where services on external overlay networks failed to discover each other via Docker DNS. This refactoring includes: * Removing the manual `iklimco-net` creation from the Ansible `swarm` role. * Adjusting `act_runner` configuration to connect job containers to `iklimco-net` only after the stack has deployed and created the network. * Setting `storagebox_file_mode` to `0600` for DB nodes to prevent "too open" errors with MongoDB keyfiles. * Provisioning dedicated bind mount directories for MongoDB and PostgreSQL on DB nodes with correct ownership and permissions. * Updating documentation to reflect the consolidated stack and network changes.
69 lines
2.4 KiB
YAML
69 lines
2.4 KiB
YAML
---
|
||
- name: Check if Swarm is initialized
|
||
ansible.builtin.shell: !unsafe "docker info --format '{{.Swarm.LocalNodeState}}'"
|
||
register: swarm_status
|
||
changed_when: false
|
||
|
||
# 1. İlk Manager'ın (Leader) başlatılması
|
||
- name: Initialize Docker Swarm (Leader)
|
||
ansible.builtin.shell: >
|
||
docker swarm init
|
||
--advertise-addr {{ private_ip }}
|
||
when:
|
||
- inventory_hostname == groups['app'][0]
|
||
- swarm_status.stdout != 'active'
|
||
register: swarm_init_result
|
||
|
||
# 2. Join Token'ların alınması (Sadece Leader üzerinden)
|
||
- name: Get Swarm Manager Join Token
|
||
ansible.builtin.shell: docker swarm join-token manager -q
|
||
register: manager_token
|
||
delegate_to: "{{ groups['app'][0] }}"
|
||
when: inventory_hostname == groups['app'][0]
|
||
changed_when: false
|
||
|
||
- name: Get Swarm Worker Join Token
|
||
ansible.builtin.shell: docker swarm join-token worker -q
|
||
register: worker_token
|
||
delegate_to: "{{ groups['app'][0] }}"
|
||
when: inventory_hostname == groups['app'][0]
|
||
changed_when: false
|
||
|
||
# 3. Diğer App sunucularının Manager olarak katılması (Prod HA için)
|
||
- name: Join Swarm as Manager
|
||
ansible.builtin.shell: >
|
||
docker swarm join
|
||
--token {{ hostvars[groups['app'][0]]['manager_token']['stdout'] }}
|
||
--advertise-addr {{ private_ip }}
|
||
{{ swarm_manager_ip }}:2377
|
||
when:
|
||
- inventory_hostname in groups['app']
|
||
- inventory_hostname != groups['app'][0]
|
||
- swarm_status.stdout != 'active'
|
||
|
||
# 4. DB sunucularının Worker olarak katılması
|
||
- name: Join Swarm as Worker
|
||
ansible.builtin.shell: >
|
||
docker swarm join
|
||
--token {{ hostvars[groups['app'][0]]['worker_token']['stdout'] }}
|
||
--advertise-addr {{ private_ip }}
|
||
{{ swarm_manager_ip }}:2377
|
||
when:
|
||
- inventory_hostname in groups['db']
|
||
- swarm_status.stdout != 'active'
|
||
|
||
# 5. Node Etiketleri (Labels)
|
||
# iklimco-net overlay network is created and owned by the Swarm stack (docker-stac-infra_db-prod.yml).
|
||
# Stack-owned networks get full Docker DNS (service VIPs, aliases). No manual creation needed.
|
||
- name: Label App nodes (service)
|
||
ansible.builtin.shell: docker node update --label-add type=service {{ inventory_hostname }}
|
||
delegate_to: "{{ groups['app'][0] }}"
|
||
when: inventory_hostname in groups['app']
|
||
changed_when: false
|
||
|
||
- name: Label DB nodes (db)
|
||
ansible.builtin.shell: docker node update --label-add role=db {{ inventory_hostname }}
|
||
delegate_to: "{{ groups['app'][0] }}"
|
||
when: inventory_hostname in groups['db']
|
||
changed_when: false
|