Running Docker-compose from Ansible playbooks

On my home devices, I run and maintain my docker containers(ct-s with my Ansible playbooks.

But why use Docker-compose and not Docker Swarm or Kubernetes

Because I only have four devices that I run docker ct-s on, and each serve a dedicated function at my place.

Here are the following devices:

• Old Acer laptop
• HP Gen8 microserver
• Custom built desktop
• HP laptop

Since I've got each devices dedicated to a certain function, I just prefer the simplicity of knowing what docker ct-s each device is running as declared in a playbook with a docker_compose task.

How

My current playbooks are in https://gitlab.com/richardskumat/ansible-playbooks-homelab.

Each device is assigned into a group.

Each group has a group_vars directory for variables and secrets. These directories are not public.

In each groups directory, where their playbooks reside, I have symlinked the homelab/group_vars directory so I can use them with vagrant testing. When I do a vagrant up in a group's directory, there's a task in the Vagrantfile that runs the group's playbooks.

I didn't have the group_vars directory symlinked into each subdirectory, then the vagrant's playbook test runs fail with XYZ variable undefined and so on.

Here's a tree output of how my playbooks look are structured:

user@host:~/wherever/homelab$ tree
.
├── acer
│   ├── acerlaptop.yml
│   ├── group_vars -> ../group_vars
│   ├── interfaces.j2
│   ├── readme.md
│   ├── Vagrantfile
│   └── wildcard-local.conf.j2.example
├── add_remotes_back.sh
├── client
│   ├── client.yml
│   ├── group_vars -> ../group_vars
│   ├── readme.md
│   ├── sysctl-local.conf.j2
│   └── Vagrantfile
├── group_vars
│   ├── acer
│   ├── all
│   ├── desktop
│   ├── hpg8
│   ├── laptop
│   └── rpi
├── hosts
├── hpg8
│   ├── group_vars -> ../group_vars
│   ├── hpg8-dc.yml
│   ├── hpg8.yml
│   ├── readme.md
│   └── Vagrantfile
├── LICENSE
├── README.md
├── reboot.yml
├── rpi
│   ├── group_vars -> ../group_vars
│   ├── raspi-debug.yml
│   ├── readme.md
│   ├── rpi3-dc.yml
│   └── rpi.yml
└── shutdown.yml

I'm currently going to change my playbooks to use import_task for the docker_compose playbook.

Then each playbook is structured according to the following thinking:

• establish connections details(host groups, remote user and become method)
• roles: each device runs a couple of Ansible roles
• tasks: extra tasks needed done

The docker_compose task is also part of these tasks, however the indentation requirements for yaml are unpleasant.

Fortunately, VSCode is really good in showing indentation and syntax errors.

I want to move them into separate yml files, so they're more readable.

Traefik for proxying and Let's Encrypt(LE) certificates(cert)

I also run traefik on each device and it serves as a reverse proxy for the other containers having a web interface.

It's also configured to create LE certs with DNS-01 challenge, using Cloudflare as a DNS provider.

Looking into better alternatives

I'm really satisfied with the simplicity of ansible and the docker_compose module.

The ct-s I run are documented in each group's docker_compose files/tasks so I know what personal device runs what containers.

There are better alternatives, such as Docker Swarm and Kubernetes.

I intend to look Kubernetes and Swarm in the future, maybe test them out in their own virtual machines.

Swarm is also part of Docker CE, so if I wanted to, I could use it straight away.