Deploy a simple webserver docker-compose stack

The beginning of a revamp of FRITA infrastructure into containers

roles/ansible/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: 'Install Ansible dependency: python-apt'
-  shell: 'apt-get update && apt-get install python-apt -y'
-  args:
-    creates: /usr/lib/python2.7/dist-packages/apt
-    warn: false
-
-- name: 'Install Ansible dependency: aptitude'
-  apt:
-    name: 'aptitude'
-    state: present
-    force_apt_get: true
-
-- name: 'Install Ansible dependency: python-docker'
-  apt:
-    name: python-docker
-    state: present
-
-- name: Create Ansible's temporary directory
-  file:
-    path: /root/.ansible/tmp
-    state: directory
-    mode: '0700'

roles/docker/defaults/main.yml

@@ -0,0 +1,3 @@
+docker_compose_root: /var/lib/compose
+docker_compose: /usr/bin/docker-compose
+docker_compose_service: compose

roles/docker/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Install Docker
+  ansible.builtin.apt:
+    name: ['docker.io', 'docker-compose']
+    state: present
+    update_cache: true
+
+- name: Create docker-compose root
+  ansible.builtin.file:
+    path: "{{ docker_compose_root }}"
+    state: directory
+    mode: 0600
+
+- name: Add users to docker group
+  ansible.builtin.user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  loop: "{{ docker_users }}"
+  when: docker_users is defined
+
+- name: Start Docker and enable on boot
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true

roles/webserver/defaults/main.yml

@@ -0,0 +1 @@
+webserver_root: "{{ docker_compose_root }}/webserver"

roles/webserver/files/docker-compose.yml

@@ -0,0 +1,30 @@
+version: '3.5'
+
+networks:
+  traefik:
+    name: traefik
+
+services:
+  traefik:
+    image: traefik:2.2
+    command:
+      - --api.dashboard=true
+      - --api.debug=true
+      - --providers.docker=true
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --entrypoints.websecure.address=:443
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      traefik.http.routers.api.rule: Host(`${TRAEFIK_DOMAIN}`)
+      traefik.http.routers.api.entrypoints: local
+      traefik.http.routers.api.service: api@internal
+      traefik.http.routers.api.tls: true
+    networks:
+      - traefik

roles/webserver/handlers/main.yml

@@ -1,18 +1,5 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-- name: Reload Apache2
-  service: name=apache2 state=reloaded
-
+- name: Compose up on webserver stack
+  ansible.builtin.command: "docker-compose up -d"
+  args:
+    chdir: "{{ webserver_root }}"
+  listen: composeup_webserver

roles/webserver/tasks/main.yml

@@ -1,40 +1,24 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-- name: Install Apache2 Web Server
-  apt:
-    name: apache2
-    state: present
-
-- name: Start Apache2 Web Server
-  service:
-    name: apache2
-    state: started
-
-- name: Install PHP
-  apt:
-    name: php
-    state: present
-
-- name: Install PHP MySQL Extension
-  apt:
-    name: php-mysql
-    state: present
-  notify: Reload Apache2
-
 - name: Install MariaDB Server
-  apt:
+  ansible.builtin.apt:
     name: mariadb-server
     state: present
+
+- name: Create webserver docker-compose directory
+  ansible.builtin.file:
+    path: "{{ webserver_root }}"
+    state: directory
+    mode: 0600
+
+- name: Install webserver docker-compose.yml
+  ansible.builtin.copy:
+    src: docker-compose.yml
+    dest: "{{ webserver_root }}/docker-compose.yml"
+    mode: 0600
+  notify: composeup_webserver
+
+- name: Install docker-compose .env
+  ansible.builtin.template:
+    src: compose-env.j2
+    dest: "{{ webserver_root }}/.env"
+    mode: 0600
+  notify: composeup_webserver

roles/webserver/templates/compose-env.j2

@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+{% for key, value in webserver_env.items() %}
+{{ key }}={{ value }}
+{% endfor %}