Add external compose support in the docker role
- Use ansible.posix.synchronize for compose.yml - Set fact for compose service restarts - Introduce plain Docker dev host - Optionally verify repos via GPG before sync - Hide docker_repos_path in .folder - Tweak .env for conciseness - Add --diff to Ansible in Vagrantfile - Clean output with loop_control - Embed GPG in base role
This commit is contained in:
parent
0377a5e642
commit
87aa7ecf8b
GPG Key ID:
3EDA9C3441EDA925
1
Vagrantfile
vendored
1
Vagrantfile
vendored
@ -43,5 +43,6 @@ Vagrant.configure("2") do |config|
|
||||
ENV['ANSIBLE_ROLES_PATH'] = File.dirname(__FILE__) + "/roles"
|
||||
ansible.compatibility_mode = "2.0"
|
||||
ansible.playbook = "dev/" + PLAYBOOK + ".yml"
|
||||
ansible.raw_arguments = ["--diff"]
|
||||
end
|
||||
end
|
||||
|
||||
8
dev/docker.yml
Normal file
8
dev/docker.yml
Normal file
@ -0,0 +1,8 @@
|
||||
- name: Install Docker Server
|
||||
hosts: all
|
||||
become: true
|
||||
vars_files:
|
||||
- host_vars/docker.yml
|
||||
roles:
|
||||
- base
|
||||
- docker
|
||||
44
dev/host_vars/docker.yml
Normal file
44
dev/host_vars/docker.yml
Normal file
@ -0,0 +1,44 @@
|
||||
# base
|
||||
allow_reboot: false
|
||||
manage_network: false
|
||||
|
||||
# docker
|
||||
docker_users:
|
||||
- vagrant
|
||||
|
||||
#docker_login_url: https://myregistry.example.com
|
||||
#docker_login_user: myuser
|
||||
#docker_login_pass: YOUR_PASSWD
|
||||
|
||||
docker_compose_deploy:
|
||||
# Traefik
|
||||
- name: traefik
|
||||
url: https://github.com/krislamo/traefik
|
||||
version: 31ee724feebc1d5f91cb17ffd6892c352537f194
|
||||
enabled: true
|
||||
accept_newhostkey: true # Consider verifying manually instead
|
||||
# Must manually add my public GPG key to root's keyring
|
||||
#trusted_keys:
|
||||
# - FBF673CEEC030F8AECA814E73EDA9C3441EDA925
|
||||
env:
|
||||
ENABLE: true
|
||||
|
||||
# Traefik 2 (no other external compose to test currently)
|
||||
- name: traefik2
|
||||
url: https://github.com/krislamo/traefik
|
||||
version: 31ee724feebc1d5f91cb17ffd6892c352537f194
|
||||
enabled: true
|
||||
accept_newhostkey: true # Consider verifying manually instead
|
||||
# Must manually add my public GPG key to root's keyring
|
||||
#trusted_keys:
|
||||
# - FBF673CEEC030F8AECA814E73EDA9C3441EDA925
|
||||
env:
|
||||
ENABLE: true
|
||||
VERSION: "2.10"
|
||||
DOMAIN: traefik2.local.krislamo.org
|
||||
NAME: traefik2
|
||||
ROUTER: traefik2
|
||||
NETWORK: traefik2
|
||||
WEB_PORT: 127.0.0.1:8000:80
|
||||
WEBSECURE_PORT: 127.0.0.1:4443:443
|
||||
LOCAL_PORT: 127.0.0.1:8444:8443
|
||||
@ -4,6 +4,11 @@
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Install GPG
|
||||
ansible.builtin.apt:
|
||||
name: gpg
|
||||
state: present
|
||||
|
||||
- name: Manage root authorized_keys
|
||||
ansible.builtin.template:
|
||||
src: authorized_keys.j2
|
||||
|
||||
@ -3,4 +3,4 @@ docker_compose_service: compose
|
||||
docker_compose: /usr/bin/docker-compose
|
||||
docker_repos_keys: "{{ docker_repos_path }}/.keys"
|
||||
docker_repos_keytype: rsa
|
||||
docker_repos_path: /srv/compose_repos
|
||||
docker_repos_path: /srv/.compose_repos
|
||||
@ -2,3 +2,29 @@
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
listen: compose_systemd
|
||||
|
||||
- name: Find which services had a docker-compose.yml updated
|
||||
set_fact:
|
||||
compose_restart_list: "{{ (compose_restart_list | default([])) + [item.item.name] }}"
|
||||
loop: "{{ compose_update.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
when: item.changed
|
||||
listen: compose_restart
|
||||
|
||||
- name: Find which services had their .env updated
|
||||
set_fact:
|
||||
compose_restart_list: "{{ (compose_restart_list | default([])) + [item.item.name] }}"
|
||||
loop: "{{ compose_env_update.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
when: item.changed
|
||||
listen: compose_restart
|
||||
|
||||
- name: Restart {{ docker_compose_service }} services
|
||||
ansible.builtin.systemd:
|
||||
state: restarted
|
||||
name: "{{ docker_compose_service }}@{{ item }}"
|
||||
loop: "{{ compose_restart_list | unique }}"
|
||||
when: compose_restart_list is defined
|
||||
listen: compose_restart
|
||||
|
||||
@ -38,6 +38,7 @@
|
||||
community.crypto.openssh_keypair:
|
||||
path: "{{ docker_repos_keys }}/id_{{ docker_repos_keytype }}"
|
||||
type: "{{ docker_repos_keytype }}"
|
||||
comment: "{{ ansible_hostname }}-deploy-key"
|
||||
mode: 0400
|
||||
state: present
|
||||
when: docker_compose_deploy is defined
|
||||
@ -46,11 +47,15 @@
|
||||
ansible.builtin.git:
|
||||
repo: "{{ item.url }}"
|
||||
dest: "{{ docker_repos_path }}/{{ item.name }}"
|
||||
version: "{{ item.version | default('main') }}"
|
||||
force: true
|
||||
version: "{{ item.version }}"
|
||||
accept_newhostkey: "{{ item.accept_newhostkey | default('false') }}"
|
||||
gpg_whitelist: "{{ item.trusted_keys | default([]) }}"
|
||||
verify_commit: "{{ true if (item.trusted_keys is defined and item.trusted_keys) else false }}"
|
||||
key_file: "{{ docker_repos_keys }}/id_{{ docker_repos_keytype }}"
|
||||
when: docker_compose_deploy is defined
|
||||
loop: "{{ docker_compose_deploy }}"
|
||||
loop_control:
|
||||
label: "{{ item.url }}"
|
||||
when: docker_compose_deploy is defined
|
||||
|
||||
- name: Create directories for docker-compose projects using the systemd service
|
||||
ansible.builtin.file:
|
||||
@ -58,14 +63,20 @@
|
||||
state: directory
|
||||
mode: 0400
|
||||
loop: "{{ docker_compose_deploy }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
when: docker_compose_deploy is defined
|
||||
|
||||
- name: Copy docker-compose.yml files to their service directories
|
||||
ansible.builtin.copy:
|
||||
- name: Synchronize docker-compose.yml
|
||||
ansible.posix.synchronize:
|
||||
src: "{{ docker_repos_path }}/{{ item.name }}/{{ item.path | default('docker-compose.yml') }}"
|
||||
dest: "{{ docker_compose_root }}/{{ item.name }}/docker-compose.yml"
|
||||
remote_src: yes
|
||||
delegate_to: "{{ inventory_hostname }}"
|
||||
register: compose_update
|
||||
notify: compose_restart
|
||||
loop: "{{ docker_compose_deploy }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
when: docker_compose_deploy is defined
|
||||
|
||||
- name: Set environment variables for docker-compose projects
|
||||
@ -73,7 +84,11 @@
|
||||
src: docker-compose-env.j2
|
||||
dest: "{{ docker_compose_root }}/{{ item.name }}/.env"
|
||||
mode: 0400
|
||||
register: compose_env_update
|
||||
notify: compose_restart
|
||||
loop: "{{ docker_compose_deploy }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
when: docker_compose_deploy is defined and item.env is defined
|
||||
|
||||
- name: Add users to docker group
|
||||
@ -96,4 +111,6 @@
|
||||
state: started
|
||||
enabled: true
|
||||
loop: "{{ docker_compose_deploy }}"
|
||||
loop_control:
|
||||
label: "{{ docker_compose_service }}@{{ item.name }}"
|
||||
when: item.enabled is defined and item.enabled is true
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
{% if item.env is defined %}
|
||||
{% for kvpair in item.env.items() %}
|
||||
{{ kvpair.0 }}={{ kvpair.1 }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
Loading…
Reference in New Issue
Block a user