Great docker refactoring

2025-07-27 18:51:09 +02:00 · 2025-07-06 18:53:45 +02:00 · 2025-07-06 18:53:45 +02:00 · 0347d238c2
commit 0347d238c2
parent bd9e43506f
27 changed files with 107 additions and 119 deletions
--- a/cli/deploy.py
+++ b/cli/deploy.py
@ -27,9 +27,6 @@ def run_ansible_playbook(inventory, playbook, modes, limit=None, allowed_applica
    if allowed_applications:
        joined = ",".join(allowed_applications)
        cmd.extend(["-e", f"allowed_applications={joined}"])
-    else:
-        # No IDs provided: execute all applications defined in the inventory
-        cmd.extend(["-e", "allowed_applications=all"])

    # Pass other mode flags
    for key, value in modes.items():
--- a/roles/docker-attendize/TODO.md
+++ b/roles/docker-attendize/TODO.md
@ -1 +1,3 @@
- Implement this role
+# Todo
+- Implement this role
+- refactore main.yml
--- a/roles/docker-compose/defaults/main.yml
+++ b/roles/docker-compose/defaults/main.yml
@ -1 +1,2 @@
-docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped
+docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped
+docker_repository:                  true  # Activates docker repository download and routine
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@ -8,6 +8,14 @@
 #  listen: docker compose up
 #  when: mode_reset | bool

+- name: rebuild docker repository
+  command:
+    cmd:   docker compose build
+    chdir: "{{docker_repository_path}}"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600
+
 # default setup for docker compose files
 - name: docker compose up
  shell: docker-compose -p {{ application_id }} up -d --force-recreate --remove-orphans --build
--- a/roles/docker-compose/tasks/create-files.yml
+++ b/roles/docker-compose/tasks/create-files.yml
@ -1,10 +1,10 @@
- name: Create (optional) Dockerfile
+- name: "Create (optional) Dockerfile for {{ application_id }}"
  template:
    src: "{{ item }}"
    dest: "{{ docker_compose.files.dockerfile }}"
-  with_first_found:
-    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2"
-    - "{{ playbook_dir }}/roles/{{ role_name }}/files/Dockerfile"
+  loop:
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/Dockerfile.j2"
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/Dockerfile"
  notify: docker compose up
  register: create_dockerfile_result
  failed_when:
@ -19,9 +19,9 @@
    force:        yes
  notify:         docker compose up
  register:       env_template
-  with_first_found:
-    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/env.j2"
-    - "{{ playbook_dir }}/roles/{{ role_name }}/files/env"
+  loop:
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/env.j2"
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/env"
  failed_when:
    - env_template is failed
    - "'Could not find or access' not in env_template.msg"
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -16,5 +16,8 @@
    mode: '0755'
  with_dict: "{{ docker_compose.directories }}"

- include_tasks: "create-files.yml"
+- include_tasks: "repository.yml"
+  when: docker_repository | bool
+
+- include_tasks: "files.yml"
  when: not docker_compose_skipp_file_creation | bool
--- a/roles/docker-repository-setup/tasks/main.yml
+++ b/roles/docker-repository-setup/tasks/main.yml
--- a/roles/docker-ldap/docs/Administration.md
+++ b/roles/docker-ldap/docs/Administration.md
@ -68,5 +68,5 @@ docker exec -i ldap \
    -D "$LDAP_ADMIN_DN" \
    -w "$LDAP_ADMIN_PASSWORD" \
    -c \
-    -f "/tmp/ldif/data/01_rbac_roles.ldif"
+    -f "/tmp/ldif/data/01_rbac.ldif"
 ```
--- a/roles/docker-openproject/tasks/main.yml
+++ b/roles/docker-openproject/tasks/main.yml
@ -23,10 +23,6 @@
  notify:
    - docker compose up

- name: "include role docker-repository-setup for {{application_id}}"
-  include_role: 
-    name: docker-repository-setup
-
 - name: "create {{dummy_volume}}"
  file:
    path: "{{dummy_volume}}"
--- a/roles/docker-openproject/vars/main.yml
+++ b/roles/docker-openproject/vars/main.yml
@ -1,6 +1,7 @@
 application_id:               "openproject"
 docker_repository_address:    "https://github.com/opf/openproject-deploy"
 database_type:                "postgres"
+docker_repository:            true

 openproject_plugins_folder:  "{{docker_compose.directories.volumes}}plugins/"

--- a/roles/docker-portfolio/tasks/main.yml
+++ b/roles/docker-portfolio/tasks/main.yml
@ -12,11 +12,6 @@
    http_port:   "{{ ports.localhost.http[application_id] }}"
  when: run_once_docker_portfolio is not defined

- name: "include role docker-repository-setup for {{application_id}}"
-  include_role: 
-    name: docker-repository-setup
-  when: run_once_docker_portfolio is not defined
-
 - name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}"
  stat:
    path: "{{ config_inventory_path }}"
--- a/roles/docker-portfolio/vars/main.yml
+++ b/roles/docker-portfolio/vars/main.yml
@ -1,3 +1,4 @@
 application_id:             "portfolio"
 docker_repository_address:  "https://github.com/kevinveenbirkenbach/portfolio"
-config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2"
+config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2"
+docker_repository:          true
--- a/roles/docker-repository-setup/README.md
+++ b/roles/docker-repository-setup/README.md
@ -1,44 +0,0 @@
-# Docker Repository Setup
-
-This Ansible role sets up and manages your Docker repository. It ensures that the repository is pulled from your remote Git source, and it automatically triggers a rebuild of your Docker images using Docker Compose. 
-
-## Features 🔧
-
- **Default Path Setup:**  
-  Automatically sets a default `docker_repository_path`
-
- **Repository Management:**  
-  Clones or updates your Docker repository from a specified Git repository.
-
- **Automated Build Trigger:**  
-  Notifies handlers to rebuild the Docker repository using Docker Compose with extended timeouts.
-
-## Role Structure 📂
-
- **Handlers:**  
-  - `rebuild docker repository`: Runs `docker compose build` in the designated repository directory with custom timeout settings.
-
- **Tasks:**  
-  - Sets the default repository path if undefined.
-  - Pulls the latest code from the Docker repository.
-  - Notifies the Docker Compose project setup and triggers a repository rebuild.
-
- **Meta:**  
-  - Declares a dependency on the `docker-compose` role to ensure that handlers and related dependencies are loaded.
-
-## Usage ⚙️
-
-Ensure that you have set the following variables (either via your inventory, `group_vars`, or `host_vars`):
-
- `docker_repository_address`: The Git repository URL of your Docker repository.
- `docker_compose.directories.services`: The base directory where your Docker services are stored.  
-  The role will append `repository/` to this path to form `docker_repository_path`.
-
-## Author
-
-Kevin Veen-Birkenbach  
-[https://www.veen.world](https://www.veen.world)
-
---
-
-Happy deploying! 🚀🐳
--- a/roles/docker-repository-setup/handlers/main.yml
+++ b/roles/docker-repository-setup/handlers/main.yml
@ -1,7 +0,0 @@
- name: rebuild docker repository
-  command:
-    cmd:   docker compose build 
-    chdir: "{{docker_repository_path}}"
-  environment:
-    COMPOSE_HTTP_TIMEOUT: 600
-    DOCKER_CLIENT_TIMEOUT: 600
--- a/roles/docker-repository-setup/meta/main.yml
+++ b/roles/docker-repository-setup/meta/main.yml
@ -1,2 +0,0 @@
-dependencies:
- docker-compose  # To load handlers and make dependencies visible
--- a/roles/docker-taiga/tasks/main.yml
+++ b/roles/docker-taiga/tasks/main.yml
@ -10,10 +10,6 @@
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"

- name: "include role docker-repository-setup for {{application_id}}"
-  include_role: 
-    name: docker-repository-setup
-
 - name: "copy templates {{ settings_files }} for taiga-contrib-oidc-auth"
  template:
    src:  "taiga/{{item}}.py.j2"
--- a/roles/docker-taiga/vars/main.yml
+++ b/roles/docker-taiga/vars/main.yml
@ -10,7 +10,7 @@ taiga_image_frontend: >-
  {{ 'robrotheram/taiga-front-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram'
     else 'taigaio/taiga-front' }}
 taiga_frontend_conf_path:   "{{docker_compose.directories.config}}conf.json"
-
+docker_repository:          true
 settings_files:
 - urls
 - local
--- a/roles/docker-template/vars/main.yml
+++ b/roles/docker-template/vars/main.yml
@ -1 +0,0 @@
-application_id: template
--- a/tasks/plays/01_constructor.yml
+++ b/tasks/plays/01_constructor.yml
@ -1,16 +1,8 @@
 ---
-
- name: Show effective filter_plugins setting
-  shell: ansible-config dump --only-changed | grep -i filter_plugins || echo "using default"
-  register: filter_cfg
-
- name: Debug filter_plugins config
+- name: "Debug: allowed_applications"
  debug:
-    msg: "{{ filter_cfg.stdout_lines }}"
-
- name: "Debug: show which ansible.cfg was used"
-  debug:
-    msg: "{{ ansible_config_file }}"
+    msg: "{{ allowed_applications }}"
+  when: enable_debug | bool

 - name: Merge variables
  block:
@ -110,51 +102,51 @@
  when: mode_update | bool

 - name: setup standard wireguard
-  when: ("wireguard_server" in group_names)
+  when: ('wireguard_server' | application_allowed(group_names, allowed_applications))
  include_role:
    name: wireguard

 # vpn setup
 - name: setup wireguard client behind firewall\nat
-  when: ("wireguard_behind_firewall" in group_names)
+  when: ('wireguard_behind_firewall' | application_allowed(group_names, allowed_applications))
  include_role:
    name: client-wireguard-behind-firewall

 - name: setup wireguard client
-  when: ("wireguard_client" in group_names)
+  when: ('wireguard_client' | application_allowed(group_names, allowed_applications))
  include_role:
    name: client-wireguard

 ## backup setup
 - name: setup replica backup hosts
-  when: ("backup_remote_to_local" in group_names)
+  when: ('backup_remote_to_local' | application_allowed(group_names, allowed_applications))
  include_role:
    name: backup-remote-to-local

 - name: setup backup to swappable
-  when: ("backup_to_usb" in group_names)
+  when: ('backup_to_usb' | application_allowed(group_names, allowed_applications))
  include_role:
    name: backup-data-to-usb

 ## driver setup
 - name: driver-intel
-  when: ("intel" in group_names)
+  when: ('intel' | application_allowed(group_names, allowed_applications))
  include_role:
    name: driver-intel

 - name: setup multiprinter hosts
-  when: ("epson_multiprinter" in group_names)
+  when: ('epson_multiprinter' | application_allowed(group_names, allowed_applications))
  include_role:
    name: driver-epson-multiprinter


 - name: setup hibernate lid switch
-  when: ("driver-lid-switch" in group_names)
+  when: ('driver-lid-switch' | application_allowed(group_names, allowed_applications))
  include_role:
    name: driver-lid-switch

 ## system setup 
 - name: setup swapfile hosts
-  when: ("swapfile" in group_names)
+  when: ('swapfile' | application_allowed(group_names, allowed_applications))
  include_role:
    name: system-swapfile
--- a/tasks/plays/02_server.yml
+++ b/tasks/plays/02_server.yml
@ -16,25 +16,25 @@

 # Native Webserver Roles
 - name: setup nginx-serve-htmls
-  when: ("nginx-serve-htmls" in group_names)
  include_role:
    name: nginx-serve-html
  vars:
    domain: "{{primary_domain}}"
+  when: ('nginx-serve-htmls' | application_allowed(group_names, allowed_applications))

 - name: "setup corporate identity"
-  when: ("corporate_identity" in group_names)
  include_role:
    name: persona-corporate
+  when: ('corporate_identity' | application_allowed(group_names, allowed_applications))

 - name: setup redirect hosts
-  when: ("redirect" in group_names)
+  when: ('redirect' | application_allowed(group_names, allowed_applications))
  include_role:
    name: nginx-redirect-domains
  vars:
    domain_mappings: "{{ current_play_domain_mappings_redirect}}"

 - name: setup www redirect 
-  when: ("www_redirect" in group_names)
+  when: ('www_redirect' | application_allowed(group_names, allowed_applications))
  include_role:
    name: nginx-redirect-www
--- a/tasks/plays/03_destructor.yml
+++ b/tasks/plays/03_destructor.yml
@ -1,8 +1,8 @@
 - name: optimize storage performance
  include_role:
    name: system-storage-optimizer
-  when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) "
-
+  when: ('storage-optimizer' | application_allowed(group_names, allowed_applications))
+  
 - name: Cleanup Docker Anonymous Volumes
  import_role:
    name: cleanup-docker-anonymous-volumes
--- a/tasks/utils/update-repository-with-files.yml
+++ b/tasks/utils/update-repository-with-files.yml
@ -22,16 +22,6 @@
    chdir: "{{docker_compose.directories.instance}}"
  ignore_errors: true

-# This could be replaced by include_role: docker-repository-setup
-# Attendize and Akaunting still use this. When you refactor this code replace this.
- name: pull docker repository
-  git:
-    repo: "{{ docker_repository_address }}"
-    dest: "{{ docker_repository_directory  | default(docker_compose.directories.instance) }}"
-    update: yes
-  notify: docker compose up
-  become: true
-
 - name: "restore detached files"
  command: >
    mv "/tmp/{{application_id}}-{{ item }}.backup" "{{docker_compose.directories.instance}}{{ item }}"
--- a/templates/docker_role/README.md
+++ b/templates/docker_role/README.md
--- a/templates/docker_role/meta/main.yml.j2
+++ b/templates/docker_role/meta/main.yml.j2
@ -0,0 +1,23 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "{{ description }}"
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: | 
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  platforms:
+    - name: Docker
+      versions:
+        - latest
+  galaxy_tags:
+  {% for tag in tags %}
+    - {{ tag }}
+  {% endfor %}
+  repository: "https://github.com/kevinveenbirkenbach/cymais"
+  issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
+  documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}"
+  logo:
+    class: "{{ logo_classes }}"
--- a/templates/docker_role/meta/schema.yml.j2
+++ b/templates/docker_role/meta/schema.yml.j2
--- a/templates/docker_role/tasks/main.yml.j2
+++ b/templates/docker_role/tasks/main.yml.j2
@ -0,0 +1,36 @@
+---
+
+{% if database | bool %}
+
+{% raw %}
+- name: "include docker-central-database"
+  include_role: 
+    name: docker-central-database
+  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
+{% endraw %}
+
+{% else %}
+
+{% raw %}
+- name: "include docker-compose role"
+  include_role: 
+    name: docker-compose
+  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
+{% endraw %}
+
+{% endif %}
+
+{% raw %}
+- name: run the {% raw %}portfolio{% endraw %} tasks once
+  set_fact:
+    run_once_docker_portfolio: true
+  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
+{% endraw %}
--- a/templates/docker_role/vars/main.yml.j2
+++ b/templates/docker_role/vars/main.yml.j2
@ -0,0 +1 @@
+application_id: {{ application_id }}