Great docker refactoring

This commit is contained in:
Kevin Veen-Birkenbach 2025-07-06 18:53:45 +02:00
parent bd9e43506f
commit 0347d238c2
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
27 changed files with 107 additions and 119 deletions

View File

@ -27,9 +27,6 @@ def run_ansible_playbook(inventory, playbook, modes, limit=None, allowed_applica
if allowed_applications:
joined = ",".join(allowed_applications)
cmd.extend(["-e", f"allowed_applications={joined}"])
else:
# No IDs provided: execute all applications defined in the inventory
cmd.extend(["-e", "allowed_applications=all"])
# Pass other mode flags
for key, value in modes.items():

View File

@ -1 +1,3 @@
- Implement this role
# Todo
- Implement this role
- refactore main.yml

View File

@ -1 +1,2 @@
docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped
docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped
docker_repository: true # Activates docker repository download and routine

View File

@ -8,6 +8,14 @@
# listen: docker compose up
# when: mode_reset | bool
- name: rebuild docker repository
command:
cmd: docker compose build
chdir: "{{docker_repository_path}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
# default setup for docker compose files
- name: docker compose up
shell: docker-compose -p {{ application_id }} up -d --force-recreate --remove-orphans --build

View File

@ -1,10 +1,10 @@
- name: Create (optional) Dockerfile
- name: "Create (optional) Dockerfile for {{ application_id }}"
template:
src: "{{ item }}"
dest: "{{ docker_compose.files.dockerfile }}"
with_first_found:
- "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2"
- "{{ playbook_dir }}/roles/{{ role_name }}/files/Dockerfile"
loop:
- "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/Dockerfile.j2"
- "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/Dockerfile"
notify: docker compose up
register: create_dockerfile_result
failed_when:
@ -19,9 +19,9 @@
force: yes
notify: docker compose up
register: env_template
with_first_found:
- "{{ playbook_dir }}/roles/{{ role_name }}/templates/env.j2"
- "{{ playbook_dir }}/roles/{{ role_name }}/files/env"
loop:
- "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/env.j2"
- "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/env"
failed_when:
- env_template is failed
- "'Could not find or access' not in env_template.msg"

View File

@ -16,5 +16,8 @@
mode: '0755'
with_dict: "{{ docker_compose.directories }}"
- include_tasks: "create-files.yml"
- include_tasks: "repository.yml"
when: docker_repository | bool
- include_tasks: "files.yml"
when: not docker_compose_skipp_file_creation | bool

View File

@ -68,5 +68,5 @@ docker exec -i ldap \
-D "$LDAP_ADMIN_DN" \
-w "$LDAP_ADMIN_PASSWORD" \
-c \
-f "/tmp/ldif/data/01_rbac_roles.ldif"
-f "/tmp/ldif/data/01_rbac.ldif"
```

View File

@ -23,10 +23,6 @@
notify:
- docker compose up
- name: "include role docker-repository-setup for {{application_id}}"
include_role:
name: docker-repository-setup
- name: "create {{dummy_volume}}"
file:
path: "{{dummy_volume}}"

View File

@ -1,6 +1,7 @@
application_id: "openproject"
docker_repository_address: "https://github.com/opf/openproject-deploy"
database_type: "postgres"
docker_repository: true
openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/"

View File

@ -12,11 +12,6 @@
http_port: "{{ ports.localhost.http[application_id] }}"
when: run_once_docker_portfolio is not defined
- name: "include role docker-repository-setup for {{application_id}}"
include_role:
name: docker-repository-setup
when: run_once_docker_portfolio is not defined
- name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}"
stat:
path: "{{ config_inventory_path }}"

View File

@ -1,3 +1,4 @@
application_id: "portfolio"
docker_repository_address: "https://github.com/kevinveenbirkenbach/portfolio"
config_inventory_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2"
config_inventory_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2"
docker_repository: true

View File

@ -1,44 +0,0 @@
# Docker Repository Setup
This Ansible role sets up and manages your Docker repository. It ensures that the repository is pulled from your remote Git source, and it automatically triggers a rebuild of your Docker images using Docker Compose.
## Features 🔧
- **Default Path Setup:**
Automatically sets a default `docker_repository_path`
- **Repository Management:**
Clones or updates your Docker repository from a specified Git repository.
- **Automated Build Trigger:**
Notifies handlers to rebuild the Docker repository using Docker Compose with extended timeouts.
## Role Structure 📂
- **Handlers:**
- `rebuild docker repository`: Runs `docker compose build` in the designated repository directory with custom timeout settings.
- **Tasks:**
- Sets the default repository path if undefined.
- Pulls the latest code from the Docker repository.
- Notifies the Docker Compose project setup and triggers a repository rebuild.
- **Meta:**
- Declares a dependency on the `docker-compose` role to ensure that handlers and related dependencies are loaded.
## Usage ⚙️
Ensure that you have set the following variables (either via your inventory, `group_vars`, or `host_vars`):
- `docker_repository_address`: The Git repository URL of your Docker repository.
- `docker_compose.directories.services`: The base directory where your Docker services are stored.
The role will append `repository/` to this path to form `docker_repository_path`.
## Author
Kevin Veen-Birkenbach
[https://www.veen.world](https://www.veen.world)
---
Happy deploying! 🚀🐳

View File

@ -1,7 +0,0 @@
- name: rebuild docker repository
command:
cmd: docker compose build
chdir: "{{docker_repository_path}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600

View File

@ -1,2 +0,0 @@
dependencies:
- docker-compose # To load handlers and make dependencies visible

View File

@ -10,10 +10,6 @@
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "include role docker-repository-setup for {{application_id}}"
include_role:
name: docker-repository-setup
- name: "copy templates {{ settings_files }} for taiga-contrib-oidc-auth"
template:
src: "taiga/{{item}}.py.j2"

View File

@ -10,7 +10,7 @@ taiga_image_frontend: >-
{{ 'robrotheram/taiga-front-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram'
else 'taigaio/taiga-front' }}
taiga_frontend_conf_path: "{{docker_compose.directories.config}}conf.json"
docker_repository: true
settings_files:
- urls
- local

View File

@ -1 +0,0 @@
application_id: template

View File

@ -1,16 +1,8 @@
---
- name: Show effective filter_plugins setting
shell: ansible-config dump --only-changed | grep -i filter_plugins || echo "using default"
register: filter_cfg
- name: Debug filter_plugins config
- name: "Debug: allowed_applications"
debug:
msg: "{{ filter_cfg.stdout_lines }}"
- name: "Debug: show which ansible.cfg was used"
debug:
msg: "{{ ansible_config_file }}"
msg: "{{ allowed_applications }}"
when: enable_debug | bool
- name: Merge variables
block:
@ -110,51 +102,51 @@
when: mode_update | bool
- name: setup standard wireguard
when: ("wireguard_server" in group_names)
when: ('wireguard_server' | application_allowed(group_names, allowed_applications))
include_role:
name: wireguard
# vpn setup
- name: setup wireguard client behind firewall\nat
when: ("wireguard_behind_firewall" in group_names)
when: ('wireguard_behind_firewall' | application_allowed(group_names, allowed_applications))
include_role:
name: client-wireguard-behind-firewall
- name: setup wireguard client
when: ("wireguard_client" in group_names)
when: ('wireguard_client' | application_allowed(group_names, allowed_applications))
include_role:
name: client-wireguard
## backup setup
- name: setup replica backup hosts
when: ("backup_remote_to_local" in group_names)
when: ('backup_remote_to_local' | application_allowed(group_names, allowed_applications))
include_role:
name: backup-remote-to-local
- name: setup backup to swappable
when: ("backup_to_usb" in group_names)
when: ('backup_to_usb' | application_allowed(group_names, allowed_applications))
include_role:
name: backup-data-to-usb
## driver setup
- name: driver-intel
when: ("intel" in group_names)
when: ('intel' | application_allowed(group_names, allowed_applications))
include_role:
name: driver-intel
- name: setup multiprinter hosts
when: ("epson_multiprinter" in group_names)
when: ('epson_multiprinter' | application_allowed(group_names, allowed_applications))
include_role:
name: driver-epson-multiprinter
- name: setup hibernate lid switch
when: ("driver-lid-switch" in group_names)
when: ('driver-lid-switch' | application_allowed(group_names, allowed_applications))
include_role:
name: driver-lid-switch
## system setup
- name: setup swapfile hosts
when: ("swapfile" in group_names)
when: ('swapfile' | application_allowed(group_names, allowed_applications))
include_role:
name: system-swapfile

View File

@ -16,25 +16,25 @@
# Native Webserver Roles
- name: setup nginx-serve-htmls
when: ("nginx-serve-htmls" in group_names)
include_role:
name: nginx-serve-html
vars:
domain: "{{primary_domain}}"
when: ('nginx-serve-htmls' | application_allowed(group_names, allowed_applications))
- name: "setup corporate identity"
when: ("corporate_identity" in group_names)
include_role:
name: persona-corporate
when: ('corporate_identity' | application_allowed(group_names, allowed_applications))
- name: setup redirect hosts
when: ("redirect" in group_names)
when: ('redirect' | application_allowed(group_names, allowed_applications))
include_role:
name: nginx-redirect-domains
vars:
domain_mappings: "{{ current_play_domain_mappings_redirect}}"
- name: setup www redirect
when: ("www_redirect" in group_names)
when: ('www_redirect' | application_allowed(group_names, allowed_applications))
include_role:
name: nginx-redirect-www

View File

@ -1,8 +1,8 @@
- name: optimize storage performance
include_role:
name: system-storage-optimizer
when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) "
when: ('storage-optimizer' | application_allowed(group_names, allowed_applications))
- name: Cleanup Docker Anonymous Volumes
import_role:
name: cleanup-docker-anonymous-volumes

View File

@ -22,16 +22,6 @@
chdir: "{{docker_compose.directories.instance}}"
ignore_errors: true
# This could be replaced by include_role: docker-repository-setup
# Attendize and Akaunting still use this. When you refactor this code replace this.
- name: pull docker repository
git:
repo: "{{ docker_repository_address }}"
dest: "{{ docker_repository_directory | default(docker_compose.directories.instance) }}"
update: yes
notify: docker compose up
become: true
- name: "restore detached files"
command: >
mv "/tmp/{{application_id}}-{{ item }}.backup" "{{docker_compose.directories.instance}}{{ item }}"

View File

@ -0,0 +1,23 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "{{ description }}"
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
platforms:
- name: Docker
versions:
- latest
galaxy_tags:
{% for tag in tags %}
- {{ tag }}
{% endfor %}
repository: "https://github.com/kevinveenbirkenbach/cymais"
issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}"
logo:
class: "{{ logo_classes }}"

View File

View File

@ -0,0 +1,36 @@
---
{% if database | bool %}
{% raw %}
- name: "include docker-central-database"
include_role:
name: docker-central-database
when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
{% endraw %}
{% else %}
{% raw %}
- name: "include docker-compose role"
include_role:
name: docker-compose
when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
{% endraw %}
{% endif %}
{% raw %}
- name: run the {% raw %}portfolio{% endraw %} tasks once
set_fact:
run_once_docker_portfolio: true
when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
{% endraw %}

View File

@ -0,0 +1 @@
application_id: {{ application_id }}