diff --git a/cli/deploy.py b/cli/deploy.py index 029fcdfa..3bf9d1ac 100644 --- a/cli/deploy.py +++ b/cli/deploy.py @@ -27,9 +27,6 @@ def run_ansible_playbook(inventory, playbook, modes, limit=None, allowed_applica if allowed_applications: joined = ",".join(allowed_applications) cmd.extend(["-e", f"allowed_applications={joined}"]) - else: - # No IDs provided: execute all applications defined in the inventory - cmd.extend(["-e", "allowed_applications=all"]) # Pass other mode flags for key, value in modes.items(): diff --git a/roles/docker-attendize/TODO.md b/roles/docker-attendize/TODO.md index 269e08aa..435bdfb4 100644 --- a/roles/docker-attendize/TODO.md +++ b/roles/docker-attendize/TODO.md @@ -1 +1,3 @@ -- Implement this role \ No newline at end of file +# Todo +- Implement this role +- refactore main.yml \ No newline at end of file diff --git a/roles/docker-compose/defaults/main.yml b/roles/docker-compose/defaults/main.yml index 5d2681d7..2711dff1 100644 --- a/roles/docker-compose/defaults/main.yml +++ b/roles/docker-compose/defaults/main.yml @@ -1 +1,2 @@ -docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped \ No newline at end of file +docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped +docker_repository: true # Activates docker repository download and routine \ No newline at end of file diff --git a/roles/docker-compose/handlers/main.yml b/roles/docker-compose/handlers/main.yml index c68dd9a8..2b6db519 100644 --- a/roles/docker-compose/handlers/main.yml +++ b/roles/docker-compose/handlers/main.yml @@ -8,6 +8,14 @@ # listen: docker compose up # when: mode_reset | bool +- name: rebuild docker repository + command: + cmd: docker compose build + chdir: "{{docker_repository_path}}" + environment: + COMPOSE_HTTP_TIMEOUT: 600 + DOCKER_CLIENT_TIMEOUT: 600 + # default setup for docker compose files - name: docker compose up shell: docker-compose -p {{ application_id }} up -d --force-recreate --remove-orphans --build diff --git a/roles/docker-compose/tasks/create-files.yml b/roles/docker-compose/tasks/files.yml similarity index 78% rename from roles/docker-compose/tasks/create-files.yml rename to roles/docker-compose/tasks/files.yml index 54fda4fd..77f8e515 100644 --- a/roles/docker-compose/tasks/create-files.yml +++ b/roles/docker-compose/tasks/files.yml @@ -1,10 +1,10 @@ -- name: Create (optional) Dockerfile +- name: "Create (optional) Dockerfile for {{ application_id }}" template: src: "{{ item }}" dest: "{{ docker_compose.files.dockerfile }}" - with_first_found: - - "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2" - - "{{ playbook_dir }}/roles/{{ role_name }}/files/Dockerfile" + loop: + - "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/Dockerfile.j2" + - "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/Dockerfile" notify: docker compose up register: create_dockerfile_result failed_when: @@ -19,9 +19,9 @@ force: yes notify: docker compose up register: env_template - with_first_found: - - "{{ playbook_dir }}/roles/{{ role_name }}/templates/env.j2" - - "{{ playbook_dir }}/roles/{{ role_name }}/files/env" + loop: + - "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/env.j2" + - "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/env" failed_when: - env_template is failed - "'Could not find or access' not in env_template.msg" diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml index fc3080c8..02272040 100644 --- a/roles/docker-compose/tasks/main.yml +++ b/roles/docker-compose/tasks/main.yml @@ -16,5 +16,8 @@ mode: '0755' with_dict: "{{ docker_compose.directories }}" -- include_tasks: "create-files.yml" +- include_tasks: "repository.yml" + when: docker_repository | bool + +- include_tasks: "files.yml" when: not docker_compose_skipp_file_creation | bool \ No newline at end of file diff --git a/roles/docker-repository-setup/tasks/main.yml b/roles/docker-compose/tasks/repository.yml similarity index 100% rename from roles/docker-repository-setup/tasks/main.yml rename to roles/docker-compose/tasks/repository.yml diff --git a/roles/docker-ldap/docs/Administration.md b/roles/docker-ldap/docs/Administration.md index bfc7398d..e9efc347 100644 --- a/roles/docker-ldap/docs/Administration.md +++ b/roles/docker-ldap/docs/Administration.md @@ -68,5 +68,5 @@ docker exec -i ldap \ -D "$LDAP_ADMIN_DN" \ -w "$LDAP_ADMIN_PASSWORD" \ -c \ - -f "/tmp/ldif/data/01_rbac_roles.ldif" + -f "/tmp/ldif/data/01_rbac.ldif" ``` \ No newline at end of file diff --git a/roles/docker-openproject/tasks/main.yml b/roles/docker-openproject/tasks/main.yml index 52036d0e..0318b4d1 100644 --- a/roles/docker-openproject/tasks/main.yml +++ b/roles/docker-openproject/tasks/main.yml @@ -23,10 +23,6 @@ notify: - docker compose up -- name: "include role docker-repository-setup for {{application_id}}" - include_role: - name: docker-repository-setup - - name: "create {{dummy_volume}}" file: path: "{{dummy_volume}}" diff --git a/roles/docker-openproject/vars/main.yml b/roles/docker-openproject/vars/main.yml index b9eebf94..dea3bc53 100644 --- a/roles/docker-openproject/vars/main.yml +++ b/roles/docker-openproject/vars/main.yml @@ -1,6 +1,7 @@ application_id: "openproject" docker_repository_address: "https://github.com/opf/openproject-deploy" database_type: "postgres" +docker_repository: true openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/" diff --git a/roles/docker-portfolio/tasks/main.yml b/roles/docker-portfolio/tasks/main.yml index 35c302bb..6420d63e 100644 --- a/roles/docker-portfolio/tasks/main.yml +++ b/roles/docker-portfolio/tasks/main.yml @@ -12,11 +12,6 @@ http_port: "{{ ports.localhost.http[application_id] }}" when: run_once_docker_portfolio is not defined -- name: "include role docker-repository-setup for {{application_id}}" - include_role: - name: docker-repository-setup - when: run_once_docker_portfolio is not defined - - name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}" stat: path: "{{ config_inventory_path }}" diff --git a/roles/docker-portfolio/vars/main.yml b/roles/docker-portfolio/vars/main.yml index 7394853f..ef07b1bb 100644 --- a/roles/docker-portfolio/vars/main.yml +++ b/roles/docker-portfolio/vars/main.yml @@ -1,3 +1,4 @@ application_id: "portfolio" docker_repository_address: "https://github.com/kevinveenbirkenbach/portfolio" -config_inventory_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2" \ No newline at end of file +config_inventory_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2" +docker_repository: true \ No newline at end of file diff --git a/roles/docker-repository-setup/README.md b/roles/docker-repository-setup/README.md deleted file mode 100644 index 0be5e8ca..00000000 --- a/roles/docker-repository-setup/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Docker Repository Setup - -This Ansible role sets up and manages your Docker repository. It ensures that the repository is pulled from your remote Git source, and it automatically triggers a rebuild of your Docker images using Docker Compose. - -## Features 🔧 - -- **Default Path Setup:** - Automatically sets a default `docker_repository_path` - -- **Repository Management:** - Clones or updates your Docker repository from a specified Git repository. - -- **Automated Build Trigger:** - Notifies handlers to rebuild the Docker repository using Docker Compose with extended timeouts. - -## Role Structure 📂 - -- **Handlers:** - - `rebuild docker repository`: Runs `docker compose build` in the designated repository directory with custom timeout settings. - -- **Tasks:** - - Sets the default repository path if undefined. - - Pulls the latest code from the Docker repository. - - Notifies the Docker Compose project setup and triggers a repository rebuild. - -- **Meta:** - - Declares a dependency on the `docker-compose` role to ensure that handlers and related dependencies are loaded. - -## Usage ⚙️ - -Ensure that you have set the following variables (either via your inventory, `group_vars`, or `host_vars`): - -- `docker_repository_address`: The Git repository URL of your Docker repository. -- `docker_compose.directories.services`: The base directory where your Docker services are stored. - The role will append `repository/` to this path to form `docker_repository_path`. - -## Author - -Kevin Veen-Birkenbach -[https://www.veen.world](https://www.veen.world) - ---- - -Happy deploying! 🚀🐳 \ No newline at end of file diff --git a/roles/docker-repository-setup/handlers/main.yml b/roles/docker-repository-setup/handlers/main.yml deleted file mode 100644 index 529a6b16..00000000 --- a/roles/docker-repository-setup/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: rebuild docker repository - command: - cmd: docker compose build - chdir: "{{docker_repository_path}}" - environment: - COMPOSE_HTTP_TIMEOUT: 600 - DOCKER_CLIENT_TIMEOUT: 600 \ No newline at end of file diff --git a/roles/docker-repository-setup/meta/main.yml b/roles/docker-repository-setup/meta/main.yml deleted file mode 100644 index 28d81564..00000000 --- a/roles/docker-repository-setup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: -- docker-compose # To load handlers and make dependencies visible diff --git a/roles/docker-taiga/tasks/main.yml b/roles/docker-taiga/tasks/main.yml index 00574099..5b867237 100644 --- a/roles/docker-taiga/tasks/main.yml +++ b/roles/docker-taiga/tasks/main.yml @@ -10,10 +10,6 @@ domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" -- name: "include role docker-repository-setup for {{application_id}}" - include_role: - name: docker-repository-setup - - name: "copy templates {{ settings_files }} for taiga-contrib-oidc-auth" template: src: "taiga/{{item}}.py.j2" diff --git a/roles/docker-taiga/vars/main.yml b/roles/docker-taiga/vars/main.yml index 248bd759..d0fed633 100644 --- a/roles/docker-taiga/vars/main.yml +++ b/roles/docker-taiga/vars/main.yml @@ -10,7 +10,7 @@ taiga_image_frontend: >- {{ 'robrotheram/taiga-front-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram' else 'taigaio/taiga-front' }} taiga_frontend_conf_path: "{{docker_compose.directories.config}}conf.json" - +docker_repository: true settings_files: - urls - local diff --git a/roles/docker-template/vars/main.yml b/roles/docker-template/vars/main.yml deleted file mode 100644 index fd346dc9..00000000 --- a/roles/docker-template/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -application_id: template \ No newline at end of file diff --git a/tasks/plays/01_constructor.yml b/tasks/plays/01_constructor.yml index e4e83963..bf4427d6 100644 --- a/tasks/plays/01_constructor.yml +++ b/tasks/plays/01_constructor.yml @@ -1,16 +1,8 @@ --- - -- name: Show effective filter_plugins setting - shell: ansible-config dump --only-changed | grep -i filter_plugins || echo "using default" - register: filter_cfg - -- name: Debug filter_plugins config +- name: "Debug: allowed_applications" debug: - msg: "{{ filter_cfg.stdout_lines }}" - -- name: "Debug: show which ansible.cfg was used" - debug: - msg: "{{ ansible_config_file }}" + msg: "{{ allowed_applications }}" + when: enable_debug | bool - name: Merge variables block: @@ -110,51 +102,51 @@ when: mode_update | bool - name: setup standard wireguard - when: ("wireguard_server" in group_names) + when: ('wireguard_server' | application_allowed(group_names, allowed_applications)) include_role: name: wireguard # vpn setup - name: setup wireguard client behind firewall\nat - when: ("wireguard_behind_firewall" in group_names) + when: ('wireguard_behind_firewall' | application_allowed(group_names, allowed_applications)) include_role: name: client-wireguard-behind-firewall - name: setup wireguard client - when: ("wireguard_client" in group_names) + when: ('wireguard_client' | application_allowed(group_names, allowed_applications)) include_role: name: client-wireguard ## backup setup - name: setup replica backup hosts - when: ("backup_remote_to_local" in group_names) + when: ('backup_remote_to_local' | application_allowed(group_names, allowed_applications)) include_role: name: backup-remote-to-local - name: setup backup to swappable - when: ("backup_to_usb" in group_names) + when: ('backup_to_usb' | application_allowed(group_names, allowed_applications)) include_role: name: backup-data-to-usb ## driver setup - name: driver-intel - when: ("intel" in group_names) + when: ('intel' | application_allowed(group_names, allowed_applications)) include_role: name: driver-intel - name: setup multiprinter hosts - when: ("epson_multiprinter" in group_names) + when: ('epson_multiprinter' | application_allowed(group_names, allowed_applications)) include_role: name: driver-epson-multiprinter - name: setup hibernate lid switch - when: ("driver-lid-switch" in group_names) + when: ('driver-lid-switch' | application_allowed(group_names, allowed_applications)) include_role: name: driver-lid-switch ## system setup - name: setup swapfile hosts - when: ("swapfile" in group_names) + when: ('swapfile' | application_allowed(group_names, allowed_applications)) include_role: name: system-swapfile \ No newline at end of file diff --git a/tasks/plays/02_server.yml b/tasks/plays/02_server.yml index dde3bc4c..5dc38b18 100644 --- a/tasks/plays/02_server.yml +++ b/tasks/plays/02_server.yml @@ -16,25 +16,25 @@ # Native Webserver Roles - name: setup nginx-serve-htmls - when: ("nginx-serve-htmls" in group_names) include_role: name: nginx-serve-html vars: domain: "{{primary_domain}}" + when: ('nginx-serve-htmls' | application_allowed(group_names, allowed_applications)) - name: "setup corporate identity" - when: ("corporate_identity" in group_names) include_role: name: persona-corporate + when: ('corporate_identity' | application_allowed(group_names, allowed_applications)) - name: setup redirect hosts - when: ("redirect" in group_names) + when: ('redirect' | application_allowed(group_names, allowed_applications)) include_role: name: nginx-redirect-domains vars: domain_mappings: "{{ current_play_domain_mappings_redirect}}" - name: setup www redirect - when: ("www_redirect" in group_names) + when: ('www_redirect' | application_allowed(group_names, allowed_applications)) include_role: name: nginx-redirect-www \ No newline at end of file diff --git a/tasks/plays/03_destructor.yml b/tasks/plays/03_destructor.yml index f1d7f931..f1a78e79 100644 --- a/tasks/plays/03_destructor.yml +++ b/tasks/plays/03_destructor.yml @@ -1,8 +1,8 @@ - name: optimize storage performance include_role: name: system-storage-optimizer - when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) " - + when: ('storage-optimizer' | application_allowed(group_names, allowed_applications)) + - name: Cleanup Docker Anonymous Volumes import_role: name: cleanup-docker-anonymous-volumes diff --git a/tasks/utils/update-repository-with-files.yml b/tasks/utils/update-repository-with-files.yml index c69479f1..212ab875 100644 --- a/tasks/utils/update-repository-with-files.yml +++ b/tasks/utils/update-repository-with-files.yml @@ -22,16 +22,6 @@ chdir: "{{docker_compose.directories.instance}}" ignore_errors: true -# This could be replaced by include_role: docker-repository-setup -# Attendize and Akaunting still use this. When you refactor this code replace this. -- name: pull docker repository - git: - repo: "{{ docker_repository_address }}" - dest: "{{ docker_repository_directory | default(docker_compose.directories.instance) }}" - update: yes - notify: docker compose up - become: true - - name: "restore detached files" command: > mv "/tmp/{{application_id}}-{{ item }}.backup" "{{docker_compose.directories.instance}}{{ item }}" diff --git a/roles/docker-template/README.md b/templates/docker_role/README.md similarity index 100% rename from roles/docker-template/README.md rename to templates/docker_role/README.md diff --git a/templates/docker_role/meta/main.yml.j2 b/templates/docker_role/meta/main.yml.j2 new file mode 100644 index 00000000..043bb47e --- /dev/null +++ b/templates/docker_role/meta/main.yml.j2 @@ -0,0 +1,23 @@ +--- +galaxy_info: + author: "Kevin Veen-Birkenbach" + description: "{{ description }}" + license: "CyMaIS NonCommercial License (CNCL)" + license_url: "https://s.veen.world/cncl" + company: | + Kevin Veen-Birkenbach + Consulting & Coaching Solutions + https://www.veen.world + platforms: + - name: Docker + versions: + - latest + galaxy_tags: + {% for tag in tags %} + - {{ tag }} + {% endfor %} + repository: "https://github.com/kevinveenbirkenbach/cymais" + issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues" + documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}" + logo: + class: "{{ logo_classes }}" diff --git a/templates/docker_role/meta/schema.yml.j2 b/templates/docker_role/meta/schema.yml.j2 new file mode 100644 index 00000000..e69de29b diff --git a/templates/docker_role/tasks/main.yml.j2 b/templates/docker_role/tasks/main.yml.j2 new file mode 100644 index 00000000..424fe903 --- /dev/null +++ b/templates/docker_role/tasks/main.yml.j2 @@ -0,0 +1,36 @@ +--- + +{% if database | bool %} + +{% raw %} +- name: "include docker-central-database" + include_role: + name: docker-central-database + when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined + +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup + vars: + domain: "{{ domains | get_domain(application_id) }}" + http_port: "{{ ports.localhost.http[application_id] }}" + when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined +{% endraw %} + +{% else %} + +{% raw %} +- name: "include docker-compose role" + include_role: + name: docker-compose + when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined +{% endraw %} + +{% endif %} + +{% raw %} +- name: run the {% raw %}portfolio{% endraw %} tasks once + set_fact: + run_once_docker_portfolio: true + when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined +{% endraw %} \ No newline at end of file diff --git a/templates/docker_role/vars/main.yml.j2 b/templates/docker_role/vars/main.yml.j2 new file mode 100644 index 00000000..cd400169 --- /dev/null +++ b/templates/docker_role/vars/main.yml.j2 @@ -0,0 +1 @@ +application_id: {{ application_id }} \ No newline at end of file