Ensure that keycloak is up

group_vars/all/00_general.yml

@@ -50,16 +50,17 @@ certbot_dns_propagation_wait_seconds:     300                     # How long sho
 certbot_flavor:                           san                     # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated
 
 # Path where Certbot stores challenge webroot files
-letsencrypt_webroot_path: "/var/lib/letsencrypt/"
+letsencrypt_webroot_path:                 "/var/lib/letsencrypt/"
 
 # Base directory containing Certbot configuration, account data, and archives
-letsencrypt_base_path: "/etc/letsencrypt/"
+letsencrypt_base_path:                    "/etc/letsencrypt/"
 
 # Symlink directory for the current active certificate and private key
-letsencrypt_live_path: "{{ letsencrypt_base_path }}live/"
+letsencrypt_live_path:                    "{{ letsencrypt_base_path }}live/"
 
 ## Docker Role Specific Parameters
-docker_restart_policy:                    "unless-stopped"
+DOCKER_RESTART_POLICY:                    "unless-stopped"
+DOCKER_VARS_FILE:                         "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"
 
 # default value if not set via CLI (-e) or in playbook vars
 allowed_applications: []

roles/cmp-db-docker/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "For '{{ application_id }}': Load database variables"
   include_vars: "{{ item }}"
   loop:
-    - "{{ cmp_db_docker_vars_file_docker }}"  # Important to load docker variables first so that database can use them
+    - "{{ DOCKER_VARS_FILE }}"  # Important to load docker variables first so that database can use them
     - "{{ cmp_db_docker_vars_file_db }}"      # Important to load them before docker role so that backup can use them
 
 - name: "For '{{ application_id }}': Load cmp-docker-oauth2"

roles/cmp-db-docker/vars/main.yml

@@ -1,2 +1 @@
 cmp_db_docker_vars_file_db:     "{{ playbook_dir }}/roles/cmp-rdbms/vars/database.yml"
-cmp_db_docker_vars_file_docker: "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"

roles/cmp-rdbms/templates/services/mariadb.yml.j2

@@ -6,7 +6,7 @@
     logging:
       driver: journald
     image: mariadb
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     env_file:
       - {{database_env}}
     command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"

roles/cmp-rdbms/templates/services/postgres.yml.j2

@@ -6,7 +6,7 @@
     container_name: {{ application_id | get_entity_name }}-database
     env_file:
       - {{database_env}}
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U {{database_name}}"]
       interval: 10s

roles/docker-compose/tasks/helpers/ensure.yml

@@ -0,0 +1,5 @@
+- name: "Load handlers without when condition. to guaranty that they are executed"
+  import_role:
+    name: docker-compose
+    tasks_from: helpers/none
+    handlers_from: main

roles/docker-compose/tasks/helpers/none.yml

@@ -0,0 +1 @@
+# Dummy file for handler import

roles/docker-compose/tasks/main.yml

@@ -16,7 +16,7 @@
     mode: '0755'
   with_dict: "{{ docker_compose.directories }}"
 
-- name: "Include routines to set up a git repository based installaion for '{{application_id}}'."
+- name: "Include routines to set up a git repository based installation for '{{application_id}}'."
   include_tasks: "02_repository.yml"
   when: docker_pull_git_repository | bool
 

roles/docker-container/templates/base.yml.j2

@@ -1,6 +1,6 @@
 {# Base for docker services #}
 
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
 {% if application_id | has_env  %}
     env_file:
       - "{{docker_compose.files.env}}"

roles/svc-db-mariadb/tasks/main.yml

@@ -21,7 +21,7 @@
     published_ports:
       - "127.0.0.1:{{ mariadb_port }}:3306" # can be that this will be removed if all applications use sockets
     command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
-    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy: "{{ DOCKER_RESTART_POLICY }}"
     healthcheck:
       test: "/usr/bin/mariadb --user=root --password={{ mariadb_root_pwd }} --execute \"SHOW DATABASES;\""
       interval: 10s

roles/svc-db-postgres/tasks/main.yml

@@ -25,6 +25,9 @@
   - include_tasks: utils/run_once.yml
   when: run_once_svc_db_postgres is not defined
 
+- name: "Ensure that {{ docker_compose.directories.instance }} is up"
+  include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/helpers/ensure.yml"
+
 - name: "Initialize database for '{{ database_name }}'"
   include_tasks: init.yml
   when: "{{ postgres_init }}"

roles/svc-db-redis/README.md

@@ -25,7 +25,7 @@ Include this snippet in your top-level `docker-compose.yml.j2` where you want Re
   Sets container name (`{{ application_id }}-redis`).
 
 - **Restart policy**  
-  Controlled by `docker_restart_policy`.
+  Controlled by `DOCKER_RESTART_POLICY`.
 
 - **Journald logging**  
   Ensures logs are captured by systemd’s journal.

roles/svc-db-redis/templates/service.yml.j2

@@ -4,7 +4,7 @@
   redis:
     image: "{{ redis_image }}:{{ redis_version }}"
     container_name: {{ application_id | get_entity_name }}-redis
-    restart: {{ docker_restart_policy }}
+    restart: {{ DOCKER_RESTART_POLICY }}
     logging:
       driver: journald
     volumes:

roles/web-app-espocrm/templates/docker-compose.yml.j2

@@ -13,7 +13,7 @@
 
   daemon:
     image: "{{ espocrm_image }}:{{ espocrm_version }}"
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     logging:
       driver: journald
     entrypoint: docker-daemon.sh
@@ -23,7 +23,7 @@
 
   websocket:
     image: "{{ espocrm_image }}:{{ espocrm_version }}"
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     logging:
       driver: journald
     environment:

roles/web-app-jenkins/templates/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
     application:
       image: jenkins/jenkins:lts
-      restart: "{{docker_restart_policy}}"
+      restart: "{{DOCKER_RESTART_POLICY}}"
       ports:
         - "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
       volumes:

roles/web-app-keycloak/tasks/01_import.yml

@@ -0,0 +1,19 @@
+- name: "load variables from {{ DOCKER_VARS_FILE }}"
+  include_vars: "{{ DOCKER_VARS_FILE }}"
+
+- name: Set the directory to which keycloack import files will be copied on host
+  set_fact: 
+    keycloak_host_import_directory:   "{{ docker_compose.directories.volumes }}import/"
+
+- name: "create directory {{keycloak_host_import_directory}}"
+  file:
+    path: "{{keycloak_host_import_directory}}"
+    state: directory
+    mode: 0755
+
+- name: "Copy import files to {{ keycloak_host_import_directory }}"
+  template:
+    src: "{{ item }}"
+    dest: "{{ keycloak_host_import_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+    mode: '770'
+  loop: "{{ lookup('fileglob', '{{ role_path }}/templates/import/*.j2', wantlist=True) }}"

roles/web-app-keycloak/tasks/main.yml

@@ -1,22 +1,11 @@
 ---
+- name: "create import files for {{application_id}}"
+  include_tasks: 01_import.yml
+
 - name: "load docker, db and proxy for {{application_id}}"
   include_role: 
     name: cmp-db-docker-proxy
 
-- name: "create directory {{keycloak_host_import_directory}}"
-  file:
-    path: "{{keycloak_host_import_directory}}"
-    state: directory
-    mode: 0755
-
-- name: "Copy import files to {{ keycloak_host_import_directory }}"
-  template:
-    src: "{{ item }}"
-    dest: "{{ keycloak_host_import_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
-    mode: '770'
-  loop: "{{ lookup('fileglob', '{{ role_path }}/templates/import/*.j2', wantlist=True) }}"
-  notify: docker compose up
-
 # Deactivated temporary. Import now via realm.yml
 #- name: Implement SSH Public Key Attribut
 #  include_tasks: attributes/ssh_public_key.yml

roles/web-app-keycloak/vars/main.yml

@@ -4,7 +4,6 @@ database_type:                    "postgres"
 
 # Keycloak Specific
 keycloak_container:               "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.name', True) }}"      # Name of the keycloack docker container
-keycloak_host_import_directory:   "{{ docker_compose.directories.volumes }}import/"                                               # Directory in which keycloack import files are placed on the host
 keycloak_docker_import_directory: "/opt/keycloak/data/import/"                                                                    # Directory in which keycloack import files are placed in the running docker container
 keycloak_realm:                   "{{ primary_domain}}"                                                                           # This is the name of the default realm which is used by the applications
 keycloak_administrator:           "{{ applications | get_app_conf(application_id, 'users.administrator', True) }}"                # Master Administrator
@@ -20,4 +19,4 @@ keycloak_import_realm:            "{{ applications | get_app_conf(application_id
 keycloak_debug_enabled:           "{{ enable_debug }}"
 
 # Docker 
-docker_compose_flush_handlers:    false                                                                                           # Copy realm import etc. before flush
+docker_compose_flush_handlers:    true                                                                                            # Remember to copy realm import before flushg when set to true

roles/web-app-mailu/templates/docker-compose.yml.j2

@@ -82,7 +82,7 @@
     container_name: {{mailu_name}}_oletools
     image: {{docker_source}}/oletools:{{ mailu_version }}
     hostname: oletools
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     depends_on:
       - resolver
     dns:

roles/web-app-matrix/templates/docker-compose.yml.j2

@@ -3,7 +3,7 @@
 {% set container_port = 8008 %}
     image: "{{ matrix_synapse_image }}:{{ matrix_synapse_version }}"
     container_name: {{ matrix_synapse_name }}
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     logging:
       driver: journald
     volumes:
@@ -32,7 +32,7 @@
 {% set container_port = 80 %}
     image: "{{ matrix_element_image }}:{{ matrix_element_version }}"
     container_name: {{ matrix_element_name }}
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     volumes:
       - ./element-config.json:/app/config.json
     ports:
@@ -44,7 +44,7 @@
   mautrix-{{item.bridge_name}}:
     container_name: matrix-{{item.bridge_name}}
     image: dock.mau.dev/mautrix/{{ item.bridge_name }}:latest
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     volumes:
       - ./mautrix/{{item.bridge_name}}:/data
     healthcheck:
@@ -56,7 +56,7 @@
 {% endfor %}
 {% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
   matrix-chatgpt-bot:
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     container_name: matrix-chatgpt
     image: ghcr.io/matrixgpt/matrix-chatgpt-bot:latest
     volumes:

roles/web-app-mybb/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@
         tag: "mybb_application"
     image: {{ mybb_image }}:{{ mybb_version }}
     container_name: {{ mybb_name }}
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     volumes:
       - data:/var/www/html
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
@@ -18,7 +18,7 @@
       options:
         tag: "mybb_server"
     image: nginx:mainline
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     volumes:

roles/web-app-nextcloud/templates/docker-compose.yml.j2

@@ -37,7 +37,7 @@
     container_name: "{{ nextcloud_proxy_name }}"
     logging:
       driver: journald
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
     volumes:
@@ -53,7 +53,7 @@
   cron:
     container_name: "{{ nextcloud_cron_name }}"
     image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     logging:
       driver: journald
     volumes:

roles/web-app-oauth2-proxy/templates/container.yml.j2

@@ -1,7 +1,7 @@
 {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
   oauth2-proxy:
     image: quay.io/oauth2-proxy/oauth2-proxy:{{applications['web-app-oauth2-proxy'].version}}
-    restart: {{docker_restart_policy}}
+    restart: {{DOCKER_RESTART_POLICY}}
     command: --config /oauth2-proxy.cfg
     hostname: oauth2-proxy
     ports:

roles/web-app-roulette-wheel/templates/docker-compose.yml.j2

@@ -5,6 +5,6 @@
             context: .
         ports:
         - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
-        restart: {{docker_restart_policy}}
+        restart: {{DOCKER_RESTART_POLICY}}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-svc-cdn/tasks/main.yml

@@ -18,3 +18,6 @@
   set_fact:
     run_once_web_svc_cdn: true
   when: run_once_web_svc_cdn is not defined
+
+- name: "Ensure that {{ docker_compose.directories.instance }} is up"
+  include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/helpers/ensure.yml"

tasks/utils/run_once.yml

@@ -1,6 +1,14 @@
 ---
 # This is necessary to flush the handlers before the when is set, because otherwise the when will be attached to the handlers
 
+- name: "Ensure that {{ docker_compose.directories.instance }} is up"
+  # This is a little hack to guaranty that the docker containers are allways up
+  # It isn't the cleanest solution to have it here but it should fullfill their purpose
+  include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/04_ensure_up.yml"
+  when:
+    - docker_compose is defined
+    - (application_id | get_entity_name) == (docker_compose.directories.instance | basename)
+
 - meta: flush_handlers
 
 - name: Set “run-once” fact for role {{ role_name }}