2025-04-22 16:02:24 +02:00
9 changed files with 41 additions and 61 deletions
--- a/roles/backup-docker-to-local/tasks/main.yml
+++ b/roles/backup-docker-to-local/tasks/main.yml
@ -50,6 +50,25 @@
 - name: "include seed-database-to-backup.yml"
  include_tasks: seed-database-to-backup.yml

+- name: Set file permissions for databases.csv to be readable, writable, and executable by root only
+  ansible.builtin.file:
+    path: "{{ backup_docker_to_local_folder }}databases.csv"
+    mode: '0700'
+    owner: root
+    group: root
+  when: >
+    (database_instance is defined and
+    database_name is defined and
+    database_username is defined and
+    database_password is defined) and
+    run_once_backup_docker_to_local_file_permission is not defined
+  register: file_permission_result
+
+- name: run the backup_docker_to_local_file_permission tasks once
+  set_fact:
+    run_once_backup_docker_to_local_file_permission: true
+  when: run_once_backup_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
+
 - name: run the backup_docker_to_local tasks once
  set_fact:
    run_once_backup_docker_to_local: true
--- a/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml
+++ b/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml
@ -1,6 +1,6 @@
 # This file is also used by docker-matrix-compose

- name: "{{ role_name }} | Display all database variables"
+- name: Display all database variables
  debug:
    msg: |
      database_instance: "{{ database_instance | default('undefined') }}"
@ -9,44 +9,12 @@
      database_password: "{{ database_password | default('undefined') }}"
  when: enable_debug | bool

- name: "{{ role_name }} | fail if not all required database variables are defined"
-  fail:
-    msg: "You must define all of the following variables: database_instance, database_name, database_username, database_password"
-  when: >
-    (database_instance is defined or
-     database_name is defined or
-     database_username is defined or
-     database_password is defined) and not
-    (database_instance is defined and
-     database_name is defined and
-     database_username is defined and
-     database_password is defined)
-
- name: "{{ role_name }} | seed database values in directory {{ backup_docker_to_local_folder }}"
+- name: seed database values
  command:
    cmd: "python database_entry_seeder.py databases.csv {{database_instance}} {{database_name}} {{database_username}} {{database_password}}"
-    chdir: "{{ backup_docker_to_local_folder }}"
+    chdir: "{{backup_docker_to_local_folder}}"
  when: >
    database_instance is defined and
    database_name is defined and
    database_username is defined and
-    database_password is defined
-
- name: Set file permissions for databases.csv to be readable, writable, and executable by root only
-  ansible.builtin.file:
-    path: "{{ backup_docker_to_local_folder }}databases.csv"
-    mode: '0700'
-    owner: root
-    group: root
-  when: >
-    (database_instance is defined and
-    database_name is defined and
-    database_username is defined and
-    database_password is defined) and
-    run_once_backup_docker_to_local_file_permission is not defined
-  register: file_permission_result
-
- name: run the backup_docker_to_local_file_permission tasks once
-  set_fact:
-    run_once_backup_docker_to_local_file_permission: true
-  when: run_once_backup_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
+    database_password is defined
--- a/roles/cleanup-failed-docker-backups/handlers/main.yml
+++ b/roles/cleanup-failed-docker-backups/handlers/main.yml
@ -1,4 +1,4 @@
- name: "Reload cleanup-failed-docker-backups.cymais.service"
+- name: "reload cleanup-failed-docker-backups.cymais.service daemon"
  systemd:
    name: cleanup-failed-docker-backups.cymais.service
    enabled: yes
--- a/roles/cleanup-failed-docker-backups/tasks/main.yml
+++ b/roles/cleanup-failed-docker-backups/tasks/main.yml
@ -10,16 +10,16 @@
  register: pkgmgr_output
  when: run_once_cleanup_failed_docker_backups is not defined

- name: Set fact for backup_docker_to_local_cleanup_script
+- name: Set fact for backup_docker_to_local_cleanup_folder
  set_fact:
-    backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cleanup-all.sh' }}"
+    backup_docker_to_local_cleanup_folder: "{{ pkgmgr_output.stdout }}"
  when: run_once_cleanup_failed_docker_backups is not defined

 - name: configure cleanup-failed-docker-backups.cymais.service
-  template:
+  template: 
    src: cleanup-failed-docker-backups.service.j2
    dest: /etc/systemd/system/cleanup-failed-docker-backups.cymais.service
-  notify: Reload cleanup-failed-docker-backups.cymais.service
+  notify: reload cleanup-failed-docker-backups.cymais.service daemon
  when: run_once_cleanup_failed_docker_backups is not defined

 - name: set service_name to the name of the current role
--- a/roles/cleanup-failed-docker-backups/templates/cleanup-failed-docker-backups.service.j2
+++ b/roles/cleanup-failed-docker-backups/templates/cleanup-failed-docker-backups.service.j2
@ -5,4 +5,4 @@ OnFailure=systemd-notifier.cymais@%n.service
 [Service]
 Type=oneshot
 ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ')  }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
-ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_script}}'
+ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup-all.sh'
--- a/roles/docker-central-database/tasks/main.yml
+++ b/roles/docker-central-database/tasks/main.yml
@ -1,27 +1,22 @@
- name: "{{ role_name }} | Load database variables"
-  include_vars: "{{ item }}"
-  loop:
-    - "{{ docker_var_file }}"   # Important to load docker variables first so that database can use them
-    - "{{ database_var_file }}" # Important to load them before docker role so that backup can use them
-
 # Docker Routines
- name: "{{ role_name }} | Include docker-compose role"
+- name: "include docker-compose role"
  include_role: 
    name: docker-compose

+# Database Routines
+- name: "load variables from {{ role_path }}/vars/database.yml for whole play"
+  include_vars: "{{ role_path }}/vars/database.yml"
+
 # The following env file will just be used from the dedicated mariadb container
 # and not the central-mariadb-database
- name: "{{ role_name }} | Create {{database_env}}"
+- name: "create {{database_env}}"
  template: 
    src: "env/{{database_type}}.env.j2"
    dest: "{{database_env}}"
  notify: docker compose project build and setup
  when: not applications[application_id].database.central_storage | bool

- name: "{{ role_name }} | Create central database"
+- name: create central database
  include_role:
    name: "docker-{{database_type}}"
-  when: applications[application_id].database.central_storage | bool
-
- name: "{{ role_name }} | Add database to backup"
-  include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"
+  when: applications[application_id].database.central_storage | bool
--- a/roles/docker-central-database/vars/main.yml
+++ b/roles/docker-central-database/vars/main.yml
@ -1,2 +0,0 @@
-database_var_file:  "{{ role_path }}/vars/database.yml"
-docker_var_file:    "{{playbook_dir}}/roles/docker-compose/vars/docker-compose.yml"
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -1,7 +1,7 @@
- name: "{{ role_name }} | Load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
+- name: "load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
  include_vars: "{{ role_path }}/vars/docker-compose.yml"

- name: "{{ role_name }} | Remove {{ docker_compose.directories.instance }} and all its contents"
+- name: "remove {{ docker_compose.directories.instance }} and all its contents"
  file:
    path: "{{ docker_compose.directories.instance }}"
    state: absent
@ -9,7 +9,7 @@

 # This could lead to problems in docker-compose directories which are based on a git repository
 # @todo Verify that this isn't the case. E.g. in accounting
- name: "{{ role_name }} | Create all docker-compose directories (including parent directories)"
+- name: "Create all docker-compose directories (including parent directories)"
  file:
    path: "{{ item.value }}"
    state: directory
--- a/roles/docker-nextcloud/vars/main.yml
+++ b/roles/docker-nextcloud/vars/main.yml
@ -7,7 +7,7 @@ database_password:  	                              "{{applications.nextcloud.cre
 database_type:                                      "mariadb"                                                     # Database flavor

 # Networking
-domain:                                             "{{ domains[application_id] }}"                                 # Public domain at which Nextcloud will be accessable
+domain:                                             "{{domains[application_id]}}"                                 # Public domain at which Nextcloud will be accessable
 http_port:                                          "{{ ports.localhost.http[application_id] }}"                  # Port at which nextcloud is reachable in the local network

 # Control Node