uumas/ansible-docker
1
0
Fork 1
Code Issues 8 Pull Requests Projects Releases Wiki Activity

Add service role

Browse Source
This commit is contained in:
uumas
2024-07-28 01:12:26 +03:00
parent 64d074ea4b
commit 87bb985211
20 changed files with 937 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
roles/service/tasks/additional.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: Store docker additional services so it doesn't get reset
ansible.builtin.set_fact:
_docker_additional_services: "{{ docker_additional_services }}"
- name: "Memcached container for {{ docker_service_name }}"
ansible.builtin.include_role:
name: service
vars:
docker_namespace: "{{ _docker_namespace }}"
docker_service: memcached
docker_image: memcached:alpine
reverse_proxy_type: none
docker_mounts: []
docker_published_ports: []
docker_env: {}
docker_additional_env: {}
docker_networks: []
docker_database: none
docker_additional_services: []
docker_host_user: false
dockerfile: []
docker_command: "{{ omit }}"
docker_entrypoint: "{{ omit }}"
docker_memory: "{{ omit }}"
when: "'memcached' in _docker_additional_services"
- name: "Redis container for {{ docker_service_name }}"
ansible.builtin.include_role:
name: service
vars:
docker_namespace: "{{ _docker_namespace }}"
docker_service: redis
docker_image: redis:alpine
reverse_proxy_type: none
docker_mounts:
- name: redis
path: /data
docker_command: "{{ '--save 60 1' if docker_redis_persistence else omit }}"
docker_published_ports: []
docker_env: {}
docker_additional_env: {}
docker_networks: []
docker_database: none
docker_additional_services: []
docker_host_user: false
dockerfile: []
docker_entrypoint: "{{ omit }}"
docker_memory: "{{ omit }}"
when: "'redis' in _docker_additional_services"

94
roles/service/tasks/database.yml Normal file
View File

@@ -0,0 +1,94 @@
---
- name: Set postgres container vars
ansible.builtin.set_fact:
db_container_image: 'postgres:14-alpine'
db_container_env:
POSTGRES_USER: "{{ docker_service_underscore_name }}"
POSTGRES_PASSWORD: "{{ database_passwords[docker_service_name] }}"
db_container_data: /var/lib/postgresql/data
when: docker_database == 'postgres'
- name: Set mariadb container vars
ansible.builtin.set_fact:
db_container_image: mariadb:10
db_container_env:
MARIADB_USER: "{{ docker_service_underscore_name }}"
MARIADB_DATABASE: "{{ docker_service_underscore_name }}"
MARIADB_PASSWORD: "{{ database_passwords[docker_service_name] }}"
MARIADB_RANDOM_ROOT_PASSWORD: "{{ database_passwords[docker_service_name + '_root'] is not defined | string }}"
MARIADB_ROOT_PASSOWRD: "{{ database_passwords[docker_service_name + '_root'] | default(omit) }}"
db_container_data: /var/lib/mysql
db_image_port: 3306
when: docker_database == 'mariadb'
- name: Set mongo container vars
ansible.builtin.set_fact:
db_container_image: 'mongo:latest'
db_container_data: /data/db
when: docker_database == 'mongo'
- name: Define db container data mount
set_fact:
db_container_mounts:
- name: db
path: "{{ db_container_data }}"
mode: '0700'
- name: Define db container config mount
set_fact:
db_container_mounts: "{{ db_container_mounts + [{'template': 'mariadb.cnf', 'path': '/etc/mysql/conf.d/custom.cnf'}] }}"
when: db_config_mounts_needed
- name: Set db published ports var
set_fact:
db_published_ports: ["127.0.0.1:{{ ports[docker_service_name].db }}:{{ db_image_port }}"]
when: ports[docker_service_name].db is defined
- name: Database container for {{ docker_service_name }}
ansible.builtin.include_role:
name: service
vars:
docker_namespace: "{{ _docker_namespace }}"
docker_service: db
docker_image: "{{ db_container_image }}"
reverse_proxy_type: none
docker_mounts: "{{ db_container_mounts }}"
docker_published_ports: "{{ db_published_ports | default([]) }}"
docker_env: "{{ db_container_env | default({}) }}"
docker_additional_env: {}
docker_networks: []
docker_database: none
docker_additional_services: []
docker_host_user: false
dockerfile: []
docker_command: "{{ omit }}"
docker_entrypoint: "{{ omit }}"
docker_memory: "{{ omit }}"
- name: phpMyAdmin container for {{ docker_service_name }}
ansible.builtin.include_role:
name: service
vars:
docker_namespace: "{{ _docker_namespace }}"
docker_service: phpmyadmin
docker_image: phpmyadmin
docker_mounts: []
docker_published_ports:
- "127.0.0.1:{{ ports[docker_service_name]['phpmyadmin'] }}:80"
docker_env:
PMA_ABSOLUTE_URI: "https://{{ docker_vhost_domains[docker_service_name + '_phpmyadmin'][0] }}"
PMA_HOST: "{{ docker_service_name }}-db"
docker_additional_env: {}
docker_networks: []
docker_database: none
docker_additional_services: []
docker_host_user: false
dockerfile: []
docker_command: "{{ omit }}"
docker_entrypoint: "{{ omit }}"
docker_memory: "{{ omit }}"
docker_proxy_target_protocol: http
vhost_basicauth: "{{ docker_phpmyadmin_basicauth }}"
vhost_basicauth_users: "{{ docker_phpmyadmin_basicauth_users }}"
when: docker_database == 'mariadb' and ports[docker_service_name]['phpmyadmin'] is defined

14
roles/service/tasks/host_user.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: "Create user for {{ docker_service_name }}"
user:
name: "{{ docker_service_underscore_name }}"
home: "/opt/{{ docker_namespace }}/{{ docker_service_suffix }}"
create_home: false
system: true
shell: /bin/bash
register: user
- name: Set docker container user
set_fact:
docker_user: "{{ user.uid }}:{{ user.group }}"

71
roles/service/tasks/image.yml Normal file
View File

@@ -0,0 +1,71 @@
---
- name: Image build
when: dockerfile_needed
block:
- name: Set docker_build_directory variable
set_fact:
docker_build_directory: /opt/{{ docker_namespace }}/build
- name: Create container build directory
file:
path: "{{ docker_build_directory }}"
state: directory
- name: Put dockerfile in place
template:
src: Dockerfile.j2
dest: "{{ docker_build_directory }}/Dockerfile"
mode: 0644
- name: Build docker image for {{ docker_service }}
docker_image:
name: "local_{{ docker_service }}"
source: build
force_source: true
build:
pull: true
path: "{{ docker_build_directory }}"
register: built_image
changed_when:
- not ansible_check_mode
- built_image.changed
- name: Pull container image for {{ docker_service_name }}
docker_image:
name: "{{ docker_image }}"
source: pull
force_source: true
register: pulled_image
when: not dockerfile_needed
changed_when:
- not ansible_check_mode
- pulled_image.changed
- name: Set container_image variable
set_fact:
container_image: "{{ item.image }}"
when: item.skipped is not defined or not item.skipped
loop:
- "{{ built_image }}"
- "{{ pulled_image }}"
- name: Check mode image info
when: ansible_check_mode
block:
- name: Get docker image info for check mode
docker_image_info:
name: "{{ ('local_' + docker_service) if dockerfile | length > 0 else docker_image }}"
register: existing_image
- name: Set check mode container_image variable
set_fact:
container_image: "{{ existing_image.images[0] }}"
when: existing_image.images | length > 0
- name: Set image user variable
set_fact:
image_user: "{{ container_image.Config.User }}"
when:
- not ansible_check_mode
- container_image.Config.User | int

63
roles/service/tasks/init.yml Normal file
View File

@@ -0,0 +1,63 @@
---
- name: Fail if docker_volumes defined
ansible.builtin.fail:
msg: "docker_volumes is not supported anymore. Use docker_mounts instead!"
when: docker_volumes is defined
- name: Store variables to be reset in the end
ansible.builtin.set_fact:
_docker_service_name: "{{ docker_service_name }}"
_docker_mount_definition: "{{ docker_mount_definition }}"
_container_published_ports: "{{ container_published_ports }}"
_container_image: "{{ container_image }}"
_container_networks: "{{ container_networks }}"
_template_mounts_needed: "{{ template_mounts_needed }}"
_copypath_mounts_needed: "{{ copypath_mounts_needed }}"
_volumes_needed: "{{ volumes_needed }}"
_dockerfile_needed: "{{ dockerfile_needed }}"
_db_config_mounts_needed: "{{ db_config_mounts_needed }}"
_bind_volumes_needed: "{{ bind_volumes_needed }}"
_named_volumes_needed: "{{ named_volumes_needed }}"
_create_opt_directory: "{{ create_opt_directory }}"
_create_mounts_directory: "{{ create_mounts_directory }}"
_docker_service_underscore_name: "{{ docker_service_underscore_name }}"
_image_user: "{{ image_user }}"
when: create_mounts_directory is defined
- name: Initialize variables
ansible.builtin.set_fact:
_docker_namespace: "{{ docker_namespace }}"
docker_service_name: "{{ docker_namespace }}"
docker_mount_definition: []
container_published_ports: []
container_image: ''
image_user: ''
container_networks: []
- name: Add suffix to docker_service_name
ansible.builtin.set_fact:
docker_service_name: "{{ docker_service_name }}-{{ docker_service_suffix }}"
when: docker_service_suffix | length > 0
- name: Add docker_service to docker_service_name
ansible.builtin.set_fact:
docker_service_name: "{{ docker_service_name }}-{{ docker_service }}"
when: docker_namespace != docker_service
- name: Set assistive variables
set_fact:
docker_service_underscore_name: "{{ docker_service_name | replace('-', '_') }}"
template_mounts_needed: "{{ docker_mounts | selectattr('template', 'defined') | list | length > 0 }}"
copypath_mounts_needed: "{{ docker_mounts | selectattr('copypath', 'defined') | list | length > 0 }}"
volumes_needed: "{{ docker_mounts | selectattr('name', 'defined') | list | length > 0 or docker_database != 'none' }}"
dockerfile_needed: "{{ dockerfile | length > 0 }}"
db_config_mounts_needed: "{{ docker_mariadb_config | length > 0 }}"
- name: Set more assistive variables
set_fact:
bind_volumes_needed: "{{ volumes_needed and docker_volume_type == 'bind' }}"
named_volumes_needed: "{{ volumes_needed and docker_volume_type == 'named' }}"
- name: Set even more assistive variables
set_fact:
create_opt_directory: "{{ dockerfile_needed or docker_host_user or bind_volumes_needed or template_mounts_needed or copypath_mounts_needed or db_config_mounts_needed }}"
create_mounts_directory: "{{ bind_volumes_needed or template_mounts_needed or copypath_mounts_needed or db_config_mounts_needed }}"

139
roles/service/tasks/main.yml Normal file
View File

@@ -0,0 +1,139 @@
---
- name: Container role initialization
import_tasks: init.yml
- name: Docker network
when: docker_network_mode != 'host' or docker_networks | length > 0
block:
- name: Set networks variable to {{ docker_namespace + ('-' + docker_service_suffix if docker_service_suffix | length > 0 else '') }}
ansible.builtin.set_fact:
container_networks:
- name: "{{ docker_namespace + ('-' + docker_service_suffix if docker_service_suffix | length > 0 else '') }}"
when: docker_networks | length == 0
- name: Set networks variable to {{ docker_networks }}
ansible.builtin.set_fact:
container_networks: "{{ docker_networks }}"
when: docker_networks | length > 0
- name: Create docker networks
community.docker.docker_network:
name: "{{ item.name }}"
loop: "{{ container_networks }}"
- name: Reverse proxy for container
include_tasks: proxy.yml
when: reverse_proxy_type != 'none'
- name: Create directory /opt/{{ docker_namespace }}
ansible.builtin.file:
path: "/opt/{{ docker_namespace }}"
state: directory
mode: 0755
when: create_opt_directory
- name: Container image
import_tasks: image.yml
- name: Container user
include_tasks: host_user.yml
when: docker_host_user
- name: Create suffix directory
when: create_opt_directory and docker_service_suffix | length > 0
block:
- name: Create directory /opt/{{ docker_namespace + '/' + docker_service_suffix }}
ansible.builtin.file:
path: "/opt/{{ docker_namespace }}/{{ docker_service_suffix }}"
state: directory
owner: "{{ user.uid | default(omit) }}"
group: "{{ user.group | default(omit) }}"
mode: 0755
- name: Set container_workdir variable
ansible.builtin.set_fact:
container_workdir: /opt/{{ docker_namespace }}/{{ docker_service_suffix }}
- name: Set container_workdir variable
ansible.builtin.set_fact:
container_workdir: /opt/{{ docker_namespace }}
when: docker_service_suffix | length == 0
- name: Create mounts directory
when: create_mounts_directory
block:
- name: Set docker_mounts_dir
ansible.builtin.set_fact:
docker_mounts_dir: "{{ container_workdir }}/mounts"
- name: Create directory {{ docker_mounts_dir }}
ansible.builtin.file:
path: "{{ docker_mounts_dir }}"
state: directory
owner: "{{ user.uid | default(omit) }}"
group: "{{ user.group | default(omit) }}"
mode: 0700
- name: Database container
include_tasks: database.yml
when: docker_database != 'none'
- name: Additional services
include_tasks: additional.yml
when: docker_additional_services | length > 0
- name: Container mounts
import_tasks: mounts.yml
- name: "Ensure container with legacy name doesn't exist for {{ docker_service_underscore_name }}"
community.docker.docker_container:
name: "{{ docker_service_underscore_name }}"
state: absent
when: docker_service_underscore_name != docker_service_name
- name: Ensure network with legacy name doesn't exist
community.docker.docker_network:
name: "{{ docker_service_underscore_name }}"
state: absent
when: docker_service_underscore_name != docker_service_name
- name: "Container for {{ docker_service_name }}"
community.docker.docker_container:
name: "{{ docker_service_name }}"
image: "{{ container_image.Id if (not ansible_check_mode) or (container_image | length > 0) else docker_image }}"
user: "{{ docker_user if docker_host_user else omit }}"
mounts: "{{ docker_mount_definition }}"
published_ports: "{{ container_published_ports + docker_published_ports }}"
labels: "{{ traefik_labels | default(omit) }}"
env: "{{ docker_env | combine(docker_additional_env) | combine({'TZ': timezone}) }}"
entrypoint: "{{ docker_entrypoint | default(omit) }}"
command: "{{ docker_command | default(omit) }}"
memory: "{{ docker_memory | default(omit) }}"
restart_policy: "{{ docker_restart_policy }}"
network_mode: "{{ docker_network_mode if docker_network_mode | length > 0 else omit }}"
networks: "{{ container_networks }}"
log_driver: local
state: "{{ 'started' if docker_restart_policy == 'always' else 'present' }}"
register: container_out
notify: Ensure container running
- name: Flush handlers to trigger container restart
ansible.builtin.meta: flush_handlers
- name: Reset variables to their original values
ansible.builtin.set_fact:
docker_service_name: "{{ _docker_service_name }}"
docker_mount_definition: "{{ _docker_mount_definition }}"
container_published_ports: "{{ _container_published_ports }}"
container_image: "{{ _container_image }}"
container_networks: "{{ _container_networks }}"
template_mounts_needed: "{{ _template_mounts_needed }}"
copypath_mounts_needed: "{{ _copypath_mounts_needed }}"
volumes_needed: "{{ _volumes_needed }}"
dockerfile_needed: "{{ _dockerfile_needed }}"
db_config_mounts_needed: "{{ _db_config_mounts_needed }}"
bind_volumes_needed: "{{ _bind_volumes_needed }}"
named_volumes_needed: "{{ _named_volumes_needed }}"
create_opt_directory: "{{ _create_opt_directory }}"
create_mounts_directory: "{{ _create_mounts_directory }}"
docker_service_underscore_name: "{{ _docker_service_underscore_name }}"
image_user: "{{ _image_user }}"
when: _docker_service_name is defined

64
roles/service/tasks/mounts.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- name: Create directories and put files in them
when: create_mounts_directory
block:
- name: Define mount directory owner
set_fact:
mount_owner: "{{ user.uid if docker_host_user else image_user }}"
mount_group: "{{ user.group if docker_host_user else '' }}"
- name: "Create docker bind mount directories for {{ docker_service_name }}"
file:
path: "{{ docker_mounts_dir }}/{{ item.name }}"
state: directory
owner: "{{ mount_owner if (item.set_owner is not defined or item.set_owner) and mount_owner | length > 0 else omit }}"
group: "{{ mount_group if (item.set_group is not defined or item.set_group) and mount_group | length > 0 else omit }}"
mode: "{{ item.mode | default('0755') }}"
when: item.name is defined and docker_volume_type == 'bind'
loop: "{{ docker_mounts }}"
- name: Set docker_mount_definition for named binds
set_fact:
docker_mount_definition: "{{ docker_mount_definition + [{'source': docker_mounts_dir + '/' + item.name, 'target': item.path, 'type': 'bind', 'read_only': item.readonly | default(false)}] }}"
when: item.name is defined and docker_volume_type == 'bind'
loop: "{{ docker_mounts }}"
- name: Template docker template mounts for {{ docker_service_name }}
template:
src: "{{ item.template }}.j2"
dest: "{{ docker_mounts_dir }}/{{ item.template }}"
mode: "{{ item.mode | default('0644') }}"
when: item.template is defined
loop: "{{ docker_mounts }}"
notify: Restart container
- name: Set docker_mount_definition for template mounts
set_fact:
docker_mount_definition: "{{ docker_mount_definition + [{'source': docker_mounts_dir + '/' + item.template, 'target': item.path, 'type': 'bind', 'read_only': true}] }}"
when: item.template is defined
loop: "{{ docker_mounts }}"
- name: Copy docker copypath mounts for {{ docker_service_name }}
copy:
src: "files/{{ item.copypath }}"
dest: "{{ docker_mounts_dir }}/"
mode: "{{ item.mode | default('0755') }}"
when: item.copypath is defined
loop: "{{ docker_mounts }}"
notify: Restart container
- name: Set docker_mount_definition for copypath mounts
set_fact:
docker_mount_definition: "{{ docker_mount_definition + [{'source': docker_mounts_dir + '/' + item.copypath, 'target': item.path, 'type': 'bind', 'read_only': true}] }}"
when: item.copypath is defined
loop: "{{ docker_mounts }}"
- name: Set docker_mount_definition for named volumes
set_fact:
docker_mount_definition: "{{ docker_mount_definition + [{'source': docker_namespace + ('-' + docker_service_suffix if docker_service_suffix | length > 0 else '') + '-' + item.name, 'target': item.path, 'type': 'volume', 'read_only': item.readonly | default(false)}] }}"
when: docker_volume_type == 'named' and item.name is defined
loop: "{{ docker_mounts }}"
- name: Set docker_mount_definition for src binds
set_fact:
docker_mount_definition: "{{ docker_mount_definition + [{'source': item.src, 'target': item.path, 'type': 'bind', 'read_only': item.readonly | default(false)}] }}"
when: item.src is defined
loop: "{{ docker_mounts }}"

31
roles/service/tasks/proxy.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- name: "Ensure reverse proxy with legacy name doesn't exist"
include_role:
name: uumas.general.vhost
vars:
vhost_id: "{{ docker_service_underscore_name }}"
vhost_state: absent
when: docker_service_underscore_name != docker_service_name
- name: Reverse proxy
include_role:
name: uumas.general.vhost
vars:
vhost_type: reverse_proxy
vhost_id: "{{ docker_service_name }}"
proxy_target_protocol: "{{ docker_proxy_target_protocol }}"
vhost_domains: "{{ docker_vhost_domains[docker_service_name] }}"
proxy_target_port: "{{ ports[docker_service_name][proxy_target_protocol] }}"
when: reverse_proxy_type != 'traefik'
- name: Set published ports variable to http port
set_fact:
container_published_ports: ["127.0.0.1:{{ ports[docker_service_name][docker_proxy_target_protocol] }}:{{ docker_image_http_port }}"]
when:
- docker_network_mode != 'host'
- reverse_proxy_type != 'traefik'
- name: Include traefik vars
include_vars: traefik.yml
when: reverse_proxy_type == 'traefik'