role: docker erweitert (#166)

bugfix no log

base dir set fact

state vars

state

Doku tasks

unnütze kennwörter entfernt

nutzer optional

dir_name darf empty sein

erstelle docker-networks

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#166
Co-Authored-By: mg <mg@noreply.git.mgrote.net>
Co-Committed-By: mg <mg@noreply.git.mgrote.net>

host_vars/docker-test.grote.lan.yml

@@ -5,10 +5,16 @@
     - name: homer
       dir_name: docker-homer
       repository_url: git.mgrote.net/mg/docker-homer
-      repository_user: mg
-      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
     - name: watchtower
       dir_name: docker-watchtower
       repository_url: git.mgrote.net/mg/docker-watchtower
       repository_user: mg
       repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
+    - name: munin-master
+      dir_name: docker-munin-master
+      repository_url: git.mgrote.net/mg/docker-munin-master
+      repository_user: mg
+      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: absent

host_vars/docker2.grote.lan.yml

@@ -7,21 +7,21 @@
       repository_url: git.mgrote.net/mg/docker-munin-master
       repository_user: mg
       repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
     - name: watchtower
       dir_name: docker-watchtower
       repository_url: git.mgrote.net/mg/docker-watchtower
-      repository_user: mg
-      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
     - name: homer
       dir_name: docker-homer
       repository_url: git.mgrote.net/mg/docker-homer
-      repository_user: mg
-      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
     - name: unifi-controller
       dir_name: docker-unifi-controller
       repository_url: git.mgrote.net/mg/docker-unifi-controller
       repository_user: mg
       repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
   ### geerlingguy.munin-node
   munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
   munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift

host_vars/docker3.grote.lan.yml

@@ -7,23 +7,27 @@
       repository_url: git.mgrote.net/mg/docker-miniflux
       repository_user: mg
       repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
     - name: navidrome-mg
       dir_name: docker-navidrome-mg
       repository_url: git.mgrote.net/mg/docker-navidrome-mg
       repository_user: mg
       repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
     - name: nightscout
       dir_name: docker-nightscout
       repository_url: git.mgrote.net/mg/docker-nightscout
       repository_user: mg
       repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present
     - name: traefik
       dir_name: docker-traefik
       repository_url: git.mgrote.net/mg/docker-traefik
       repository_user: mg
       repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      network_name: nw_proxy_traefik
+      state: present
     - name: watchtower
       dir_name: docker-watchtower
       repository_url: git.mgrote.net/mg/docker-watchtower
-      repository_user: mg
-      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present

host_vars/docker4.grote.lan.yml

@@ -5,5 +5,4 @@
     - name: watchtower
       dir_name: docker-watchtower
       repository_url: git.mgrote.net/mg/docker-watchtower
-      repository_user: mg
-      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
+      state: present

roles/mgrote.docker-compose-deploy/README.md

@@ -9,7 +9,20 @@ Die `docker-compose.yml` mit im Repository-Root liegen.
 - [x] Ubuntu (>=20.04)
 
 ### Variablen + Defaults
-see [defaults](./defaults/main.yml)
+```
+# Directory where all Repos get saved
+docker_compose_base_dir: /home/mg/docker
+
+# Dictionary of Repositories
+docker_compose_projects:
+  - name: homer                                         # Name of Project, is alo the dir_name if it isn't set
+    dir_name: docker-homer                              # Directory-Name where the repo is saved; optional; just dont let it empty, remove it
+    repository_url: git.mgrote.net/mg/docker-homer.git  # URL to repository, WITHOUT protocol; only https supported
+    repository_user: mg                                 # git user for login on private Repositories; optional; just dont let it empty, remove it
+    repository_user_password: k1BvXXXXXXXrbg            # git user password for login on private Repositories; optional; just dont let it empty, remove it
+    network_name: homer-network                         # docker-network to create; optional; just dont let it empty, remove it
+    state: present|absent                               # should the project be present or absent?
+```
 
 
 ### Benötigt

roles/mgrote.docker-compose-deploy/defaults/main.yml

@@ -1,9 +0,0 @@
----
-#  docker_compose_base_dir: /home/mg/docker # Directory where all Repos get saved
-
-#  docker_compose_projects: # Dictionary of Repositories
-#    - name: homer # Name
-#      dir_name: docker-homer # DirectoryNAME where the repo is saved
-#      repository_url: git.mgrote.net/mg/docker-homer.git #URL to repository, WITHOUT protocol; only https supported
-#      repository_user: mg # git user
-#      repository_user_password: k1BvXXXXXXXrbg #git user password

roles/mgrote.docker-compose-deploy/tasks/dockercompose-down.yml

@@ -0,0 +1,24 @@
+---
+  - name: set dir - "{{ item.name }}"
+    set_fact:
+      project_dir: "{{ docker_compose_base_dir }}/{{ item.dir_name | default (item.name) }}"
+    when:
+      - docker_compose_base_dir is defined
+      - docker_compose_projects is defined
+
+  - name: check if dir exists
+    stat:
+      path: "{{ project_dir }}"
+    register: dir
+
+  - name: stop container - "{{ item.name }}"
+    ansible.builtin.shell: docker-compose down
+    args:
+      chdir: "{{ project_dir }}"
+    when: dir.stat.exists == true
+
+  - name: remove repository - "{{ item.name }}"
+    ansible.builtin.file:
+      state: absent
+      dest: "{{ project_dir }}"
+    when: dir.stat.exists == true

roles/mgrote.docker-compose-deploy/tasks/dockercompose-up.yml

@@ -0,0 +1,45 @@
+---
+  - name: set username and passwort - "{{ item.name }}"
+    set_fact:
+      login: "{{ item.repository_user  }}:{{ item.repository_user_password }}@"
+    when:
+      - item.repository_user is defined
+      - item.repository_user_password is defined
+
+  - name: set dir - "{{ item.name }}"
+    set_fact:
+      project_dir: "{{ docker_compose_base_dir }}/{{ item.dir_name | default (item.name) }}"
+    when:
+      - docker_compose_base_dir is defined
+      - docker_compose_projects is defined
+
+  - name: check if repo exists - "{{ item.name }}"
+    stat:
+      path: "{{ project_dir }}"
+    register: repo_exists
+
+  - name: stash changes - "{{ item.name }}"
+    ansible.builtin.shell: git stash
+    args:
+      chdir: "{{ project_dir }}"
+    changed_when: false
+    when: repo_exists.stat.exists == true
+
+  - name: clone public repository - "{{ item.name }}"
+    ansible.builtin.git:
+      repo: "https://{{ login | default () }}{{ item.repository_url }}"
+      dest: "{{ project_dir }}"
+    register: repo
+
+  - name: create networks - "{{ item.name }}"
+    ansible.builtin.shell: "docker network create {{ item.network_name }}" # erstelle network
+    when: "item.network_name is defined" # wenn network_name definiert ist
+    register: network_result # speichere ergebnis in var
+    changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
+    ignore_errors: yes # ignoriere fehler
+
+  - name: (re)start container - "{{ item.name }}"
+    ansible.builtin.shell: docker-compose down && docker-compose up -d
+    args:
+      chdir: "{{ project_dir }}"
+    when: repo.changed

roles/mgrote.docker-compose-deploy/tasks/dockercompose.yml

@@ -1,24 +0,0 @@
----
-  - name: check if repo exists
-    stat:
-      path: "{{ docker_compose_base_dir }}/{{ item.dir_name }}"
-    register: repo_exists
-
-  - name: stash changes
-    ansible.builtin.shell: git stash
-    args:
-      chdir: "{{ docker_compose_base_dir }}/{{ item.dir_name }}"
-    changed_when: false
-    when: repo_exists.stat.exists == true
-
-  - name: clone public repository - "{{ item.name }}"
-    ansible.builtin.git:
-      repo: "https://{{ item.repository_user }}:{{ item.repository_user_password }}@{{ item.repository_url }}"
-      dest: "{{ docker_compose_base_dir }}/{{ item.dir_name }}"
-    register: repo
-
-  - name: (re)start container - "{{ item.name }}"
-    ansible.builtin.shell: docker-compose down && docker-compose up -d
-    args:
-      chdir: "{{ docker_compose_base_dir }}/{{ item.dir_name }}"
-    when: repo.changed

roles/mgrote.docker-compose-deploy/tasks/main.yml

@@ -1,8 +1,14 @@
 ---
-  - name: loop docker tasks
-    include_tasks: dockercompose.yml
+  - name: loop docker tasks - up
+    include_tasks: dockercompose-up.yml
     loop: "{{ docker_compose_projects }}"
     when:
-      - docker_compose_base_dir is defined
-      - docker_compose_projects is defined
+      - item.state == "present"
+    no_log: true
+
+  - name: loop docker tasks - down
+    include_tasks: dockercompose-down.yml
+    loop: "{{ docker_compose_projects }}"
+    when:
+      - item.state == "absent"
     no_log: true