refactoring

defaults/main.yml

@@ -1,24 +1,35 @@
-# Standards: 0.1
 ---
-# @var custodian_image:description: Docker image to use
-custodian_image: toolhippie/docker-custodian:latest
+# @var dockertidy_image:description: Docker image to use.
+dockertidy_image: xoxys/docker-tidy:latest
 
-# @var custodian_interval:description: Interval for the systemd timer
-custodian_interval: daily
+# @var dockertidy_interval:description: Interval for the systemd timer.
+dockertidy_interval: daily
 
-# @var custodian_max_container_age:description: Max container age
-custodian_max_container_age: 3days
+# @var dockertidy_dry_run:description: Only log actions, don't cleanup anything.
+dockertidy_dry_run: False
 
-# @var custodian_max_image_age:description: Max image age
-custodian_max_image_age: 3days
+# @var dockertidy_log_level:description: Current log level.
+dockertidy_log_level: warning
 
-# @var custodian_dangling_volumes:description: Remove dangling volumes
-custodian_dangling_volumes: False
+# @var dockertidy_max_container_age:description: >
+# Maximum age for a container, containers older than this age will be removed.
+# @end
+dockertidy_max_container_age: "5 days ago"
 
-# @var custodian_exclude_image:description: List of images to exclude
-custodian_exclude_image: []
+# @var dockertidy_max_image_age:description: >
+# Maxium age for an image, images older than this age will be removed.
+# @end
+dockertidy_max_image_age: "3 days ago"
 
-# @var custodian_exclude_container_label:description: List of labels to exclude+
-custodian_exclude_container_label: []
+# @var dockertidy_dangling_volumes:description: Remove dangling volumes.
+dockertidy_dangling_volumes: False
 
-...
+# @var dockertidy_exclude_image:description: Never remove images with this tag.
+dockertidy_exclude_images: []
+
+# @var dockertidy_exclude_container_label:description: >
+# Never remove containers with this label `key` or label `key=value`.
+# @end
+dockertidy_exclude_container_labels: []
+
+dockertidy_docker_socket_path: /var/run/docker.sock

handlers/main.yml

@@ -1,9 +1,9 @@
-# Standards: 0.1
 ---
-- name: Restart custodian
+- name: Restart docker-tidy
   systemd:
-    name: custodian.timer
     state: restarted
-    daemon_reload: True
-
-...
+    daemon_reload: yes
+    name: tidy
+  listen: __tidy_restart
+  become: True
+  become_user: root

molecule/centos7/molecule.yml

@@ -4,7 +4,7 @@ dependency:
 driver:
   name: delegated
 platforms:
-  - name: centos7-bitwardenrs
+  - name: centos7-dockertidy
     region_id: fra1
     image_id: centos-7-x64
     size_id: s-1vcpu-1gb

molecule/centos7/requirements.yml

@@ -8,8 +8,3 @@
   name: xoxys.docker_engine
   scm: git
   version: master
-
-- src: https://gitea.rknet.org/ansible/xoxys.postgres.git
-  name: xoxys.postgres
-  scm: git
-  version: master

molecule/centos7/tests/test_default.py

@@ -10,7 +10,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 
 def test_tidy_running_and_enabled(host):
-    service = host.service("custodian.timer")
+    service = host.service("tidy.timer")
 
     assert service.is_running
     assert service.is_enabled

tasks/main.yml

@@ -1,31 +1,3 @@
-# Standards: 0.1
 ---
-- name: Write timer file
-  notify:
-    - Restart custodian
-  template:
-    src: timer.j2
-    dest: /etc/systemd/system/custodian.timer
-  tags:
-    - custodian
-
-- name: Write service file
-  notify:
-    - Restart custodian
-  template:
-    src: service.j2
-    dest: /etc/systemd/system/custodian.service
-  tags:
-    - custodian
-
-- name: Start custodian timer
-  systemd:
-    name: custodian.timer
-    state: started
-    daemon_reload: True
-    masked: False
-    enabled: True
-  tags:
-    - custodian
-
-...
+- include_tasks: setup.yml
+- include_tasks: post.yml

tasks/post.yml

@@ -0,0 +1,9 @@
+---
+- name: Ensure dockertidy timer is up and running
+  systemd:
+    name: tidy.timer
+    daemon_reload: yes
+    enabled: yes
+    state: started
+  become: True
+  become_user: root

tasks/setup.yml

@@ -0,0 +1,21 @@
+---
+- block:
+    - name: Write environment file
+      template:
+        src: etc/sysconfig/tidy.j2
+        dest: /etc/sysconfig/tidy
+      notify: __tidy_restart
+
+    - name: Write timer file
+      template:
+        src: etc/systemd/system/tidy.timer.j2
+        dest: /etc/systemd/system/tidy.timer
+      notify: __tidy_restart
+
+    - name: Write service file
+      template:
+        src: etc/systemd/system/tidy.service.j2
+        dest: /etc/systemd/system/tidy.service
+      notify: __tidy_restart
+  become: True
+  become_user: root

templates/etc/sysconfig/tidy.j2

@@ -0,0 +1,11 @@
+#jinja2:lstrip_blocks: True
+{{ ansible_managed | comment }}
+TIDY_DRY_RUN={{ dockertidy_dry_run }}
+TIDY_HTTP_TIMEOUT=60
+TIDY_LOG_LEVEL={{ dockertidy_log_level }}
+TIDY_LOG_JSON=False
+TIDY_GC_MAX_CONTAINER_AGE={{ dockertidy_max_container_age }}
+TIDY_GC_MAX_IMAGE_AGE={{ dockertidy_max_image_age }}
+TIDY_GC_DANGLING_VOLUMES={{ dockertidy_dangling_volumes }}
+TIDY_GC_EXCLUDE_IMAGES={{ dockertidy_exclude_images | join(",") }}
+TIDY_GC_EXCLUDE_CONTAINER_LABELS={{ dockertidy_exclude_container_labels | join(",") }}

templates/etc/systemd/system/tidy.service.j2

@@ -0,0 +1,23 @@
+#jinja2:lstrip_blocks: True
+{{ ansible_managed | comment }}
+[Unit]
+Description=Docker GC
+Requires=docker.service network-online.target
+After=docker.service network-online.target
+
+[Service]
+Type=oneshot
+EnvironmentFile=/etc/sysconfig/tidy
+
+ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true'
+ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true'
+ExecStartPre=/usr/bin/docker pull {{ dockertidy_image }}
+ExecStart=/usr/bin/docker run --rm \
+  --name %p \
+  --hostname %p \
+  --volume {{ dockertidy_docker_socket_path }}:/var/run/docker.sock \
+  --privileged=true \
+  {{ dockertidy_image }} \
+
+[Install]
+WantedBy=multi-user.target

templates/etc/systemd/system/tidy.timer.j2

@@ -1,8 +1,8 @@
 [Unit]
-Description=Custodian
+Description=Docker GC
 
 [Timer]
-OnCalendar={{ custodian_interval }}
+OnCalendar={{ dockertidy_interval }}
 Persistent=true
 
 [Install]

templates/service.j2

@@ -1,33 +0,0 @@
-[Unit]
-Description=Custodian
-
-Wants=docker.service
-After=docker.service
-
-[Service]
-Type=oneshot
-EnvironmentFile=/etc/environment
-
-ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true'
-ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true'
-ExecStartPre=/usr/bin/docker pull {{ custodian_image }}
-ExecStart=/usr/bin/docker run --rm \
-  --name %p \
-  --hostname %p \
-  --label traefik.enable=false \
-  --volume /var/run/docker.sock:/var/run/docker.sock \
-  {{ custodian_image }} \
-{% if custodian_dangling_volumes %}
-  --dangling-volumes \
-{% endif %}
-{% for item in custodian_exclude_image %}
-  --exclude-image {{ item }} \
-{% endfor %}
-{% for item in custodian_exclude_container_label %}
-  ----exclude-container-label {{ item }} \
-{% endfor %}
-  --max-container-age {{ custodian_max_container_age }} \
-  --max-image-age {{ custodian_max_image_age }}
-
-[Install]
-WantedBy=multi-user.target