ansible
/
xoxys.dockerengine
0
0
Fork 0
Code Issues Pull Requests Releases Activity

cleanup
ci/woodpecker/push/lint Pipeline was successful Details
ci/woodpecker/push/test Pipeline was successful Details
ci/woodpecker/push/docs Pipeline failed Details
ci/woodpecker/push/notify Pipeline was successful Details

This commit is contained in:
Robert Kaussow 2024-02-15 10:29:24 +01:00
parent 8d10bfb76a
commit ea64491533
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
14 changed files with 270 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.later.yml Normal file
View File

@ -0,0 +1,15 @@
---
ansible:
custom_modules:
- iptables_raw
- openssl_pkcs12
- proxmox_kvm
- ucr
- corenetworks_dns
- corenetworks_token
rules:
exclude_files:
- "LICENSE*"
- "**/*.md"
- "**/*.ini"

47
.woodpecker/docs.yaml Normal file
View File

@ -0,0 +1,47 @@
---
when:
- event: [pull_request]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: generate
image: quay.io/thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true"
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME}
ANSIBLE_DOCTOR_TEMPLATE: readme
- name: format
image: quay.io/thegeeklab/alpine-tools
commands:
- prettier -w README.md
- name: diff
image: quay.io/thegeeklab/alpine-tools
commands:
- git diff --color=always README.md
- name: publish
image: quay.io/thegeeklab/wp-git-action
settings:
action:
- commit
- push
author_email: ci-bot@rknet.org
author_name: ci-bot
branch: main
message: "[skip ci] automated docs update"
netrc_machine: gitea.rknet.org
netrc_password:
from_secret: gitea_token
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
depends_on:
- test

30
.woodpecker/lint.yaml Normal file
View File

@ -0,0 +1,30 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: ansible-later
image: quay.io/thegeeklab/ansible-later:4
commands:
- ansible-later
environment:
FORCE_COLOR: "1"
- name: python-format
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff format --check --diff .
environment:
PY_COLORS: "1"
- name: python-lint
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff .
environment:
PY_COLORS: "1"

26
.woodpecker/notify.yml Normal file
View File

@ -0,0 +1,26 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
- name: matrix
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
username:
from_secret: matrix_username
when:
- status: [success, failure]
depends_on:
- docs

25
.woodpecker/test.yaml Normal file
View File

@ -0,0 +1,25 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
variables:
- &molecule_base
image: quay.io/thegeeklab/molecule:6
group: molecule
secrets:
- source: molecule_hcloud_token
target: HCLOUD_TOKEN
environment:
PY_COLORS: "1"
steps:
- name: molecule-default
<<: *molecule_base
commands:
- molecule test -s default
depends_on:
- lint

11
README.md
View File

@ -1,12 +1 @@
# xoxys.dockerengine
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.dockerengine?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.dockerengine)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
Setup docker engine.
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/system/dockerengine/).
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

2
defaults/main.yml
View File

@ -16,8 +16,6 @@ dockerengine_service: docker
# Requires=time-sync.target
# @end
dockerengine_docker_group_enabled: False
# @var dockerengine_registries:description: List of docker registries to auto login
# @var dockerengine_registries:example: >
# dockerengine_registries:

4
handlers/main.yml
View File

@ -1,10 +1,8 @@
---
- name: Restart docker engine
service:
ansible.builtin.service:
state: restarted
name: "{{ dockerengine_service }}"
daemon_reload: yes
enabled: yes
listen: __docker_restart
become: True
become_user: root

4
molecule/default/molecule.yml
View File

@ -7,9 +7,9 @@ dependency:
role-file: molecule/requirements.yml
requirements-file: molecule/requirements.yml
platforms:
- name: "ubuntu-22.04-alertmanager"
- name: "rocky9-dockerengine"
server_type: "cx11"
image: "ubuntu-22.04"
image: "rocky-9"
provisioner:
name: ansible
log: False

19
molecule/default/prepare.yml
View File

@ -3,18 +3,9 @@
hosts: all
gather_facts: False
tasks:
- name: Bootstrap python for Ansible
raw: |
command -v python3 python || (
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
echo "Warning: Python not boostrapped due to unknown platform."
)
- name: Bootstrap Python for Ansible
ansible.builtin.raw: |
command -v python3 python ||
((test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
echo "Warning: Python not boostrapped due to unknown platform.")
changed_when: False
- name: Wait for apt lock
shell: while fuser /var/lib/apt/lists/lock >/dev/null 2>&1; do echo 'Waiting for apt list lock.' && sleep 10; done
changed_when: False
- name: Update package cache
apt:
update_cache: True

14
molecule/default/tests/test_default.py
View File

@ -7,12 +7,12 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
).get_hosts("all")
def test_alertmanager_running_and_enabled(host):
alertmanager = host.service("alertmanager")
assert alertmanager.is_running
assert alertmanager.is_enabled
def test_docker_is_installed(host):
docker = host.package("docker-ce")
assert docker.is_installed
def test_alertmanager_socket(host):
# Verify the socket is listening for HTTP traffic
assert host.socket("tcp://127.0.0.1:9093").is_listening
def test_docker_running_and_enabled(host):
docker = host.service("docker")
assert docker.is_running
assert docker.is_enabled

8
molecule/requirements.yml
View File

@ -1,7 +1,5 @@
---
collections: []
collections:
- name: community.docker
roles:
- src: https://gitea.rknet.org/ansible/xoxys.dockerengine
scm: git
version: main
roles: []

221
tasks/main.yml
View File

@ -1,127 +1,124 @@
---
- block:
- name: Add Docker CE repository
yum_repository:
name: "docker-ce"
file: "Docker-CE"
description: "Docker CE Stable"
baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable"
gpgcheck: yes
enabled: yes
gpgkey: "https://download.docker.com/linux/rhel/gpg"
- name: Add Docker CE repository
ansible.builtin.yum_repository:
name: "docker-ce"
file: "Docker-CE"
description: "Docker CE Stable"
baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable"
gpgcheck: yes
enabled: yes
gpgkey: "https://download.docker.com/linux/rhel/gpg"
- name: Ensure to remove old docker packages
package:
name:
- docker
- docker-common
- docker-engine
state: absent
- name: Ensure to remove old docker packages
ansible.builtin.package:
name:
- docker
- docker-common
- docker-engine
state: absent
- name: Install packages
package:
name: "{{ item }}"
state: present
loop: "{{ dockerengine_packages }}"
- name: Install packages
ansible.builtin.package:
name: "{{ item }}"
state: present
loop: "{{ dockerengine_packages }}"
- name: Add namespace group
group:
name: "{{ dockerengine_nsremap_user }}"
state: present
when: dockerengine_usernamespace_enabled | bool
- name: Add namespace group
ansible.builtin.group:
name: "{{ dockerengine_nsremap_user }}"
state: present
when: dockerengine_usernamespace_enabled | bool
- name: Setup namespace user
user:
name: "{{ dockerengine_nsremap_user }}"
group: "{{ dockerengine_nsremap_user }}"
shell: /sbin/nologin
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
- name: Setup namespace user
ansible.builtin.user:
name: "{{ dockerengine_nsremap_user }}"
group: "{{ dockerengine_nsremap_user }}"
shell: /sbin/nologin
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
- name: Remove namespace group
group:
name: "{{ dockerengine_nsremap_user }}"
state: absent
when: not dockerengine_usernamespace_enabled | bool
- name: Remove namespace group
ansible.builtin.group:
name: "{{ dockerengine_nsremap_user }}"
state: absent
when: not dockerengine_usernamespace_enabled | bool
- name: Configure namespace id range
lineinfile:
dest: "{{ item }}"
regexp: "^{{ dockerengine_nsremap_user }}:"
line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}"
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
loop:
- /etc/subuid
- /etc/subgid
- name: Configure namespace id range
ansible.builtin.lineinfile:
dest: "{{ item }}"
regexp: "^{{ dockerengine_nsremap_user }}:"
line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}"
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
loop:
- /etc/subuid
- /etc/subgid
- name: Create required directories
loop:
- name: /etc/systemd/system/docker.service.d
mode: "0755"
- name: /etc/docker
mode: "0755"
loop_control:
label: "{{ item.name }}"
file:
path: "{{ item.name }}"
state: directory
mode: "{{ item.mode }}"
- name: Create required directories
ansible.builtin.file:
path: "{{ item.name }}"
state: directory
mode: "{{ item.mode }}"
loop:
- name: /etc/systemd/system/docker.service.d
mode: "0755"
- name: /etc/docker
mode: "0755"
loop_control:
label: "{{ item.name }}"
- name: Write environment file
template:
src: etc/sysconfig/docker.j2
dest: /etc/sysconfig/docker
mode: "0600"
notify: __docker_restart
- name: Write environment file
ansible.builtin.template:
src: etc/sysconfig/docker.j2
dest: /etc/sysconfig/docker
mode: "0600"
notify: __docker_restart
- name: Write service override.conf
template:
src: etc/systemd/system/docker.service.d/override.conf.j2
dest: /etc/systemd/system/docker.service.d/override.conf
mode: 0644
notify: __docker_restart
- name: Write service override.conf
ansible.builtin.template:
src: etc/systemd/system/docker.service.d/override.conf.j2
dest: /etc/systemd/system/docker.service.d/override.conf
mode: "0644"
notify: __docker_restart
- name: Write daemon config
copy:
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: "0600"
notify: __docker_restart
- name: Write daemon config
ansible.builtin.copy:
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: "0600"
notify: __docker_restart
- name: Deploy daemon config
copy:
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: "0600"
notify: __docker_restart
- name: Deploy daemon config
ansible.builtin.copy:
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: "0600"
notify: __docker_restart
- name: Ensure docker engine is up and running
service:
name: "{{ dockerengine_service }}"
enabled: True
state: started
- name: Ensure docker engine is up and running
ansible.builtin.service:
name: "{{ dockerengine_service }}"
enabled: True
state: started
- name: Handle registry logins
docker_login:
registry: "{{ item.url | default(omit) }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
reauthorize: "{{ item.reauthorize | default(False) }}"
state: '{{ item.state | default("present") }}'
loop: "{{ dockerengine_registries }}"
loop_control:
label: "{{ item.url | default('DockerHub') }}"
- name: Handle registry logins
community.docker.docker_login:
registry: "{{ item.url | default(omit) }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
reauthorize: "{{ item.reauthorize | default(False) }}"
state: '{{ item.state | default("present") }}'
loop: "{{ dockerengine_registries }}"
loop_control:
label: "{{ item.url | default('DockerHub') }}"
- name: Create docker networks
docker_network:
name: "{{ item.name }}"
driver: "{{ item.driver | default('bridge') }}"
enable_ipv6: "{{ item.enable_ipv6 | default(False) }}"
ipam_config: "{{ item.ipam_config | default(omit) }}"
force: "{{ item.force | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ dockerengine_networks + dockerengine_networks_extra }}"
loop_control:
label: "{{ item.name }}"
notify: __docker_restart
become: True
become_user: root
- name: Create docker networks
community.docker.docker_network:
name: "{{ item.name }}"
driver: "{{ item.driver | default('bridge') }}"
enable_ipv6: "{{ item.enable_ipv6 | default(False) }}"
ipam_config: "{{ item.ipam_config | default(omit) }}"
force: "{{ item.force | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ dockerengine_networks + dockerengine_networks_extra }}"
loop_control:
label: "{{ item.name }}"
notify: __docker_restart

4
templates/bin/docker-compose.j2
View File

@ -1,4 +0,0 @@
#!/usr/bin/env sh
set -eo pipefail
exec /opt/python2/ansible-deps/bin/docker-compose "$@"