diff --git a/.later.yml b/.later.yml new file mode 100644 index 0000000..2703cb9 --- /dev/null +++ b/.later.yml @@ -0,0 +1,15 @@ +--- +ansible: + custom_modules: + - iptables_raw + - openssl_pkcs12 + - proxmox_kvm + - ucr + - corenetworks_dns + - corenetworks_token + +rules: + exclude_files: + - "LICENSE*" + - "**/*.md" + - "**/*.ini" diff --git a/.woodpecker/docs.yaml b/.woodpecker/docs.yaml new file mode 100644 index 0000000..f053ca8 --- /dev/null +++ b/.woodpecker/docs.yaml @@ -0,0 +1,47 @@ +--- +when: + - event: [pull_request] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + - name: generate + image: quay.io/thegeeklab/ansible-doctor + environment: + ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/ + ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true" + ANSIBLE_DOCTOR_LOG_LEVEL: INFO + ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME} + ANSIBLE_DOCTOR_TEMPLATE: readme + + - name: format + image: quay.io/thegeeklab/alpine-tools + commands: + - prettier -w README.md + + - name: diff + image: quay.io/thegeeklab/alpine-tools + commands: + - git diff --color=always README.md + + - name: publish + image: quay.io/thegeeklab/wp-git-action + settings: + action: + - commit + - push + author_email: ci-bot@rknet.org + author_name: ci-bot + branch: main + message: "[skip ci] automated docs update" + netrc_machine: gitea.rknet.org + netrc_password: + from_secret: gitea_token + when: + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +depends_on: + - test diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml new file mode 100644 index 0000000..ca4facd --- /dev/null +++ b/.woodpecker/lint.yaml @@ -0,0 +1,30 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + - name: ansible-later + image: quay.io/thegeeklab/ansible-later:4 + commands: + - ansible-later + environment: + FORCE_COLOR: "1" + + - name: python-format + image: docker.io/python:3.12 + commands: + - pip install -qq ruff + - ruff format --check --diff . + environment: + PY_COLORS: "1" + + - name: python-lint + image: docker.io/python:3.12 + commands: + - pip install -qq ruff + - ruff . + environment: + PY_COLORS: "1" diff --git a/.woodpecker/notify.yml b/.woodpecker/notify.yml new file mode 100644 index 0000000..9957125 --- /dev/null +++ b/.woodpecker/notify.yml @@ -0,0 +1,26 @@ +--- +when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +runs_on: [success, failure] + +steps: + - name: matrix + image: quay.io/thegeeklab/wp-matrix + settings: + homeserver: + from_secret: matrix_homeserver + password: + from_secret: matrix_password + roomid: + from_secret: matrix_roomid + username: + from_secret: matrix_username + when: + - status: [success, failure] + +depends_on: + - docs diff --git a/.woodpecker/test.yaml b/.woodpecker/test.yaml new file mode 100644 index 0000000..a4991f7 --- /dev/null +++ b/.woodpecker/test.yaml @@ -0,0 +1,25 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +variables: + - &molecule_base + image: quay.io/thegeeklab/molecule:6 + group: molecule + secrets: + - source: molecule_hcloud_token + target: HCLOUD_TOKEN + environment: + PY_COLORS: "1" + +steps: + - name: molecule-default + <<: *molecule_base + commands: + - molecule test -s default + +depends_on: + - lint diff --git a/README.md b/README.md index 60019e6..5ef71e9 100644 --- a/README.md +++ b/README.md @@ -1,12 +1 @@ # xoxys.dockerengine - -[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.dockerengine?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.dockerengine) -[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) - -Setup docker engine. - -You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/system/dockerengine/). - -## License - -This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. diff --git a/defaults/main.yml b/defaults/main.yml index 294186a..fee00ae 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -16,8 +16,6 @@ dockerengine_service: docker # Requires=time-sync.target # @end -dockerengine_docker_group_enabled: False - # @var dockerengine_registries:description: List of docker registries to auto login # @var dockerengine_registries:example: > # dockerengine_registries: diff --git a/handlers/main.yml b/handlers/main.yml index d3cfcd4..695661c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,10 +1,8 @@ --- - name: Restart docker engine - service: + ansible.builtin.service: state: restarted name: "{{ dockerengine_service }}" daemon_reload: yes enabled: yes listen: __docker_restart - become: True - become_user: root diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 8c50d8c..5662c89 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,9 +7,9 @@ dependency: role-file: molecule/requirements.yml requirements-file: molecule/requirements.yml platforms: - - name: "ubuntu-22.04-alertmanager" + - name: "rocky9-dockerengine" server_type: "cx11" - image: "ubuntu-22.04" + image: "rocky-9" provisioner: name: ansible log: False diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 3f1ce5e..0df1d77 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -3,18 +3,9 @@ hosts: all gather_facts: False tasks: - - name: Bootstrap python for Ansible - raw: | - command -v python3 python || ( - (test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) || - echo "Warning: Python not boostrapped due to unknown platform." - ) + - name: Bootstrap Python for Ansible + ansible.builtin.raw: | + command -v python3 python || + ((test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) || + echo "Warning: Python not boostrapped due to unknown platform.") changed_when: False - - - name: Wait for apt lock - shell: while fuser /var/lib/apt/lists/lock >/dev/null 2>&1; do echo 'Waiting for apt list lock.' && sleep 10; done - changed_when: False - - - name: Update package cache - apt: - update_cache: True diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 2188ec0..38ae96f 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -7,12 +7,12 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( ).get_hosts("all") -def test_alertmanager_running_and_enabled(host): - alertmanager = host.service("alertmanager") - assert alertmanager.is_running - assert alertmanager.is_enabled +def test_docker_is_installed(host): + docker = host.package("docker-ce") + assert docker.is_installed -def test_alertmanager_socket(host): - # Verify the socket is listening for HTTP traffic - assert host.socket("tcp://127.0.0.1:9093").is_listening +def test_docker_running_and_enabled(host): + docker = host.service("docker") + assert docker.is_running + assert docker.is_enabled diff --git a/molecule/requirements.yml b/molecule/requirements.yml index 8152505..348db4e 100644 --- a/molecule/requirements.yml +++ b/molecule/requirements.yml @@ -1,7 +1,5 @@ --- -collections: [] +collections: + - name: community.docker -roles: - - src: https://gitea.rknet.org/ansible/xoxys.dockerengine - scm: git - version: main +roles: [] diff --git a/tasks/main.yml b/tasks/main.yml index ead8470..591ed3e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,127 +1,124 @@ --- -- block: - - name: Add Docker CE repository - yum_repository: - name: "docker-ce" - file: "Docker-CE" - description: "Docker CE Stable" - baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable" - gpgcheck: yes - enabled: yes - gpgkey: "https://download.docker.com/linux/rhel/gpg" +- name: Add Docker CE repository + ansible.builtin.yum_repository: + name: "docker-ce" + file: "Docker-CE" + description: "Docker CE Stable" + baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable" + gpgcheck: yes + enabled: yes + gpgkey: "https://download.docker.com/linux/rhel/gpg" - - name: Ensure to remove old docker packages - package: - name: - - docker - - docker-common - - docker-engine - state: absent +- name: Ensure to remove old docker packages + ansible.builtin.package: + name: + - docker + - docker-common + - docker-engine + state: absent - - name: Install packages - package: - name: "{{ item }}" - state: present - loop: "{{ dockerengine_packages }}" +- name: Install packages + ansible.builtin.package: + name: "{{ item }}" + state: present + loop: "{{ dockerengine_packages }}" - - name: Add namespace group - group: - name: "{{ dockerengine_nsremap_user }}" - state: present - when: dockerengine_usernamespace_enabled | bool +- name: Add namespace group + ansible.builtin.group: + name: "{{ dockerengine_nsremap_user }}" + state: present + when: dockerengine_usernamespace_enabled | bool - - name: Setup namespace user - user: - name: "{{ dockerengine_nsremap_user }}" - group: "{{ dockerengine_nsremap_user }}" - shell: /sbin/nologin - state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}" +- name: Setup namespace user + ansible.builtin.user: + name: "{{ dockerengine_nsremap_user }}" + group: "{{ dockerengine_nsremap_user }}" + shell: /sbin/nologin + state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}" - - name: Remove namespace group - group: - name: "{{ dockerengine_nsremap_user }}" - state: absent - when: not dockerengine_usernamespace_enabled | bool +- name: Remove namespace group + ansible.builtin.group: + name: "{{ dockerengine_nsremap_user }}" + state: absent + when: not dockerengine_usernamespace_enabled | bool - - name: Configure namespace id range - lineinfile: - dest: "{{ item }}" - regexp: "^{{ dockerengine_nsremap_user }}:" - line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}" - state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}" - loop: - - /etc/subuid - - /etc/subgid +- name: Configure namespace id range + ansible.builtin.lineinfile: + dest: "{{ item }}" + regexp: "^{{ dockerengine_nsremap_user }}:" + line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}" + state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}" + loop: + - /etc/subuid + - /etc/subgid - - name: Create required directories - loop: - - name: /etc/systemd/system/docker.service.d - mode: "0755" - - name: /etc/docker - mode: "0755" - loop_control: - label: "{{ item.name }}" - file: - path: "{{ item.name }}" - state: directory - mode: "{{ item.mode }}" +- name: Create required directories + ansible.builtin.file: + path: "{{ item.name }}" + state: directory + mode: "{{ item.mode }}" + loop: + - name: /etc/systemd/system/docker.service.d + mode: "0755" + - name: /etc/docker + mode: "0755" + loop_control: + label: "{{ item.name }}" - - name: Write environment file - template: - src: etc/sysconfig/docker.j2 - dest: /etc/sysconfig/docker - mode: "0600" - notify: __docker_restart +- name: Write environment file + ansible.builtin.template: + src: etc/sysconfig/docker.j2 + dest: /etc/sysconfig/docker + mode: "0600" + notify: __docker_restart - - name: Write service override.conf - template: - src: etc/systemd/system/docker.service.d/override.conf.j2 - dest: /etc/systemd/system/docker.service.d/override.conf - mode: 0644 - notify: __docker_restart +- name: Write service override.conf + ansible.builtin.template: + src: etc/systemd/system/docker.service.d/override.conf.j2 + dest: /etc/systemd/system/docker.service.d/override.conf + mode: "0644" + notify: __docker_restart - - name: Write daemon config - copy: - content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}" - dest: /etc/docker/daemon.json - mode: "0600" - notify: __docker_restart +- name: Write daemon config + ansible.builtin.copy: + content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}" + dest: /etc/docker/daemon.json + mode: "0600" + notify: __docker_restart - - name: Deploy daemon config - copy: - content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}" - dest: /etc/docker/daemon.json - mode: "0600" - notify: __docker_restart +- name: Deploy daemon config + ansible.builtin.copy: + content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}" + dest: /etc/docker/daemon.json + mode: "0600" + notify: __docker_restart - - name: Ensure docker engine is up and running - service: - name: "{{ dockerengine_service }}" - enabled: True - state: started +- name: Ensure docker engine is up and running + ansible.builtin.service: + name: "{{ dockerengine_service }}" + enabled: True + state: started - - name: Handle registry logins - docker_login: - registry: "{{ item.url | default(omit) }}" - username: "{{ item.username }}" - password: "{{ item.password }}" - reauthorize: "{{ item.reauthorize | default(False) }}" - state: '{{ item.state | default("present") }}' - loop: "{{ dockerengine_registries }}" - loop_control: - label: "{{ item.url | default('DockerHub') }}" +- name: Handle registry logins + community.docker.docker_login: + registry: "{{ item.url | default(omit) }}" + username: "{{ item.username }}" + password: "{{ item.password }}" + reauthorize: "{{ item.reauthorize | default(False) }}" + state: '{{ item.state | default("present") }}' + loop: "{{ dockerengine_registries }}" + loop_control: + label: "{{ item.url | default('DockerHub') }}" - - name: Create docker networks - docker_network: - name: "{{ item.name }}" - driver: "{{ item.driver | default('bridge') }}" - enable_ipv6: "{{ item.enable_ipv6 | default(False) }}" - ipam_config: "{{ item.ipam_config | default(omit) }}" - force: "{{ item.force | default(omit) }}" - state: "{{ item.state | default('present') }}" - loop: "{{ dockerengine_networks + dockerengine_networks_extra }}" - loop_control: - label: "{{ item.name }}" - notify: __docker_restart - become: True - become_user: root +- name: Create docker networks + community.docker.docker_network: + name: "{{ item.name }}" + driver: "{{ item.driver | default('bridge') }}" + enable_ipv6: "{{ item.enable_ipv6 | default(False) }}" + ipam_config: "{{ item.ipam_config | default(omit) }}" + force: "{{ item.force | default(omit) }}" + state: "{{ item.state | default('present') }}" + loop: "{{ dockerengine_networks + dockerengine_networks_extra }}" + loop_control: + label: "{{ item.name }}" + notify: __docker_restart diff --git a/templates/bin/docker-compose.j2 b/templates/bin/docker-compose.j2 deleted file mode 100644 index 3e439e0..0000000 --- a/templates/bin/docker-compose.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env sh -set -eo pipefail - -exec /opt/python2/ansible-deps/bin/docker-compose "$@"