ansible/xoxys.dockerengine
0
0
Fork 0
Code Issues Pull Requests Releases Activity

cleanup
Some checks failed
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/docs Pipeline failed
Details
ci/woodpecker/push/notify Pipeline was successful
Details

Browse Source
This commit is contained in:
Robert Kaussow 2024-02-15 10:29:24 +01:00
parent 8d10bfb76a
commit ea64491533
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
14 changed files with 270 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.later.yml Normal file
View File

@ -0,0 +1,15 @@
---
ansible:
custom_modules:
- iptables_raw
- openssl_pkcs12
- proxmox_kvm
- ucr
- corenetworks_dns
- corenetworks_token
rules:
exclude_files:
- "LICENSE*"
- "**/*.md"
- "**/*.ini"

47
.woodpecker/docs.yaml Normal file
View File

@ -0,0 +1,47 @@
---
when:
- event: [pull_request]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: generate
image: quay.io/thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true"
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME}
ANSIBLE_DOCTOR_TEMPLATE: readme
- name: format
image: quay.io/thegeeklab/alpine-tools
commands:
- prettier -w README.md
- name: diff
image: quay.io/thegeeklab/alpine-tools
commands:
- git diff --color=always README.md
- name: publish
image: quay.io/thegeeklab/wp-git-action
settings:
action:
- commit
- push
author_email: ci-bot@rknet.org
author_name: ci-bot
branch: main
message: "[skip ci] automated docs update"
netrc_machine: gitea.rknet.org
netrc_password:
from_secret: gitea_token
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
depends_on:
- test

30
.woodpecker/lint.yaml Normal file
View File

@ -0,0 +1,30 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: ansible-later
image: quay.io/thegeeklab/ansible-later:4
commands:
- ansible-later
environment:
FORCE_COLOR: "1"
- name: python-format
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff format --check --diff .
environment:
PY_COLORS: "1"
- name: python-lint
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff .
environment:
PY_COLORS: "1"

26
.woodpecker/notify.yml Normal file
View File

@ -0,0 +1,26 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
- name: matrix
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
username:
from_secret: matrix_username
when:
- status: [success, failure]
depends_on:
- docs

25
.woodpecker/test.yaml Normal file
View File

@ -0,0 +1,25 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
variables:
- &molecule_base
image: quay.io/thegeeklab/molecule:6
group: molecule
secrets:
- source: molecule_hcloud_token
target: HCLOUD_TOKEN
environment:
PY_COLORS: "1"
steps:
- name: molecule-default
<<: *molecule_base
commands:
- molecule test -s default
depends_on:
- lint

11
README.md
View File

@ -1,12 +1 @@
# xoxys.dockerengine # xoxys.dockerengine
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.dockerengine?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.dockerengine)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
Setup docker engine.
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/system/dockerengine/).
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

2
defaults/main.yml
View File

@ -16,8 +16,6 @@ dockerengine_service: docker
# Requires=time-sync.target # Requires=time-sync.target
# @end # @end
dockerengine_docker_group_enabled: False
# @var dockerengine_registries:description: List of docker registries to auto login # @var dockerengine_registries:description: List of docker registries to auto login
# @var dockerengine_registries:example: > # @var dockerengine_registries:example: >
# dockerengine_registries: # dockerengine_registries:

4
handlers/main.yml
View File

@ -1,10 +1,8 @@
--- ---
- name: Restart docker engine - name: Restart docker engine
service: ansible.builtin.service:
state: restarted state: restarted
name: "{{ dockerengine_service }}" name: "{{ dockerengine_service }}"
daemon_reload: yes daemon_reload: yes
enabled: yes enabled: yes
listen: __docker_restart listen: __docker_restart
become: True
become_user: root

4
molecule/default/molecule.yml
View File

@ -7,9 +7,9 @@ dependency:
role-file: molecule/requirements.yml role-file: molecule/requirements.yml
requirements-file: molecule/requirements.yml requirements-file: molecule/requirements.yml
platforms: platforms:
- name: "ubuntu-22.04-alertmanager" - name: "rocky9-dockerengine"
server_type: "cx11" server_type: "cx11"
image: "ubuntu-22.04" image: "rocky-9"
provisioner: provisioner:
name: ansible name: ansible
log: False log: False

19
molecule/default/prepare.yml
View File

@ -3,18 +3,9 @@
hosts: all hosts: all
gather_facts: False gather_facts: False
tasks: tasks:
- name: Bootstrap python for Ansible - name: Bootstrap Python for Ansible
raw: | ansible.builtin.raw: |
command -v python3 python || ( command -v python3 python ||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) || ((test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
echo "Warning: Python not boostrapped due to unknown platform." echo "Warning: Python not boostrapped due to unknown platform.")
)
changed_when: False changed_when: False
- name: Wait for apt lock
shell: while fuser /var/lib/apt/lists/lock >/dev/null 2>&1; do echo 'Waiting for apt list lock.' && sleep 10; done
changed_when: False
- name: Update package cache
apt:
update_cache: True

14
molecule/default/tests/test_default.py
View File

@ -7,12 +7,12 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
).get_hosts("all") ).get_hosts("all")
def test_alertmanager_running_and_enabled(host): def test_docker_is_installed(host):
alertmanager = host.service("alertmanager") docker = host.package("docker-ce")
assert alertmanager.is_running assert docker.is_installed
assert alertmanager.is_enabled
def test_alertmanager_socket(host): def test_docker_running_and_enabled(host):
# Verify the socket is listening for HTTP traffic docker = host.service("docker")
assert host.socket("tcp://127.0.0.1:9093").is_listening assert docker.is_running
assert docker.is_enabled

8
molecule/requirements.yml
View File

@ -1,7 +1,5 @@
--- ---
collections: [] collections:
- name: community.docker
roles: roles: []
- src: https://gitea.rknet.org/ansible/xoxys.dockerengine
scm: git
version: main

221
tasks/main.yml
View File

@ -1,127 +1,124 @@
--- ---
- block: - name: Add Docker CE repository
- name: Add Docker CE repository ansible.builtin.yum_repository:
yum_repository: name: "docker-ce"
name: "docker-ce" file: "Docker-CE"
file: "Docker-CE" description: "Docker CE Stable"
description: "Docker CE Stable" baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable"
baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable" gpgcheck: yes
gpgcheck: yes enabled: yes
enabled: yes gpgkey: "https://download.docker.com/linux/rhel/gpg"
gpgkey: "https://download.docker.com/linux/rhel/gpg"
- name: Ensure to remove old docker packages - name: Ensure to remove old docker packages
package: ansible.builtin.package:
name: name:
- docker - docker
- docker-common - docker-common
- docker-engine - docker-engine
state: absent state: absent
- name: Install packages - name: Install packages
package: ansible.builtin.package:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
loop: "{{ dockerengine_packages }}" loop: "{{ dockerengine_packages }}"
- name: Add namespace group - name: Add namespace group
group: ansible.builtin.group:
name: "{{ dockerengine_nsremap_user }}" name: "{{ dockerengine_nsremap_user }}"
state: present state: present
when: dockerengine_usernamespace_enabled | bool when: dockerengine_usernamespace_enabled | bool
- name: Setup namespace user - name: Setup namespace user
user: ansible.builtin.user:
name: "{{ dockerengine_nsremap_user }}" name: "{{ dockerengine_nsremap_user }}"
group: "{{ dockerengine_nsremap_user }}" group: "{{ dockerengine_nsremap_user }}"
shell: /sbin/nologin shell: /sbin/nologin
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}" state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
- name: Remove namespace group - name: Remove namespace group
group: ansible.builtin.group:
name: "{{ dockerengine_nsremap_user }}" name: "{{ dockerengine_nsremap_user }}"
state: absent state: absent
when: not dockerengine_usernamespace_enabled | bool when: not dockerengine_usernamespace_enabled | bool
- name: Configure namespace id range - name: Configure namespace id range
lineinfile: ansible.builtin.lineinfile:
dest: "{{ item }}" dest: "{{ item }}"
regexp: "^{{ dockerengine_nsremap_user }}:" regexp: "^{{ dockerengine_nsremap_user }}:"
line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}" line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}"
state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}" state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
loop: loop:
- /etc/subuid - /etc/subuid
- /etc/subgid - /etc/subgid
- name: Create required directories - name: Create required directories
loop: ansible.builtin.file:
- name: /etc/systemd/system/docker.service.d path: "{{ item.name }}"
mode: "0755" state: directory
- name: /etc/docker mode: "{{ item.mode }}"
mode: "0755" loop:
loop_control: - name: /etc/systemd/system/docker.service.d
label: "{{ item.name }}" mode: "0755"
file: - name: /etc/docker
path: "{{ item.name }}" mode: "0755"
state: directory loop_control:
mode: "{{ item.mode }}" label: "{{ item.name }}"
- name: Write environment file - name: Write environment file
template: ansible.builtin.template:
src: etc/sysconfig/docker.j2 src: etc/sysconfig/docker.j2
dest: /etc/sysconfig/docker dest: /etc/sysconfig/docker
mode: "0600" mode: "0600"
notify: __docker_restart notify: __docker_restart
- name: Write service override.conf - name: Write service override.conf
template: ansible.builtin.template:
src: etc/systemd/system/docker.service.d/override.conf.j2 src: etc/systemd/system/docker.service.d/override.conf.j2
dest: /etc/systemd/system/docker.service.d/override.conf dest: /etc/systemd/system/docker.service.d/override.conf
mode: 0644 mode: "0644"
notify: __docker_restart notify: __docker_restart
- name: Write daemon config - name: Write daemon config
copy: ansible.builtin.copy:
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}" content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
mode: "0600" mode: "0600"
notify: __docker_restart notify: __docker_restart
- name: Deploy daemon config - name: Deploy daemon config
copy: ansible.builtin.copy:
content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}" content: "{{ (dockerengine_daemon_config | combine(dockerengine_daemon_config_extra)) | to_nice_json }}"
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
mode: "0600" mode: "0600"
notify: __docker_restart notify: __docker_restart
- name: Ensure docker engine is up and running - name: Ensure docker engine is up and running
service: ansible.builtin.service:
name: "{{ dockerengine_service }}" name: "{{ dockerengine_service }}"
enabled: True enabled: True
state: started state: started
- name: Handle registry logins - name: Handle registry logins
docker_login: community.docker.docker_login:
registry: "{{ item.url | default(omit) }}" registry: "{{ item.url | default(omit) }}"
username: "{{ item.username }}" username: "{{ item.username }}"
password: "{{ item.password }}" password: "{{ item.password }}"
reauthorize: "{{ item.reauthorize | default(False) }}" reauthorize: "{{ item.reauthorize | default(False) }}"
state: '{{ item.state | default("present") }}' state: '{{ item.state | default("present") }}'
loop: "{{ dockerengine_registries }}" loop: "{{ dockerengine_registries }}"
loop_control: loop_control:
label: "{{ item.url | default('DockerHub') }}" label: "{{ item.url | default('DockerHub') }}"
- name: Create docker networks - name: Create docker networks
docker_network: community.docker.docker_network:
name: "{{ item.name }}" name: "{{ item.name }}"
driver: "{{ item.driver | default('bridge') }}" driver: "{{ item.driver | default('bridge') }}"
enable_ipv6: "{{ item.enable_ipv6 | default(False) }}" enable_ipv6: "{{ item.enable_ipv6 | default(False) }}"
ipam_config: "{{ item.ipam_config | default(omit) }}" ipam_config: "{{ item.ipam_config | default(omit) }}"
force: "{{ item.force | default(omit) }}" force: "{{ item.force | default(omit) }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
loop: "{{ dockerengine_networks + dockerengine_networks_extra }}" loop: "{{ dockerengine_networks + dockerengine_networks_extra }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
notify: __docker_restart notify: __docker_restart
become: True
become_user: root

4
templates/bin/docker-compose.j2
View File

@ -1,4 +0,0 @@
#!/usr/bin/env sh
set -eo pipefail
exec /opt/python2/ansible-deps/bin/docker-compose "$@"