From b22c86758eaaeb54128144e5aa7d6503a7af8d4f Mon Sep 17 00:00:00 2001
From: Alexander Dahl <alex@netz39.de>
Date: Sun, 21 Jan 2024 22:05:58 +0100
Subject: [PATCH 1/3] :truck: Migrate docker_host role to external project
We used a similar local role here, in the Freifunk Magdeburg project,
and in personal playbooks. That was moved to an external project,
unified, and reworked, so the external role can act as replacement for
the distributed, redundant copies.
Link: https://github.com/netz39/ansible-role-host-docker
---
group-docker_host.yml | 2 +-
host-krypton.yml | 2 +-
host-pottwal.yml | 2 +-
host-radon.yml | 2 +-
host-tau.yml | 2 +-
host-unicorn.yml | 2 +-
host-wittgenstein.yml | 2 +-
requirements.yml | 3 +
roles/docker_setup/defaults/main.yml | 5 --
roles/docker_setup/handlers/main.yml | 6 --
roles/docker_setup/tasks/main.yml | 91 ---------------------
roles/docker_setup/templates/daemon.json.j2 | 9 --
roles/docker_setup/templates/docker.list.j2 | 2 -
13 files changed, 10 insertions(+), 120 deletions(-)
delete mode 100644 roles/docker_setup/defaults/main.yml
delete mode 100644 roles/docker_setup/handlers/main.yml
delete mode 100644 roles/docker_setup/tasks/main.yml
delete mode 100644 roles/docker_setup/templates/daemon.json.j2
delete mode 100644 roles/docker_setup/templates/docker.list.j2
diff --git a/group-docker_host.yml b/group-docker_host.yml
index 15c2ed9..08cfb2c 100644
--- a/group-docker_host.yml
+++ b/group-docker_host.yml
@@ -3,7 +3,7 @@
become: true
roles:
- - role: docker_setup
+ - role: netz39.host_docker
- hosts: docker_host:&location_space
become: true
diff --git a/host-krypton.yml b/host-krypton.yml
index 2623afa..e9119ca 100644
--- a/host-krypton.yml
+++ b/host-krypton.yml
@@ -19,7 +19,7 @@
roles:
- # role 'docker_setup' applied through group 'docker_host'
+ # role 'netz39.host_docker' applied through group 'docker_host'
- role: apache
- role: apache_letsencrypt # Uses configuration from dehydrated setup
- role: 24367dfa.dehydrated
diff --git a/host-pottwal.yml b/host-pottwal.yml
index 9df71c4..ed32054 100644
--- a/host-pottwal.yml
+++ b/host-pottwal.yml
@@ -3,7 +3,7 @@
become: true
roles:
- # role 'docker_setup' applied through group 'docker_host'
+ # role 'netz39.host_docker' applied through group 'docker_host'
- role: apache
- role: apache_letsencrypt # Uses configuration from dehydrated setup
- role: 24367dfa.dehydrated
diff --git a/host-radon.yml b/host-radon.yml
index f82edc9..93916ef 100644
--- a/host-radon.yml
+++ b/host-radon.yml
@@ -21,7 +21,7 @@
brotherql_host_port: 9004
roles:
- # role 'docker_setup' applied through group 'docker_host'
+ # role 'netz39.host_docker' applied through group 'docker_host'
- role: apache
- role: apache_letsencrypt # Uses configuration from dehydrated setup
- role: 24367dfa.dehydrated
diff --git a/host-tau.yml b/host-tau.yml
index 665f926..ee5e2a4 100644
--- a/host-tau.yml
+++ b/host-tau.yml
@@ -19,7 +19,7 @@
discord_invite_domain: discord.netz39.de
roles:
- # role 'docker_setup' applied through group 'docker_host'
+ # role 'netz39.host_docker' applied through group 'docker_host'
- role: apache
- role: penguineer.dehydrated_cron
diff --git a/host-unicorn.yml b/host-unicorn.yml
index 2ccca3a..a6fe8d5 100644
--- a/host-unicorn.yml
+++ b/host-unicorn.yml
@@ -7,7 +7,7 @@
data_dir: "/srv/data"
roles:
- # role 'docker_setup' applied through group 'docker_host'
+ # role 'netz39.host_docker' applied through group 'docker_host'
tasks:
- name: Setup the docker container for unifi-controller
diff --git a/host-wittgenstein.yml b/host-wittgenstein.yml
index c7a6869..5557893 100644
--- a/host-wittgenstein.yml
+++ b/host-wittgenstein.yml
@@ -3,7 +3,7 @@
become: true
roles:
- - role: docker_setup
+ - role: netz39.host_docker
vars:
docker_data_root: "/srv/docker"
- role: apache
diff --git a/requirements.yml b/requirements.yml
index 975ae64..65bdec0 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -16,6 +16,9 @@ roles:
version: v1.1.0
- src: lespocky.telegraf_docker_in_docker
version: v0.2.1
+ - name: netz39.host_docker
+ src: git+https://github.com/netz39/ansible-role-host-docker.git
+ version: v0.3.0
collections:
- name: community.grafana
diff --git a/roles/docker_setup/defaults/main.yml b/roles/docker_setup/defaults/main.yml
deleted file mode 100644
index f1d15e3..0000000
--- a/roles/docker_setup/defaults/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-docker_compose_version: "1.25.4"
-docker_compose_path: /usr/local/bin/docker-compose
-docker_data_root: "/var/lib/docker"
-docker_storage_driver: "overlay2"
diff --git a/roles/docker_setup/handlers/main.yml b/roles/docker_setup/handlers/main.yml
deleted file mode 100644
index 4e8c5a0..0000000
--- a/roles/docker_setup/handlers/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: restart docker
- service:
- name: docker
- state: restarted
- enabled: yes
diff --git a/roles/docker_setup/tasks/main.yml b/roles/docker_setup/tasks/main.yml
deleted file mode 100644
index 5a42436..0000000
--- a/roles/docker_setup/tasks/main.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-# This file is a mash-up of:
-# https://github.com/geerlingguy/ansible-role-docker/blob/master/tasks/docker-compose.yml
-# https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-debian-9
-# and our own stuff …
----
-- name: Gather package facts
- package_facts:
- manager: "auto"
-
-- name: Exit if docker.io is installed
- fail:
- msg: "Please remove docker.io (Debian vanilla docker package) first!"
- when: "'docker.io' in ansible_facts.packages"
-
-- name: Install Docker APT deps
- package:
- name: "{{ packages }}"
- state: present
- vars:
- packages:
- - apt-transport-https
- - ca-certificates
- - gnupg2
- - software-properties-common
-
-- name: add Docker apt-key
- apt_key:
- url: https://download.docker.com/linux/debian/gpg
- state: present
-
-- name: add Docker's APT repository
- ansible.builtin.template:
- src: templates/docker.list.j2
- dest: /etc/apt/sources.list.d/docker.list
- register: apt_repo
-
-- name: Update package cache # noqa: no-handler
- ansible.builtin.apt:
- update_cache: true
- when: apt_repo.changed
-
-- name: install Docker
- package:
- name: "{{ packages }}"
- state: present
- vars:
- packages:
- - docker-ce
- - python3-docker
-
-- name: Set docker configuration
- template:
- src: templates/daemon.json.j2
- dest: /etc/docker/daemon.json
- mode: "0644"
- notify: restart docker
-
-- name: Check current docker-compose version.
- command: docker-compose --version
- register: docker_compose_current_version
- changed_when: false
- failed_when: false
-
-- name: Delete existing docker-compose version if it's different.
- file:
- path: "{{ docker_compose_path }}"
- state: absent
- when: >
- docker_compose_current_version.stdout is defined
- and docker_compose_version not in docker_compose_current_version.stdout
-
-- name: Install Docker Compose (if configured).
- get_url:
- url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
- dest: "{{ docker_compose_path }}"
- mode: "0755"
-
-- name: Place admin users in docker group
- user:
- name: "{{ item.logname }}"
- groups: [docker]
- append: yes
- when: item.docker
- with_items: "{{ users }}"
-
-- name: Ensure that docker image prune cron job is present.
- ansible.builtin.cron:
- name: docker image prune
- special_time: weekly
- user: root
- job: "docker image prune --all --force"
diff --git a/roles/docker_setup/templates/daemon.json.j2 b/roles/docker_setup/templates/daemon.json.j2
deleted file mode 100644
index ee43392..0000000
--- a/roles/docker_setup/templates/daemon.json.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "exec-opts": ["native.cgroupdriver=systemd"],
- "log-driver": "json-file",
- "log-opts": {
- "max-size": "100m"
- },
- "data-root": "{{ docker_data_root }}",
- "storage-driver": "{{ docker_storage_driver }}"
-}
diff --git a/roles/docker_setup/templates/docker.list.j2 b/roles/docker_setup/templates/docker.list.j2
deleted file mode 100644
index 7795847..0000000
--- a/roles/docker_setup/templates/docker.list.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
-
From e946fe37b41f0be912e78d1d3b2108a2ecf8a937 Mon Sep 17 00:00:00 2001
From: Alexander Dahl <alex@netz39.de>
Date: Wed, 19 Feb 2025 18:47:10 +0100
Subject: [PATCH 2/3] :wrench: renovate: Remove docker_compose match
The role matched by this was removed, and is handled through
requirements.yml now. That should already be covered by renovate
without additional configuration.
---
renovate.json | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/renovate.json b/renovate.json
index 560af2a..b70eae7 100644
--- a/renovate.json
+++ b/renovate.json
@@ -11,17 +11,6 @@
"matchStrings": [
"image: (?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:.*?))?\\s"
]
- },
- {
- "fileMatch": [
- "^roles/docker_setup/defaults/main.yml$"
- ],
- "datasourceTemplate": "github-release",
- "versioningTemplate": "semver",
- "depNameTemplate": "docker-compose",
- "matchStrings": [
- "docker_compose_version: (?<currentValue>.*?)\\s"
- ]
}
],
"packageRules": [
@@ -30,5 +19,4 @@
"schedule": [ "on friday" ]
}
]
-
-}
\ No newline at end of file
+}
From cc41217ad888c67fc3e2afeb1e8f07e73f989f91 Mon Sep 17 00:00:00 2001
From: Alexander Dahl <alex@netz39.de>
Date: Sat, 22 Feb 2025 12:58:20 +0100
Subject: [PATCH 3/3] :wrench: Enable automatic docker image prune again
The feature was part of the old role but unconditionally. When porting
to external role we made it optional with variable
`docker_cron_image_prune` but default to false. Restore the previous
behaviour in this playbook.
---
group_vars/docker_host/vars.yml | 1 +
host-wittgenstein.yml | 1 +
2 files changed, 2 insertions(+)
diff --git a/group_vars/docker_host/vars.yml b/group_vars/docker_host/vars.yml
index 2978231..5be6933 100644
--- a/group_vars/docker_host/vars.yml
+++ b/group_vars/docker_host/vars.yml
@@ -1,2 +1,3 @@
---
docker_data_root: "/srv/docker"
+docker_cron_image_prune: true
diff --git a/host-wittgenstein.yml b/host-wittgenstein.yml
index 5557893..1676da0 100644
--- a/host-wittgenstein.yml
+++ b/host-wittgenstein.yml
@@ -6,6 +6,7 @@
- role: netz39.host_docker
vars:
docker_data_root: "/srv/docker"
+ docker_cron_image_prune: true
- role: apache
- role: apache_letsencrypt # Uses configuration from dehydrated setup
- role: 24367dfa.dehydrated