ansible-collections/hcp-ansible
ansible-collections/hcp-ansible
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(variables): add some formatting to globals.yml, remove unused roles

Browse Source
This commit is contained in:
Bertrand Lanson 2023-12-15 19:21:50 +01:00
parent a162879d20
commit cf1bea35c2
156 changed files with 31 additions and 3931 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
# ignore molecule/testinfra pycache
**/__pycache__
.vscode
roles/ednxzu.*

42
playbooks/vars/global.yml
View File

@ -1,4 +1,14 @@
---
##########################
# General options ########
##########################
##########################
# Nomad options ##########
##########################
hashi_nomad_install: true
hashi_nomad_auto_update: false
hashi_nomad_cni_plugins_install: true
@ -15,18 +25,9 @@ hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
#! nomad configuration
hashi_nomad_configuration: {}
hashi_vault_install: true
hashi_vault_auto_update: false
hashi_vault_start_service: true
hashi_vault_version: latest
hashi_vault_deploy_method: host # deployment method, either host or docker
hashi_vault_env_variables: {}
hashi_vault_data_dir: "/opt/vault"
hashi_vault_extra_files: false
hashi_vault_extra_files_src: /tmp/extra_files
hashi_vault_extra_files_dst: /etc/vault.d/extra_files
#! vault configuration
hashi_vault_configuration: {}
##########################
# Consul options #########
##########################
hashi_consul_install: true
hashi_consul_auto_update: false
@ -42,3 +43,20 @@ hashi_consul_envoy_install: false
hashi_consul_envoy_version: latest
#! consul configuration
hashi_consul_configuration: {}
##########################
# Vault options ##########
##########################
hashi_vault_install: true
hashi_vault_auto_update: false
hashi_vault_start_service: true
hashi_vault_version: latest
hashi_vault_deploy_method: host # deployment method, either host or docker
hashi_vault_env_variables: {}
hashi_vault_data_dir: "/opt/vault"
hashi_vault_extra_files: false
hashi_vault_extra_files_src: /tmp/extra_files
hashi_vault_extra_files_dst: /etc/vault.d/extra_files
#! vault configuration
hashi_vault_configuration: {}

8
roles/ednxzu.docker_systemd_service/.ansible-lint
View File

@ -1,8 +0,0 @@
---
warn_list:
- experimental # all rules tagged as experimental
- yaml # violations reported by yamllint
- meta-no-info
skip_list:
- jinja[spacing] # Rule that looks inside jinja2 templates.

52
roles/ednxzu.docker_systemd_service/.gitea/workflows/test.yml
View File

@ -1,52 +0,0 @@
---
name: test
on: [push]
jobs:
lint:
name: Linting
runs-on: ubuntu-latest
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Ansible lint"
run: ansible-lint --force-color
working-directory: ${{ gitea.workspace }}
- name: "YAML lint"
run: yamllint . -f colored -c .yamllint
working-directory: ${{ gitea.workspace }}
molecule-test:
name: Molecule tests
runs-on: ubuntu-latest
needs: lint
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
strategy:
matrix:
test_os: [debian11, debian12, ubuntu2004, ubuntu2204]
scenario: [default, with_custom_flags]
env:
ANSIBLE_HOST_KEY_CHECKING: 'false'
ANSIBLE_FORCE_COLOR: 'true'
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Molecule test"
run: molecule test -s ${{ matrix.scenario }}
shell: bash
working-directory: ${{ gitea.workspace }}
env:
MOLECULE_TEST_OS: ${{ matrix.test_os }}

18
roles/ednxzu.docker_systemd_service/.github/workflows/publish.yml vendored
View File

@ -1,18 +0,0 @@
---
name: publish
on:
push:
branches:
- main
jobs:
publish:
name: Publish to galaxy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Publish
uses: ednxzu/galaxy-import-role@v1
with:
galaxy-api-key: ${{ secrets.GALAXY_API_TOKEN }}

3
roles/ednxzu.docker_systemd_service/.gitignore vendored
View File

@ -1,3 +0,0 @@
# ignore molecule/testinfra pycache
**/__pycache__
.vscode

40
roles/ednxzu.docker_systemd_service/.yamllint
View File

@ -1,40 +0,0 @@
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: enable
comments-indentation: disable
document-start: enable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: enable
key-duplicates: enable
line-length:
max: 80
level: warning
new-line-at-end-of-file: enable
new-lines:
type: unix
trailing-spaces: enable
truthy:
allowed-values:
- 'true'
- 'false'
- 'yes'
- 'no'

20
roles/ednxzu.docker_systemd_service/LICENSE
View File

@ -1,20 +0,0 @@
The MIT License (MIT)
Copyright (c) 2017 Bertrand Lanson
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

118
roles/ednxzu.docker_systemd_service/README.md
View File

@ -1,118 +0,0 @@
docker_systemd_service
=========
> This repository is only a mirror. Development and testing is done on a private gitea server.
This role lets you configure a docker container and run it as a systemd service on **debian-based** distributions. This role is heavily sourced from [mhutter.docker-systemd-service](https://github.com/mhutter/ansible-docker-systemd-service), but aims at providing some of the missing features of said role.
Requirements
------------
This roles assumes you have docker installed on the target host. You can use [ednxzu.install_docker](https://github.com/ednxzu/install_docker) to do so.
Role Variables
--------------
Available variables are listed below, along with default values. A sample file for the default values is available in `default/docker_systemd_service.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.
```yaml
docker_systemd_service_container_name: "My-Service" # by default, set to "My-Service"
```
The name that will be assigned to the container.
```yaml
docker_systemd_service_image: # by default, not defined
```
The image (and optionally tag) to use for the service.
```yaml
docker_systemd_service_container_env: {} # by default, set to {}
```
A list of key/value pairs, that will be written to the environment file for the container. the key NEEDS TO BE CAPTIALIZED, it will not be done automatically. Example: `MY_ENV_VAR: foobar`.
```yaml
docker_systemd_service_container_pull_image: true # by default, set to true
```
Whether or not the role should pull the image during its run.
```yaml
docker_systemd_service_container_pull_force_source: true # by default, set to true
```
If `docker_systemd_service_container_pull_image: true`, whether the pull you be executed at every run. See [`docker_image.force_source`](https://docs.ansible.com/ansible/latest/collections/community/docker/docker_image_module.html#parameter-force_source)
```yaml
docker_systemd_service_flags: [] # by default, set to []
```
This variable lets you pass whatever flags you need to the docker run command. It is a list, to which you can add multiple types of flags:
- ```yaml
- key: value
# will pass the flag --key "value" to the container.
Example:
- network: host
- ```yaml
- simple_key
# will pass the flag --simple_key to the container.
Example:
- privileged
- ```yaml
- key:
- value1
- value2
# will pass the flags --key "value1" --key "value2" to the container.
Example:
- volume:
- /path/on/host:/path/on/container
- /var/run/docker.sock:/var/run/docker.sock:ro
```yaml
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container" # by default, set to "{{ docker_systemd_service_container_name }}_container"
```
The name of the systemd service to register.
```yaml
docker_systemd_service_systemd_options: [] # by default, set to []
```
Extra options to include in systemd service file.
```yaml
docker_systemd_service_enabled: true # by default, set to true
```
Whether the service should be enabled during the role's run.
```yaml
docker_systemd_service_masked: false # by default, set to false
```
Whether the service should be marked as masked.
```yaml
docker_systemd_service_state: started # by default, set to started
```
The state the service should be put in. Valid options are: `reloaded`, `restarted`, `started`, `stopped`, and `absent`. Realistically, you probably want to use `started` or `stopped`. `absent` can be used to remove the service and all associated files from the host.
```yaml
docker_systemd_service_restart: true # by default, set to true
```
Whether the role should restart the service if changes are made to any of the files (when service is already runing).
Dependencies
------------
None.
Example Playbook
----------------
```yaml
# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
roles:
- ednxzu.docker_systemd_service
```
License
-------
MIT / BSD
Author Information
------------------
This role was created by Bertrand Lanson in 2023.

14
roles/ednxzu.docker_systemd_service/defaults/docker_systemd_service.yml.sample
View File

@ -1,14 +0,0 @@
---
# docker_systemd_service_container_name: "My-Service"
# docker_systemd_service_image:
# docker_systemd_service_container_env: {}
# docker_systemd_service_container_pull_image: true
# docker_systemd_service_container_pull_force_source: true
# docker_systemd_service_flags: []
# docker_systemd_service_container_cmd: []
# docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
# docker_systemd_service_systemd_options: []
# docker_systemd_service_enabled: true
# docker_systemd_service_masked: false
# docker_systemd_service_state: started
# docker_systemd_service_restart: true

15
roles/ednxzu.docker_systemd_service/defaults/main.yml
View File

@ -1,15 +0,0 @@
---
# defaults file for docker_systemd_service
docker_systemd_service_container_name: "My-Service"
docker_systemd_service_image:
docker_systemd_service_container_env: {}
docker_systemd_service_container_pull_image: true
docker_systemd_service_container_pull_force_source: true
docker_systemd_service_flags: []
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: started
docker_systemd_service_restart: true

0
roles/ednxzu.docker_systemd_service/files/.gitkeep
View File

32
roles/ednxzu.docker_systemd_service/filter_plugins/docker_filters.py
View File

@ -1,32 +0,0 @@
# filter_plugins/docker_filters.py
def create_docker_flags(flags):
if flags:
filtered_flags = [
create_docker_flag(item) for item in flags if create_docker_flag(item)
]
return "\n".join(filtered_flags)
return None
def create_docker_flag(item):
if isinstance(item, dict):
key = list(item.keys())[0]
value = item[key]
if value is not None:
if isinstance(value, list):
flag_values = ['--{} "{}"'.format(key, val) for val in value]
joined_values = " \\\n".join(flag_values)
return f"{joined_values} \\" if joined_values else None
else:
return '--{} "{}" \\'.format(key, value)
elif isinstance(item, str):
return "--{} \\".format(item)
return None
class FilterModule(object):
def filters(self):
return {
"create_docker_flags": create_docker_flags,
}

10
roles/ednxzu.docker_systemd_service/handlers/main.yml
View File

@ -1,10 +0,0 @@
---
# handlers file for docker_systemd_service
- name: "Restart service(s)"
ansible.builtin.service:
name: "{{ docker_systemd_service_name }}.service"
state: restarted
listen: "systemctl-restart-service"
when: docker_systemd_service_restart
and docker_systemd_service_state != "stopped"
and not _enable_and_start.changed

2
roles/ednxzu.docker_systemd_service/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: 'Fri 15 Dec 2023 05:25:28 PM '
version: main

25
roles/ednxzu.docker_systemd_service/meta/main.yml
View File

@ -1,25 +0,0 @@
---
# meta file for docker_systemd_service
galaxy_info:
namespace: 'ednxzu'
role_name: 'docker_systemd_service'
author: 'Bertrand Lanson'
description: 'Create Systemd services for docker containers.'
license: 'license (BSD, MIT)'
min_ansible_version: '2.10'
platforms:
- name: Ubuntu
versions:
- focal
- jammy
- name: Debian
versions:
- bullseye
- bookworm
galaxy_tags:
- 'ubuntu'
- 'debian'
- 'docker'
- 'systemd'
dependencies: []

8
roles/ednxzu.docker_systemd_service/molecule/default/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.docker_systemd_service"
ansible.builtin.include_role:
name: "ednxzu.docker_systemd_service"

14
roles/ednxzu.docker_systemd_service/molecule/default/group_vars/all.yml
View File

@ -1,14 +0,0 @@
---
docker_systemd_service_container_name: "nginx"
docker_systemd_service_image: nginx
docker_systemd_service_container_env: {}
docker_systemd_service_container_pull_image: false
docker_systemd_service_container_pull_force_source: false
docker_systemd_service_flags: []
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: stopped
docker_systemd_service_restart: false

37
roles/ednxzu.docker_systemd_service/molecule/default/molecule.yml
View File

@ -1,37 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: default
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

5
roles/ednxzu.docker_systemd_service/molecule/default/requirements.yml
View File

@ -1,5 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages

78
roles/ednxzu.docker_systemd_service/molecule/default/verify.yml
View File

@ -1,78 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: file /etc/default/nginx"
block:
- name: "Stat file /etc/default/nginx"
ansible.builtin.stat:
path: "/etc/default/nginx"
register: stat_etc_default_nginx
- name: "Slurp file /etc/default/nginx"
ansible.builtin.slurp:
src: "/etc/default/nginx"
register: slurp_etc_default_nginx
- name: "Verify file /etc/systemd/system/nginx_container.service"
ansible.builtin.assert:
that:
- stat_etc_default_nginx.stat.exists
- stat_etc_default_nginx.stat.isreg
- stat_etc_default_nginx.stat.pw_name == 'root'
- stat_etc_default_nginx.stat.gr_name == 'root'
- stat_etc_default_nginx.stat.mode == '0600'
- (slurp_etc_default_nginx.content|b64decode) == ''
- name: "Test: service nginx_container"
block:
- name: "Get service nginx_container"
ansible.builtin.service_facts:
- name: "Stat file /etc/systemd/system/nginx_container.service"
ansible.builtin.stat:
path: "/etc/systemd/system/nginx_container.service"
register: stat_etc_systemd_system_nginx_container_service
- name: "Slurp file /etc/systemd/system/nginx_container.service"
ansible.builtin.slurp:
src: "/etc/systemd/system/nginx_container.service"
register: slurp_etc_systemd_system_nginx_container_service
- name: "Verify service nginx_container"
vars:
nginx_expected_service_file: |
# Ansible managed: Do NOT edit this file manually!
[Unit]
After=docker.service
PartOf=docker.service
Requires=docker.service
[Service]
EnvironmentFile=/etc/default/nginx
ExecStartPre=-/usr/bin/docker rm -f nginx
ExecStart=/usr/bin/docker run --name nginx \
--rm \
--env-file /etc/default/nginx \
nginx
ExecStop=/usr/bin/docker stop nginx
SyslogIdentifier=nginx
Restart=always
RestartSec=10s
[Install]
WantedBy=docker.service
ansible.builtin.assert:
that:
- stat_etc_systemd_system_nginx_container_service.stat.exists
- stat_etc_systemd_system_nginx_container_service.stat.isreg
- stat_etc_systemd_system_nginx_container_service.stat.pw_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.gr_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.mode == '0644'
- (slurp_etc_systemd_system_nginx_container_service.content|b64decode) == nginx_expected_service_file
- ansible_facts.services['nginx_container.service'] is defined
- ansible_facts.services['nginx_container.service']['source'] == 'systemd'
- ansible_facts.services['nginx_container.service']['state'] == 'inactive'
- ansible_facts.services['nginx_container.service']['status'] == 'enabled'

8
roles/ednxzu.docker_systemd_service/molecule/default_vagrant/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.docker_systemd_service"
ansible.builtin.include_role:
name: "ednxzu.docker_systemd_service"

14
roles/ednxzu.docker_systemd_service/molecule/default_vagrant/group_vars/all.yml
View File

@ -1,14 +0,0 @@
---
docker_systemd_service_container_name: "nginx"
docker_systemd_service_image: nginx
docker_systemd_service_container_env: {}
docker_systemd_service_container_pull_image: true
docker_systemd_service_container_pull_force_source: true
docker_systemd_service_flags: []
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: started
docker_systemd_service_restart: true

35
roles/ednxzu.docker_systemd_service/molecule/default_vagrant/molecule.yml
View File

@ -1,35 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: vagrant
provider:
name: libvirt
platforms:
- name: instance
box: generic/${MOLECULE_TEST_OS}
cpus: 4
memory: 4096
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: default_vagrant
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

10
roles/ednxzu.docker_systemd_service/molecule/default_vagrant/prepare.yml
View File

@ -1,10 +0,0 @@
---
- name: Prepare
hosts: all
become: true
tasks:
- name: "Install docker"
ansible.builtin.include_role:
name: ednxzu.install_docker
vars:
install_docker_python_packages: true

6
roles/ednxzu.docker_systemd_service/molecule/default_vagrant/requirements.yml
View File

@ -1,6 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages
- name: ednxzu.install_docker

78
roles/ednxzu.docker_systemd_service/molecule/default_vagrant/verify.yml
View File

@ -1,78 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: file /etc/default/nginx"
block:
- name: "Stat file /etc/default/nginx"
ansible.builtin.stat:
path: "/etc/default/nginx"
register: stat_etc_default_nginx
- name: "Slurp file /etc/default/nginx"
ansible.builtin.slurp:
src: "/etc/default/nginx"
register: slurp_etc_default_nginx
- name: "Verify file /etc/systemd/system/nginx_container.service"
ansible.builtin.assert:
that:
- stat_etc_default_nginx.stat.exists
- stat_etc_default_nginx.stat.isreg
- stat_etc_default_nginx.stat.pw_name == 'root'
- stat_etc_default_nginx.stat.gr_name == 'root'
- stat_etc_default_nginx.stat.mode == '0600'
- (slurp_etc_default_nginx.content|b64decode) == ''
- name: "Test: service nginx_container"
block:
- name: "Get service nginx_container"
ansible.builtin.service_facts:
- name: "Stat file /etc/systemd/system/nginx_container.service"
ansible.builtin.stat:
path: "/etc/systemd/system/nginx_container.service"
register: stat_etc_systemd_system_nginx_container_service
- name: "Slurp file /etc/systemd/system/nginx_container.service"
ansible.builtin.slurp:
src: "/etc/systemd/system/nginx_container.service"
register: slurp_etc_systemd_system_nginx_container_service
- name: "Verify service nginx_container"
vars:
nginx_expected_service_file: |
# Ansible managed: Do NOT edit this file manually!
[Unit]
After=docker.service
PartOf=docker.service
Requires=docker.service
[Service]
EnvironmentFile=/etc/default/nginx
ExecStartPre=-/usr/bin/docker rm -f nginx
ExecStart=/usr/bin/docker run --name nginx \
--rm \
--env-file /etc/default/nginx \
nginx
ExecStop=/usr/bin/docker stop nginx
SyslogIdentifier=nginx
Restart=always
RestartSec=10s
[Install]
WantedBy=docker.service
ansible.builtin.assert:
that:
- stat_etc_systemd_system_nginx_container_service.stat.exists
- stat_etc_systemd_system_nginx_container_service.stat.isreg
- stat_etc_systemd_system_nginx_container_service.stat.pw_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.gr_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.mode == '0644'
- (slurp_etc_systemd_system_nginx_container_service.content|b64decode) == nginx_expected_service_file
- ansible_facts.services['nginx_container.service'] is defined
- ansible_facts.services['nginx_container.service']['source'] == 'systemd'
- ansible_facts.services['nginx_container.service']['state'] == 'running'
- ansible_facts.services['nginx_container.service']['status'] == 'enabled'

8
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.docker_systemd_service"
ansible.builtin.include_role:
name: "ednxzu.docker_systemd_service"

19
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags/group_vars/all.yml
View File

@ -1,19 +0,0 @@
---
docker_systemd_service_container_name: "nginx"
docker_systemd_service_image: nginx
docker_systemd_service_container_env:
TEST_ENV: test
docker_systemd_service_container_pull_image: false
docker_systemd_service_container_pull_force_source: false
docker_systemd_service_flags:
- privileged
- network: host
- cap-add:
- NET_ADMIN
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: stopped
docker_systemd_service_restart: false

37
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags/molecule.yml
View File

@ -1,37 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: with_custom_flags
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

5
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags/requirements.yml
View File

@ -1,5 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages

84
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags/verify.yml
View File

@ -1,84 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: file /etc/default/nginx"
block:
- name: "Stat file /etc/default/nginx"
ansible.builtin.stat:
path: "/etc/default/nginx"
register: stat_etc_default_nginx
- name: "Slurp file /etc/default/nginx"
ansible.builtin.slurp:
src: "/etc/default/nginx"
register: slurp_etc_default_nginx
- name: "Verify file /etc/default/nginx"
vars:
nginx_expected_env_file: |
TEST_ENV=test
ansible.builtin.assert:
that:
- stat_etc_default_nginx.stat.exists
- stat_etc_default_nginx.stat.isreg
- stat_etc_default_nginx.stat.pw_name == 'root'
- stat_etc_default_nginx.stat.gr_name == 'root'
- stat_etc_default_nginx.stat.mode == '0600'
- (slurp_etc_default_nginx.content|b64decode) == nginx_expected_env_file
- name: "Test: service nginx_container"
block:
- name: "Get service nginx_container"
ansible.builtin.service_facts:
- name: "Stat file /etc/systemd/system/nginx_container.service"
ansible.builtin.stat:
path: "/etc/systemd/system/nginx_container.service"
register: stat_etc_systemd_system_nginx_container_service
- name: "Slurp file /etc/systemd/system/nginx_container.service"
ansible.builtin.slurp:
src: "/etc/systemd/system/nginx_container.service"
register: slurp_etc_systemd_system_nginx_container_service
- name: "Verify service nginx_container"
vars:
nginx_expected_service_file: |
# Ansible managed: Do NOT edit this file manually!
[Unit]
After=docker.service
PartOf=docker.service
Requires=docker.service
[Service]
EnvironmentFile=/etc/default/nginx
ExecStartPre=-/usr/bin/docker rm -f nginx
ExecStart=/usr/bin/docker run --name nginx \
--rm \
--env-file /etc/default/nginx \
--privileged \
--network "host" \
--cap-add "NET_ADMIN" \
nginx
ExecStop=/usr/bin/docker stop nginx
SyslogIdentifier=nginx
Restart=always
RestartSec=10s
[Install]
WantedBy=docker.service
ansible.builtin.assert:
that:
- stat_etc_systemd_system_nginx_container_service.stat.exists
- stat_etc_systemd_system_nginx_container_service.stat.isreg
- stat_etc_systemd_system_nginx_container_service.stat.pw_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.gr_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.mode == '0644'
- (slurp_etc_systemd_system_nginx_container_service.content|b64decode) == nginx_expected_service_file
- ansible_facts.services['nginx_container.service'] is defined
- ansible_facts.services['nginx_container.service']['source'] == 'systemd'
- ansible_facts.services['nginx_container.service']['state'] == 'inactive'
- ansible_facts.services['nginx_container.service']['status'] == 'enabled'

8
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags_vagrant/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.docker_systemd_service"
ansible.builtin.include_role:
name: "ednxzu.docker_systemd_service"

19
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags_vagrant/group_vars/all.yml
View File

@ -1,19 +0,0 @@
---
docker_systemd_service_container_name: "nginx"
docker_systemd_service_image: nginx
docker_systemd_service_container_env:
TEST_ENV: test
docker_systemd_service_container_pull_image: true
docker_systemd_service_container_pull_force_source: true
docker_systemd_service_flags:
- privileged
- network: host
- cap-add:
- NET_ADMIN
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: started
docker_systemd_service_restart: true

35
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags_vagrant/molecule.yml
View File

@ -1,35 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: vagrant
provider:
name: libvirt
platforms:
- name: instance
box: generic/${MOLECULE_TEST_OS}
cpus: 4
memory: 4096
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: with_custom_flags_vagrant
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

10
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags_vagrant/prepare.yml
View File

@ -1,10 +0,0 @@
---
- name: Prepare
hosts: all
become: true
tasks:
- name: "Install docker"
ansible.builtin.include_role:
name: ednxzu.install_docker
vars:
install_docker_python_packages: true

6
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags_vagrant/requirements.yml
View File

@ -1,6 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages
- name: ednxzu.install_docker

84
roles/ednxzu.docker_systemd_service/molecule/with_custom_flags_vagrant/verify.yml
View File

@ -1,84 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: file /etc/default/nginx"
block:
- name: "Stat file /etc/default/nginx"
ansible.builtin.stat:
path: "/etc/default/nginx"
register: stat_etc_default_nginx
- name: "Slurp file /etc/default/nginx"
ansible.builtin.slurp:
src: "/etc/default/nginx"
register: slurp_etc_default_nginx
- name: "Verify file /etc/default/nginx"
vars:
nginx_expected_env_file: |
TEST_ENV=test
ansible.builtin.assert:
that:
- stat_etc_default_nginx.stat.exists
- stat_etc_default_nginx.stat.isreg
- stat_etc_default_nginx.stat.pw_name == 'root'
- stat_etc_default_nginx.stat.gr_name == 'root'
- stat_etc_default_nginx.stat.mode == '0600'
- (slurp_etc_default_nginx.content|b64decode) == nginx_expected_env_file
- name: "Test: service nginx_container"
block:
- name: "Get service nginx_container"
ansible.builtin.service_facts:
- name: "Stat file /etc/systemd/system/nginx_container.service"
ansible.builtin.stat:
path: "/etc/systemd/system/nginx_container.service"
register: stat_etc_systemd_system_nginx_container_service
- name: "Slurp file /etc/systemd/system/nginx_container.service"
ansible.builtin.slurp:
src: "/etc/systemd/system/nginx_container.service"
register: slurp_etc_systemd_system_nginx_container_service
- name: "Verify service nginx_container"
vars:
nginx_expected_service_file: |
# Ansible managed: Do NOT edit this file manually!
[Unit]
After=docker.service
PartOf=docker.service
Requires=docker.service
[Service]
EnvironmentFile=/etc/default/nginx
ExecStartPre=-/usr/bin/docker rm -f nginx
ExecStart=/usr/bin/docker run --name nginx \
--rm \
--env-file /etc/default/nginx \
--privileged \
--network "host" \
--cap-add "NET_ADMIN" \
nginx
ExecStop=/usr/bin/docker stop nginx
SyslogIdentifier=nginx
Restart=always
RestartSec=10s
[Install]
WantedBy=docker.service
ansible.builtin.assert:
that:
- stat_etc_systemd_system_nginx_container_service.stat.exists
- stat_etc_systemd_system_nginx_container_service.stat.isreg
- stat_etc_systemd_system_nginx_container_service.stat.pw_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.gr_name == 'root'
- stat_etc_systemd_system_nginx_container_service.stat.mode == '0644'
- (slurp_etc_systemd_system_nginx_container_service.content|b64decode) == nginx_expected_service_file
- ansible_facts.services['nginx_container.service'] is defined
- ansible_facts.services['nginx_container.service']['source'] == 'systemd'
- ansible_facts.services['nginx_container.service']['state'] == 'running'
- ansible_facts.services['nginx_container.service']['status'] == 'enabled'

36
roles/ednxzu.docker_systemd_service/tasks/install.yml
View File

@ -1,36 +0,0 @@
---
# task/install file for docker_systemd_service
- name: "Create ENV file(s) for docker service(s)"
ansible.builtin.template:
src: env.j2
dest: "{{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}"
owner: root
group: root
mode: '0600'
notify: systemctl-restart-service
- name: "Pull docker image(s)"
community.docker.docker_image:
name: "{{ docker_systemd_service_image }}"
force_source: "{{ docker_systemd_service_container_pull_force_source | bool }}"
source: pull
when: docker_systemd_service_container_pull_image
notify: systemctl-restart-service
- name: "Create unit file(s) for service(s)"
ansible.builtin.template:
src: unit.j2
dest: "/etc/systemd/system/{{ docker_systemd_service_name }}.service"
owner: root
group: root
mode: '0644'
notify: systemctl-restart-service
- name: "Enable and start service(s)"
ansible.builtin.systemd:
name: '{{ docker_systemd_service_name }}.service'
daemon_reload: true
enabled: "{{ docker_systemd_service_enabled }}"
masked: "{{ docker_systemd_service_masked }}"
state: "{{ docker_systemd_service_state }}"
register: _enable_and_start

9
roles/ednxzu.docker_systemd_service/tasks/main.yml
View File

@ -1,9 +0,0 @@
---
# task/main file for docker_systemd_service
- name: "Import install.yml"
ansible.builtin.include_tasks: install.yml
when: docker_systemd_service_state != "absent"
- name: "Import uninstall.yml"
ansible.builtin.include_tasks: uninstall.yml
when: docker_systemd_service_state == "absent"

22
roles/ednxzu.docker_systemd_service/tasks/uninstall.yml
View File

@ -1,22 +0,0 @@
---
# task/uninstall file for docker_systemd_service
- name: "Remove ENV file(s) for service(s)"
ansible.builtin.file:
path: "{{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}"
state: absent
- name: "Disable and stop service(s)"
ansible.builtin.systemd:
name: '{{ docker_systemd_service_name }}.service'
enabled: false
state: stopped
- name: "Remove unit file(s) for service(s)"
ansible.builtin.file:
path: /etc/systemd/system/{{ docker_systemd_service_name }}.service
state: absent
- name: "Reload systemd units"
ansible.builtin.systemd:
daemon_reload: true
changed_when: false

3
roles/ednxzu.docker_systemd_service/templates/env.j2
View File

@ -1,3 +0,0 @@
{% for k,v in docker_systemd_service_container_env|dictsort %}
{{ k }}={{ v }}
{% endfor %}

43
roles/ednxzu.docker_systemd_service/templates/unit.j2
View File

@ -1,43 +0,0 @@
# {{ ansible_managed }}
{% set service_systemd_options_keys = docker_systemd_service_systemd_options | selectattr("key") | map(attribute="key") | list %}
[Unit]
{% for key, value in docker_systemd_service_systemd_unit_options | dictsort %}
{{ key }}={{ value }}
{% endfor %}
[Service]
{% for item in docker_systemd_service_systemd_options %}
{{ item['key'] }}={{ item['value'] }}
{% endfor %}
{% if not 'EnvironmentFile' in service_systemd_options_keys %}
EnvironmentFile={{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}
{% endif %}
{% if not 'ExecStartPre' in service_systemd_options_keys %}
ExecStartPre=-{{ docker_systemd_service_docker_path }} rm -f {{ docker_systemd_service_container_name }}
{% endif %}
{% if not 'ExecStart' in service_systemd_options_keys %}
{% set docker_flags = docker_systemd_service_flags | create_docker_flags %}
ExecStart={{ docker_systemd_service_docker_path }} run --name {{ docker_systemd_service_container_name }} \
--rm \
--env-file {{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }} \
{{ docker_flags -}}{% if docker_flags +%}
{% endif %}{{ docker_systemd_service_image -}}{{ ' ' if docker_systemd_service_container_cmd else '' }}{% if docker_systemd_service_container_cmd is string %}{{ docker_systemd_service_container_cmd | trim }}{% else %}{{ docker_systemd_service_container_cmd | join(' ') | trim }}{% endif %}
{% endif +%}
{% if not 'ExecStop' in service_systemd_options_keys %}
ExecStop={{ docker_systemd_service_docker_path }} stop {{ docker_systemd_service_container_name }}
{% endif %}
{% if container_start_post is defined %}
ExecStartPost=-{{ container_start_post }}
{% endif %}
{% if not 'SyslogIdentifier' in service_systemd_options_keys %}
SyslogIdentifier={{ docker_systemd_service_container_name }}
{% endif %}
{% if not 'Restart' in service_systemd_options_keys %}
Restart=always
{% endif %}
{% if not 'RestartSec' in service_systemd_options_keys %}
RestartSec=10s
{% endif %}
[Install]
WantedBy=docker.service

8
roles/ednxzu.docker_systemd_service/vars/main.yml
View File

@ -1,8 +0,0 @@
---
# vars file for docker_systemd_service
docker_systemd_service_sysconf_dir: /etc/default
docker_systemd_service_docker_path: "/usr/bin/docker"
docker_systemd_service_systemd_unit_options:
After: docker.service
PartOf: docker.service
Requires: docker.service

8
roles/ednxzu.install_docker/.ansible-lint
View File

@ -1,8 +0,0 @@
---
warn_list:
- experimental # all rules tagged as experimental
- yaml # violations reported by yamllint
- meta-no-info
skip_list:
- jinja[spacing] # Rule that looks inside jinja2 templates.

52
roles/ednxzu.install_docker/.gitea/workflows/test.yml
View File

@ -1,52 +0,0 @@
---
name: test
on: [push]
jobs:
lint:
name: Linting
runs-on: ubuntu-latest
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Ansible lint"
run: ansible-lint --force-color
working-directory: ${{ gitea.workspace }}
- name: "YAML lint"
run: yamllint . -f colored -c .yamllint
working-directory: ${{ gitea.workspace }}
molecule-test:
name: Molecule tests
runs-on: ubuntu-latest
needs: lint
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
strategy:
matrix:
test_os: [debian11, debian12, ubuntu2004, ubuntu2204]
scenario: [default, with_custom_config]
env:
ANSIBLE_HOST_KEY_CHECKING: 'false'
ANSIBLE_FORCE_COLOR: 'true'
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Molecule test"
run: molecule test -s ${{ matrix.scenario }}
shell: bash
working-directory: ${{ gitea.workspace }}
env:
MOLECULE_TEST_OS: ${{ matrix.test_os }}

18
roles/ednxzu.install_docker/.github/workflows/publish.yml vendored
View File

@ -1,18 +0,0 @@
---
name: publish
on:
push:
branches:
- main
jobs:
publish:
name: Publish to galaxy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Publish
uses: ednxzu/galaxy-import-role@v1
with:
galaxy-api-key: ${{ secrets.GALAXY_API_TOKEN }}

3
roles/ednxzu.install_docker/.gitignore vendored
View File

@ -1,3 +0,0 @@
# ignore molecule/testinfra pycache
**/__pycache__
.vscode

40
roles/ednxzu.install_docker/.yamllint
View File

@ -1,40 +0,0 @@
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: enable
comments-indentation: disable
document-start: enable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: enable
key-duplicates: enable
line-length:
max: 80
level: warning
new-line-at-end-of-file: enable
new-lines:
type: unix
trailing-spaces: enable
truthy:
allowed-values:
- 'true'
- 'false'
- 'yes'
- 'no'

19
roles/ednxzu.install_docker/LICENSE
View File

@ -1,19 +0,0 @@
The MIT License (MIT)
Copyright (c) 2017 Bertrand Lanson
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

87
roles/ednxzu.install_docker/README.md
View File

@ -1,87 +0,0 @@
install_docker
=========
> This repository is only a mirror. Development and testing is done on a private gitea server.
This role install and configure docker on **debian-based** distributions.
Requirements
------------
None.
Role Variables
--------------
Available variables are listed below, along with default values. A sample file for the default values is available in `default/install_docker.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.
```yaml
install_docker_edition: ce # by default, set to ce
```
This variable sets the edition of docker to install. It can be either `ce` (community edition) or `ee` (enterprise edition).
```yaml
install_docker_auto_update: false # by default, set to false
```
This variable allows you to choose to automatically update docker if a newer version is available whenever the role is replayed. Updating docker is usually pretty safe if done on a regular basis.
```yaml
install_docker_start_service: true
```
This variable defines whether or not to start the docker service after installing it. This can be turned off in case you're building golden images, so that your golden image does not start the docker service during it's build process.
```yaml
install_docker_compose: false # by default, set to false
```
This variables defines whether or not to install docker-compose on the host.
```yaml
install_docker_compose_version: latest # by default, set to latest
```
This variable defines the version of docker-compose to install. It support either `latest`, or the version number (`vX.Y.Z`). Officially, only versions `>=v2.0.1` are supported, as the naming for most packages changed at this release.
```yaml
install_docker_python_packages: false # by default, set to false
```
This variable defines whether or not to install the python packages for managing docker with ansible. This package is required if you plan to perform docker operations with ansible, and should be installed if that is your goal.
```yaml
install_docker_python_packages_version: latest # by default, set to latest
```
This variable defines the version of the python docker package that should be installed. Refer to [ednxzu/manage_pip_packages](https://github.com/ednxzu/manage_pip_packages) for documentation.
```yaml
install_docker_users: [] #by default, set to []
```
This variable is a list of users to add to the docker group, so that they can perform docker related tasks, without requiring privilege escalation.
```yaml
install_docker_daemon_options: {} # by default, set to {}
```
This variable defines the parameters to append to the daemon.json file (in `/etc/docker/daemon.json`). For more details, check out the [documentation](https://docs.docker.com/config/daemon/).
Dependencies
------------
`ednxzu.manage_pip_packages` to install docker python packages for using the `community.docker` modules.
`ednxzu.manage_repositories` to configure the docker apt repository.
`ednxzu.manage_apt_packages` to install docker.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```yaml
# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
roles:
- ednxzu.install_docker
```
License
-------
MIT / BSD
Author Information
------------------
This role was created by Bertrand Lanson in 2023.

10
roles/ednxzu.install_docker/defaults/install_docker.yml.sample
View File

@ -1,10 +0,0 @@
---
# install_docker_edition: ce # can be ce or ee (community or enterprise)
# install_docker_auto_update: false
# install_docker_start_service: true
# install_docker_compose: false
# install_docker_compose_version: latest
# install_docker_python_packages: false
# install_docker_python_packages_version: latest
# install_docker_users: []
# install_docker_daemon_options: {}

11
roles/ednxzu.install_docker/defaults/main.yml
View File

@ -1,11 +0,0 @@
---
# defaults file for install_docker
install_docker_edition: ce # can be ce or ee (community or enterprise)
install_docker_auto_update: false
install_docker_start_service: true
install_docker_compose: false
install_docker_compose_version: latest
install_docker_python_packages: false
install_docker_python_packages_version: latest
install_docker_users: []
install_docker_daemon_options: {}

14
roles/ednxzu.install_docker/handlers/main.yml
View File

@ -1,14 +0,0 @@
---
# handlers file for install_docker
- name: "Enable docker service"
ansible.builtin.service:
name: docker
enabled: true
listen: "systemctl-enable-docker"
- name: "Reload docker service"
ansible.builtin.service:
name: docker
state: reloaded
listen: "systemctl-reload-docker"
when: install_docker_start_service

2
roles/ednxzu.install_docker/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: 'Fri 15 Dec 2023 05:25:27 PM '
version: main

27
roles/ednxzu.install_docker/meta/main.yml
View File

@ -1,27 +0,0 @@
---
# meta file for install_docker
galaxy_info:
namespace: 'ednxzu'
role_name: 'install_docker'
author: 'Bertrand Lanson'
description: 'Install and configure docker for debian-based distros.'
license: 'license (BSD, MIT)'
min_ansible_version: '2.10'
platforms:
- name: Ubuntu
versions:
- focal
- jammy
- name: Debian
versions:
- bullseye
- bookworm
galaxy_tags:
- 'ubuntu'
- 'debian'
- 'docker'
- 'container'
- 'compose'
- 'containerd'
dependencies: []

8
roles/ednxzu.install_docker/molecule/default/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.install_docker"
ansible.builtin.include_role:
name: "ednxzu.install_docker"

37
roles/ednxzu.install_docker/molecule/default/molecule.yml
View File

@ -1,37 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: default
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

5
roles/ednxzu.install_docker/molecule/default/requirements.yml
View File

@ -1,5 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages

96
roles/ednxzu.install_docker/molecule/default/verify.yml
View File

@ -1,96 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: service docker"
block:
- name: "Get service docker"
ansible.builtin.service_facts:
- name: "Stat file /lib/systemd/system/docker.service"
ansible.builtin.stat:
path: "/lib/systemd/system/docker.service"
register: stat_lib_systemd_system_docker_service
- name: "Verify service docker"
ansible.builtin.assert:
that:
- stat_lib_systemd_system_docker_service.stat.exists
- stat_lib_systemd_system_docker_service.stat.isreg
- stat_lib_systemd_system_docker_service.stat.pw_name == 'root'
- stat_lib_systemd_system_docker_service.stat.gr_name == 'root'
- stat_lib_systemd_system_docker_service.stat.mode == '0644'
- ansible_facts.services['docker.service'] is defined
- ansible_facts.services['docker.service']['source'] == 'systemd'
- ansible_facts.services['docker.service']['state'] == 'running'
- ansible_facts.services['docker.service']['status'] == 'enabled'
- name: "Test: file /etc/docker/daemon.json"
block:
- name: "Stat directory /etc/docker"
ansible.builtin.stat:
path: "/etc/docker"
register: stat_etc_docker
- name: "Stat file /etc/docker/daemon.json"
ansible.builtin.stat:
path: "/etc/docker/daemon.json"
register: stat_etc_docker_docker_json
- name: "Slurp file /etc/docker/daemon.json"
ansible.builtin.slurp:
src: "/etc/docker/daemon.json"
register: slurp_etc_docker_docker_json
- name: "Verify directory /etc/docker"
ansible.builtin.assert:
that:
- stat_etc_docker.stat.exists
- stat_etc_docker.stat.isdir
- stat_etc_docker.stat.pw_name == 'root'
- stat_etc_docker.stat.gr_name == 'root'
- stat_etc_docker.stat.mode == '0755'
- stat_etc_docker_docker_json.stat.exists
- stat_etc_docker_docker_json.stat.isreg
- stat_etc_docker_docker_json.stat.pw_name == 'root'
- stat_etc_docker_docker_json.stat.gr_name == 'root'
- stat_etc_docker_docker_json.stat.mode == '0644'
- (slurp_etc_docker_docker_json.content|b64decode) == '{}'
- name: "Test: interaction docker"
block:
- name: "Command docker ps"
ansible.builtin.command: "docker ps"
changed_when: false
register: docker_ps
- name: "Verify docker interaction"
ansible.builtin.assert:
that:
- docker_ps.stdout == 'CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES'
- name: "Test: file /usr/local/bin/docker-compose"
block:
- name: "Stat file /usr/local/bin/docker-compose"
ansible.builtin.stat:
path: "/usr/local/bin/docker-compose"
register: stat_url_local_bin_docker_compose
- name: "Verify file /usr/local/bin/docker-compose"
ansible.builtin.assert:
that:
- not stat_url_local_bin_docker_compose.stat.exists
- name: "Test: python package docker"
block:
- name: "Command pip3 list"
ansible.builtin.command: "pip3 list -o"
changed_when: false
register: pip3_list
- name: "Verify python package docker"
ansible.builtin.assert:
that:
- "'docker' not in pip3_list"

8
roles/ednxzu.install_docker/molecule/default_vagrant/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.install_docker"
ansible.builtin.include_role:
name: "ednxzu.install_docker"

35
roles/ednxzu.install_docker/molecule/default_vagrant/molecule.yml
View File

@ -1,35 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: vagrant
provider:
name: libvirt
platforms:
- name: instance
box: generic/${MOLECULE_TEST_OS}
cpus: 4
memory: 4096
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: default_vagrant
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

12
roles/ednxzu.install_docker/molecule/default_vagrant/prepare.yml
View File

@ -1,12 +0,0 @@
---
- name: Prepare
hosts: all
tasks:
- name: "Install pip3 packages"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list:
- name: python3-pip
version: latest
state: present

5
roles/ednxzu.install_docker/molecule/default_vagrant/requirements.yml
View File

@ -1,5 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages

96
roles/ednxzu.install_docker/molecule/default_vagrant/verify.yml
View File

@ -1,96 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: service docker"
block:
- name: "Get service docker"
ansible.builtin.service_facts:
- name: "Stat file /lib/systemd/system/docker.service"
ansible.builtin.stat:
path: "/lib/systemd/system/docker.service"
register: stat_lib_systemd_system_docker_service
- name: "Verify service docker"
ansible.builtin.assert:
that:
- stat_lib_systemd_system_docker_service.stat.exists
- stat_lib_systemd_system_docker_service.stat.isreg
- stat_lib_systemd_system_docker_service.stat.pw_name == 'root'
- stat_lib_systemd_system_docker_service.stat.gr_name == 'root'
- stat_lib_systemd_system_docker_service.stat.mode == '0644'
- ansible_facts.services['docker.service'] is defined
- ansible_facts.services['docker.service']['source'] == 'systemd'
- ansible_facts.services['docker.service']['state'] == 'running'
- ansible_facts.services['docker.service']['status'] == 'enabled'
- name: "Test: file /etc/docker/daemon.json"
block:
- name: "Stat directory /etc/docker"
ansible.builtin.stat:
path: "/etc/docker"
register: stat_etc_docker
- name: "Stat file /etc/docker/daemon.json"
ansible.builtin.stat:
path: "/etc/docker/daemon.json"
register: stat_etc_docker_docker_json
- name: "Slurp file /etc/docker/daemon.json"
ansible.builtin.slurp:
src: "/etc/docker/daemon.json"
register: slurp_etc_docker_docker_json
- name: "Verify directory /etc/docker"
ansible.builtin.assert:
that:
- stat_etc_docker.stat.exists
- stat_etc_docker.stat.isdir
- stat_etc_docker.stat.pw_name == 'root'
- stat_etc_docker.stat.gr_name == 'root'
- stat_etc_docker.stat.mode == '0755'
- stat_etc_docker_docker_json.stat.exists
- stat_etc_docker_docker_json.stat.isreg
- stat_etc_docker_docker_json.stat.pw_name == 'root'
- stat_etc_docker_docker_json.stat.gr_name == 'root'
- stat_etc_docker_docker_json.stat.mode == '0644'
- (slurp_etc_docker_docker_json.content|b64decode) == '{}'
- name: "Test: interaction docker"
block:
- name: "Command docker ps"
ansible.builtin.command: "docker ps"
changed_when: false
register: docker_ps
- name: "Verify docker interaction"
ansible.builtin.assert:
that:
- docker_ps.stdout == 'CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES'
- name: "Test: file /usr/local/bin/docker-compose"
block:
- name: "Stat file /usr/local/bin/docker-compose"
ansible.builtin.stat:
path: "/usr/local/bin/docker-compose"
register: stat_url_local_bin_docker_compose
- name: "Verify file /usr/local/bin/docker-compose"
ansible.builtin.assert:
that:
- not stat_url_local_bin_docker_compose.stat.exists
- name: "Test: python package docker"
block:
- name: "Command pip3 list"
ansible.builtin.command: "pip3 list -o"
changed_when: false
register: pip3_list
- name: "Verify python package docker"
ansible.builtin.assert:
that:
- "'docker' not in pip3_list"

8
roles/ednxzu.install_docker/molecule/with_custom_config/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.install_docker"
ansible.builtin.include_role:
name: "ednxzu.install_docker"

11
roles/ednxzu.install_docker/molecule/with_custom_config/group_vars/all.yml
View File

@ -1,11 +0,0 @@
---
install_docker_edition: ce # can be ce or ee (community or enterprise)
install_docker_auto_update: true
install_docker_start_service: true
install_docker_compose: true
install_docker_compose_version: latest
install_docker_python_packages: true
install_docker_python_packages_version: latest
install_docker_users: []
install_docker_daemon_options:
data-root: "/opt/docker"

37
roles/ednxzu.install_docker/molecule/with_custom_config/molecule.yml
View File

@ -1,37 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: with_custom_config
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

5
roles/ednxzu.install_docker/molecule/with_custom_config/requirements.yml
View File

@ -1,5 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages

106
roles/ednxzu.install_docker/molecule/with_custom_config/verify.yml
View File

@ -1,106 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: service docker"
block:
- name: "Get service docker"
ansible.builtin.service_facts:
- name: "Stat file /lib/systemd/system/docker.service"
ansible.builtin.stat:
path: "/lib/systemd/system/docker.service"
register: stat_lib_systemd_system_docker_service
- name: "Verify service docker"
ansible.builtin.assert:
that:
- stat_lib_systemd_system_docker_service.stat.exists
- stat_lib_systemd_system_docker_service.stat.isreg
- stat_lib_systemd_system_docker_service.stat.pw_name == 'root'
- stat_lib_systemd_system_docker_service.stat.gr_name == 'root'
- stat_lib_systemd_system_docker_service.stat.mode == '0644'
- ansible_facts.services['docker.service'] is defined
- ansible_facts.services['docker.service']['source'] == 'systemd'
- ansible_facts.services['docker.service']['state'] == 'running'
- ansible_facts.services['docker.service']['status'] == 'enabled'
- name: "Test: file /etc/docker/daemon.json"
block:
- name: "Stat directory /etc/docker"
ansible.builtin.stat:
path: "/etc/docker"
register: stat_etc_docker
- name: "Stat file /etc/docker/daemon.json"
ansible.builtin.stat:
path: "/etc/docker/daemon.json"
register: stat_etc_docker_docker_json
- name: "Slurp file /etc/docker/daemon.json"
ansible.builtin.slurp:
src: "/etc/docker/daemon.json"
register: slurp_etc_docker_docker_json
- name: "Verify directory /etc/docker"
ansible.builtin.assert:
that:
- stat_etc_docker.stat.exists
- stat_etc_docker.stat.isdir
- stat_etc_docker.stat.pw_name == 'root'
- stat_etc_docker.stat.gr_name == 'root'
- stat_etc_docker.stat.mode == '0755'
- stat_etc_docker_docker_json.stat.exists
- stat_etc_docker_docker_json.stat.isreg
- stat_etc_docker_docker_json.stat.pw_name == 'root'
- stat_etc_docker_docker_json.stat.gr_name == 'root'
- stat_etc_docker_docker_json.stat.mode == '0644'
- "'\"data-root\": \"/opt/docker\"' in (slurp_etc_docker_docker_json.content|b64decode)"
- name: "Test: interaction docker"
block:
- name: "Command docker ps"
ansible.builtin.command: "docker ps"
changed_when: false
register: docker_ps
- name: "Verify docker interaction"
ansible.builtin.assert:
that:
- docker_ps.stdout == 'CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES'
- name: "Test: file /usr/local/bin/docker-compose"
block:
- name: "Stat file /usr/local/bin/docker-compose"
ansible.builtin.stat:
path: "/usr/local/bin/docker-compose"
register: stat_url_local_bin_docker_compose
- name: "Command docker-compose --version"
ansible.builtin.command: "docker-compose --version"
changed_when: false
register: docker_compose_version
- name: "Verify file /usr/local/bin/docker-compose"
ansible.builtin.assert:
that:
- docker_compose_version.stdout | regex_search('^Docker Compose version v\\d+\\.\\d+\\.\\d+$')
- stat_url_local_bin_docker_compose.stat.exists
- stat_url_local_bin_docker_compose.stat.isreg
- stat_url_local_bin_docker_compose.stat.pw_name == 'root'
- stat_url_local_bin_docker_compose.stat.gr_name == 'root'
- stat_url_local_bin_docker_compose.stat.mode == '0755'
- name: "Test: python package docker"
block:
- name: "Command pip3 list"
ansible.builtin.command: "pip3 list"
changed_when: false
register: pip3_list
- name: "Verify python package docker"
ansible.builtin.assert:
that:
- "'docker' in pip3_list.stdout"

8
roles/ednxzu.install_docker/molecule/with_custom_config_vagrant/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.install_docker"
ansible.builtin.include_role:
name: "ednxzu.install_docker"

11
roles/ednxzu.install_docker/molecule/with_custom_config_vagrant/group_vars/all.yml
View File

@ -1,11 +0,0 @@
---
install_docker_edition: ce # can be ce or ee (community or enterprise)
install_docker_auto_update: true
install_docker_start_service: true
install_docker_compose: true
install_docker_compose_version: latest
install_docker_python_packages: true
install_docker_python_packages_version: latest
install_docker_users: []
install_docker_daemon_options:
data-root: "/opt/docker"

35
roles/ednxzu.install_docker/molecule/with_custom_config_vagrant/molecule.yml
View File

@ -1,35 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: vagrant
provider:
name: libvirt
platforms:
- name: instance
box: generic/${MOLECULE_TEST_OS}
cpus: 4
memory: 4096
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: with_custom_config_vagrant
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

12
roles/ednxzu.install_docker/molecule/with_custom_config_vagrant/prepare.yml
View File

@ -1,12 +0,0 @@
---
- name: Prepare
hosts: all
tasks:
- name: "Install pip3 packages"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list:
- name: python3-pip
version: latest
state: present

5
roles/ednxzu.install_docker/molecule/with_custom_config_vagrant/requirements.yml
View File

@ -1,5 +0,0 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages

106
roles/ednxzu.install_docker/molecule/with_custom_config_vagrant/verify.yml
View File

@ -1,106 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: service docker"
block:
- name: "Get service docker"
ansible.builtin.service_facts:
- name: "Stat file /lib/systemd/system/docker.service"
ansible.builtin.stat:
path: "/lib/systemd/system/docker.service"
register: stat_lib_systemd_system_docker_service
- name: "Verify service docker"
ansible.builtin.assert:
that:
- stat_lib_systemd_system_docker_service.stat.exists
- stat_lib_systemd_system_docker_service.stat.isreg
- stat_lib_systemd_system_docker_service.stat.pw_name == 'root'
- stat_lib_systemd_system_docker_service.stat.gr_name == 'root'
- stat_lib_systemd_system_docker_service.stat.mode == '0644'
- ansible_facts.services['docker.service'] is defined
- ansible_facts.services['docker.service']['source'] == 'systemd'
- ansible_facts.services['docker.service']['state'] == 'running'
- ansible_facts.services['docker.service']['status'] == 'enabled'
- name: "Test: file /etc/docker/daemon.json"
block:
- name: "Stat directory /etc/docker"
ansible.builtin.stat:
path: "/etc/docker"
register: stat_etc_docker
- name: "Stat file /etc/docker/daemon.json"
ansible.builtin.stat:
path: "/etc/docker/daemon.json"
register: stat_etc_docker_docker_json
- name: "Slurp file /etc/docker/daemon.json"
ansible.builtin.slurp:
src: "/etc/docker/daemon.json"
register: slurp_etc_docker_docker_json
- name: "Verify directory /etc/docker"
ansible.builtin.assert:
that:
- stat_etc_docker.stat.exists
- stat_etc_docker.stat.isdir
- stat_etc_docker.stat.pw_name == 'root'
- stat_etc_docker.stat.gr_name == 'root'
- stat_etc_docker.stat.mode == '0755'
- stat_etc_docker_docker_json.stat.exists
- stat_etc_docker_docker_json.stat.isreg
- stat_etc_docker_docker_json.stat.pw_name == 'root'
- stat_etc_docker_docker_json.stat.gr_name == 'root'
- stat_etc_docker_docker_json.stat.mode == '0644'
- "'\"data-root\": \"/opt/docker\"' in (slurp_etc_docker_docker_json.content|b64decode)"
- name: "Test: interaction docker"
block:
- name: "Command docker ps"
ansible.builtin.command: "docker ps"
changed_when: false
register: docker_ps
- name: "Verify docker interaction"
ansible.builtin.assert:
that:
- docker_ps.stdout == 'CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES'
- name: "Test: file /usr/local/bin/docker-compose"
block:
- name: "Stat file /usr/local/bin/docker-compose"
ansible.builtin.stat:
path: "/usr/local/bin/docker-compose"
register: stat_url_local_bin_docker_compose
- name: "Command docker-compose --version"
ansible.builtin.command: "docker-compose --version"
changed_when: false
register: docker_compose_version
- name: "Verify file /usr/local/bin/docker-compose"
ansible.builtin.assert:
that:
- docker_compose_version.stdout | regex_search('^Docker Compose version v\\d+\\.\\d+\\.\\d+$')
- stat_url_local_bin_docker_compose.stat.exists
- stat_url_local_bin_docker_compose.stat.isreg
- stat_url_local_bin_docker_compose.stat.pw_name == 'root'
- stat_url_local_bin_docker_compose.stat.gr_name == 'root'
- stat_url_local_bin_docker_compose.stat.mode == '0755'
- name: "Test: python package docker"
block:
- name: "Command pip3 list"
ansible.builtin.command: "pip3 list"
changed_when: false
register: pip3_list
- name: "Verify python package docker"
ansible.builtin.assert:
that:
- "'docker' in pip3_list.stdout"

19
roles/ednxzu.install_docker/tasks/configure.yml
View File

@ -1,19 +0,0 @@
---
# task/configure file for install_docker
- name: "Add specified users to group {{ install_docker_group }}"
ansible.builtin.user:
name: "{{ item }}"
groups: "{{ install_docker_group }}"
append: true
loop: "{{ install_docker_users }}"
- name: "Copy daemon.json template"
ansible.builtin.template:
src: daemon.json.j2
dest: "{{ install_docker_daemon_dir }}/daemon.json"
owner: root
group: root
mode: '0644'
notify:
- "systemctl-enable-docker"
- "systemctl-reload-docker"

15
roles/ednxzu.install_docker/tasks/install.yml
View File

@ -1,15 +0,0 @@
---
# task/install file for install_docker
- name: "Configure docker repository"
ansible.builtin.include_role:
name: ednxzu.manage_repositories
vars:
manage_repositories_enable_default_repo: false
manage_repositories_enable_custom_repo: true
manage_repositories_custom_repo: "{{ install_docker_repository }}"
- name: "Install docker packages"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list: "{{ install_docker_packages }}"

46
roles/ednxzu.install_docker/tasks/install_compose.yml
View File

@ -1,46 +0,0 @@
---
# task/install_compose file for install_docker
- name: "Get release for compose:{{ install_docker_compose_version }}"
vars:
_docker_compose_url_ext: "{% if install_docker_compose_version == 'latest'%}releases{% else %}releases/tags{% endif %}"
ansible.builtin.uri:
url: "{{ install_docker_compose_github_api }}/{{ _docker_compose_url_ext }}/{{ install_docker_compose_version }}"
return_content: true
register: _docker_compose_new_release
- name: "Check current compose version"
ansible.builtin.command: "{{ install_docker_compose_path }} --version --short"
register: _docker_compose_old_release
check_mode: false
changed_when: false
failed_when: false
- name: "Set facts for wanted compose release"
ansible.builtin.set_fact:
install_docker_compose_wanted_version: "{{ _docker_compose_new_release.json['tag_name']|regex_replace('v', '') }}"
when: _docker_compose_new_release.json is defined
and (_docker_compose_new_release.json | length > 0)
- name: "Set facts for current compose release"
ansible.builtin.set_fact:
install_docker_compose_current_version: "{{ _docker_compose_old_release.stdout | regex_replace('v', '') }}"
when: _docker_compose_old_release.stdout is defined
and (_docker_compose_old_release.stdout | length > 0)
- name: "Remove old compose binary if different"
ansible.builtin.file:
path: "{{ install_docker_compose_path }}"
state: absent
register: _docker_compose_binary_removed
when: install_docker_compose_current_version is defined
and install_docker_compose_wanted_version not in install_docker_compose_current_version
- name: "Download and install compose:{{ install_docker_compose_version }}"
ansible.builtin.get_url:
url: "{{ install_docker_compose_github_url }}/releases/download/v{{ install_docker_compose_wanted_version }}/docker-compose-linux-{{ ansible_architecture }}"
dest: "{{ install_docker_compose_path }}"
owner: root
group: root
mode: '0755'
when: (install_docker_compose_current_version is not defined)
or (_docker_compose_binary_removed.changed)

7
roles/ednxzu.install_docker/tasks/install_python_docker.yml
View File

@ -1,7 +0,0 @@
---
# task/install_docker_pip file for install_docker
- name: "Install docker packages"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list: "{{ install_docker_python_packages_list }}"

24
roles/ednxzu.install_docker/tasks/main.yml
View File

@ -1,24 +0,0 @@
---
# task/main file for install_docker
- name: "Import prerequisites.yml"
ansible.builtin.include_tasks: prerequisites.yml
- name: "Import install.yml"
ansible.builtin.include_tasks: install.yml
- name: "Import install_compose.yml"
ansible.builtin.include_tasks: install_compose.yml
when: install_docker_compose
- name: "Import install_python_docker.yml"
ansible.builtin.include_tasks: install_python_docker.yml
when: install_docker_python_packages
- name: "Import configure.yml"
ansible.builtin.include_tasks: configure.yml
- name: "Start docker service"
ansible.builtin.service:
name: docker
state: started
when: install_docker_start_service

14
roles/ednxzu.install_docker/tasks/prerequisites.yml
View File

@ -1,14 +0,0 @@
---
# task/prerequisites file for install_docker
- name: "Create group {{ install_docker_group }}"
ansible.builtin.group:
name: "{{ install_docker_group }}"
state: present
- name: "Create directory {{ install_docker_daemon_dir }}"
ansible.builtin.file:
path: "{{ install_docker_daemon_dir }}"
state: directory
owner: root
group: root
mode: '0755'

1
roles/ednxzu.install_docker/templates/daemon.json.j2
View File

@ -1 +0,0 @@
{{ install_docker_daemon_options | to_nice_json }}

36
roles/ednxzu.install_docker/vars/main.yml
View File

@ -1,36 +0,0 @@
---
# vars file for install_docker
install_docker_compose_path: "/usr/local/bin/docker-compose"
install_docker_compose_github_api: https://api.github.com/repos/docker/compose
install_docker_compose_github_url: https://github.com/docker/compose
install_docker_group: docker
install_docker_daemon_dir: /etc/docker
install_docker_packages:
- name: "docker-{{ install_docker_edition }}"
version: latest
state: "{% if install_docker_auto_update %}latest{% else %}present{% endif %}"
- name: "docker-{{ install_docker_edition }}-cli"
version: latest
state: "{% if install_docker_auto_update %}latest{% else %}present{% endif %}"
- name: "docker-{{ install_docker_edition }}-rootless-extras"
version: latest
state: "{% if install_docker_auto_update %}latest{% else %}present{% endif %}"
- name: "containerd.io"
version: latest
state: "{% if install_docker_auto_update %}latest{% else %}present{% endif %}"
install_docker_python_packages_list:
- name: python3-docker
version: latest
state: "{% if install_docker_auto_update %}latest{% else %}present{% endif %}"
install_docker_repository:
- name: docker
uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
comments: "{{ ansible_distribution|lower }} docker repository"
types:
- deb
suites:
- "{{ ansible_distribution_release }}"
components:
- stable
options:
Signed-By: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"

8
roles/ednxzu.manage_apt_packages/.ansible-lint
View File

@ -1,8 +0,0 @@
---
warn_list:
- experimental # all rules tagged as experimental
- yaml # violations reported by yamllint
- meta-no-info
skip_list:
- jinja[spacing] # Rule that looks inside jinja2 templates.

52
roles/ednxzu.manage_apt_packages/.gitea/workflows/test.yml
View File

@ -1,52 +0,0 @@
---
name: test
on: [push]
jobs:
lint:
name: Linting
runs-on: ubuntu-latest
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Ansible lint"
run: ansible-lint --force-color
working-directory: ${{ gitea.workspace }}
- name: "YAML lint"
run: yamllint . -f colored -c .yamllint
working-directory: ${{ gitea.workspace }}
molecule-test:
name: Molecule tests
runs-on: ubuntu-latest
needs: lint
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
strategy:
matrix:
test_os: [debian11, debian12, ubuntu2004, ubuntu2204]
scenario: [default, with_custom_packages]
env:
ANSIBLE_HOST_KEY_CHECKING: 'false'
ANSIBLE_FORCE_COLOR: 'true'
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Molecule test"
run: molecule test -s ${{ matrix.scenario }}
shell: bash
working-directory: ${{ gitea.workspace }}
env:
MOLECULE_TEST_OS: ${{ matrix.test_os }}

18
roles/ednxzu.manage_apt_packages/.github/workflows/publish.yml vendored
View File

@ -1,18 +0,0 @@
---
name: publish
on:
push:
branches:
- main
jobs:
publish:
name: Publish to galaxy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Publish
uses: ednxzu/galaxy-import-role@v1
with:
galaxy-api-key: ${{ secrets.GALAXY_API_TOKEN }}

3
roles/ednxzu.manage_apt_packages/.gitignore vendored
View File

@ -1,3 +0,0 @@
# ignore molecule/testinfra pycache
**/__pycache__
.vscode

40
roles/ednxzu.manage_apt_packages/.yamllint
View File

@ -1,40 +0,0 @@
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: enable
comments-indentation: disable
document-start: enable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: enable
key-duplicates: enable
line-length:
max: 80
level: warning
new-line-at-end-of-file: enable
new-lines:
type: unix
trailing-spaces: enable
truthy:
allowed-values:
- 'true'
- 'false'
- 'yes'
- 'no'

20
roles/ednxzu.manage_apt_packages/LICENSE
View File

@ -1,20 +0,0 @@
The MIT License (MIT)
Copyright (c) 2017 Bertrand Lanson
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

62
roles/ednxzu.manage_apt_packages/README.md
View File

@ -1,62 +0,0 @@
manage_apt_packages
=========
> This repository is only a mirror. Development and testing is done on a private gitea server.
This role enables you to manage packages on **debian-based** distributions. It can be used on its own , or be called by other roles the install/remove packages on demand.
Requirements
------------
None.
Role Variables
--------------
Available variables are listed below, along with default values. A sample file for the default values is available in `default/manage_apt_packages.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.
```yaml
manage_apt_packages_list: # by default, not defined
- name: nginx
version: latest # Leaving empty or setting '' will be considered as latest
state: absent
- name: ...
```
This variable is a list of packages, with their name, desired version and state. Note that the role allows version rollbacks, so unless you absolutely need a specific version, it is usualy advised to keep the version on `latest` or empty (which is considered the same).
Dependencies
------------
None.
Example Playbook
----------------
```yaml
# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
roles:
- ednxzu.manage_apt_packages
```
```yaml
# calling the role inside a playbook and injecting variables (in another role for example)
- hosts: servers
tasks:
- name: "Install consul package"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list:
- name: consul
version: 1.13.1-1
state: present
```
License
-------
MIT / BSD
Author Information
------------------
This role was created by Bertrand Lanson in 2023.

6
roles/ednxzu.manage_apt_packages/defaults/main.yml
View File

@ -1,6 +0,0 @@
---
# defaults file for manage_apt_packages
manage_apt_packages_list:
- name: vim
version: latest
state: present

11
roles/ednxzu.manage_apt_packages/defaults/manage_apt_packages.yml.sample
View File

@ -1,11 +0,0 @@
---
# manage_apt_packages_list:
# - name: nginx
# version: 1.18.0-6ubuntu14
# state: present
# - name: apache2
# version: 2.4.52-1ubuntu4.4
# state: present
# - name:
# version:
# state:

6
roles/ednxzu.manage_apt_packages/handlers/main.yml
View File

@ -1,6 +0,0 @@
---
# handlers file for manage_apt_packages
- name: "Remove unnecessary dependencies"
ansible.builtin.apt:
autoremove: yes
listen: "apt-autoremove"

2
roles/ednxzu.manage_apt_packages/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: 'Fri 15 Dec 2023 05:25:26 PM '
version: main

24
roles/ednxzu.manage_apt_packages/meta/main.yml
View File

@ -1,24 +0,0 @@
---
# meta file for manage_repositories
galaxy_info:
namespace: 'ednxzu'
role_name: 'manage_apt_packages'
author: 'Bertrand Lanson'
description: 'Package management for debian-based distros.'
license: 'license (BSD, MIT)'
min_ansible_version: '2.10'
platforms:
- name: Ubuntu
versions:
- focal
- jammy
- name: Debian
versions:
- bullseye
- bookworm
galaxy_tags:
- 'ubuntu'
- 'debian'
- 'packages'
dependencies: []

8
roles/ednxzu.manage_apt_packages/molecule/default/converge.yml
View File

@ -1,8 +0,0 @@
---
- name: Converge
hosts: all
become: true
tasks:
- name: "Include ednxzu.manage_apt_packages"
ansible.builtin.include_role:
name: "ednxzu.manage_apt_packages"

37
roles/ednxzu.manage_apt_packages/molecule/default/molecule.yml
View File

@ -1,37 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: default
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

3
roles/ednxzu.manage_apt_packages/molecule/default/requirements.yml
View File

@ -1,3 +0,0 @@
---
# requirements file for molecule
roles: []

16
roles/ednxzu.manage_apt_packages/molecule/default/verify.yml
View File

@ -1,16 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: package vim"
block:
- name: "Get packages facts"
ansible.builtin.package_facts:
manager: auto
- name: "Verify package vim"
ansible.builtin.assert:
that:
- "ansible_facts.packages['vim'][0]['name'] == 'vim'"

Some files were not shown because too many files have changed in this diff Show More