Merge pull request 'support all docker arguments' (#2) from feature/support-all-docker-args into main
All checks were successful
test / Linting (push) Successful in 10s
test / Molecule tests (default, debian11) (push) Successful in 33s
test / Molecule tests (default, debian12) (push) Successful in 33s
test / Molecule tests (default, ubuntu2004) (push) Successful in 40s
test / Molecule tests (default, ubuntu2204) (push) Successful in 33s
test / Molecule tests (with_custom_flags, debian11) (push) Successful in 32s
test / Molecule tests (with_custom_flags, debian12) (push) Successful in 34s
test / Molecule tests (with_custom_flags, ubuntu2004) (push) Successful in 32s
test / Molecule tests (with_custom_flags, ubuntu2204) (push) Successful in 59s
All checks were successful
test / Linting (push) Successful in 10s
test / Molecule tests (default, debian11) (push) Successful in 33s
test / Molecule tests (default, debian12) (push) Successful in 33s
test / Molecule tests (default, ubuntu2004) (push) Successful in 40s
test / Molecule tests (default, ubuntu2204) (push) Successful in 33s
test / Molecule tests (with_custom_flags, debian11) (push) Successful in 32s
test / Molecule tests (with_custom_flags, debian12) (push) Successful in 34s
test / Molecule tests (with_custom_flags, ubuntu2004) (push) Successful in 32s
test / Molecule tests (with_custom_flags, ubuntu2204) (push) Successful in 59s
Reviewed-on: #2
This commit is contained in:
commit
2efc8bf638
@ -22,3 +22,31 @@ jobs:
|
|||||||
- name: "YAML lint"
|
- name: "YAML lint"
|
||||||
run: yamllint . -f colored -c .yamllint
|
run: yamllint . -f colored -c .yamllint
|
||||||
working-directory: ${{ gitea.workspace }}
|
working-directory: ${{ gitea.workspace }}
|
||||||
|
|
||||||
|
molecule-test:
|
||||||
|
name: Molecule tests
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: lint
|
||||||
|
container:
|
||||||
|
image: git.ednz.fr/container-factory/ansible-runner:act-latest
|
||||||
|
credentials:
|
||||||
|
username: ${{ secrets.ACTIONS_USER }}
|
||||||
|
password: ${{ secrets.ACTIONS_TOKEN }}
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
test_os: [debian11, debian12, ubuntu2004, ubuntu2204]
|
||||||
|
scenario: [default, with_custom_flags]
|
||||||
|
env:
|
||||||
|
ANSIBLE_HOST_KEY_CHECKING: 'false'
|
||||||
|
ANSIBLE_FORCE_COLOR: 'true'
|
||||||
|
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: "Molecule test"
|
||||||
|
run: molecule test -s ${{ matrix.scenario }}
|
||||||
|
shell: bash
|
||||||
|
working-directory: ${{ gitea.workspace }}
|
||||||
|
env:
|
||||||
|
MOLECULE_TEST_OS: ${{ matrix.test_os }}
|
||||||
|
95
README.md
95
README.md
@ -2,7 +2,7 @@ docker_systemd_service
|
|||||||
=========
|
=========
|
||||||
> This repository is only a mirror. Development and testing is done on a private gitea server.
|
> This repository is only a mirror. Development and testing is done on a private gitea server.
|
||||||
|
|
||||||
This role lets you configure a docker container and run it as a systemd service on **debian-based** distributions.
|
This role lets you configure a docker container and run it as a systemd service on **debian-based** distributions. This role is heavily sourced from [mhutter.docker-systemd-service](https://github.com/mhutter/ansible-docker-systemd-service), but aims at providing some of the missing features of said role.
|
||||||
|
|
||||||
Requirements
|
Requirements
|
||||||
------------
|
------------
|
||||||
@ -39,79 +39,28 @@ docker_systemd_service_container_pull_force_source: true # by default, set to tr
|
|||||||
If `docker_systemd_service_container_pull_image: true`, whether the pull you be executed at every run. See [`docker_image.force_source`](https://docs.ansible.com/ansible/latest/collections/community/docker/docker_image_module.html#parameter-force_source)
|
If `docker_systemd_service_container_pull_image: true`, whether the pull you be executed at every run. See [`docker_image.force_source`](https://docs.ansible.com/ansible/latest/collections/community/docker/docker_image_module.html#parameter-force_source)
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
docker_systemd_service_container_labels: [] # by default, set to []
|
docker_systemd_service_flags: [] # by default, set to []
|
||||||
```
|
```
|
||||||
A list of labels to add to the container. These should be strings of the form `some.label=value`.
|
This variable lets you pass whatever flags you need to the docker run command. It is a list, to which you can add multiple types of flags:
|
||||||
|
- ```yaml
|
||||||
```yaml
|
- key: value
|
||||||
docker_systemd_service_container_cmd: [] # by default, set to []
|
# will pass the flag --key "value" to the container.
|
||||||
```
|
Example:
|
||||||
A list of container run command to apply.
|
- network: host
|
||||||
|
- ```yaml
|
||||||
```yaml
|
- simple_key
|
||||||
docker_systemd_service_container_host_network: false # by default, set to false
|
# will pass the flag --simple_key to the container.
|
||||||
```
|
Example:
|
||||||
Whether the container should use the `network_mode: host`.
|
- privileged
|
||||||
|
- ```yaml
|
||||||
```yaml
|
- key:
|
||||||
docker_systemd_service_container_network: "" # by default, set to ""
|
- value1
|
||||||
```
|
- value2
|
||||||
If `docker_systemd_service_container_host_network: false`, you can define the network to use for the container.
|
# will pass the flags --key "value1" --key "value2" to the container.
|
||||||
|
Example:
|
||||||
```yaml
|
- volume:
|
||||||
docker_systemd_service_container_user: "" # by default, set to ""
|
- /path/on/host:/path/on/container
|
||||||
```
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
Define a user to use within the container. See [user settings](https://docs.docker.com/engine/reference/run/#user)
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_hostname: "" # by default, set to ""
|
|
||||||
```
|
|
||||||
The hostname to apply to the container.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_links: [] # by default, set to []
|
|
||||||
```
|
|
||||||
A list of `--links` arguments.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_ports: [] # by default, set to []
|
|
||||||
```
|
|
||||||
A list of ports to expose. Example: `<host_port>:<container_port>`
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_hosts: [] # by default, set to []
|
|
||||||
```
|
|
||||||
A list of `--add-host` arguments.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_volumes: [] # by default, set to []
|
|
||||||
```
|
|
||||||
A list of volumes and their mount points. Example: `/path/on/host:/path/in/container`
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_cap_add: [] # by default, set to []
|
|
||||||
```
|
|
||||||
A list of capabilities to add to the container. Example: `SYS_ADMIN`.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_cap_drop: [] # by default, set to []
|
|
||||||
```
|
|
||||||
A list of capabilities to remove from the container.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_devices: [] # by default, set to []
|
|
||||||
```
|
|
||||||
A list of devices to add to the container.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_privileged: false # by default, set to false
|
|
||||||
```
|
|
||||||
Whether to run the container in privileged mode. See [runtime privilege](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
docker_systemd_service_container_args: "" # by default, set to ""
|
|
||||||
```
|
|
||||||
Arbitrary list of arguments to the `docker run` command as a string.
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container" # by default, set to "{{ docker_systemd_service_container_name }}_container"
|
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container" # by default, set to "{{ docker_systemd_service_container_name }}_container"
|
||||||
|
@ -5,21 +5,8 @@ docker_systemd_service_image:
|
|||||||
docker_systemd_service_container_env: {}
|
docker_systemd_service_container_env: {}
|
||||||
docker_systemd_service_container_pull_image: true
|
docker_systemd_service_container_pull_image: true
|
||||||
docker_systemd_service_container_pull_force_source: true
|
docker_systemd_service_container_pull_force_source: true
|
||||||
docker_systemd_service_container_labels: []
|
docker_systemd_service_flags: []
|
||||||
docker_systemd_service_container_cmd: []
|
docker_systemd_service_container_cmd: []
|
||||||
docker_systemd_service_container_host_network: false
|
|
||||||
docker_systemd_service_container_network: ""
|
|
||||||
docker_systemd_service_container_user: ""
|
|
||||||
docker_systemd_service_container_hostname: ""
|
|
||||||
docker_systemd_service_container_links: []
|
|
||||||
docker_systemd_service_container_ports: []
|
|
||||||
docker_systemd_service_container_hosts: []
|
|
||||||
docker_systemd_service_container_volumes: []
|
|
||||||
docker_systemd_service_container_cap_add: []
|
|
||||||
docker_systemd_service_container_cap_drop: []
|
|
||||||
docker_systemd_service_container_devices: []
|
|
||||||
docker_systemd_service_container_privileged: false
|
|
||||||
docker_systemd_service_container_args: ""
|
|
||||||
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
||||||
docker_systemd_service_systemd_options: []
|
docker_systemd_service_systemd_options: []
|
||||||
docker_systemd_service_enabled: true
|
docker_systemd_service_enabled: true
|
||||||
|
28
filter_plugins/docker_filters.py
Normal file
28
filter_plugins/docker_filters.py
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# filter_plugins/docker_filters.py
|
||||||
|
|
||||||
|
|
||||||
|
def create_docker_flags(flags):
|
||||||
|
if flags:
|
||||||
|
return "\n".join([create_docker_flag(item) for item in flags])
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
def create_docker_flag(item):
|
||||||
|
if isinstance(item, dict):
|
||||||
|
key = list(item.keys())[0]
|
||||||
|
value = item[key]
|
||||||
|
if isinstance(value, list):
|
||||||
|
return "\n".join(['--{} "{}" \\'.format(key, val) for val in value])
|
||||||
|
else:
|
||||||
|
return '--{} "{}" \\'.format(key, value)
|
||||||
|
elif isinstance(item, str):
|
||||||
|
return "--{} \\".format(item)
|
||||||
|
else:
|
||||||
|
return ""
|
||||||
|
|
||||||
|
|
||||||
|
class FilterModule(object):
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
"create_docker_flags": create_docker_flags,
|
||||||
|
}
|
@ -1,24 +1,11 @@
|
|||||||
---
|
---
|
||||||
docker_systemd_service_container_name: "nginx"
|
docker_systemd_service_container_name: "nginx"
|
||||||
docker_systemd_service_image: "nginx"
|
docker_systemd_service_image: nginx
|
||||||
docker_systemd_service_container_env: {}
|
docker_systemd_service_container_env: {}
|
||||||
docker_systemd_service_container_pull_image: false
|
docker_systemd_service_container_pull_image: false
|
||||||
docker_systemd_service_container_pull_force_source: false
|
docker_systemd_service_container_pull_force_source: false
|
||||||
docker_systemd_service_container_labels: []
|
docker_systemd_service_flags: []
|
||||||
docker_systemd_service_container_cmd: []
|
docker_systemd_service_container_cmd: []
|
||||||
docker_systemd_service_container_host_network: false
|
|
||||||
docker_systemd_service_container_network: ""
|
|
||||||
docker_systemd_service_container_user: ""
|
|
||||||
docker_systemd_service_container_hostname: ""
|
|
||||||
docker_systemd_service_container_links: []
|
|
||||||
docker_systemd_service_container_ports: []
|
|
||||||
docker_systemd_service_container_hosts: []
|
|
||||||
docker_systemd_service_container_volumes: []
|
|
||||||
docker_systemd_service_container_cap_add: []
|
|
||||||
docker_systemd_service_container_cap_drop: []
|
|
||||||
docker_systemd_service_container_devices: []
|
|
||||||
docker_systemd_service_container_privileged: false
|
|
||||||
docker_systemd_service_container_args: ""
|
|
||||||
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
||||||
docker_systemd_service_systemd_options: []
|
docker_systemd_service_systemd_options: []
|
||||||
docker_systemd_service_enabled: true
|
docker_systemd_service_enabled: true
|
||||||
|
@ -3,4 +3,3 @@
|
|||||||
roles:
|
roles:
|
||||||
- name: ednxzu.manage_repositories
|
- name: ednxzu.manage_repositories
|
||||||
- name: ednxzu.manage_apt_packages
|
- name: ednxzu.manage_apt_packages
|
||||||
- name: ednxzu.install_docker
|
|
||||||
|
@ -53,20 +53,9 @@
|
|||||||
[Service]
|
[Service]
|
||||||
EnvironmentFile=/etc/default/nginx
|
EnvironmentFile=/etc/default/nginx
|
||||||
ExecStartPre=-/usr/bin/docker rm -f nginx
|
ExecStartPre=-/usr/bin/docker rm -f nginx
|
||||||
ExecStart=/usr/bin/docker run --name nginx --rm --env-file /etc/default/nginx \
|
ExecStart=/usr/bin/docker run --name nginx \
|
||||||
\
|
--rm \
|
||||||
\
|
--env-file /etc/default/nginx \
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
nginx
|
nginx
|
||||||
ExecStop=/usr/bin/docker stop nginx
|
ExecStop=/usr/bin/docker stop nginx
|
||||||
SyslogIdentifier=nginx
|
SyslogIdentifier=nginx
|
||||||
|
@ -3,22 +3,9 @@ docker_systemd_service_container_name: "nginx"
|
|||||||
docker_systemd_service_image: nginx
|
docker_systemd_service_image: nginx
|
||||||
docker_systemd_service_container_env: {}
|
docker_systemd_service_container_env: {}
|
||||||
docker_systemd_service_container_pull_image: true
|
docker_systemd_service_container_pull_image: true
|
||||||
docker_systemd_service_container_pull_force_source: false
|
docker_systemd_service_container_pull_force_source: true
|
||||||
docker_systemd_service_container_labels: []
|
docker_systemd_service_flags: []
|
||||||
docker_systemd_service_container_cmd: []
|
docker_systemd_service_container_cmd: []
|
||||||
docker_systemd_service_container_host_network: false
|
|
||||||
docker_systemd_service_container_network: ""
|
|
||||||
docker_systemd_service_container_user: ""
|
|
||||||
docker_systemd_service_container_hostname: ""
|
|
||||||
docker_systemd_service_container_links: []
|
|
||||||
docker_systemd_service_container_ports: []
|
|
||||||
docker_systemd_service_container_hosts: []
|
|
||||||
docker_systemd_service_container_volumes: []
|
|
||||||
docker_systemd_service_container_cap_add: []
|
|
||||||
docker_systemd_service_container_cap_drop: []
|
|
||||||
docker_systemd_service_container_devices: []
|
|
||||||
docker_systemd_service_container_privileged: false
|
|
||||||
docker_systemd_service_container_args: ""
|
|
||||||
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
||||||
docker_systemd_service_systemd_options: []
|
docker_systemd_service_systemd_options: []
|
||||||
docker_systemd_service_enabled: true
|
docker_systemd_service_enabled: true
|
||||||
|
@ -6,3 +6,5 @@
|
|||||||
- name: "Install docker"
|
- name: "Install docker"
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ednxzu.install_docker
|
name: ednxzu.install_docker
|
||||||
|
vars:
|
||||||
|
install_docker_python_packages: true
|
||||||
|
@ -53,20 +53,9 @@
|
|||||||
[Service]
|
[Service]
|
||||||
EnvironmentFile=/etc/default/nginx
|
EnvironmentFile=/etc/default/nginx
|
||||||
ExecStartPre=-/usr/bin/docker rm -f nginx
|
ExecStartPre=-/usr/bin/docker rm -f nginx
|
||||||
ExecStart=/usr/bin/docker run --name nginx --rm --env-file /etc/default/nginx \
|
ExecStart=/usr/bin/docker run --name nginx \
|
||||||
\
|
--rm \
|
||||||
\
|
--env-file /etc/default/nginx \
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
\
|
|
||||||
nginx
|
nginx
|
||||||
ExecStop=/usr/bin/docker stop nginx
|
ExecStop=/usr/bin/docker stop nginx
|
||||||
SyslogIdentifier=nginx
|
SyslogIdentifier=nginx
|
||||||
|
8
molecule/with_custom_flags/converge.yml
Normal file
8
molecule/with_custom_flags/converge.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: "Include ednxzu.docker_systemd_service"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "ednxzu.docker_systemd_service"
|
19
molecule/with_custom_flags/group_vars/all.yml
Normal file
19
molecule/with_custom_flags/group_vars/all.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
docker_systemd_service_container_name: "nginx"
|
||||||
|
docker_systemd_service_image: nginx
|
||||||
|
docker_systemd_service_container_env:
|
||||||
|
TEST_ENV: test
|
||||||
|
docker_systemd_service_container_pull_image: false
|
||||||
|
docker_systemd_service_container_pull_force_source: false
|
||||||
|
docker_systemd_service_flags:
|
||||||
|
- privileged
|
||||||
|
- network: host
|
||||||
|
- cap-add:
|
||||||
|
- NET_ADMIN
|
||||||
|
docker_systemd_service_container_cmd: []
|
||||||
|
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
||||||
|
docker_systemd_service_systemd_options: []
|
||||||
|
docker_systemd_service_enabled: true
|
||||||
|
docker_systemd_service_masked: false
|
||||||
|
docker_systemd_service_state: stopped
|
||||||
|
docker_systemd_service_restart: false
|
37
molecule/with_custom_flags/molecule.yml
Normal file
37
molecule/with_custom_flags/molecule.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
options:
|
||||||
|
requirements-file: ./requirements.yml
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
|
||||||
|
command: ""
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup
|
||||||
|
cgroupns_mode: host
|
||||||
|
privileged: true
|
||||||
|
pre_build_image: true
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
remote_tmp: /tmp/.ansible
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
||||||
|
scenario:
|
||||||
|
name: with_custom_flags
|
||||||
|
test_sequence:
|
||||||
|
- dependency
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
||||||
|
- syntax
|
||||||
|
- create
|
||||||
|
- prepare
|
||||||
|
- converge
|
||||||
|
- idempotence
|
||||||
|
- verify
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
5
molecule/with_custom_flags/requirements.yml
Normal file
5
molecule/with_custom_flags/requirements.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
# requirements file for molecule
|
||||||
|
roles:
|
||||||
|
- name: ednxzu.manage_repositories
|
||||||
|
- name: ednxzu.manage_apt_packages
|
84
molecule/with_custom_flags/verify.yml
Normal file
84
molecule/with_custom_flags/verify.yml
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
---
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: true
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: "Test: file /etc/default/nginx"
|
||||||
|
block:
|
||||||
|
- name: "Stat file /etc/default/nginx"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/default/nginx"
|
||||||
|
register: stat_etc_default_nginx
|
||||||
|
|
||||||
|
- name: "Slurp file /etc/default/nginx"
|
||||||
|
ansible.builtin.slurp:
|
||||||
|
src: "/etc/default/nginx"
|
||||||
|
register: slurp_etc_default_nginx
|
||||||
|
|
||||||
|
- name: "Verify file /etc/default/nginx"
|
||||||
|
vars:
|
||||||
|
nginx_expected_env_file: |
|
||||||
|
TEST_ENV=test
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- stat_etc_default_nginx.stat.exists
|
||||||
|
- stat_etc_default_nginx.stat.isreg
|
||||||
|
- stat_etc_default_nginx.stat.pw_name == 'root'
|
||||||
|
- stat_etc_default_nginx.stat.gr_name == 'root'
|
||||||
|
- stat_etc_default_nginx.stat.mode == '0600'
|
||||||
|
- (slurp_etc_default_nginx.content|b64decode) == nginx_expected_env_file
|
||||||
|
|
||||||
|
- name: "Test: service nginx_container"
|
||||||
|
block:
|
||||||
|
- name: "Get service nginx_container"
|
||||||
|
ansible.builtin.service_facts:
|
||||||
|
|
||||||
|
- name: "Stat file /etc/systemd/system/nginx_container.service"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/systemd/system/nginx_container.service"
|
||||||
|
register: stat_etc_systemd_system_nginx_container_service
|
||||||
|
|
||||||
|
- name: "Slurp file /etc/systemd/system/nginx_container.service"
|
||||||
|
ansible.builtin.slurp:
|
||||||
|
src: "/etc/systemd/system/nginx_container.service"
|
||||||
|
register: slurp_etc_systemd_system_nginx_container_service
|
||||||
|
|
||||||
|
- name: "Verify service nginx_container"
|
||||||
|
vars:
|
||||||
|
nginx_expected_service_file: |
|
||||||
|
# Ansible managed: Do NOT edit this file manually!
|
||||||
|
[Unit]
|
||||||
|
After=docker.service
|
||||||
|
PartOf=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
EnvironmentFile=/etc/default/nginx
|
||||||
|
ExecStartPre=-/usr/bin/docker rm -f nginx
|
||||||
|
ExecStart=/usr/bin/docker run --name nginx \
|
||||||
|
--rm \
|
||||||
|
--env-file /etc/default/nginx \
|
||||||
|
--privileged \
|
||||||
|
--network "host" \
|
||||||
|
--cap-add "NET_ADMIN" \
|
||||||
|
nginx
|
||||||
|
ExecStop=/usr/bin/docker stop nginx
|
||||||
|
SyslogIdentifier=nginx
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10s
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=docker.service
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.exists
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.isreg
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.pw_name == 'root'
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.gr_name == 'root'
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.mode == '0644'
|
||||||
|
- (slurp_etc_systemd_system_nginx_container_service.content|b64decode) == nginx_expected_service_file
|
||||||
|
- ansible_facts.services['nginx_container.service'] is defined
|
||||||
|
- ansible_facts.services['nginx_container.service']['source'] == 'systemd'
|
||||||
|
- ansible_facts.services['nginx_container.service']['state'] == 'inactive'
|
||||||
|
- ansible_facts.services['nginx_container.service']['status'] == 'enabled'
|
8
molecule/with_custom_flags_vagrant/converge.yml
Normal file
8
molecule/with_custom_flags_vagrant/converge.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: "Include ednxzu.docker_systemd_service"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "ednxzu.docker_systemd_service"
|
19
molecule/with_custom_flags_vagrant/group_vars/all.yml
Normal file
19
molecule/with_custom_flags_vagrant/group_vars/all.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
docker_systemd_service_container_name: "nginx"
|
||||||
|
docker_systemd_service_image: nginx
|
||||||
|
docker_systemd_service_container_env:
|
||||||
|
TEST_ENV: test
|
||||||
|
docker_systemd_service_container_pull_image: true
|
||||||
|
docker_systemd_service_container_pull_force_source: true
|
||||||
|
docker_systemd_service_flags:
|
||||||
|
- privileged
|
||||||
|
- network: host
|
||||||
|
- cap-add:
|
||||||
|
- NET_ADMIN
|
||||||
|
docker_systemd_service_container_cmd: []
|
||||||
|
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
|
||||||
|
docker_systemd_service_systemd_options: []
|
||||||
|
docker_systemd_service_enabled: true
|
||||||
|
docker_systemd_service_masked: false
|
||||||
|
docker_systemd_service_state: started
|
||||||
|
docker_systemd_service_restart: true
|
35
molecule/with_custom_flags_vagrant/molecule.yml
Normal file
35
molecule/with_custom_flags_vagrant/molecule.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
options:
|
||||||
|
requirements-file: ./requirements.yml
|
||||||
|
driver:
|
||||||
|
name: vagrant
|
||||||
|
provider:
|
||||||
|
name: libvirt
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
box: generic/${MOLECULE_TEST_OS}
|
||||||
|
cpus: 4
|
||||||
|
memory: 4096
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
remote_tmp: /tmp/.ansible
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
||||||
|
scenario:
|
||||||
|
name: with_custom_flags_vagrant
|
||||||
|
test_sequence:
|
||||||
|
- dependency
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
||||||
|
- syntax
|
||||||
|
- create
|
||||||
|
- prepare
|
||||||
|
- converge
|
||||||
|
- idempotence
|
||||||
|
- verify
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
10
molecule/with_custom_flags_vagrant/prepare.yml
Normal file
10
molecule/with_custom_flags_vagrant/prepare.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- name: Prepare
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: "Install docker"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: ednxzu.install_docker
|
||||||
|
vars:
|
||||||
|
install_docker_python_packages: true
|
6
molecule/with_custom_flags_vagrant/requirements.yml
Normal file
6
molecule/with_custom_flags_vagrant/requirements.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
# requirements file for molecule
|
||||||
|
roles:
|
||||||
|
- name: ednxzu.manage_repositories
|
||||||
|
- name: ednxzu.manage_apt_packages
|
||||||
|
- name: ednxzu.install_docker
|
84
molecule/with_custom_flags_vagrant/verify.yml
Normal file
84
molecule/with_custom_flags_vagrant/verify.yml
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
---
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: true
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: "Test: file /etc/default/nginx"
|
||||||
|
block:
|
||||||
|
- name: "Stat file /etc/default/nginx"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/default/nginx"
|
||||||
|
register: stat_etc_default_nginx
|
||||||
|
|
||||||
|
- name: "Slurp file /etc/default/nginx"
|
||||||
|
ansible.builtin.slurp:
|
||||||
|
src: "/etc/default/nginx"
|
||||||
|
register: slurp_etc_default_nginx
|
||||||
|
|
||||||
|
- name: "Verify file /etc/default/nginx"
|
||||||
|
vars:
|
||||||
|
nginx_expected_env_file: |
|
||||||
|
TEST_ENV=test
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- stat_etc_default_nginx.stat.exists
|
||||||
|
- stat_etc_default_nginx.stat.isreg
|
||||||
|
- stat_etc_default_nginx.stat.pw_name == 'root'
|
||||||
|
- stat_etc_default_nginx.stat.gr_name == 'root'
|
||||||
|
- stat_etc_default_nginx.stat.mode == '0600'
|
||||||
|
- (slurp_etc_default_nginx.content|b64decode) == nginx_expected_env_file
|
||||||
|
|
||||||
|
- name: "Test: service nginx_container"
|
||||||
|
block:
|
||||||
|
- name: "Get service nginx_container"
|
||||||
|
ansible.builtin.service_facts:
|
||||||
|
|
||||||
|
- name: "Stat file /etc/systemd/system/nginx_container.service"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/systemd/system/nginx_container.service"
|
||||||
|
register: stat_etc_systemd_system_nginx_container_service
|
||||||
|
|
||||||
|
- name: "Slurp file /etc/systemd/system/nginx_container.service"
|
||||||
|
ansible.builtin.slurp:
|
||||||
|
src: "/etc/systemd/system/nginx_container.service"
|
||||||
|
register: slurp_etc_systemd_system_nginx_container_service
|
||||||
|
|
||||||
|
- name: "Verify service nginx_container"
|
||||||
|
vars:
|
||||||
|
nginx_expected_service_file: |
|
||||||
|
# Ansible managed: Do NOT edit this file manually!
|
||||||
|
[Unit]
|
||||||
|
After=docker.service
|
||||||
|
PartOf=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
EnvironmentFile=/etc/default/nginx
|
||||||
|
ExecStartPre=-/usr/bin/docker rm -f nginx
|
||||||
|
ExecStart=/usr/bin/docker run --name nginx \
|
||||||
|
--rm \
|
||||||
|
--env-file /etc/default/nginx \
|
||||||
|
--privileged \
|
||||||
|
--network "host" \
|
||||||
|
--cap-add "NET_ADMIN" \
|
||||||
|
nginx
|
||||||
|
ExecStop=/usr/bin/docker stop nginx
|
||||||
|
SyslogIdentifier=nginx
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10s
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=docker.service
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.exists
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.isreg
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.pw_name == 'root'
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.gr_name == 'root'
|
||||||
|
- stat_etc_systemd_system_nginx_container_service.stat.mode == '0644'
|
||||||
|
- (slurp_etc_systemd_system_nginx_container_service.content|b64decode) == nginx_expected_service_file
|
||||||
|
- ansible_facts.services['nginx_container.service'] is defined
|
||||||
|
- ansible_facts.services['nginx_container.service']['source'] == 'systemd'
|
||||||
|
- ansible_facts.services['nginx_container.service']['state'] == 'running'
|
||||||
|
- ansible_facts.services['nginx_container.service']['status'] == 'enabled'
|
@ -1,7 +1,4 @@
|
|||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
{% macro params(name, vals) %}
|
|
||||||
{% for v in vals %}{{ name }} {{ v }} {% endfor %}
|
|
||||||
{% endmacro %}
|
|
||||||
{% set service_systemd_options_keys = docker_systemd_service_systemd_options | selectattr("key") | map(attribute="key") | list %}
|
{% set service_systemd_options_keys = docker_systemd_service_systemd_options | selectattr("key") | map(attribute="key") | list %}
|
||||||
[Unit]
|
[Unit]
|
||||||
{% for key, value in docker_systemd_service_systemd_unit_options | dictsort %}
|
{% for key, value in docker_systemd_service_systemd_unit_options | dictsort %}
|
||||||
@ -12,30 +9,19 @@
|
|||||||
{% for item in docker_systemd_service_systemd_options %}
|
{% for item in docker_systemd_service_systemd_options %}
|
||||||
{{ item['key'] }}={{ item['value'] }}
|
{{ item['key'] }}={{ item['value'] }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if docker_systemd_service_container_env is defined %}
|
|
||||||
{% if not 'EnvironmentFile' in service_systemd_options_keys %}
|
{% if not 'EnvironmentFile' in service_systemd_options_keys %}
|
||||||
EnvironmentFile={{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}
|
EnvironmentFile={{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
|
||||||
{% if not 'ExecStartPre' in service_systemd_options_keys %}
|
{% if not 'ExecStartPre' in service_systemd_options_keys %}
|
||||||
ExecStartPre=-{{ docker_systemd_service_docker_path }} rm -f {{ docker_systemd_service_container_name }}
|
ExecStartPre=-{{ docker_systemd_service_docker_path }} rm -f {{ docker_systemd_service_container_name }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if not 'ExecStart' in service_systemd_options_keys %}
|
{% if not 'ExecStart' in service_systemd_options_keys %}
|
||||||
{% if docker_systemd_service_container_env is defined %}ExecStart={{ docker_systemd_service_docker_path }} run --name {{ docker_systemd_service_container_name }} --rm --env-file {{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }} {% endif %}\
|
{% set docker_flags = docker_systemd_service_flags | create_docker_flags %}
|
||||||
{{ params('--volume', docker_systemd_service_container_volumes)~' \\'| trim }}
|
ExecStart={{ docker_systemd_service_docker_path }} run --name {{ docker_systemd_service_container_name }} \
|
||||||
{% if docker_systemd_service_container_host_network == true %}--network host \{% else %}{{ params('--publish', docker_systemd_service_container_ports)~'\\'| trim }}{% endif +%}
|
--rm \
|
||||||
{% if docker_systemd_service_container_network %}--network {{ docker_systemd_service_container_network }} {% endif %}\
|
--env-file {{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }} \
|
||||||
{% if docker_systemd_service_container_user %}--user {{ docker_systemd_service_container_user }} {% endif %}\
|
{{ docker_flags -}}{% if docker_flags +%}
|
||||||
{% if docker_systemd_service_container_hostname %}--hostname {{ docker_systemd_service_container_hostname }} {% endif %}\
|
{% endif %}{{ docker_systemd_service_image -}}{{ ' ' if docker_systemd_service_container_cmd else '' }}{% if docker_systemd_service_container_cmd is string %}{{ docker_systemd_service_container_cmd | trim }}{% else %}{{ docker_systemd_service_container_cmd | join(' ') | trim }}{% endif %}
|
||||||
{{ params('--link', docker_systemd_service_container_links)~' \\'| trim }}
|
|
||||||
{{ params('--add-host', docker_systemd_service_container_hosts)~' \\'| trim }}
|
|
||||||
{{ params('--label', docker_systemd_service_container_labels)~' \\'| trim }}
|
|
||||||
{{ params('--cap-add', docker_systemd_service_container_cap_add)~' \\'| trim }}
|
|
||||||
{{ params('--cap-drop', docker_systemd_service_container_cap_drop)~' \\'| trim }}
|
|
||||||
{{ params('--device', docker_systemd_service_container_devices)~' \\'| trim }}
|
|
||||||
{% if docker_systemd_service_container_privileged == true %}--privileged {% endif %}\
|
|
||||||
{{ docker_systemd_service_container_args~' \\'| trim}}
|
|
||||||
{{ docker_systemd_service_image -}}{{ ' ' if docker_systemd_service_container_cmd else '' }}{% if docker_systemd_service_container_cmd is string %}{{ docker_systemd_service_container_cmd | trim }}{% else %}{{ docker_systemd_service_container_cmd | join(' ') | trim }}{% endif %}
|
|
||||||
{% endif +%}
|
{% endif +%}
|
||||||
{% if not 'ExecStop' in service_systemd_options_keys %}
|
{% if not 'ExecStop' in service_systemd_options_keys %}
|
||||||
ExecStop={{ docker_systemd_service_docker_path }} stop {{ docker_systemd_service_container_name }}
|
ExecStop={{ docker_systemd_service_docker_path }} stop {{ docker_systemd_service_container_name }}
|
||||||
|
Loading…
Reference in New Issue
Block a user