147 lines
5.4 KiB
YAML
147 lines
5.4 KiB
YAML
---
|
|
- name: Docker-Compose playbook
|
|
hosts: all
|
|
become: true
|
|
|
|
# #
|
|
# # @author Stéphane Gratias (2021).
|
|
#
|
|
|
|
roles:
|
|
# manage docker-compose@dev systemd unit file
|
|
- { role: tumf.systemd-service, tags: docker-compose,
|
|
when: ansible_service_mgr == 'systemd',
|
|
vars: {
|
|
# do not restart service via systemd
|
|
ansible_unit_test: true,
|
|
systemd_service_name: "docker-compose@lab",
|
|
# [Unit]
|
|
systemd_service_Unit_Description: "%i service with docker compose",
|
|
systemd_service_Service_Type: "simple",
|
|
systemd_service_Unit_After: [ "docker.service" ],
|
|
systemd_service_Unit_Requires: [ "docker.service" ],
|
|
# [Service]
|
|
systemd_service_Service_WorkingDirectory: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}",
|
|
# Remove old containers, images and volumes
|
|
systemd_service_Service_ExecStartPre: [
|
|
"{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v",
|
|
"{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose rm -fv",
|
|
],
|
|
# Compose up
|
|
systemd_service_Service_ExecStart: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose up",
|
|
# Compose down, remove containers and volumes
|
|
systemd_service_Service_ExecStop: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v",
|
|
systemd_service_Service_Restart: "always",
|
|
# [Install]
|
|
systemd_service_Install_WantedBy: "multi-user.target"
|
|
}
|
|
}
|
|
|
|
tasks:
|
|
- name: create docker app base dir
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- "{{ dockerapp_tree_base_dir | last }}"
|
|
- "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}"
|
|
- "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs"
|
|
- "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs/homeserver"
|
|
tags:
|
|
- docker-compose
|
|
- bootstrap_dockerapp_create_base_dir
|
|
|
|
- name: create docker volumes tree for containers
|
|
file:
|
|
path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/{{ item | default('') }}"
|
|
state: directory
|
|
mode: 0755
|
|
with_items: "{{ dockerapp_tree_volumes | default([]) }}"
|
|
tags:
|
|
- docker-compose
|
|
- bootstrap_dockerapp_create_app_dir
|
|
|
|
- name: create the main docker-compose file (docker-compose.yml)
|
|
template:
|
|
src: "../templates/docker-compose.yml.j2"
|
|
dest: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose-test.yml"
|
|
mode: 0600
|
|
tags:
|
|
- docker-compose
|
|
- bootstrap_dockerapp_configure_docker_compose
|
|
|
|
# - name: Run `docker-compose pull`
|
|
# community.docker.docker_compose:
|
|
# project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
|
|
# pull: true
|
|
# tags:
|
|
# - pull
|
|
|
|
# - name: Run `docker-compose up`
|
|
# community.docker.docker_compose:
|
|
# project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
|
|
# build: false
|
|
# tags:
|
|
# - pull
|
|
|
|
# - name: uncomment acme.caserver line
|
|
# ansible.builtin.lineinfile:
|
|
# path: /etc/sudoers
|
|
# state: absent
|
|
# regexp: '^%wheel'
|
|
# tags:
|
|
# - renew-httos
|
|
|
|
# - name: remove appdata/traefik2/acme/letsencrypt/acme.json file
|
|
# file:
|
|
# path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/appdata/traefik2/acme/letsencrypt/acme.json"
|
|
# state: absent
|
|
# tags:
|
|
# - renew-https
|
|
|
|
# - name: Run `docker-compose down`
|
|
# community.docker.docker_compose:
|
|
# project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
|
|
# state: absent
|
|
# tags:
|
|
# - renew-https
|
|
|
|
# - name: Run `docker-compose up`
|
|
# community.docker.docker_compose:
|
|
# project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
|
|
# build: false
|
|
# tags:
|
|
# - renew-https
|
|
|
|
# - name: Wait 5 minutes for news cert/key on acme.json (stagging)
|
|
# pause:
|
|
# seconds: 300
|
|
# tags:
|
|
# - renew-https
|
|
|
|
# - name: comment acme.caserver line
|
|
# ansible.builtin.lineinfile:
|
|
# path: /etc/sudoers
|
|
# state: absent
|
|
# regexp: '^%wheel'
|
|
# tags:
|
|
# - renew-https
|
|
|
|
# - name: remove appdata/traefik2/acme/letsencrypt/acme.json file
|
|
# file:
|
|
# path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/appdata/traefik2/acme/letsencrypt/acme.json"
|
|
# state: absent
|
|
# tags:
|
|
# - renew-https
|
|
|
|
# - name: Run `docker-compose restart traefik`
|
|
# community.docker.docker_compose:
|
|
# project_src: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose.yml"
|
|
# restarted: true
|
|
# services:
|
|
# - traefik
|
|
# tags:
|
|
# - renew-https |