Browse Source

Merge branch 'feature/26' of ansible-roles/deploy-docker into master

tags/v1.0.0
m0wer 1 year ago
parent
commit
5a8a73b58b

+ 7
- 0
.gitignore View File

@@ -0,0 +1,7 @@
1
+# ---> Ansible
2
+*.retry
3
+.cache
4
+pytest*
5
+.molecule
6
+__pycache__
7
+*pyc

+ 3
- 0
.yamllint View File

@@ -0,0 +1,3 @@
1
+extends: relaxed
2
+truthy: disable
3
+rules: {line-length: {max: 125}}

+ 106
- 2
README.md View File

@@ -1,3 +1,107 @@
1
-# deploy-docker
1
+Deploy docker as a service
2
+==========================
2 3
 
3
-Build a docker image and push it to a registry.
4
+Download a git repository which has a Dockerfile, build it locally (or
5
+remotely), push it to a registry or just download a Docker image and push it to
6
+a registry. Also create a systemd service to manage it.
7
+
8
+Requirements
9
+------------
10
+
11
+* Pip installed on host
12
+* Docker installed on the host
13
+* Docker installed on the device that is running ansible
14
+* A registry where you can log in
15
+
16
+Role Variables
17
+--------------
18
+
19
+* `git_repository`: The repository in which the dockerfile is located.
20
+* `git_repository_destination`: Local path in which to clone the git repository.
21
+* `git_repository_extra_path`: Extra path inside the cloned repo to the
22
+  directory containing the Dockerfile
23
+* `git_repository_tag`: Version to use of the git repository.
24
+* `service_name`: Name of the systemd service.
25
+* `docker_registry`: Domain of the registry with write access.
26
+* `docker_registry_read`: Domain of the registry with read access.
27
+* `registry_user`: User used to authenticate with the registry.
28
+* `registry_password`: Password used to authenticate with the registry.
29
+* `docker_image`: If you want to download a docker image and not a git repository
30
+* `docker_image_tag`: Docker tag.
31
+* `docker_command`: Docker command used to launch the container.
32
+* `docker_data_directories`: List of directories where the data is going to be
33
+  saved on the host.
34
+* `remote_build`: Whether to build the docker remotely or locally [Default:
35
+  `False`]
36
+
37
+Dependencies
38
+------------
39
+
40
+None.
41
+
42
+Example Playbook
43
+----------------
44
+
45
+```yaml
46
+- hosts: servers
47
+  vars:
48
+    remote_build: True
49
+    git_repository: https://github.com/nginxinc/docker-nginx
50
+    git_repository_destination: /tmp/docker-nginx
51
+    git_repository_extra_path: stable/stretch
52
+    git_repository_tag: master
53
+    service_name: git-nginx
54
+    docker_data_directories:
55
+      - "/root/docker/git-nginx/data"
56
+      - "/root/docker/git-nginx/auth"
57
+    docker_registry: "docker-registry:5000"
58
+    docker_registry_read: "{{ docker_registry }}"
59
+    registry_user: testuser
60
+    registry_password: testpassword
61
+    docker_image_tag: latest
62
+    docker_command: /usr/bin/docker run --rm -i --name "{{ service_name }}" -p 8081:80 "{{ docker_registry_read }}/{{ service_name }}"
63
+  roles:
64
+    - { role: deploy-docker}
65
+```
66
+
67
+Testing
68
+-------
69
+
70
+To test the role you need [molecule](http://molecule.readthedocs.io/en/latest/).
71
+
72
+And vagrant installed with libvirt
73
+
74
+I've tried to test the construction of the docker in one machine and installing
75
+the service in other, but `local_action` or `delegate_to` are little fuckers to
76
+simulate.
77
+
78
+The `delegate_to` approach fails because it tries to ssh back with no user, so
79
+it doesn't matter if you copy the ssh keys there it will keep on failing.
80
+
81
+Another approach I took was to copy all the structure of the role on the machine
82
+building the docker and modify the `molecule/default/playbook.yml` so as to run
83
+the playbook from there so the `local_action` works. The problem is that you
84
+have to run the playbook on a `command` so you are forced to use the
85
+`changed_when: false` therefore not testing the idempotence of the rol.
86
+
87
+I give up on trying to test this role with the option `remote_build = False`. If
88
+anyone is interested I left my trails on [this role](https://git.digitales.cslabrecha.org/ansible-roles/ui-registry):
89
+
90
+Therefore the `default` case is for `remote_build == True` if you feel strong
91
+enough to test the other case, please make a new molecule scenery. Both in this
92
+role and in the ui-registry one.
93
+
94
+```bash
95
+molecule test
96
+```
97
+
98
+License
99
+-------
100
+
101
+GPL3
102
+
103
+Author Information
104
+------------------
105
+
106
+drymer [ EN ] autistici.org
107
+lyz [ EN ] riseup.net

+ 13
- 0
defaults/main.yml View File

@@ -0,0 +1,13 @@
1
+remote_build: False
2
+git_repository:
3
+git_repository_destination:
4
+git_repository_extra_path:
5
+git_repository_tag:
6
+service_name:
7
+docker_registry:
8
+docker_registry_url:
9
+docker_registry_read:
10
+registry_user:
11
+registry_password:
12
+docker_image_tag: "{{ git_repository_tag }}"
13
+docker_command:

+ 10
- 0
meta/main.yml View File

@@ -0,0 +1,10 @@
1
+galaxy_info:
2
+  author: drymer ( drymer [ EN ] autistici.org )
3
+  description: Deploy docker services.
4
+  min_ansible_version: 2.3
5
+  license: GPLv3
6
+
7
+  platforms:
8
+  - name: Debian
9
+    versions:
10
+    - stretch

+ 17
- 0
molecule/default/INSTALL.rst View File

@@ -0,0 +1,17 @@
1
+*******
2
+Install
3
+*******
4
+
5
+Requirements
6
+============
7
+
8
+* Vagrant
9
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
10
+* python-vagrant
11
+
12
+Install
13
+=======
14
+
15
+.. code-block:: bash
16
+
17
+  $ sudo pip install python-vagrant

+ 56
- 0
molecule/default/create.yml View File

@@ -0,0 +1,56 @@
1
+---
2
+- name: Create
3
+  hosts: localhost
4
+  connection: local
5
+  gather_facts: False
6
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
7
+  vars:
8
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
9
+    molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}"
10
+    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
11
+  tasks:
12
+    - name: Create molecule instance(s)
13
+      molecule_vagrant:
14
+        instance_name: "{{ item.name }}"
15
+        instance_interfaces: "{{ item.interfaces | default(omit) }}"
16
+        instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}"
17
+
18
+        platform_box: "{{ item.box }}"
19
+        platform_box_version: "{{ item.box_version | default(omit) }}"
20
+        platform_box_url: "{{ item.box_url | default(omit) }}"
21
+
22
+        provider_name: "{{ molecule_yml.driver.provider.name }}"
23
+        provider_memory: "{{ item.memory | default(omit) }}"
24
+        provider_cpus: "{{ item.cpus | default(omit) }}"
25
+        provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}"
26
+
27
+        state: up
28
+      register: server
29
+      with_items: "{{ molecule_yml.platforms }}"
30
+
31
+    # Mandatory configuration for Molecule to function.
32
+
33
+    - name: Populate instance config dict
34
+      set_fact:
35
+        instance_conf_dict: {
36
+          'instance': "{{ item.Host }}",
37
+          'address': "{{ item.HostName }}",
38
+          'user': "{{ item.User }}",
39
+          'port': "{{ item.Port }}",
40
+          'identity_file': "{{ item.IdentityFile }}", }
41
+      with_items: "{{ server.results }}"
42
+      register: instance_config_dict
43
+      when: server.changed | bool
44
+
45
+    - name: Convert instance config dict to a list
46
+      set_fact:
47
+        instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
48
+      when: server.changed | bool
49
+
50
+    - name: Dump instance config
51
+      copy:
52
+        # NOTE(retr0h): Workaround for Ansible 2.2.
53
+        #               https://github.com/ansible/ansible/issues/20885
54
+        content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
55
+        dest: "{{ molecule_instance_config }}"
56
+      when: server.changed | bool

+ 36
- 0
molecule/default/destroy.yml View File

@@ -0,0 +1,36 @@
1
+---
2
+
3
+- name: Destroy
4
+  hosts: localhost
5
+  connection: local
6
+  gather_facts: False
7
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
8
+  vars:
9
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
10
+    molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}"
11
+    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
12
+  tasks:
13
+    - name: Destroy molecule instance(s)
14
+      molecule_vagrant:
15
+        instance_name: "{{ item.name }}"
16
+        platform_box: "{{ item.box }}"
17
+        provider_name: "{{ molecule_yml.driver.provider.name }}"
18
+        force_stop: "{{ item.force_stop | default(True) }}"
19
+
20
+        state: destroy
21
+      register: server
22
+      with_items: "{{ molecule_yml.platforms }}"
23
+
24
+    # Mandatory configuration for Molecule to function.
25
+
26
+    - name: Populate instance config
27
+      set_fact:
28
+        instance_conf: {}
29
+
30
+    - name: Dump instance config
31
+      copy:
32
+        # NOTE(retr0h): Workaround for Ansible 2.2.
33
+        #               https://github.com/ansible/ansible/issues/20885
34
+        content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
35
+        dest: "{{ molecule_instance_config }}"
36
+      when: server.changed | bool

+ 2
- 0
molecule/default/files/htpasswd View File

@@ -0,0 +1,2 @@
1
+testuser:$2y$05$vXnk299Xwr1RjEcwhJvHC.w7UnxuucId7y3wb5iOgSjkKCYaPZeFq
2
+

+ 36
- 0
molecule/default/molecule.yml View File

@@ -0,0 +1,36 @@
1
+---
2
+dependency:
3
+  name: galaxy
4
+driver:
5
+  name: vagrant
6
+  provider:
7
+    name: libvirt
8
+lint:
9
+  name: yamllint
10
+platforms:
11
+  - name: deploy-docker-registry-instance
12
+    box: debian/stretch64
13
+    instance_raw_config_args:
14
+      - "vm.synced_folder '.', '/vagrant', disabled: true"
15
+provisioner:
16
+  name: ansible
17
+  lint:
18
+    name: ansible-lint
19
+scenario:
20
+  name: default
21
+  test_sequence:
22
+    - destroy
23
+    - lint
24
+    - dependency
25
+    - syntax
26
+    - create
27
+    - prepare
28
+    - converge
29
+    - idempotence
30
+    - side_effect
31
+    - verify
32
+    - destroy
33
+verifier:
34
+  name: testinfra
35
+  lint:
36
+    name: flake8

+ 90
- 0
molecule/default/playbook.yml View File

@@ -0,0 +1,90 @@
1
+---
2
+- name: '[Pretask] Install pip, and curl'
3
+  hosts: all
4
+  tasks:
5
+    - name: Install required packages
6
+      become: true
7
+      package:
8
+        name: "{{ item }}"
9
+        state: present
10
+      with_items:
11
+        - python-pip
12
+        - curl
13
+
14
+- name: '[Pretask] Install docker'
15
+  hosts: all
16
+  roles:
17
+    - role: docker
18
+
19
+- name: '[Pretask] Configure docker-registry on /etc/hosts'
20
+  hosts: deploy-docker-registry-instance
21
+  tasks:
22
+    - name: Configure docker-registry on /etc/hosts
23
+      become: True
24
+      lineinfile:
25
+        path: /etc/hosts
26
+        state: present
27
+        line: '127.0.0.1  docker-registry'
28
+
29
+- name: '[Pretask] Configure docker basic authentication'
30
+  hosts: deploy-docker-registry-instance
31
+  tasks:
32
+    - name: Create registry/auth directory
33
+      become: True
34
+      file:
35
+        path: /root/docker/registry/auth/
36
+        state: directory
37
+
38
+    - name: Copy the htpasswd
39
+      become: True
40
+      copy:
41
+        src: htpasswd
42
+        dest: /root/docker/registry/auth/htpasswd
43
+
44
+
45
+- name: '[Pretask] Install registry on the registry instance'
46
+  hosts: deploy-docker-registry-instance
47
+  vars:
48
+    docker_command: /usr/bin/docker run -i --name {{ registry_service_name }} -p 127.0.0.1:5000:5000 --rm -v {{ registry_data }}:/var/lib/registry -v {{ registry_auth }}:/var/lib/auth -v {{ registry_config }}/:/etc/docker/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/auth/htpasswd registry:2
49
+  roles:
50
+    - role: docker-registry
51
+
52
+
53
+- name: Build nginx from image
54
+  hosts: all
55
+  vars:
56
+    remote_build: True
57
+    docker_image: nginx
58
+    service_name: image-nginx
59
+    docker_data_directories:
60
+      - "/root/docker/image-nginx/data"
61
+      - "/root/docker/image-nginx/auth"
62
+    docker_registry: "docker-registry:5000"
63
+    docker_registry_read: "{{ docker_registry }}"
64
+    registry_user: testuser
65
+    registry_password: testpassword
66
+    docker_image_tag: latest
67
+    docker_command: /usr/bin/docker run --rm -i --name "{{ service_name }}" -p 8080:80 "{{ docker_registry_read }}/{{ service_name }}"
68
+  roles:
69
+    - role: deploy-docker
70
+
71
+- name: Build nginx from git
72
+  hosts: all
73
+  vars:
74
+    remote_build: True
75
+    git_repository: https://github.com/nginxinc/docker-nginx
76
+    git_repository_destination: /tmp/docker-nginx
77
+    git_repository_extra_path: stable/stretch
78
+    git_repository_tag: master
79
+    service_name: git-nginx
80
+    docker_data_directories:
81
+      - "/root/docker/git-nginx/data"
82
+      - "/root/docker/git-nginx/auth"
83
+    docker_registry: "docker-registry:5000"
84
+    docker_registry_read: "{{ docker_registry }}"
85
+    registry_user: testuser
86
+    registry_password: testpassword
87
+    docker_image_tag: latest
88
+    docker_command: /usr/bin/docker run --rm -i --name "{{ service_name }}" -p 8081:80 "{{ docker_registry_read }}/{{ service_name }}"
89
+  roles:
90
+    - role: deploy-docker

+ 9
- 0
molecule/default/prepare.yml View File

@@ -0,0 +1,9 @@
1
+---
2
+- name: Prepare
3
+  hosts: all
4
+  gather_facts: False
5
+  tasks:
6
+    - name: Install python for Ansible
7
+      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
8
+      become: True
9
+      changed_when: False

+ 4
- 0
molecule/default/requirements.yml View File

@@ -0,0 +1,4 @@
1
+- src: git+https://git.digitales.cslabrecha.org/ansible-roles/docker.git
2
+  version: v1.0.1
3
+- src: git+https://git.digitales.cslabrecha.org/ansible-roles/docker-registry.git
4
+  version: feature/26

+ 3
- 0
molecule/default/templates/daemon.json.j2 View File

@@ -0,0 +1,3 @@
1
+{
2
+  "insecure-registries" : ["{{ hostvars['ui-registry-registry-instance'].ansible_default_ipv4.address }}:5000"]
3
+}

+ 9
- 0
molecule/default/templates/main.yml.j2 View File

@@ -0,0 +1,9 @@
1
+- name: Converge
2
+  hosts: all
3
+  vars:
4
+    docker_registry: "{{ hostvars['ui-registry-registry-debian-stretch64'].ansible_default_ipv4.address }}:5000"
5
+    docker_registry_read: "{{ hostvars['ui-registry-registry-debian-stretch64'].ansible_default_ipv4.address }}:5000"
6
+    docker_command: /usr/bin/docker run --rm --name "{{ service_name }}" -i -p 127.0.0.1:8080:8080 "{{ docker_registry_read }}/{{ service_name }}" --registry "{{ docker_registry_read }}"
7
+  roles:
8
+    - role: ui-registry
9
+

+ 96
- 0
molecule/default/tests/test_default.py View File

@@ -0,0 +1,96 @@
1
+import os
2
+import pytest
3
+import testinfra.utils.ansible_runner
4
+
5
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
6
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
7
+
8
+
9
+@pytest.mark.parametrize("package", [
10
+    ("docker-ce"),
11
+    ("python-pip"),
12
+])
13
+def test_required_packages_exist(host, package):
14
+    pkg = host.package(package)
15
+    assert pkg.is_installed
16
+
17
+
18
+@pytest.mark.parametrize("pip_package", [
19
+    ("docker-py"),
20
+])
21
+def test_required_pip_packages_exist(host, pip_package):
22
+    pip_packages = host.pip_package.get_packages()
23
+    assert pip_package in pip_packages
24
+
25
+
26
+# Test remotely build from image
27
+
28
+@pytest.mark.parametrize("directories", [
29
+    ("/root/docker/"),
30
+    ("/root/docker/image-nginx/data"),
31
+    ("/root/docker/image-nginx/auth"),
32
+])
33
+def test_required_directories_exist(host, directories):
34
+    with host.sudo():
35
+        directory = host.file(directories)
36
+        assert directory.exists
37
+        assert directory.user == 'root'
38
+        assert directory.group == 'root'
39
+        assert oct(directory.mode) == '0700'
40
+
41
+
42
+def test_build_nginx_image_is_downloaded(host):
43
+    with host.sudo():
44
+        registry_exist = host.check_output(
45
+            'docker inspect --type=image docker-registry:5000/image-nginx',
46
+        )
47
+        assert not registry_exist == 'Error: No such image: ' + \
48
+                                     'docker-registry:5000/image-nginx'
49
+
50
+
51
+def test_build_nginx_is_enabled_and_running(host):
52
+    service = host.service('image-nginx')
53
+    assert service.is_enabled
54
+    assert service.is_running
55
+
56
+
57
+def test_build_nginx_is_working(host):
58
+    build_nginx_exist = host.check_output('curl localhost:8080')
59
+    assert '<h1>Welcome to nginx!</h1>' in build_nginx_exist
60
+
61
+
62
+# Test remotely build from git
63
+
64
+
65
+@pytest.mark.parametrize("directories", [
66
+    ("/root/docker/"),
67
+    ("/root/docker/git-nginx/data"),
68
+    ("/root/docker/git-nginx/auth"),
69
+])
70
+def test_required_directories_exist_for_git_build(host, directories):
71
+    with host.sudo():
72
+        directory = host.file(directories)
73
+        assert directory.exists
74
+        assert directory.user == 'root'
75
+        assert directory.group == 'root'
76
+        assert oct(directory.mode) == '0700'
77
+
78
+
79
+def test_image_nginx_image_is_downloaded(host):
80
+    with host.sudo():
81
+        registry_exist = host.check_output(
82
+            'docker inspect --type=image docker-registry:5000/git-nginx',
83
+        )
84
+        assert not registry_exist == 'Error: No such image: ' + \
85
+                                     'docker-registry:5000/git-nginx'
86
+
87
+
88
+def test_image_nginx_is_enabled_and_running(host):
89
+    service = host.service('git-nginx')
90
+    assert service.is_enabled
91
+    assert service.is_running
92
+
93
+
94
+def test_image_nginx_is_working(host):
95
+    build_nginx_exist = host.check_output('curl localhost:8081')
96
+    assert '<h1>Welcome to nginx!</h1>' in build_nginx_exist

+ 187
- 0
tasks/main.yml View File

@@ -0,0 +1,187 @@
1
+---
2
+- name: Create docker data directories
3
+  become: True
4
+  file:
5
+    path: "{{ item }}"
6
+    state: directory
7
+    owner: root
8
+    group: root
9
+    mode: 0700
10
+  with_items: "{{ docker_data_directories}}"
11
+
12
+- name: Log locally into private registry
13
+  local_action:
14
+    module: docker_login
15
+    registry: "{{ docker_registry }}"
16
+    username: "{{ registry_user }}"
17
+    password: "{{ registry_password }}"
18
+  when: remote_build == False
19
+
20
+- name: Clone git repository
21
+  local_action:
22
+    module: git
23
+    repo: "{{ git_repository }}"
24
+    dest: "{{ git_repository_destination }}"
25
+    version: "{{ git_repository_tag }}"
26
+  when:
27
+    - docker_image is not defined
28
+    - remote_build == False
29
+
30
+- name: Build docker image locally and push it to a registry with tag latest
31
+  local_action:
32
+    module: docker_image
33
+    path: "{{ git_repository_destination }}/{{ git_repository_extra_path }}"
34
+    name: "{{ docker_registry }}/{{ service_name }}"
35
+    tag: latest
36
+    push: yes
37
+  when:
38
+    - docker_image is not defined
39
+    - remote_build == False
40
+
41
+- name: Build docker image locally and push it to a registry with real tag
42
+  local_action:
43
+    module: docker_image
44
+    path: "{{ git_repository_destination }}/{{ git_repository_extra_path }}"
45
+    name: "{{ docker_registry }}/{{ service_name }}"
46
+    tag: "{{ docker_image_tag }}"
47
+    push: yes
48
+  when:
49
+    - docker_image is not defined
50
+    - remote_build == False
51
+
52
+- name: Build docker image locally and push it to a registry
53
+  local_action:
54
+    module: docker_image
55
+    path: "{{ git_repository_destination }}/{{ git_repository_extra_path }}"
56
+    name: "{{ docker_registry }}/{{ service_name }}"
57
+    push: yes
58
+  when:
59
+    - docker_image is not defined
60
+    - remote_build == False
61
+
62
+- name: Download image from public registry
63
+  local_action:
64
+    module: docker_image
65
+    name: "{{ docker_image }}"
66
+    tag: "{{ docker_image_tag }}"
67
+  when:
68
+    - docker_image is defined
69
+    - remote_build == False
70
+
71
+- name: Push image to own registry with tag latest
72
+  local_action:
73
+    module: docker_image
74
+    name: "{{ docker_image }}"
75
+    repository: "{{ docker_registry }}/{{ service_name }}"
76
+    tag: latest
77
+    push: yes
78
+  when:
79
+    - docker_image is defined
80
+    - remote_build == False
81
+
82
+- name: Push image to own registry with real tag
83
+  local_action:
84
+    module: docker_image
85
+    name: "{{ docker_image }}"
86
+    repository: "{{ docker_registry }}/{{ service_name }}"
87
+    tag: "{{ docker_image_tag }}"
88
+    push: yes
89
+  when:
90
+    - docker_image is defined
91
+    - remote_build == False
92
+
93
+- name: Log remotely into private registry
94
+  become: True
95
+  docker_login:
96
+    registry: "{{ docker_registry }}"
97
+    username: "{{ registry_user }}"
98
+    password: "{{ registry_password }}"
99
+  when: remote_build == True
100
+
101
+- name: Clone git repository remotely
102
+  git:
103
+    repo: "{{ git_repository }}"
104
+    dest: "{{ git_repository_destination }}"
105
+    version: "{{ git_repository_tag }}"
106
+  when:
107
+    - docker_image is not defined
108
+    - remote_build == True
109
+
110
+- name: Build docker image remotely and push it to a registry with tag latest
111
+  become: True
112
+  docker_image:
113
+    path: "{{ git_repository_destination }}/{{ git_repository_extra_path }}"
114
+    name: "{{ docker_registry }}/{{ service_name }}"
115
+    tag: latest
116
+    push: yes
117
+  when:
118
+    - docker_image is not defined
119
+    - remote_build == True
120
+
121
+- name: Build docker image remotely and push it to a registry with real tag
122
+  become: True
123
+  docker_image:
124
+    path: "{{ git_repository_destination }}/{{ git_repository_extra_path }}"
125
+    name: "{{ docker_registry }}/{{ service_name }}"
126
+    tag: "{{ docker_image_tag }}"
127
+    push: yes
128
+  when:
129
+    - docker_image is not defined
130
+    - remote_build == True
131
+
132
+- name: Build docker image remotely and push it to a registry
133
+  become: True
134
+  docker_image:
135
+    path: "{{ git_repository_destination }}/{{ git_repository_extra_path }}"
136
+    name: "{{ docker_registry }}/{{ service_name }}"
137
+    push: yes
138
+  when:
139
+    - docker_image is not defined
140
+    - remote_build == True
141
+
142
+- name: Download image remotely from public registry
143
+  become: True
144
+  docker_image:
145
+    name: "{{ docker_image }}"
146
+    tag: "{{ docker_image_tag }}"
147
+  when:
148
+    - docker_image is defined
149
+    - remote_build == True
150
+
151
+- name: Remotely push image to own registry with tag latest
152
+  become: True
153
+  docker_image:
154
+    name: "{{ docker_image }}"
155
+    repository: "{{ docker_registry }}/{{ service_name }}"
156
+    tag: latest
157
+    push: yes
158
+  when:
159
+    - docker_image is defined
160
+    - remote_build == True
161
+
162
+- name: Remotely push image to own registry with real tag
163
+  become: True
164
+  docker_image:
165
+    name: "{{ docker_image }}"
166
+    repository: "{{ docker_registry }}/{{ service_name }}"
167
+    tag: "{{ docker_image_tag }}"
168
+    push: yes
169
+  when:
170
+    - docker_image is defined
171
+    - remote_build == True
172
+
173
+- name: Create systemd service
174
+  become: True
175
+  template:
176
+    src: systemd-service.template
177
+    dest: "/etc/systemd/system/{{ service_name }}.service"
178
+    owner: root
179
+    group: root
180
+
181
+- name: Enable systemd service and start it
182
+  become: True
183
+  systemd:
184
+    name: "{{ service_name }}"
185
+    enabled: yes
186
+    daemon_reload: yes
187
+    state: started

+ 15
- 0
templates/systemd-service.template View File

@@ -0,0 +1,15 @@
1
+[Unit]
2
+Description={{ service_name }}
3
+Requires=docker.service
4
+Wants=docker.service
5
+
6
+[Service]
7
+TimeoutStartSec=100
8
+Restart=always
9
+RestartSec=2s
10
+
11
+ExecStop=/usr/bin/docker stop {{ service_name }}
12
+ExecStart={{ docker_command }}
13
+
14
+[Install]
15
+WantedBy=multi-user.target

Loading…
Cancel
Save