--- - name: Wait for hosts to be ready hosts: all gather_facts: false tasks: - name: Wait for system to become reachable wait_for_connection: timeout: 300 sleep: 10 - name: Render compose files hosts: all tags: template vars: render_path: "./render/{{ inventory_hostname }}/compose" tasks: - block: - file: state: absent dest: '{{ render_path }}' changed_when: false - file: state: directory dest: '{{ render_path }}/{{ item.path }}' changed_when: false with_filetree: './compose' loop_control: label: '{{ item.path }}' when: item.state == 'directory' - name: Template Compose structure ansible.builtin.template: src: "{{ item.src }}" dest: "{{ render_path }}/{{ item.path }}" force: true changed_when: false with_filetree: './compose' loop_control: label: '{{ item.path }}' when: item.state == 'file' and item.path not in render_blacklist delegate_to: localhost - name: Backup hosts: all become: true become_user: root tasks: - name: Install backup script ansible.builtin.template: src: backup.sh.j2 dest: /root/backup.sh mode: '0700' owner: root - ansible.builtin.file: path: /root/.ssh owner: root state: directory mode: '0700' - name: Install SSH Keys ansible.builtin.template: src: storagebox.j2 dest: /root/.ssh/storagebox mode: '0600' owner: root - name: Add Known Hosts entries ansible.builtin.known_hosts: path: "/root/.ssh/known_hosts" name: "{{ backup.known_hosts.name }}" key: "{{ backup.known_hosts.key }}" - name: Restore from Backup hosts: unprovisioned become: true become_user: root gather_facts: true tasks: - block: - name: Install backup script ansible.builtin.template: src: restore.sh.j2 dest: /root/restore.sh mode: '0700' owner: root - name: Restore from Borg become: true become_user: root ansible.builtin.command: chdir: / cmd: bash /root/restore.sh - name: Remove script from host ansible.builtin.file: path: /root/restore.sh state: absent - set_fact: provisioned: true cacheable: true when: ansible_facts.provisioned is undefined - name: Setup Registry credentials hosts: all tasks: - ansible.builtin.file: path: /home/core/.docker owner: core state: directory mode: '0700' - ansible.builtin.template: src: docker-config.json.j2 dest: /home/core/.docker/config.json mode: '0600' owner: core - name: Docker-Compose hosts: all tasks: - name: Gather local Config delegate_to: 127.0.0.1 find: paths: "./render/{{ inventory_hostname }}/compose" recurse: true file_type: file register: local_compose_files - name: Gather Remote Config find: paths: /home/core/compose recurse: true file_type: file register: remote_compose_files - ansible.builtin.debug: var: local_compose_files verbosity: 2 - ansible.builtin.debug: var: remote_compose_files verbosity: 2 - ansible.builtin.set_fact: compose_dirs_tainted: "{{ remote_compose_files.files | map(attribute='path') | difference(local_compose_files.files | map(attribute='path') | map('regex_replace', '^render/.*/compose', '/home/core/compose')) | map('dirname') }}" - ansible.builtin.debug: var: compose_dirs_tainted verbosity: 2 - name: Stop tainted Compose Services community.docker.docker_compose: project_src: "{{ item }}" state: absent loop: "{{ compose_dirs_tainted }}" - name: Copy Compose files ansible.posix.synchronize: src: "./render/{{ inventory_hostname }}/compose" dest: /home/core/ archive: false checksum: true delete: true recursive: true mode: push # directory_mode: "0750" # mode: "0640" # owner: core register: compose_files - ansible.builtin.debug: var: compose_files verbosity: 2 - name: Restart Compose projects vars: docker_restart: "{{ lookup('env', 'DOCKER_RESTART') | default('false', true) | bool }}" block: - find: paths: /home/core/compose recurse: false file_type: directory register: compose_directories - ansible.builtin.debug: var: compose_directories verbosity: 2 - name: Restart Compose Projects community.docker.docker_compose: project_src: "{{ item }}" state: present restarted: true recreate: smart build: true remove_orphans: true loop: "{{ compose_directories.files | map(attribute='path') | sort }}" when: compose_files.changed or docker_restart ...