191 lines
5.2 KiB
YAML
191 lines
5.2 KiB
YAML
---
|
|
|
|
- name: Wait for hosts to be ready
|
|
hosts: all
|
|
gather_facts: false
|
|
tasks:
|
|
- name: Wait for system to become reachable
|
|
wait_for_connection:
|
|
timeout: 300
|
|
sleep: 10
|
|
|
|
- name: Render compose files
|
|
hosts: all
|
|
tags: template
|
|
vars:
|
|
render_path: "./render/{{ inventory_hostname }}/compose"
|
|
tasks:
|
|
- block:
|
|
- file:
|
|
state: absent
|
|
dest: '{{ render_path }}'
|
|
changed_when: false
|
|
- file:
|
|
state: directory
|
|
dest: '{{ render_path }}/{{ item.path }}'
|
|
changed_when: false
|
|
with_filetree: './compose'
|
|
loop_control:
|
|
label: '{{ item.path }}'
|
|
when: item.state == 'directory'
|
|
- name: Template Compose structure
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ render_path }}/{{ item.path }}"
|
|
force: true
|
|
changed_when: false
|
|
with_filetree: './compose'
|
|
loop_control:
|
|
label: '{{ item.path }}'
|
|
when: item.state == 'file' and item.path not in render_blacklist
|
|
delegate_to: localhost
|
|
|
|
- name: Backup
|
|
hosts: all
|
|
become: true
|
|
become_user: root
|
|
tasks:
|
|
- name: Install backup script
|
|
ansible.builtin.template:
|
|
src: backup.sh.j2
|
|
dest: /root/backup.sh
|
|
mode: '0700'
|
|
owner: root
|
|
- ansible.builtin.file:
|
|
path: /root/.ssh
|
|
owner: root
|
|
state: directory
|
|
mode: '0700'
|
|
- name: Install SSH Keys
|
|
ansible.builtin.template:
|
|
src: storagebox.j2
|
|
dest: /root/.ssh/storagebox
|
|
mode: '0600'
|
|
owner: root
|
|
- name: Add Known Hosts entries
|
|
ansible.builtin.known_hosts:
|
|
path: "/root/.ssh/known_hosts"
|
|
name: "{{ backup.known_hosts.name }}"
|
|
key: "{{ backup.known_hosts.key }}"
|
|
|
|
- name: Restore from Backup
|
|
hosts: unprovisioned
|
|
become: true
|
|
become_user: root
|
|
gather_facts: true
|
|
tasks:
|
|
- block:
|
|
- name: Install backup script
|
|
ansible.builtin.template:
|
|
src: restore.sh.j2
|
|
dest: /root/restore.sh
|
|
mode: '0700'
|
|
owner: root
|
|
- name: Restore from Borg
|
|
become: true
|
|
become_user: root
|
|
ansible.builtin.command:
|
|
chdir: /
|
|
cmd: bash /root/restore.sh
|
|
- name: Remove script from host
|
|
ansible.builtin.file:
|
|
path: /root/restore.sh
|
|
state: absent
|
|
- set_fact:
|
|
provisioned: true
|
|
cacheable: true
|
|
when: ansible_facts.provisioned is undefined
|
|
|
|
- name: Setup Registry credentials
|
|
hosts: all
|
|
tasks:
|
|
- ansible.builtin.file:
|
|
path: /home/core/.docker
|
|
owner: core
|
|
state: directory
|
|
mode: '0700'
|
|
- ansible.builtin.template:
|
|
src: docker-config.json.j2
|
|
dest: /home/core/.docker/config.json
|
|
mode: '0600'
|
|
owner: core
|
|
|
|
- name: Docker-Compose
|
|
hosts: all
|
|
tasks:
|
|
- name: Gather local Config
|
|
delegate_to: 127.0.0.1
|
|
find:
|
|
paths: "./render/{{ inventory_hostname }}/compose"
|
|
recurse: true
|
|
file_type: file
|
|
register: local_compose_files
|
|
- name: Gather Remote Config
|
|
find:
|
|
paths: /home/core/compose
|
|
recurse: true
|
|
file_type: file
|
|
register: remote_compose_files
|
|
- ansible.builtin.debug:
|
|
var: local_compose_files
|
|
verbosity: 2
|
|
- ansible.builtin.debug:
|
|
var: remote_compose_files
|
|
verbosity: 2
|
|
|
|
- ansible.builtin.set_fact:
|
|
compose_dirs_tainted: "{{ remote_compose_files.files | map(attribute='path') | difference(local_compose_files.files | map(attribute='path') | map('regex_replace', '^render/.*/compose', '/home/core/compose')) | map('dirname') }}"
|
|
- ansible.builtin.debug:
|
|
var: compose_dirs_tainted
|
|
verbosity: 2
|
|
|
|
- name: Stop tainted Compose Services
|
|
community.docker.docker_compose:
|
|
project_src: "{{ item }}"
|
|
state: absent
|
|
loop: "{{ compose_dirs_tainted }}"
|
|
|
|
- name: Copy Compose files
|
|
ansible.posix.synchronize:
|
|
src: "./render/{{ inventory_hostname }}/compose"
|
|
dest: /home/core/
|
|
archive: false
|
|
checksum: true
|
|
delete: true
|
|
recursive: true
|
|
mode: push
|
|
# directory_mode: "0750"
|
|
# mode: "0640"
|
|
# owner: core
|
|
register: compose_files
|
|
|
|
- ansible.builtin.debug:
|
|
var: compose_files
|
|
verbosity: 2
|
|
|
|
- name: Restart Compose projects
|
|
vars:
|
|
docker_restart: "{{ lookup('env', 'DOCKER_RESTART') | default('false', true) | bool }}"
|
|
block:
|
|
- find:
|
|
paths: /home/core/compose
|
|
recurse: false
|
|
file_type: directory
|
|
register: compose_directories
|
|
- ansible.builtin.debug:
|
|
var: compose_directories
|
|
verbosity: 2
|
|
- name: Restart Compose Projects
|
|
community.docker.docker_compose:
|
|
project_src: "{{ item }}"
|
|
state: present
|
|
restarted: true
|
|
recreate: smart
|
|
build: true
|
|
remove_orphans: true
|
|
loop: "{{ compose_directories.files | map(attribute='path') | sort }}"
|
|
when: compose_files.changed or docker_restart
|
|
|
|
|
|
...
|