From e9cc3f0c1344f0f917b7e41fdbc90391128173b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20-=20Le=20Filament?= <theo@le-filament.com>
Date: Wed, 18 Dec 2024 19:38:16 +0100
Subject: [PATCH] feat: add network for Metabase
---
handlers/main.yml | 40 +++---
tasks/main.yml | 217 ++++++++++++++++++---------------
templates/inverseproxy.yaml.j2 | 9 ++
3 files changed, 143 insertions(+), 123 deletions(-)
diff --git a/handlers/main.yml b/handlers/main.yml
index 3876241..053d02b 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,28 +1,22 @@
---
-- name: Restart docker daemon
+- name: "Restart Docker daemon"
ansible.builtin.systemd_service:
state: restarted
- name: docker
+ recreate: always
+ pull: missing
+ name: "docker"
+ async: 120
+ poll: 10
+ listen: "restart docker daemon"
-- name: Restart inverseproxy container
- block:
- - name: Remove container
- community.docker.docker_compose_v2:
- project_src: /home/docker/inverseproxy
- remove_orphans: true
- state: absent
- async: 120
- poll: 10
- listen: "restart inverseproxy container"
-
- - name: Start container
- community.docker.docker_compose_v2:
- project_src: /home/docker/inverseproxy
- recreate: always
- remove_orphans: true
- state: present
- async: 120
- poll: 10
- listen: "restart inverseproxy container"
- when: not ansible_check_mode
+- name: "Restart reverse proxy container"
+ tags:
+ - "upgrade_proxy"
+ community.docker.docker_compose_v2:
+ project_src: "/home/docker/inverseproxy"
+ recreate: always
+ state: present
+ async: 120
+ poll: 10
+ listen: "restart reverseproxy container"
diff --git a/tasks/main.yml b/tasks/main.yml
index 565d1f1..424a786 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,173 +1,190 @@
---
-- name: Include OS-specific variables.
+- name: "Include OS-specific variables."
ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
-- name: Install apt-transport-https package
+- name: "Install apt-transport-https package"
ansible.builtin.apt:
- name: apt-transport-https
- install_recommends: false
- state: latest
+ name: "apt-transport-https"
+ install_recommends: false
+ state: latest
when: ansible_os_family == "Debian"
-- name: Install OS packages
+- name: "Install OS packages"
ansible.builtin.package:
- name: "{{ packages_to_install }}"
- state: latest
+ name: "{{ packages_to_install }}"
+ state: latest
async: 120
poll: 10
when: not ansible_check_mode
-- name: Check installed OS packages
+- name: "Check installed OS packages"
ansible.builtin.package:
- name: "{{ packages_to_install }}"
- state: latest
+ name: "{{ packages_to_install }}"
+ state: latest
when: ansible_check_mode
- name: Create /etc/docker repo
ansible.builtin.file:
- name: /etc/docker
- state: directory
- owner: root
- group: root
- mode: '0755'
+ name: "/etc/docker"
+ state: directory
+ owner: "root"
+ group: "root"
+ mode: "0755"
-- name: Securize docker daemon
+- name: "Securize docker daemon"
ansible.builtin.template:
- src: daemon.json.j2
- dest: /etc/docker/daemon.json
- owner: root
- group: root
- mode: '0644'
+ src: "daemon.json.j2"
+ dest: "/etc/docker/daemon.json"
+ owner: "root"
+ group: "root"
+ mode: "0644"
notify:
- - Restart docker daemon
+ - "restart docker daemon"
-- name: Create .docker repo
+- name: "Create .docker repo"
ansible.builtin.file:
- name: /root/.docker
- state: directory
- owner: root
- group: root
- mode: '0750'
+ name: "/root/.docker"
+ state: directory
+ owner: "root"
+ group: "root"
+ mode: "0750"
when: docker_registry_auth is defined
-- name: Add specific repo auth
+- name: "Add specific repo auth"
ansible.builtin.copy:
- content: "{{ docker_registry_auth }}"
- dest: /root/.docker/config.json
- owner: root
- group: root
- mode: '0644'
+ content: "{{ docker_registry_auth }}"
+ dest: "/root/.docker/config.json"
+ owner: "root"
+ group: "root"
+ mode: "0644"
when: docker_registry_auth is defined
-- name: Create docker repo
+- name: "Create docker repo"
tags:
- "backup_odoo"
ansible.builtin.file:
- name: /home/docker/backups
- state: directory
- owner: root
- group: root
- mode: '0755'
+ name: "/home/docker/backups"
+ state: directory
+ owner: "root"
+ group: "root"
+ mode: "0755"
## Install Proxy docker
-- name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy
- ansible.builtin.file:
- name: /home/docker/inverseproxy
- state: directory
- owner: root
- group: root
- mode: '0755'
+- name: "Create Inverse Proxy docker structure on server in /home/docker/inverseproxy"
tags:
- "docker_proxy"
- "metabase"
+ ansible.builtin.file:
+ name: "/home/docker/inverseproxy"
+ state: directory
+ owner: "root"
+ group: "root"
+ mode: "0755"
-- name: Install proxy docker
- ansible.builtin.template:
- src: inverseproxy.yaml.j2
- dest: /home/docker/inverseproxy/docker-compose.yaml
- owner: root
- group: root
- mode: '0644'
+- name: "Install proxy docker"
tags:
- "docker_proxy"
- "metabase"
+ ansible.builtin.template:
+ src: "inverseproxy.yaml.j2"
+ dest: "/home/docker/inverseproxy/docker-compose.yaml"
+ owner: "root"
+ group: "root"
+ mode: "0644"
notify:
- - restart inverseproxy container
+ - "restart reverseproxy container"
-- name: Copy Traefik configuration file
- ansible.builtin.template:
- src: traefik.toml.j2
- dest: "/home/docker/inverseproxy/traefik.toml"
- owner: root
- group: root
- mode: '0644'
+- name: "Copy Traefik configuration file"
tags:
- "docker_proxy"
- "metabase"
+ ansible.builtin.template:
+ src: "traefik.toml.j2"
+ dest: "/home/docker/inverseproxy/traefik.toml"
+ owner: "root"
+ group: "root"
+ mode: "0644"
notify:
- - restart inverseproxy container
+ - "restart reverseproxy container"
-- name: Copy Docker Facts Collection script on server
+- name: "Copy Docker Facts Collection script on server"
ansible.builtin.template:
- src: collect_docker_facts.sh.j2
- dest: /root/collect_docker_facts.sh
- owner: root
- group: root
- mode: '0700'
+ src: "collect_docker_facts.sh.j2"
+ dest: "/root/collect_docker_facts.sh"
+ owner: "root"
+ group: "root"
+ mode: "0700"
when: inventory_hostname in groups.maintenance_contract
-- name: Add cron job to check Docker versions every day
+- name: "Add cron job to check Docker versions every day"
ansible.builtin.cron:
- name: collect docker facts
- minute: "1"
- hour: "2"
- job: /root/collect_docker_facts.sh
+ name: "collect docker facts"
+ minute: "1"
+ hour: "2"
+ job: "/root/collect_docker_facts.sh"
when: inventory_hostname in groups.maintenance_contract
# Flush handlers in order to be able to restart docker daemon with new config and retrieve vars
-- name: Flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
-- name: Enable service docker
+- name: "Enable service docker"
ansible.builtin.service:
- name: docker
- enabled: true
+ name: "docker"
+ enabled: true
-- name: Start service docker, if not started
+- name: "Start service docker, if not started"
ansible.builtin.service:
- name: docker
- state: started
+ name: "docker"
+ state: started
-- name: Retrieve subuid for dockremap
- ansible.builtin.command: grep dockremap /etc/subuid
+- name: "Retrieve subuid for dockremap"
+ ansible.builtin.command:
+ cmd: "grep dockremap /etc/subuid"
register: dockremap_subuid_output
when: docker_userns_remap
-- name: Retrieve subgid for dockremap
- ansible.builtin.command: grep dockremap /etc/subgid
+- name: "Retrieve subgid for dockremap"
+ ansible.builtin.command:
+ cmd: "grep dockremap /etc/subgid"
register: dockremap_subgid_output
when: docker_userns_remap
-- name: Save uid to hostvars for dockremap user
+- name: "Save uid to hostvars for dockremap user"
ansible.builtin.lineinfile:
- name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
- regexp: "dockremap_subuid:"
- line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
- create: true
- mode: '0664'
+ name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
+ regexp: "dockremap_subuid:"
+ line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
+ create: true
+ mode: "0664"
connection: local
become: false
delegate_to: localhost
- when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode
+ when: >
+ docker_userns_remap
+ and dockremap_subuid_output.stdout is defined
+ and not ansible_check_mode
-- name: Save gid to hostvars for dockremap user
+- name: "Save gid to hostvars for dockremap user"
ansible.builtin.lineinfile:
- name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
- regexp: "dockremap_subgid:"
- line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
- create: true
- mode: '0664'
+ name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
+ regexp: "dockremap_subgid:"
+ line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
+ create: true
+ mode: "0664"
connection: local
become: false
delegate_to: localhost
- when: docker_userns_remap and dockremap_subgid_output.stdout is defined and not ansible_check_mode
+ when: >
+ docker_userns_remap
+ and dockremap_subgid_output.stdout is defined
+ and not ansible_check_mode
+
+- name: "Restart reverseproxy"
+ tags:
+ - "docker_proxy_restart"
+ ansible.builtin.debug:
+ msg: "trigger reverseproxy restart"
+ changed_when: true
+ notify:
+ - "restart reverseproxy container"
diff --git a/templates/inverseproxy.yaml.j2 b/templates/inverseproxy.yaml.j2
index 82c7a15..1253656 100644
--- a/templates/inverseproxy.yaml.j2
+++ b/templates/inverseproxy.yaml.j2
@@ -32,6 +32,9 @@ services:
{% endif %}
{% if odoo_instances is defined and odoo_instances.values() | list | selectattr('metabase', 'defined') %}
bi:
+{% endif %}
+{% if metabase_instances is defined %}
+ metabase:
{% endif %}
smtp:
private:
@@ -104,6 +107,12 @@ networks:
internal: true
driver_opts:
encrypted: 1
+{% endif %}
+{% if metabase_instances is defined %}
+ metabase:
+ internal: true
+ driver_opts:
+ encrypted: 1
{% endif %}
smtp:
internal: true
--
GitLab