feat: add network for Metabase

e9cc3f0c · Théo - Le Filament · 46d826b9 · e9cc3f0c · e9cc3f0c · e9cc3f0c
--- a/handlers/main.yml
+++ b/handlers/main.yml
 ---

- name: Restart docker daemon
+- name: "Restart Docker daemon"
  ansible.builtin.systemd_service:
    state: restarted
-    name: docker
-
- name: Restart inverseproxy container
-  block:
-    - name: Remove container
-      community.docker.docker_compose_v2:
-        project_src: /home/docker/inverseproxy
-        remove_orphans: true
-        state: absent
+    recreate: always
+    pull: missing
+    name: "docker"
  async: 120
  poll: 10
-      listen: "restart inverseproxy container"
+  listen: "restart docker daemon"

-    - name: Start container
+- name: "Restart reverse proxy container"
+  tags:
+    - "upgrade_proxy"
  community.docker.docker_compose_v2:
-        project_src: /home/docker/inverseproxy
+    project_src: "/home/docker/inverseproxy"
    recreate: always
-        remove_orphans: true
    state: present
  async: 120
  poll: 10
-      listen: "restart inverseproxy container"
-  when: not ansible_check_mode
+  listen: "restart reverseproxy container"
--- a/tasks/main.yml
+++ b/tasks/main.yml
 ---
- name: Include OS-specific variables.
+- name: "Include OS-specific variables."
  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"

- name: Install apt-transport-https package
+- name: "Install apt-transport-https package"
  ansible.builtin.apt:
-      name: apt-transport-https
+    name: "apt-transport-https"
    install_recommends: false
    state: latest
  when: ansible_os_family == "Debian"

- name: Install OS packages
+- name: "Install OS packages"
  ansible.builtin.package:
    name: "{{ packages_to_install }}"
    state: latest
@@ -17,7 +17,7 @@
  poll: 10
  when: not ansible_check_mode

- name: Check installed OS packages
+- name: "Check installed OS packages"
  ansible.builtin.package:
    name: "{{ packages_to_install }}"
    state: latest
@@ -25,149 +25,166 @@

 - name: Create /etc/docker repo
  ansible.builtin.file:
-      name: /etc/docker
+    name: "/etc/docker"
    state: directory
-      owner: root
-      group: root
-      mode: '0755'
+    owner: "root"
+    group: "root"
+    mode: "0755"

- name: Securize docker daemon
+- name: "Securize docker daemon"
  ansible.builtin.template:
-      src: daemon.json.j2
-      dest: /etc/docker/daemon.json
-      owner: root
-      group: root
-      mode: '0644'
+    src: "daemon.json.j2"
+    dest: "/etc/docker/daemon.json"
+    owner: "root"
+    group: "root"
+    mode: "0644"
  notify:
-      - Restart docker daemon
+    - "restart docker daemon"

- name: Create .docker repo
+- name: "Create .docker repo"
  ansible.builtin.file:
-      name: /root/.docker
+    name: "/root/.docker"
    state: directory
-      owner: root
-      group: root
-      mode: '0750'
+    owner: "root"
+    group: "root"
+    mode: "0750"
  when: docker_registry_auth is defined

- name: Add specific repo auth
+- name: "Add specific repo auth"
  ansible.builtin.copy:
    content: "{{ docker_registry_auth }}"
-      dest: /root/.docker/config.json
-      owner: root
-      group: root
-      mode: '0644'
+    dest: "/root/.docker/config.json"
+    owner: "root"
+    group: "root"
+    mode: "0644"
  when: docker_registry_auth is defined

- name: Create docker repo
+- name: "Create docker repo"
  tags:
    - "backup_odoo"
  ansible.builtin.file:
-      name: /home/docker/backups
+    name: "/home/docker/backups"
    state: directory
-      owner: root
-      group: root
-      mode: '0755'
+    owner: "root"
+    group: "root"
+    mode: "0755"

 ## Install Proxy docker
- name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy
-  ansible.builtin.file:
-      name: /home/docker/inverseproxy
-      state: directory
-      owner: root
-      group: root
-      mode: '0755'
+- name: "Create Inverse Proxy docker structure on server in /home/docker/inverseproxy"
  tags:
    - "docker_proxy"
    - "metabase"
+  ansible.builtin.file:
+    name: "/home/docker/inverseproxy"
+    state: directory
+    owner: "root"
+    group: "root"
+    mode: "0755"

- name: Install proxy docker
-  ansible.builtin.template:
-      src: inverseproxy.yaml.j2
-      dest: /home/docker/inverseproxy/docker-compose.yaml
-      owner: root
-      group: root
-      mode: '0644'
+- name: "Install proxy docker"
  tags:
    - "docker_proxy"
    - "metabase"
+  ansible.builtin.template:
+    src: "inverseproxy.yaml.j2"
+    dest: "/home/docker/inverseproxy/docker-compose.yaml"
+    owner: "root"
+    group: "root"
+    mode: "0644"
  notify:
-      - restart inverseproxy container
+    - "restart reverseproxy container"

- name: Copy Traefik configuration file
-  ansible.builtin.template:
-      src: traefik.toml.j2
-      dest: "/home/docker/inverseproxy/traefik.toml"
-      owner: root
-      group: root
-      mode: '0644'
+- name: "Copy Traefik configuration file"
  tags:
    - "docker_proxy"
    - "metabase"
+  ansible.builtin.template:
+    src: "traefik.toml.j2"
+    dest: "/home/docker/inverseproxy/traefik.toml"
+    owner: "root"
+    group: "root"
+    mode: "0644"
  notify:
-      - restart inverseproxy container
+    - "restart reverseproxy container"

- name: Copy Docker Facts Collection script on server
+- name: "Copy Docker Facts Collection script on server"
  ansible.builtin.template:
-      src: collect_docker_facts.sh.j2
-      dest: /root/collect_docker_facts.sh
-      owner: root
-      group: root
-      mode: '0700'
+    src: "collect_docker_facts.sh.j2"
+    dest: "/root/collect_docker_facts.sh"
+    owner: "root"
+    group: "root"
+    mode: "0700"
  when: inventory_hostname in groups.maintenance_contract

- name: Add cron job to check Docker versions every day
+- name: "Add cron job to check Docker versions every day"
  ansible.builtin.cron:
-      name: collect docker facts
+    name: "collect docker facts"
    minute: "1"
    hour: "2"
-      job: /root/collect_docker_facts.sh
+    job: "/root/collect_docker_facts.sh"
  when: inventory_hostname in groups.maintenance_contract

 # Flush handlers in order to be able to restart docker daemon with new config and retrieve vars
- name: Flush handlers
+- name: "Flush handlers"
  ansible.builtin.meta: flush_handlers

- name: Enable service docker
+- name: "Enable service docker"
  ansible.builtin.service:
-      name: docker
+    name: "docker"
    enabled: true

- name: Start service docker, if not started
+- name: "Start service docker, if not started"
  ansible.builtin.service:
-      name: docker
+    name: "docker"
    state: started

- name: Retrieve subuid for dockremap
-  ansible.builtin.command: grep dockremap /etc/subuid
+- name: "Retrieve subuid for dockremap"
+  ansible.builtin.command:
+    cmd: "grep dockremap /etc/subuid"
  register: dockremap_subuid_output
  when: docker_userns_remap

- name: Retrieve subgid for dockremap
-  ansible.builtin.command: grep dockremap /etc/subgid
+- name: "Retrieve subgid for dockremap"
+  ansible.builtin.command:
+    cmd: "grep dockremap /etc/subgid"
  register: dockremap_subgid_output
  when: docker_userns_remap

- name: Save uid to hostvars for dockremap user
+- name: "Save uid to hostvars for dockremap user"
  ansible.builtin.lineinfile:
    name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
    regexp: "dockremap_subuid:"
    line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
    create: true
-      mode: '0664'
+    mode: "0664"
  connection: local
  become: false
  delegate_to: localhost
-  when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode
+  when: >
+    docker_userns_remap
+    and dockremap_subuid_output.stdout is defined
+    and not ansible_check_mode

- name: Save gid to hostvars for dockremap user
+- name: "Save gid to hostvars for dockremap user"
  ansible.builtin.lineinfile:
    name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
    regexp: "dockremap_subgid:"
    line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
    create: true
-      mode: '0664'
+    mode: "0664"
  connection: local
  become: false
  delegate_to: localhost
-  when: docker_userns_remap and dockremap_subgid_output.stdout is defined and not ansible_check_mode
+  when: >
+    docker_userns_remap
+    and dockremap_subgid_output.stdout is defined
+    and not ansible_check_mode
+
+- name: "Restart reverseproxy"
+  tags:
+    - "docker_proxy_restart"
+  ansible.builtin.debug:
+    msg: "trigger reverseproxy restart"
+  changed_when: true
+  notify:
+    - "restart reverseproxy container"
--- a/templates/inverseproxy.yaml.j2
+++ b/templates/inverseproxy.yaml.j2
@@ -32,6 +32,9 @@ services:
 {% endif %}
 {% if odoo_instances is defined and odoo_instances.values() | list | selectattr('metabase', 'defined') %}
            bi:
+{% endif %}
+{% if metabase_instances is defined %}
+            metabase:
 {% endif %}
            smtp:
            private:
@@ -104,6 +107,12 @@ networks:
        internal: true
        driver_opts:
            encrypted: 1
+{% endif %}
+{% if metabase_instances is defined %}
+    metabase:
+        internal: true
+        driver_opts:
+            encrypted: 1
 {% endif %}
    smtp:
        internal: true