From 51e9a6775e6b19383d94fae9982819ab85300e7b Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Tue, 4 Jun 2024 22:19:19 -0600 Subject: [PATCH 1/5] Refactor daemon configuration tasks --- .github/workflows/install.yml | 4 ++-- .yamllint | 2 +- Makefile | 4 ++-- defaults/main.yml | 7 ++++--- handlers/main.yml | 2 +- install/playbook.yml | 4 ++-- molecule/{install => common}/converge.yml | 2 +- molecule/{install => common}/verify.yml | 6 +++--- molecule/hold/converge.yml | 4 ++-- molecule/hold/molecule.yml | 4 +++- molecule/hold/prepare.yml | 4 ++-- molecule/hold/side_effect.yml | 2 +- molecule/hold/verify.yml | 4 ++-- molecule/install/molecule.yml | 7 ++++++- poetry.lock | 8 ++++---- pyproject.toml | 2 +- tasks/config.yml | 10 ++++++++++ tasks/logging.yml | 6 +++--- tasks/main.yml | 8 ++++---- tasks/repo.yml | 2 +- tasks/users.yml | 4 ++-- 21 files changed, 57 insertions(+), 39 deletions(-) rename molecule/{install => common}/converge.yml (96%) rename molecule/{install => common}/verify.yml (88%) create mode 100644 tasks/config.yml diff --git a/.github/workflows/install.yml b/.github/workflows/install.yml index 3d7811a..b18d2c9 100644 --- a/.github/workflows/install.yml +++ b/.github/workflows/install.yml @@ -32,8 +32,8 @@ jobs: - name: run local install run: ./install.sh --local - - name: test docker binary + - name: test Docker binary run: docker --version - - name: test docker permissions + - name: test Docker permissions run: docker ps diff --git a/.yamllint b/.yamllint index a098fb8..73ed601 100644 --- a/.yamllint +++ b/.yamllint @@ -14,4 +14,4 @@ rules: line-length: disable truthy: disable octal-values: - forbid-implicit-octal: false + forbid-implicit-octal: true diff --git a/Makefile b/Makefile index 4b8bb49..6bd17f2 100644 --- a/Makefile +++ b/Makefile @@ -13,11 +13,11 @@ all: install version lint test test: lint poetry run molecule test -s ${MOLECULE_SCENARIO} -poetry: +install: @type poetry >/dev/null || pip3 install poetry @poetry install --no-root -lint: poetry +lint: install poetry run yamllint . poetry run ansible-lint . diff --git a/defaults/main.yml b/defaults/main.yml index 157abd2..a34b1cc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,9 +25,10 @@ docker_group: docker docker_user_manage: true docker_group_manage: true docker_user: "{{ lookup('env', 'USER') }}" -docker_log_conf_manage: no -docker_log_conf_file: /etc/docker/daemon.json -docker_log_conf: +docker_conf_file: /etc/docker/daemon.json +docker_conf_manage: false +docker_conf_proxy: [] +docker_conf: log-driver: "json-file" log-opts: max-size: "10m" diff --git a/handlers/main.yml b/handlers/main.yml index c820d79..684fbdf 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: Restart docker service +- name: Restart Docker service ansible.builtin.service: name: "{{ docker_service_name }}" state: restarted diff --git a/install/playbook.yml b/install/playbook.yml index 19725e7..f722831 100644 --- a/install/playbook.yml +++ b/install/playbook.yml @@ -1,5 +1,5 @@ --- -- name: Perform local docker install - hosts: localhost +- name: Perform local Docker install + hosts: docker roles: - nephelaiio.docker diff --git a/molecule/install/converge.yml b/molecule/common/converge.yml similarity index 96% rename from molecule/install/converge.yml rename to molecule/common/converge.yml index 89fdcb8..5a74c8d 100644 --- a/molecule/install/converge.yml +++ b/molecule/common/converge.yml @@ -1,6 +1,6 @@ --- - name: Converge - hosts: all + hosts: docker roles: - nephelaiio.docker pre_tasks: diff --git a/molecule/install/verify.yml b/molecule/common/verify.yml similarity index 88% rename from molecule/install/verify.yml rename to molecule/common/verify.yml index 94a36db..3538009 100644 --- a/molecule/install/verify.yml +++ b/molecule/common/verify.yml @@ -1,13 +1,13 @@ --- - name: Verify - hosts: all + hosts: docker vars: docker_service: docker.service pre_tasks: - - name: Verify docker cli is installed + - name: Verify Docker cli is installed ansible.builtin.command: "docker --version" - - name: Verify docker pip is installed + - name: Verify Docker pip is installed ansible.builtin.command: "python3 -c 'import docker'" - name: Gather service facts diff --git a/molecule/hold/converge.yml b/molecule/hold/converge.yml index 66b06a5..7a16b32 100644 --- a/molecule/hold/converge.yml +++ b/molecule/hold/converge.yml @@ -1,6 +1,6 @@ --- -- name: Deploy docker packages - hosts: all +- name: Deploy Docker packages + hosts: docker become: true roles: - nephelaiio.docker diff --git a/molecule/hold/molecule.yml b/molecule/hold/molecule.yml index bfded11..3c2c887 100644 --- a/molecule/hold/molecule.yml +++ b/molecule/hold/molecule.yml @@ -4,7 +4,7 @@ dependency: driver: name: docker platforms: - - name: docker-hold + - name: docker-${MOLECULE_SCENARIO_NAME} image: geerlingguy/docker-${MOLECULE_DOCKER_IMAGE:-ubuntu2204}-ansible pre_build_image: true command: ${MOLECULE_DOCKER_COMMAND:-"/lib/systemd/systemd"} @@ -15,6 +15,8 @@ platforms: tmpfs: - /tmp - /opt + groups: + - docker provisioner: name: ansible inventory: diff --git a/molecule/hold/prepare.yml b/molecule/hold/prepare.yml index 62964d1..51bdbfe 100644 --- a/molecule/hold/prepare.yml +++ b/molecule/hold/prepare.yml @@ -1,6 +1,6 @@ --- -- name: Deploy docker packages - hosts: all +- name: Deploy Docker packages + hosts: docker become: true roles: - nephelaiio.docker diff --git a/molecule/hold/side_effect.yml b/molecule/hold/side_effect.yml index 24c09a0..de4b49f 100644 --- a/molecule/hold/side_effect.yml +++ b/molecule/hold/side_effect.yml @@ -1,6 +1,6 @@ --- - name: Update OS - hosts: all + hosts: docker become: true roles: - robertdebock.update diff --git a/molecule/hold/verify.yml b/molecule/hold/verify.yml index 838e419..d9fce8a 100644 --- a/molecule/hold/verify.yml +++ b/molecule/hold/verify.yml @@ -1,6 +1,6 @@ --- -- name: Verify docker packages - hosts: all +- name: Verify Docker packages + hosts: docker become: true tasks: - name: Query Debian package versions diff --git a/molecule/install/molecule.yml b/molecule/install/molecule.yml index e22c57a..51967bb 100644 --- a/molecule/install/molecule.yml +++ b/molecule/install/molecule.yml @@ -4,7 +4,7 @@ dependency: driver: name: docker platforms: - - name: docker-install + - name: docker-${MOLECULE_SCENARIO_NAME} image: geerlingguy/docker-${MOLECULE_DOCKER_IMAGE:-ubuntu2204}-ansible pre_build_image: true command: ${MOLECULE_DOCKER_COMMAND:-"/lib/systemd/systemd"} @@ -15,7 +15,12 @@ platforms: tmpfs: - /tmp - /opt + groups: + - docker provisioner: name: ansible + playbooks: + converge: ../common/converge.yml + verify: ../common/verify.yml verifier: name: ansible diff --git a/poetry.lock b/poetry.lock index d885796..87b9ca3 100644 --- a/poetry.lock +++ b/poetry.lock @@ -56,13 +56,13 @@ resolvelib = ">=0.5.3,<1.1.0" [[package]] name = "ansible-lint" -version = "24.5.0" +version = "24.6.0" description = "Checks playbooks for practices and behavior that could potentially be improved" optional = false python-versions = ">=3.10" files = [ - {file = "ansible_lint-24.5.0-py3-none-any.whl", hash = "sha256:a0deb4d58ce267632a26f7e9daf91cd4cd8c2ed783ddbb588a95f86785df20cc"}, - {file = "ansible_lint-24.5.0.tar.gz", hash = "sha256:cf1d9876c63cb26f6677170d4c64b18d8d944b359f8772cba73a2145f8b7a7ac"}, + {file = "ansible_lint-24.6.0-py3-none-any.whl", hash = "sha256:68ddde5b19ba717b6b311d970a327c4b155e80dfa4a9291673235ee26df4db1a"}, + {file = "ansible_lint-24.6.0.tar.gz", hash = "sha256:770dc5ac700bfc778b9effdc6d9bb20bac6c126579c2cbd5e0339fcc041f0af5"}, ] [package.dependencies] @@ -1267,4 +1267,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more [metadata] lock-version = "2.0" python-versions = "^3.10" -content-hash = "49ab84284fe7fbac0cda1deec9b8fa5750cddc5ef0a2ef586b25180521a78209" +content-hash = "751dd53a35760498216c9324e376fad5096edefb44c1f68ed02d10666315ccf0" diff --git a/pyproject.toml b/pyproject.toml index 5fcab59..e52537c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,7 +8,7 @@ authors = ["Ted Cook "] python = "^3.10" [tool.poetry.group.dev.dependencies] -ansible-lint = { version = "^24.5.0", markers = "platform_system != 'Windows'" } +ansible-lint = { version = "^24.6.0", markers = "platform_system != 'Windows'" } ansible = "^9.5.1" molecule = "^24.2.1" molecule-plugins = "^23.5.3" diff --git a/tasks/config.yml b/tasks/config.yml new file mode 100644 index 0000000..ac64c5d --- /dev/null +++ b/tasks/config.yml @@ -0,0 +1,10 @@ +--- +- name: Configure Docker daemon + ansible.builtin.copy: + dest: "{{ docker_log_conf_file }}" + content: "{{ docker_log_conf | to_nice_json(indent=2) }}" + group: root + owner: root + mode: 'u=rw,go=r' + notify: docker_restart # noqa name[casing] + when: docker_proxy | bool diff --git a/tasks/logging.yml b/tasks/logging.yml index 48d3eb5..ac64c5d 100644 --- a/tasks/logging.yml +++ b/tasks/logging.yml @@ -1,10 +1,10 @@ --- -- name: Configure logging +- name: Configure Docker daemon ansible.builtin.copy: dest: "{{ docker_log_conf_file }}" content: "{{ docker_log_conf | to_nice_json(indent=2) }}" group: root owner: root - mode: 0644 + mode: 'u=rw,go=r' notify: docker_restart # noqa name[casing] - when: docker_log_conf_manage + when: docker_proxy | bool diff --git a/tasks/main.yml b/tasks/main.yml index 34c3cbe..9d39bef 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -55,7 +55,7 @@ state: directory group: root owner: root - mode: 0644 + mode: 'u=rw,go=r' tags: install - name: Configure systemd service @@ -69,13 +69,13 @@ dest: "{{ docker_configuration_file }}" group: root owner: root - mode: 0644 + mode: 'u=rw,go=r' - name: Include service tasks ansible.builtin.include_tasks: service.yml -- name: Include logging tasks - ansible.builtin.include_tasks: logging.yml +- name: Include configuration tasks + ansible.builtin.include_tasks: config.yml - name: Include user tasks ansible.builtin.include_tasks: users.yml diff --git a/tasks/repo.yml b/tasks/repo.yml index f86f9f1..eb5f7d7 100644 --- a/tasks/repo.yml +++ b/tasks/repo.yml @@ -59,7 +59,7 @@ ansible.builtin.get_url: url: "{{ docker_rpm_repo.url }}" dest: /etc/yum.repos.d/docker.repo - mode: 0644 + mode: 'u=rw,go=r' when: docker_repo_state != 'absent' - name: Remove yum repository diff --git a/tasks/users.yml b/tasks/users.yml index a86b6ea..05e3e91 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -1,10 +1,10 @@ --- -- name: Manage docker groups +- name: Manage Docker groups ansible.builtin.group: name: "{{ docker_group }}" when: docker_group_manage -- name: Manage docker users +- name: Manage Docker users ansible.builtin.user: append: true groups: "{{ docker_group }}" From 3c802e817a7bf0fbf34f475da2085f09fdc6bbd6 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Tue, 4 Jun 2024 22:23:13 -0600 Subject: [PATCH 2/5] Revert Makefile target name changes --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 6bd17f2..4b8bb49 100644 --- a/Makefile +++ b/Makefile @@ -13,11 +13,11 @@ all: install version lint test test: lint poetry run molecule test -s ${MOLECULE_SCENARIO} -install: +poetry: @type poetry >/dev/null || pip3 install poetry @poetry install --no-root -lint: install +lint: poetry poetry run yamllint . poetry run ansible-lint . From 7a69fee8cb47a6b4d68924f987592f8def232468 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Tue, 4 Jun 2024 22:28:06 -0600 Subject: [PATCH 3/5] Fix broken varrefs --- tasks/config.yml | 2 +- tasks/logging.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/config.yml b/tasks/config.yml index ac64c5d..d2e2f15 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -7,4 +7,4 @@ owner: root mode: 'u=rw,go=r' notify: docker_restart # noqa name[casing] - when: docker_proxy | bool + when: docker_conf_proxy | bool diff --git a/tasks/logging.yml b/tasks/logging.yml index ac64c5d..d2e2f15 100644 --- a/tasks/logging.yml +++ b/tasks/logging.yml @@ -7,4 +7,4 @@ owner: root mode: 'u=rw,go=r' notify: docker_restart # noqa name[casing] - when: docker_proxy | bool + when: docker_conf_proxy | bool From ffb064bef2c3397699e9771c78e897208f5da8a1 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Tue, 4 Jun 2024 22:36:22 -0600 Subject: [PATCH 4/5] Fix configuration management flag logic --- defaults/main.yml | 2 +- tasks/config.yml | 2 +- tasks/logging.yml | 10 ---------- 3 files changed, 2 insertions(+), 12 deletions(-) delete mode 100644 tasks/logging.yml diff --git a/defaults/main.yml b/defaults/main.yml index a34b1cc..a3c9452 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -27,7 +27,7 @@ docker_group_manage: true docker_user: "{{ lookup('env', 'USER') }}" docker_conf_file: /etc/docker/daemon.json docker_conf_manage: false -docker_conf_proxy: [] +docker_conf_mirror: [] docker_conf: log-driver: "json-file" log-opts: diff --git a/tasks/config.yml b/tasks/config.yml index d2e2f15..ad114a8 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -7,4 +7,4 @@ owner: root mode: 'u=rw,go=r' notify: docker_restart # noqa name[casing] - when: docker_conf_proxy | bool + when: docker_conf_manage | bool diff --git a/tasks/logging.yml b/tasks/logging.yml deleted file mode 100644 index d2e2f15..0000000 --- a/tasks/logging.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Configure Docker daemon - ansible.builtin.copy: - dest: "{{ docker_log_conf_file }}" - content: "{{ docker_log_conf | to_nice_json(indent=2) }}" - group: root - owner: root - mode: 'u=rw,go=r' - notify: docker_restart # noqa name[casing] - when: docker_conf_proxy | bool From 6e93df8e7e767b57e425a73cb0f37cc290e8f4e3 Mon Sep 17 00:00:00 2001 From: Ted Cook Date: Tue, 4 Jun 2024 22:44:50 -0600 Subject: [PATCH 5/5] Add container run test --- molecule/common/verify.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/molecule/common/verify.yml b/molecule/common/verify.yml index 3538009..030e420 100644 --- a/molecule/common/verify.yml +++ b/molecule/common/verify.yml @@ -27,3 +27,8 @@ ansible.builtin.assert: that: docker service is running when: ansible_facts.services[docker_service].status != "enabled" + + - name: Run sample Docker container + ansible.builtin.docker_container: + name: hello + image: hello-world