debian.ansible.docker/docker.yml

---

- name: docker
  hosts: all
  tasks:

### Docker ###

    - name: Create docker Group
      ansible.builtin.group:
        name: docker
        state: present
        gid: 1003

    - name: Create docker User
      ansible.builtin.user:
        name: docker
        comment: docker User
        uid: 1003
        group: docker

    - name: Hide docker user from login screen
      blockinfile:
        path: /var/lib/AccountsService/users/docker
        mode: "0444"
        owner: root
        group: root
        create: yes
        block: |
          [User]
          SystemAccount=true          
        backup: no

    - name: Create docker dir
      ansible.builtin.file:
        path: /home/docker
        owner: docker
        group: docker
        state: directory
        mode: '0750'

    - name: Create docker-data dir
      ansible.builtin.file:
        path: /home/docker/var-lib-docker
        owner: root
        group: root
        state: directory
        mode: '0710'

    - name: Create /var/lib/docker -> /home/docker/var-lib-docker symlink
      ansible.builtin.file:
        src: /home/docker/var-lib-docker
        dest: /var/lib/docker
        owner: root
        group: root
        state: link

    - name: Remove packages for docker from default repo
      apt:
        name:
          - docker.io
          - docker-compose
          - containerd
          - runc
        state: absent
        update_cache: no
        install_recommends: no

    - name: Add signing key
      ansible.builtin.apt_key:
        url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
        state: present

    - name: Add repository into sources list
      ansible.builtin.apt_repository:
        repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
        state: present
        filename: docker

    - name: Packages for docker
      apt:
        name:
          - docker-ce
          - docker-ce-cli 
          - containerd.io 
          - docker-buildx-plugin 
          - docker-compose-plugin
          - bridge-utils
          - apache2-utils
        update_cache: yes
        install_recommends: no

    - name: /usr/local/sbin/autoupdate.d/docker.update
      blockinfile:
        path: /usr/local/sbin/autoupdate.d/docker.update
        mode: "0400"
        owner: root
        group: root
        create: yes
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          # Docker
          g_echo_ok "check for updates"
          # Clean up docker images
          docker system prune -af
          find /home/docker -maxdepth 1 -mindepth 1 -type d | egrep -v "mailcow-dockerized$|.del$|.bak$|.old$|var-lib-docker$" | while read docker
          do
            [ -f "$docker/docker-compose.yml" ] || continue
            g_echo_ok "$docker"
            cd "${docker}"
            if docker-compose -l warn --no-ansi pull --include-deps 2>&1 | grep "download complete"
            then
              g_echo_warn "Installiere $docker Update"
              docker-compose -l warn --no-ansi down  >$g_tmp/down 2>&1 || g_echo_error "$docker: docker-compose pull fehlgeschlagen: $(cat $g_tmp/down)"
              docker-compose -l warn --no-ansi up -d >$g_tmp/up 2>&1   || g_echo_error "$docker: docker-compose up fehlgeschlagen: $(cat $g_tmp/up)"
            fi
            if [ -f Dockerfile ]
            then
              if docker-compose -l warn --no-ansi build --pull --no-cache --force-rm >$g_tmp/build 2>&1
              then
                docker-compose -l warn --no-ansi down  >$g_tmp/down 2>&1 || g_echo_error "$docker: docker-compose pull fehlgeschlagen: $(cat $g_tmp/down)"
                docker-compose -l warn --no-ansi up -d >$g_tmp/up 2>&1   || g_echo_error "$docker: docker-compose up fehlgeschlagen: $(cat $g_tmp/up)"
              else
                g_echo_error "$docker: docker-compose build fehlgeschlagen: $(cat $g_tmp/build)"
              fi
            fi
          done          
        backup: yes
        validate: /bin/bash -n %s

    - name: /usr/local/sbin/backup.d/docker.backup
      blockinfile:
        path: /usr/local/sbin/backup.d/docker.backup
        mode: "0400"
        owner: root
        group: root
        create: yes
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          ### DB Backup
          g_echo_ok "Starte Backup von MySQL-Datenbanken (Docker)"
           
          DAYS=7
           
          TIMESTAMP=$(date +"%Y%m%d%H%M")
          CONTAINER=$(docker ps --format \{\{.Names\}\}:\{\{.Image\}\}| grep 'mysql\|mariadb' | cut -d":" -f1 | grep -v mailcow)
           
          mkdir -p $BACKUPDIR
          for i in $CONTAINER
          do
            MARIADB_DATABASE=$(docker exec $i env | egrep "MARIADB_DATABASE|MYSQL_DATABASE" | tail -n1 |cut -d"=" -f2)
            MARIADB_PWD=$(docker exec $i env | egrep "MARIADB_PASSWORD|MYSQL_PASSWORD" | tail -n1 |cut -d"=" -f2)
            MARIADB_USR=$(docker exec $i env | egrep "MARIADB_USER|MYSQL_USER" | tail -n1 |cut -d"=" -f2)
            g_echo "Sichere Datenbank $MARIADB_DATABASE DB aus $i";
            docker exec $i /usr/bin/mysqldump --no-tablespaces -u $MARIADB_USR -p$MARIADB_PWD $MARIADB_DATABASE 2>${g_tmp}/dberr | gzip > $BACKUPDIR/$i-$MARIADB_DATABASE-$TIMESTAMP.sql.gz || g_echo_error "DB-Backup von $MARIADB_DATABASE war nicht erfolgreich $(cat ${g_tmp}/dberr)"
            # dont delete last old backups!
            OLD_BACKUPS=$(ls -1 $BACKUPDIR/$i*.gz |wc -l)
            if [ $OLD_BACKUPS -gt $DAYS ]; then
              find $BACKUPDIR -name "$i*.gz" -daystart -mtime +$DAYS -delete
            fi
          done          
        backup: yes
        validate: /bin/bash -n %s

    - name: docker-compose command/alias for backward compatibility - now docker compose
      blockinfile:
        path: /usr/local/sbin/docker-compose
        mode: "0755"
        owner: root
        group: root
        create: yes
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          docker compose $@
        backup: yes
        validate: /bin/bash -n %s

    - name: /usr/local/sbin/docker-compose shebang
      lineinfile:
        path: /usr/local/sbin/docker-compose
        insertbefore: BOF
        line: "#!/bin/bash -e"
first commit 2022-07-10 10:50:57 +02:00			`---`

			`- name: docker`
			`hosts: all`
			`tasks:`

			`### Docker ###`

			`- name: Create docker Group`
			`ansible.builtin.group:`
			`name: docker`
			`state: present`
			`gid: 1003`

			`- name: Create docker User`
			`ansible.builtin.user:`
			`name: docker`
			`comment: docker User`
			`uid: 1003`
			`group: docker`

„docker.yml“ ändern 2023-02-09 13:52:16 +01:00			`- name: Hide docker user from login screen`
			`blockinfile:`
			`path: /var/lib/AccountsService/users/docker`
			`mode: "0444"`
			`owner: root`
			`group: root`
			`create: yes`
			`block: \|`
			`[User]`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`SystemAccount=true`
„docker.yml“ ändern 2023-02-09 13:52:16 +01:00			`backup: no`

first commit 2022-07-10 10:50:57 +02:00			`- name: Create docker dir`
			`ansible.builtin.file:`
			`path: /home/docker`
			`owner: docker`
			`group: docker`
			`state: directory`
			`mode: '0750'`

revert 0d46dd064fd6a2ad9ace8dd8a8ac38edecff58cf revert „docker.yml“ ändern 2022-07-14 12:33:36 +02:00			`- name: Create docker-data dir`
			`ansible.builtin.file:`
			`path: /home/docker/var-lib-docker`
			`owner: root`
			`group: root`
			`state: directory`
			`mode: '0710'`

first commit 2022-07-10 10:50:57 +02:00			`- name: Create /var/lib/docker -> /home/docker/var-lib-docker symlink`
			`ansible.builtin.file:`
			`src: /home/docker/var-lib-docker`
			`dest: /var/lib/docker`
			`owner: root`
			`group: root`
			`state: link`

newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- name: Remove packages for docker from default repo`
first commit 2022-07-10 10:50:57 +02:00			`apt:`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`name:`
first commit 2022-07-10 10:50:57 +02:00			`- docker.io`
			`- docker-compose`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- containerd`
			`- runc`
			`state: absent`
first commit 2022-07-10 10:50:57 +02:00			`update_cache: no`
			`install_recommends: no`

newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- name: Add signing key`
			`ansible.builtin.apt_key:`
			`url: "https://download.docker.com/linux/{{ ansible_distribution \| lower }}/gpg"`
			`state: present`

			`- name: Add repository into sources list`
			`ansible.builtin.apt_repository:`
			`repo: "deb https://download.docker.com/linux/{{ ansible_distribution \| lower }} {{ ansible_distribution_release }} stable"`
			`state: present`
			`filename: docker`

			`- name: Packages for docker`
			`apt:`
			`name:`
			`- docker-ce`
			`- docker-ce-cli`
			`- containerd.io`
			`- docker-buildx-plugin`
			`- docker-compose-plugin`
			`- bridge-utils`
			`- apache2-utils`
			`update_cache: yes`
			`install_recommends: no`

first commit 2022-07-10 10:50:57 +02:00			`- name: /usr/local/sbin/autoupdate.d/docker.update`
			`blockinfile:`
			`path: /usr/local/sbin/autoupdate.d/docker.update`
			`mode: "0400"`
			`owner: root`
			`group: root`
			`create: yes`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`# Docker`
			`g_echo_ok "check for updates"`
			`# Clean up docker images`
			`docker system prune -af`
exclude some dirs in docker at update 2022-11-29 11:18:50 +01:00			`find /home/docker -maxdepth 1 -mindepth 1 -type d \| egrep -v "mailcow-dockerized$\|.del$\|.bak$\|.old$\|var-lib-docker$" \| while read docker`
first commit 2022-07-10 10:50:57 +02:00			`do`
			`[ -f "$docker/docker-compose.yml" ] \|\| continue`
			`g_echo_ok "$docker"`
			`cd "${docker}"`
syntax change --loog-level WARNING -> -l warn 2023-04-19 09:03:36 +02:00			`if docker-compose -l warn --no-ansi pull --include-deps 2>&1 \| grep "download complete"`
first commit 2022-07-10 10:50:57 +02:00			`then`
			`g_echo_warn "Installiere $docker Update"`
syntax change --loog-level WARNING -> -l warn 2023-04-19 09:03:36 +02:00			`docker-compose -l warn --no-ansi down >$g_tmp/down 2>&1 \|\| g_echo_error "$docker: docker-compose pull fehlgeschlagen: $(cat $g_tmp/down)"`
			`docker-compose -l warn --no-ansi up -d >$g_tmp/up 2>&1 \|\| g_echo_error "$docker: docker-compose up fehlgeschlagen: $(cat $g_tmp/up)"`
first commit 2022-07-10 10:50:57 +02:00			`fi`
			`if [ -f Dockerfile ]`
			`then`
syntax change --loog-level WARNING -> -l warn 2023-04-19 09:03:36 +02:00			`if docker-compose -l warn --no-ansi build --pull --no-cache --force-rm >$g_tmp/build 2>&1`
first commit 2022-07-10 10:50:57 +02:00			`then`
syntax change --loog-level WARNING -> -l warn 2023-04-19 09:03:36 +02:00			`docker-compose -l warn --no-ansi down >$g_tmp/down 2>&1 \|\| g_echo_error "$docker: docker-compose pull fehlgeschlagen: $(cat $g_tmp/down)"`
			`docker-compose -l warn --no-ansi up -d >$g_tmp/up 2>&1 \|\| g_echo_error "$docker: docker-compose up fehlgeschlagen: $(cat $g_tmp/up)"`
first commit 2022-07-10 10:50:57 +02:00			`else`
better error reporting 2022-11-30 16:00:14 +01:00			`g_echo_error "$docker: docker-compose build fehlgeschlagen: $(cat $g_tmp/build)"`
first commit 2022-07-10 10:50:57 +02:00			`fi`
			`fi`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`done`
first commit 2022-07-10 10:50:57 +02:00			`backup: yes`
			`validate: /bin/bash -n %s`

			`- name: /usr/local/sbin/backup.d/docker.backup`
			`blockinfile:`
			`path: /usr/local/sbin/backup.d/docker.backup`
			`mode: "0400"`
			`owner: root`
			`group: root`
			`create: yes`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`### DB Backup`
			`g_echo_ok "Starte Backup von MySQL-Datenbanken (Docker)"`

			`DAYS=7`

			`TIMESTAMP=$(date +"%Y%m%d%H%M")`
			`CONTAINER=$(docker ps --format \{\{.Names\}\}:\{\{.Image\}\}\| grep 'mysql\\|mariadb' \| cut -d":" -f1 \| grep -v mailcow)`

			`mkdir -p $BACKUPDIR`
			`for i in $CONTAINER`
			`do`
db backup fix 2022-10-06 09:25:08 +02:00			`MARIADB_DATABASE=$(docker exec $i env \| egrep "MARIADB_DATABASE\|MYSQL_DATABASE" \| tail -n1 \|cut -d"=" -f2)`
			`MARIADB_PWD=$(docker exec $i env \| egrep "MARIADB_PASSWORD\|MYSQL_PASSWORD" \| tail -n1 \|cut -d"=" -f2)`
			`MARIADB_USR=$(docker exec $i env \| egrep "MARIADB_USER\|MYSQL_USER" \| tail -n1 \|cut -d"=" -f2)`
first commit 2022-07-10 10:50:57 +02:00			`g_echo "Sichere Datenbank $MARIADB_DATABASE DB aus $i";`
„docker.yml“ ändern 2022-11-28 21:49:57 +01:00			`docker exec $i /usr/bin/mysqldump --no-tablespaces -u $MARIADB_USR -p$MARIADB_PWD $MARIADB_DATABASE 2>${g_tmp}/dberr \| gzip > $BACKUPDIR/$i-$MARIADB_DATABASE-$TIMESTAMP.sql.gz \|\| g_echo_error "DB-Backup von $MARIADB_DATABASE war nicht erfolgreich $(cat ${g_tmp}/dberr)"`
first commit 2022-07-10 10:50:57 +02:00			`# dont delete last old backups!`
			`OLD_BACKUPS=$(ls -1 $BACKUPDIR/$i*.gz \|wc -l)`
			`if [ $OLD_BACKUPS -gt $DAYS ]; then`
			`find $BACKUPDIR -name "$i*.gz" -daystart -mtime +$DAYS -delete`
			`fi`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`done`
			`backup: yes`
			`validate: /bin/bash -n %s`

			`- name: docker-compose command/alias for backward compatibility - now docker compose`
			`blockinfile:`
			`path: /usr/local/sbin/docker-compose`
			`mode: "0755"`
			`owner: root`
			`group: root`
			`create: yes`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`docker compose $@`
first commit 2022-07-10 10:50:57 +02:00			`backup: yes`
			`validate: /bin/bash -n %s`

newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- name: /usr/local/sbin/docker-compose shebang`
			`lineinfile:`
			`path: /usr/local/sbin/docker-compose`
			`insertbefore: BOF`
			`line: "#!/bin/bash -e"`