diff --git a/docker.yml b/docker.yml index 2ce83d5..3ac23ab 100644 --- a/docker.yml +++ b/docker.yml @@ -47,6 +47,14 @@ state: directory mode: '0710' + - name: Create dir for container defaults + ansible.builtin.file: + path: /home/docker/_defaults + owner: root + group: docker + state: directory + mode: '0750' + - name: Create /var/lib/docker -> /home/docker/var-lib-docker symlink ansible.builtin.file: src: /home/docker/var-lib-docker @@ -114,10 +122,14 @@ "ip6tables": true } - - name: mariadb defaults + - name: mariadb env defaults copy: - dest: "/home/docker/mariadb.env" - content: | + path: /home/docker/_defaults/mariadb/mariadb.env + mode: "0444" + owner: root + group: root + create: yes + block: | MARIADB_RANDOM_ROOT_PASSWORD=1 MARIADB_AUTO_UPGRADE=1 MARIADB_INITDB_SKIP_TZINFO=1 @@ -131,124 +143,30 @@ MARIADB_READ_BUFFER_SIZE=8K MARIADB_READ_RND_BUFFER_SIZE=8K MARIADB_SORT_BUFFER_SIZE=64K + backup: yes - - name: /usr/local/sbin/autoupdate.d/docker.update + - name: mariadb server config defaults blockinfile: - path: /usr/local/sbin/autoupdate.d/docker.update - mode: "0400" + path: /home/docker/_defaults/mariadb/99-server.cnf + mode: "0444" owner: root group: root create: yes - marker: "# {mark} ANSIBLE MANAGED BLOCK" block: | - # fix for creating notify.sh directory by docker (volume) if not exists - [ -d /usr/local/bin/notify.sh ] && rmdir /usr/local/bin/notify.sh - - g_echo_ok "check for updates" - # Clean up docker images - docker system prune -af - find /home/docker -maxdepth 1 -mindepth 1 -type d | egrep -v "mailcow-dockerized$|.del$|.bak$|.old$|var-lib-docker$" | while read docker - do - [ -f "$docker/docker-compose.yml" ] || continue - g_echo_ok "$docker" - cd "${docker}" - if docker -l warn compose --ansi never pull --include-deps 2>&1 | grep " Pulled" - then - #g_echo_warn "Installiere $docker Update" - #docker -l warn compose --ansi never up -d --force-recreate >$g_tmp/up 2>&1 || g_echo_error "$docker: docker compose up fehlgeschlagen: $(cat $g_tmp/up)" - docker -l warn compose --ansi never up -d --remove-orphans >$g_tmp/up 2>&1 || g_echo_error "$docker: docker compose up fehlgeschlagen: $(cat $g_tmp/up)" - egrep -v -- "-wpcli" $g_tmp/up | grep -q "Started" && g_echo_warn "$docker Update installiert" - fi - if [ -f Dockerfile ] - then - if docker -l warn compose --ansi never build --progress=plain --pull --no-cache --force-rm >$g_tmp/build 2>&1 - then - docker -l warn compose --ansi never up -d --force-recreate --remove-orphans >$g_tmp/up 2>&1 || g_echo_error "$docker: docker compose up fehlgeschlagen: $(cat $g_tmp/up)" - else - g_echo_error "$docker: docker compose build fehlgeschlagen: $(cat $g_tmp/build)" - fi - fi - done + [mariadbd] + max_connections=10 + query_cache_size=512K + thread_cache_size=0 + sort_buffer_size=64K + bulk_insert_buffer_size=0 + tmp_table_size=1K + max_heap_table_size=16K + key_buffer_size=1M + read_buffer_size=8K + read_rnd_buffer_size=8K + #innodb_buffer_pool_size=10K + #innodb_log_buffer_size=512K backup: yes - validate: /bin/bash -n %s - - - name: /usr/local/sbin/backup.d/docker.backup - blockinfile: - path: /usr/local/sbin/backup.d/docker.backup - mode: "0400" - owner: root - group: root - create: yes - marker: "# {mark} ANSIBLE MANAGED BLOCK" - block: | - ### DB Backup - g_echo_ok "Starte Backup von MySQL und PostgreSQL Datenbanken (Docker)" - - DAYS=7 - - TIMESTAMP=$(date +"%Y%m%d%H%M") - CONTAINER=$(docker ps --format \{\{.Names\}\}:\{\{.Image\}\}| grep 'mysql\|mariadb' | cut -d":" -f1 | grep -v mailcow) - - mkdir -p $BACKUPDIR - - - ### MYSQL ### - for i in $CONTAINER - do - # get credentials - MARIADB_DATABASE=$(docker exec $i env | egrep "MARIADB_DATABASE|MYSQL_DATABASE" | tail -n1 |cut -d"=" -f2) - MARIADB_PWD=$(docker exec $i env | egrep "MARIADB_PASSWORD|MYSQL_PASSWORD" | tail -n1 |cut -d"=" -f2) - MARIADB_USR=$(docker exec $i env | egrep "MARIADB_USER|MYSQL_USER" | tail -n1 |cut -d"=" -f2) - # get dump path - docker exec $i /usr/bin/test -x /usr/bin/mariadb-dump && DBDUMPCMD=/usr/bin/mariadb-dump - docker exec $i /usr/bin/test -x /usr/bin/mysqldump && DBDUMPCMD=/usr/bin/mysqldump - if [ -z "$DBDUMPCMD" ] - then - g_echo_error "No dbdumpcmd found in container $i! No backup created!" - continue - fi - g_echo "Sichere MySQL/MariaDB Datenbank $MARIADB_DATABASE DB aus $i"; - docker exec $i $DBDUMPCMD --no-tablespaces -u $MARIADB_USR -p$MARIADB_PWD $MARIADB_DATABASE 2>${g_tmp}/dberr | gzip > $BACKUPDIR/$i-$MARIADB_DATABASE-$TIMESTAMP.sql.gz || g_echo_error "DB-Backup von $MARIADB_DATABASE war nicht erfolgreich $(cat ${g_tmp}/dberr)" - # dont delete last old backups! - OLD_BACKUPS=$(ls -1 $BACKUPDIR/$i*.gz |wc -l) - if [ $OLD_BACKUPS -gt $DAYS ]; then - find $BACKUPDIR -name "$i*.gz" -daystart -mtime +$DAYS -delete - fi - done - - ### POSTGRESQL ## - CONTAINER=$(docker ps --format \{\{.Names\}\}:\{\{.Image\}\}| grep 'postgres' | cut -d":" -f1 | grep -v mailcow) - mkdir -p $BACKUPDIR - for i in $CONTAINER - do - # get credentials - POSTGRES_DATABASE=$(docker exec $i env | egrep "POSTGRES_DB" | tail -n1 |cut -d"=" -f2) - POSTGRES_PWD=$(docker exec $i env | egrep "POSTGRES_PASSWORD" | tail -n1 |cut -d"=" -f2) - POSTGRES_USR=$(docker exec $i env | egrep "POSTGRES_USER" | tail -n1 |cut -d"=" -f2) - # get dump path - g_echo "Sichere Datenbank $POSTGRES_DATABASE aus $i"; - docker exec -e PGPASSWORD=$POSTGRES_PWD $i /usr/bin/pg_dump -U $POSTGRES_USR $POSTGRES_DATABASE 2>${g_tmp}/dberr | gzip > $BACKUPDIR/$i-$POSTGRES_DATABASE-$TIMESTAMP.sql.gz || g_echo_error "DB-Backup von $POSTGRES_DATABASE war nicht erfolgreich $(cat ${g_tmp}/dberr)" - # dont delete last old backups! - OLD_BACKUPS=$(ls -1 $BACKUPDIR/$i*.gz |wc -l) - if [ $OLD_BACKUPS -gt $DAYS ]; then - find $BACKUPDIR -name "$i*.gz" -daystart -mtime +$DAYS -delete - fi - done - backup: yes - validate: /bin/bash -n %s - - - name: docker-compose command/alias for backward compatibility - now docker compose - blockinfile: - path: /usr/local/sbin/docker-compose - mode: "0755" - owner: root - group: root - create: yes - marker: "# {mark} ANSIBLE MANAGED BLOCK" - block: | - docker compose $@ - backup: yes - validate: /bin/bash -n %s - name: /usr/local/sbin/docker-compose shebang lineinfile: