diff --git a/ansible/roles/docker/files/watchtower/docker-compose.yml b/ansible/roles/docker/files/watchtower/docker-compose.yml new file mode 100644 index 0000000..c2aaebd --- /dev/null +++ b/ansible/roles/docker/files/watchtower/docker-compose.yml @@ -0,0 +1,7 @@ +version: "3" +services: + watchtower: + image: containrrr/watchtower:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + command: --cleanup --schedule "0 23 * * *" diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index f1483a5..078a4cf 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -6,3 +6,6 @@ - name: Install netdata include: netdata.yml + +- name: Install watchtower + include: watchtower.yml diff --git a/ansible/roles/docker/tasks/netdata.yml b/ansible/roles/docker/tasks/netdata.yml index c206d52..4c4dc37 100644 --- a/ansible/roles/docker/tasks/netdata.yml +++ b/ansible/roles/docker/tasks/netdata.yml @@ -3,7 +3,7 @@ path: '/opt/netdata' state: directory owner: "{{ docker_user.name }}" - mode: 0755 + mode: "{{ docker_compose_directory_mask }}" become: true become_user: root @@ -11,15 +11,13 @@ template: src: files/netdata/docker-compose.yml dest: "/opt/netdata/docker-compose.yml" - mode: 0644 + mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" - backup: true - trim_blocks: false register: compose_file become: true become_user: root -- name: Cycle container +- name: Cycle netdata container docker_compose: project_src: /opt/netdata pull: true diff --git a/ansible/roles/docker/tasks/watchtower.yml b/ansible/roles/docker/tasks/watchtower.yml new file mode 100644 index 0000000..da8def7 --- /dev/null +++ b/ansible/roles/docker/tasks/watchtower.yml @@ -0,0 +1,30 @@ +- name: Create watchtower directory + file: + path: '/opt/watchtower' + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + become_user: root + +- name: Install watchtower config + template: + src: files/watchtower/docker-compose.yml + dest: "/opt/watchtower/docker-compose.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + register: compose_file + become: true + become_user: root + +- name: Cycle watchtower container + docker_compose: + project_src: /opt/watchtower + pull: true + remove_orphans: true + remove_volumes: true + state: "{{ item }}" + when: compose_file.changed + loop: + - absent + - present diff --git a/ansible/roles/docker/vars/docker.yml b/ansible/roles/docker/vars/docker.yml index 1d68f11..61c562d 100644 --- a/ansible/roles/docker/vars/docker.yml +++ b/ansible/roles/docker/vars/docker.yml @@ -1,3 +1,6 @@ docker_user: id: 3000 name: dockeruser + +docker_compose_file_mask: 0664 +docker_compose_directory_mask: 0775