move from docker to podman

2022-05-23 14:59:39 +03:00
parent 9a7e2b7022
commit fbf3ae07e5
6 changed files with 69 additions and 43 deletions
--- a/inventory/ghp/sample/group_vars/ddclient.yaml
+++ b/inventory/ghp/sample/group_vars/ddclient.yaml
@@ -23,19 +23,19 @@ ddclient_conf: |
  {% endfor %}

 ddclient_hosts:
-  - "{% if nextcloud_publish | default(false) %}{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if drone_publish | default(false) %}{{ drone_short_name | default('drone') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if gitea_publish_web | default(false) %}{{ gitea_short_name | default('gitea') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if bitwarden_publish | default(false) %}{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if playmaker_publish | default(false) %}{{ playmaker_short_name | default('playmaker') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if pypiserver_publish | default(false) %}{{ pypiserver_short_name | default('pip') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if wikijs_publish | default(false) %}{{ wikijs_short_name | default('wikijs') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if chartmuseum_publish | default(false) %}{{ chartsmuseum_short_name | default('charts') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if registry_publish | default(false) %}{{ registry_short_name | default('registry') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if peertube_publish | default(false) %}{{ peertube_short_name | default('peertube') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if mastodon_publish | default(false) %}{{ mastodon_short_name | default('mastodon') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if harbor_publish | default(false) %}{{ harbor_short_name | default('harbor') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if roundcube_publish | default(false) %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if nextcloud_publish %}{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if drone_publish %}{{ drone_short_name | default('drone') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if gitea_publish_web %}{{ gitea_short_name | default('gitea') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if bitwarden_publish %}{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if playmaker_publish %}{{ playmaker_short_name | default('playmaker') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if pypiserver_publish %}{{ pypiserver_short_name | default('pip') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if wikijs_publish %}{{ wikijs_short_name | default('wikijs') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if chartmuseum_publish %}{{ chartsmuseum_short_name | default('charts') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if registry_publish %}{{ registry_short_name | default('registry') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if peertube_publish %}{{ peertube_short_name | default('peertube') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if mastodon_publish %}{{ mastodon_short_name | default('mastodon') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if harbor_publish %}{{ harbor_short_name | default('harbor') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if roundcube_publish %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}"
  - "{{ harbor_readonly_ingress | default('omitme') }}"
  - "{{ registry_readonly_ingress | default('omitme') }}"
  - "{{ chartmuseum_readonly_ingress | default('omitme') }}"
--- a/playbooks/ghp/vps.yaml
+++ b/playbooks/ghp/vps.yaml
@@ -11,7 +11,7 @@

 - hosts: ddclient
  roles:
-    - docker
-    - role: ddclient
-      dockerize: true
+    - { role: docker, when: ddclient_container_engine == "docker" }
+    - { role: podman, when: ddclient_container_engine == "podman" }
+    - { role: ddclient, ddclient_containerized: yes }
  tags: ddclient
--- a/roles/ddclient/defaults/main.yml
+++ b/roles/ddclient/defaults/main.yml
@@ -1,6 +1,12 @@
-dockerize: false
-namespace: ddclient
-ddclient_image_tag: v3.9.1-ls45
+ddclient_containerized: false
+ddclient_container_engine: "{{ container_engine | default('podman') }}"
+ddclient_network_mode: "host"
+ddclient_namespace: "{{ namespace | default('ddclient') }}"
+ddclient_container_name: "{{ ddclient_namespace }}-ddclient"
+ddclient_container_registry: "{{ container_registry | default(docker_registry) | default('registry.geekhome.org/ghp') }}"
+ddclient_image_name: "ddclient"
+ddclient_image_tag: "v3.9.1-ls45"
+ddclient_systemd_unit_name: "{{ ddclient_container_name }}-container.service"

 harbor_readonly_ingress: false
 registry_readonly_ingress: false
@@ -10,7 +16,7 @@ registry_publish: false
 chartmuseum_publish: false
 harbor_publish: false
 roundcube_publish: false
-nextcloud_publish: true
+nextcloud_publish: false
 bitwarden_publish: false
 gitea_publish_web: false
 gitea_publish_ssh: false
@@ -21,4 +27,3 @@ pypiserver_publish: false
 peertube_publish: false
 adguard_publish: false
 mastodon_publish: false
-
--- a/roles/ddclient/handlers/main.yml
+++ b/roles/ddclient/handlers/main.yml
@@ -13,15 +13,30 @@

 - name: restart docker ddclient
  community.general.docker_container:
-    name: "{{ namespace }}-ddclient"
-    image: "{{ docker_registry }}/ddclient:{{ ddclient_image_tag | default('v3.9.1-ls45') }}"
+    name: "{{ ddclient_container_name }}"
+    image: "{{ ddclient_container_registry }}/{{ ddclient_image_name }}:{{ ddclient_image_tag }}"
    state: started
    restart: yes
    container_default_behavior: no_defaults
    detach: true
    restart_policy: unless-stopped
    volumes:
-      - "/opt/{{ namespace }}/ddclient.conf:/config/ddclient.conf"
-      - "/opt/{{ namespace }}/Kvps.key:/config/Kvps.key"
-      - "/opt/{{ namespace }}/Kvps.private:/config/Kvps.private"
+      - "/opt/{{ ddclient_namespace }}/ddclient.conf:/config/ddclient.conf"
+      - "/opt/{{ ddclient_namespace }}/Kvps.key:/config/Kvps.key"
+      - "/opt/{{ ddclient_namespace }}/Kvps.private:/config/Kvps.private"
+  when: ddclient_container_engine == 'docker'
+
+- name: restart podman ddclient
+  community.general.docker_container:
+    name: "{{ ddclient_container_name }}"
+    hostname: "{{ ddclient_container_name }}"
+    network: "{{ ddclient_network_mode }}"
+    image: "{{ ddclient_container_registry }}/{{ ddclient_image_name }}:{{ ddclient_image_tag }}"
+    state: started
+    restart: yes
+    volumes:
+      - "/opt/{{ ddclient_namespace }}/ddclient.conf:/config/ddclient.conf"
+      - "/opt/{{ ddclient_namespace }}/Kvps.key:/config/Kvps.key"
+      - "/opt/{{ ddclient_namespace }}/Kvps.private:/config/Kvps.private"
+  when: ddclient_container_engine == 'podman'

--- a/roles/ddclient/tasks/docker.yml
+++ b/roles/ddclient/tasks/docker.yml
@@ -1,35 +1,35 @@
 ---
- name: Create configuration dir for {{ namespace }}
+- name: Create configuration dir for {{ ddclient_namespace }}
  file:
-    name: "/opt/{{ namespace }}"
+    name: "/opt/{{ ddclient_namespace }}"
    state: directory

- name: Copy ddclient configuration for {{ namespace }}
+- name: Copy ddclient configuration for {{ ddclient_namespace }}
  copy:
-    dest: "/opt/{{ namespace }}/ddclient.conf"
+    dest: "/opt/{{ ddclient_namespace }}/ddclient.conf"
    content: "{{ ddclient_conf }}"
  notify: restart docker ddclient

- name: Copy Kvps.key for {{ namespace }}
+- name: Copy Kvps.key for {{ ddclient_namespace }}
  copy:
-    dest: "/opt/{{ namespace }}/Kvps.key"
+    dest: "/opt/{{ ddclient_namespace }}/Kvps.key"
    content: "{{ ddclient_tsig_public_key_base64 | b64decode }}"
  notify: restart docker ddclient

- name: Copy Kvps.private for {{ namespace }}
+- name: Copy Kvps.private for {{ ddclient_namespace }}
  copy:
-    dest: "/opt/{{ namespace }}/Kvps.private"
+    dest: "/opt/{{ ddclient_namespace }}/Kvps.private"
    content: "{{ ddclient_tsig_private_key_base64 | b64decode }}"
  notify: restart docker ddclient

- name: Start ddclient in docker for {{ namespace }}
+- name: Start ddclient in docker for {{ ddclient_namespace }}
  docker_container:
-    name: "{{ namespace }}-ddclient"
-    image: "{{ docker_registry }}/ddclient:{{ ddclient_image_tag }}"
+    name: "{{ ddclient_container_name }}"
+    image: "{{ ddclient_container_registry }}/{{ ddclient_image_name }}:{{ ddclient_image_tag }}"
    state: started
    container_default_behavior: no_defaults
    restart_policy: unless-stopped
    volumes:
-      - "/opt/{{ namespace }}/ddclient.conf:/config/ddclient.conf"
-      - "/opt/{{ namespace }}/Kvps.key:/config/Kvps.key"
-      - "/opt/{{ namespace }}/Kvps.private:/config/Kvps.private"
+      - "/opt/{{ ddclient_namespace }}/ddclient.conf:/config/ddclient.conf"
+      - "/opt/{{ ddclient_namespace }}/Kvps.key:/config/Kvps.key"
+      - "/opt/{{ ddclient_namespace }}/Kvps.private:/config/Kvps.private"
--- a/roles/ddclient/tasks/main.yml
+++ b/roles/ddclient/tasks/main.yml
@@ -1,12 +1,18 @@
 ---
 - block:
  - import_tasks: install.yml
-    when: not dockerize
+    when: not ddclient_containerized
  - import_tasks: configure.yml
-    when: not dockerize
+    when: not ddclient_containerized
  become: true

 - block: 
  - import_tasks: docker.yml
-    when: dockerize
+    when: 
+      - ddclient_containerized
+      - ddclient_container_engine == "docker"
+  - import_tasks: podman.yml
+    when: 
+      - ddclient_containerized
+      - ddclient_container_engine == "podman"
  become: true