Update docker.io/library/redis Docker tag to v8

It hopefully fixes bugs we had in the past, so removing the workarounds
and it also comes with default values now, so removing all variables set
to those defaults.

inventories/chaosknoten/host_vars/zammad.yaml

@@ -1,4 +1,5 @@
-docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/compose.yaml.j2') }}"
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/zammad/docker_compose/compose.yaml') }}"
+docker_compose__env_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/.env.j2') }}"
 docker_compose__configuration_files: [ ]
 
 certbot__version_spec: ""

resources/chaosknoten/tickets/docker_compose/compose.yaml.j2

@@ -13,7 +13,7 @@ services:
     restart: unless-stopped
 
   redis:
-    image: docker.io/library/redis:7.4.6@sha256:a9cc41d6d01da2aa26c219e4f99ecbeead955a7b656c1c499cce8922311b2514
+    image: docker.io/library/redis:8.2.2@sha256:4521b581dbddea6e7d81f8fe95ede93f5648aaa66a9dacd581611bf6fe7527bd
     ports:
       - "6379:6379"
     volumes:

resources/chaosknoten/zammad/docker_compose/.env.j2

@@ -0,0 +1,4 @@
+POSTGRES_PASS={{ secret__zammad_db_password }}
+POSTGRES_VERSION=15-alpine
+REDIS_VERSION=7-alpine
+NGINX_SERVER_SCHEME=https

resources/chaosknoten/zammad/docker_compose/compose.yaml

@@ -0,0 +1,149 @@
+---
+version: "3.8"
+
+# Taken from: https://github.com/zammad/zammad-docker-compose/blob/master/docker-compose.yml
+# Version: v14.1.1
+# Update from new tag by replacing all content.
+# Configuration should be done in the .env.j2.
+
+x-shared:
+  zammad-service: &zammad-service
+    environment: &zammad-environment
+      MEMCACHE_SERVERS: ${MEMCACHE_SERVERS:-zammad-memcached:11211}
+      POSTGRESQL_DB: ${POSTGRES_DB:-zammad_production}
+      POSTGRESQL_HOST: ${POSTGRES_HOST:-zammad-postgresql}
+      POSTGRESQL_USER: ${POSTGRES_USER:-zammad}
+      POSTGRESQL_PASS: ${POSTGRES_PASS:-zammad}
+      POSTGRESQL_PORT: ${POSTGRES_PORT:-5432}
+      POSTGRESQL_OPTIONS: ${POSTGRESQL_OPTIONS:-?pool=50}
+      POSTGRESQL_DB_CREATE:
+      REDIS_URL: ${REDIS_URL:-redis://zammad-redis:6379}
+      S3_URL:
+      # Backup settings
+      BACKUP_DIR: "${BACKUP_DIR:-/var/tmp/zammad}"
+      BACKUP_TIME: "${BACKUP_TIME:-03:00}"
+      HOLD_DAYS: "${HOLD_DAYS:-10}"
+      TZ: "${TZ:-Europe/Berlin}"
+      # Allow passing in these variables via .env:
+      AUTOWIZARD_JSON:
+      AUTOWIZARD_RELATIVE_PATH:
+      ELASTICSEARCH_ENABLED:
+      ELASTICSEARCH_SCHEMA:
+      ELASTICSEARCH_HOST:
+      ELASTICSEARCH_PORT:
+      ELASTICSEARCH_USER:
+      ELASTICSEARCH_PASS:
+      ELASTICSEARCH_NAMESPACE:
+      ELASTICSEARCH_REINDEX:
+      NGINX_PORT:
+      NGINX_CLIENT_MAX_BODY_SIZE:
+      NGINX_SERVER_NAME:
+      NGINX_SERVER_SCHEME:
+      RAILS_TRUSTED_PROXIES:
+      ZAMMAD_HTTP_TYPE:
+      ZAMMAD_FQDN:
+      ZAMMAD_WEB_CONCURRENCY:
+      ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS:
+      ZAMMAD_PROCESS_SCHEDULED_JOBS_WORKERS:
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
+      # ZAMMAD_SESSION_JOBS_CONCURRENT is deprecated, please use ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS instead.
+      ZAMMAD_SESSION_JOBS_CONCURRENT:
+      # Variables used by ngingx-proxy container for reverse proxy creations
+      # for docs refer to https://github.com/nginx-proxy/nginx-proxy
+      VIRTUAL_HOST:
+      VIRTUAL_PORT:
+      # Variables used by acme-companion for retrieval of LetsEncrypt certificate
+      # for docs refer to https://github.com/nginx-proxy/acme-companion
+      LETSENCRYPT_HOST:
+      LETSENCRYPT_EMAIL:
+
+    image: ${IMAGE_REPO:-ghcr.io/zammad/zammad}:${VERSION:-6.5.2}
+    restart: ${RESTART:-always}
+    volumes:
+      - zammad-storage:/opt/zammad/storage
+    depends_on:
+      - zammad-memcached
+      - zammad-postgresql
+      - zammad-redis
+
+services:
+  zammad-backup:
+    <<: *zammad-service
+    command: ["zammad-backup"]
+    volumes:
+      - zammad-backup:/var/tmp/zammad
+      - zammad-storage:/opt/zammad/storage:ro
+    user: 0:0
+
+  zammad-elasticsearch:
+    image: elasticsearch:${ELASTICSEARCH_VERSION:-8.19.4}
+    restart: ${RESTART:-always}
+    volumes:
+      - elasticsearch-data:/usr/share/elasticsearch/data
+    environment:
+      discovery.type: single-node
+      xpack.security.enabled: 'false'
+      ES_JAVA_OPTS: ${ELASTICSEARCH_JAVA_OPTS:--Xms1g -Xmx1g}
+
+  zammad-init:
+    <<: *zammad-service
+    command: ["zammad-init"]
+    depends_on:
+      - zammad-postgresql
+    restart: on-failure
+    user: 0:0
+
+  zammad-memcached:
+    command: memcached -m 256M
+    image: memcached:${MEMCACHE_VERSION:-1.6.39-alpine}
+    restart: ${RESTART:-always}
+
+  zammad-nginx:
+    <<: *zammad-service
+    command: ["zammad-nginx"]
+    expose:
+      - "${NGINX_PORT:-8080}"
+    ports:
+      - "${NGINX_EXPOSE_PORT:-8080}:${NGINX_PORT:-8080}"
+    depends_on:
+      - zammad-railsserver
+
+  zammad-postgresql:
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-zammad_production}
+      POSTGRES_USER: ${POSTGRES_USER:-zammad}
+      POSTGRES_PASSWORD: ${POSTGRES_PASS:-zammad}
+    image: postgres:${POSTGRES_VERSION:-17.6-alpine}
+    restart: ${RESTART:-always}
+    volumes:
+      - postgresql-data:/var/lib/postgresql/data
+
+  zammad-railsserver:
+    <<: *zammad-service
+    command: ["zammad-railsserver"]
+
+  zammad-redis:
+    image: redis:${REDIS_VERSION:-7.4.5-alpine}
+    restart: ${RESTART:-always}
+    volumes:
+      - redis-data:/data
+
+  zammad-scheduler:
+    <<: *zammad-service
+    command: ["zammad-scheduler"]
+
+  zammad-websocket:
+    <<: *zammad-service
+    command: ["zammad-websocket"]
+
+volumes:
+  elasticsearch-data:
+    driver: local
+  postgresql-data:
+    driver: local
+  redis-data:
+    driver: local
+  zammad-backup:
+    driver: local
+  zammad-storage:
+    driver: local

resources/chaosknoten/zammad/docker_compose/compose.yaml.j2

@@ -1,162 +0,0 @@
----
-{#
-https://github.com/zammad/zammad-docker-compose
-Docker Compose does not allow defining variables in the compose file (only in .env files), so we use Jinja variables instead
-see https://github.com/zammad/zammad-docker-compose/blob/master/.env
-#}
-{%- set ELASTICSEARCH_VERSION = "8.19.4" | quote -%}
-{%- set IMAGE_REPO = "ghcr.io/zammad/zammad" | quote -%}
-{%- set MEMCACHE_SERVERS = "zammad-memcached:11211" | quote -%}
-{%- set MEMCACHE_VERSION = "1.6-alpine" | quote -%}
-{%- set POSTGRES_DB = "zammad_production" | quote -%}
-{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%}
-{%- set POSTGRES_USER = "zammad" | quote -%}
-{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%}
-{%- set POSTGRES_PORT = "5432" | quote -%}
-{%- set POSTGRES_VERSION = "15-alpine" | quote -%}
-{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%}
-{%- set REDIS_VERSION = "7-alpine" | quote -%}
-{%- set RESTART = "always" | quote -%}
-{%- set VERSION = "6" | quote -%}
-x-shared:
-  zammad-service: &zammad-service
-    environment: &zammad-environment
-      MEMCACHE_SERVERS: {{ MEMCACHE_SERVERS }}
-      POSTGRESQL_DB: {{ POSTGRES_DB }}
-      POSTGRESQL_HOST: {{ POSTGRES_HOST }}
-      POSTGRESQL_USER: {{ POSTGRES_USER }}
-      POSTGRESQL_PASS: {{ POSTGRES_PASS }}
-      POSTGRESQL_PORT: {{ POSTGRES_PORT }}
-      REDIS_URL: {{ REDIS_URL }}
-      # Allow passing in these variables via .env:
-      AUTOWIZARD_JSON:
-      AUTOWIZARD_RELATIVE_PATH:
-      ELASTICSEARCH_ENABLED:
-      ELASTICSEARCH_HOST:
-      ELASTICSEARCH_PORT:
-      ELASTICSEARCH_SCHEMA:
-      ELASTICSEARCH_NAMESPACE:
-      ELASTICSEARCH_REINDEX:
-      ELASTICSEARCH_SSL_VERIFY:
-      NGINX_PORT:
-      NGINX_SERVER_NAME:
-      NGINX_SERVER_SCHEME: https
-      POSTGRESQL_DB_CREATE:
-      POSTGRESQL_OPTIONS:
-      RAILS_TRUSTED_PROXIES:
-      ZAMMAD_WEB_CONCURRENCY:
-      ZAMMAD_SESSION_JOBS:
-      ZAMMAD_PROCESS_SCHEDULED:
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
-    image: {{ IMAGE_REPO }}:{{ VERSION }}
-    restart: {{ RESTART }}
-    volumes:
-      - zammad-storage:/opt/zammad/storage
-      - zammad-var:/opt/zammad/var
-    depends_on:
-      - zammad-memcached
-      - zammad-postgresql
-      - zammad-redis
-
-services:
-
-  zammad-backup:
-    command: ["zammad-backup"]
-    depends_on:
-      - zammad-railsserver
-      - zammad-postgresql
-    entrypoint: /usr/local/bin/backup.sh
-    environment:
-      <<: *zammad-environment
-      BACKUP_TIME: "03:00"
-      HOLD_DAYS: "10"
-      TZ: Europe/Berlin
-    image: postgres:{{ POSTGRES_VERSION }}
-    restart: {{ RESTART }}
-    volumes:
-      - zammad-backup:/var/tmp/zammad
-      - zammad-storage:/opt/zammad/storage:ro
-      - zammad-var:/opt/zammad/var:ro
-      - ./scripts/backup.sh:/usr/local/bin/backup.sh:ro
-
-  zammad-elasticsearch:
-    image: elasticsearch:{{ ELASTICSEARCH_VERSION }}
-    restart: {{ RESTART }}
-    volumes:
-      - elasticsearch-data:/usr/share/elasticsearch/data
-    environment:
-      discovery.type: single-node
-      xpack.security.enabled: 'false'
-      ES_JAVA_OPTS: ${ELASTICSEARCH_JAVA_OPTS:--Xms1g -Xmx1g}
-
-  zammad-init:
-    <<: *zammad-service
-    command: ["zammad-init"]
-    depends_on:
-      - zammad-postgresql
-    restart: on-failure
-    user: 0:0
-    volumes:
-      - zammad-storage:/opt/zammad/storage
-      - zammad-var:/opt/zammad/var
-
-  zammad-memcached:
-    command: memcached -m 256M
-    image: memcached:{{ MEMCACHE_VERSION }}
-    restart: {{ RESTART }}
-
-  zammad-nginx:
-    <<: *zammad-service
-    command: ["zammad-nginx"]
-    expose:
-      - "8080"
-    ports:
-      - "8080:8080"
-    depends_on:
-      - zammad-railsserver
-    volumes:
-      - zammad-var:/opt/zammad/var:ro # required for the zammad-ready check file
-
-  zammad-postgresql:
-    environment:
-      POSTGRES_DB: {{ POSTGRES_DB }}
-      POSTGRES_USER: {{ POSTGRES_USER }}
-      POSTGRES_PASSWORD: {{ POSTGRES_PASS }}
-    image: postgres:{{ POSTGRES_VERSION }}
-    restart: {{ RESTART }}
-    volumes:
-      - postgresql-data:/var/lib/postgresql/data
-
-  zammad-railsserver:
-    <<: *zammad-service
-    command: ["zammad-railsserver"]
-
-  zammad-redis:
-    image: redis:{{ REDIS_VERSION }}
-    restart: {{ RESTART }}
-    volumes:
-      - redis-data:/data
-
-  zammad-scheduler:
-    <<: *zammad-service
-    command: ["zammad-scheduler"]
-    volumes:
-      - /ansible_docker_compose/zammad-scheduler-database.yml:/opt/zammad/config/database.yml # workaround for connection pool issue
-
-  zammad-websocket:
-    <<: *zammad-service
-    command: ["zammad-websocket"]
-
-volumes:
-  elasticsearch-data:
-    driver: local
-  postgresql-data:
-    driver: local
-  redis-data:
-    driver: local
-  zammad-backup:
-    driver: local
-  zammad-storage:
-    driver: local
-  zammad-var:
-    driver: local

roles/docker_compose/README.md

@@ -1,8 +1,8 @@
 # Role `docker_compose`
 
 A role for deploying a Docker-Compose-based application.
-It deploys the given Compose file as well as configuration files to the specified hosts and makes sure all services are up-to-date and running.
-The Compose file gets deployed to `/ansible_docker_compose/compose.yaml` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory.
+It deploys the given Compose file, an optional `.env` file, as well as configuration files to the specified hosts and makes sure all services are up-to-date and running.
+The Compose file gets deployed to `/ansible_docker_compose/compose.yaml`, the `.env` file to `/ansible_docker_compose/.env` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory.
 A use case for the deployment of the additional configuration files is Composes top-level element `configs` in conjunction with the `configs` option for services.
 
 ## Supported Distributions

roles/docker_compose/meta/argument_specs.yaml

@@ -7,6 +7,12 @@ argument_specs:
           `/ansible_docker_compose/compose.yaml`.
         type: str
         required: true
+      docker_compose__env_file_content:
+        description: >-
+          The content of the .env file at
+          `/ansible_docker_compose/.env`.
+        type: str
+        required: false
       docker_compose__configuration_files:
         description: >-
           A list of configuration files to be deployed in the

roles/docker_compose/tasks/main.yaml

@@ -17,6 +17,17 @@
   become: true
   notify: docker compose down
 
+- name: deploy the .env file
+  ansible.builtin.copy:
+    content: "{{ docker_compose__env_file_content }}"
+    dest: /ansible_docker_compose/.env
+    mode: "0644"
+    owner: root
+    group: root
+  become: true
+  when: docker_compose__env_file_content is defined
+  notify: docker compose down
+
 - name: make sure the `/ansible_docker_compose/configs` directory exists
   ansible.builtin.file:
     path: /ansible_docker_compose/configs