From dd7fa2247ddcf0e34e141cc2a69c3bcef01d8c43 Mon Sep 17 00:00:00 2001 From: Renovate Date: Fri, 24 Oct 2025 18:00:37 +0000 Subject: [PATCH 1/5] Update docker.io/prom/prometheus Docker tag to v3.7.2 --- resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 436669a..d739b2f 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: prometheus: - image: docker.io/prom/prometheus:v3.7.1@sha256:ff7e389acbe064a4823212a500393d40a28a8f362e4b05cbf6742a9a3ef736b2 + image: docker.io/prom/prometheus:v3.7.2@sha256:23031bfe0e74a13004252caaa74eccd0d62b6c6e7a04711d5b8bf5b7e113adc7 container_name: prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' From 3840553f9d2231d2c36d5a44dee63f252c63f956 Mon Sep 17 00:00:00 2001 From: June Date: Fri, 24 Oct 2025 22:05:54 +0200 Subject: [PATCH 2/5] docker_compose(role): add support for deploying optional .env file This is needed for situations, where one wants to use a vendor-provided compose file and configure it using environment variables. Like for example: https://github.com/zammad/zammad-docker-compose --- roles/docker_compose/README.md | 4 ++-- roles/docker_compose/meta/argument_specs.yaml | 6 ++++++ roles/docker_compose/tasks/main.yaml | 11 +++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/roles/docker_compose/README.md b/roles/docker_compose/README.md index d407a62..d3204ec 100644 --- a/roles/docker_compose/README.md +++ b/roles/docker_compose/README.md @@ -1,8 +1,8 @@ # Role `docker_compose` A role for deploying a Docker-Compose-based application. -It deploys the given Compose file as well as configuration files to the specified hosts and makes sure all services are up-to-date and running. -The Compose file gets deployed to `/ansible_docker_compose/compose.yaml` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory. +It deploys the given Compose file, an optional `.env` file, as well as configuration files to the specified hosts and makes sure all services are up-to-date and running. +The Compose file gets deployed to `/ansible_docker_compose/compose.yaml`, the `.env` file to `/ansible_docker_compose/.env` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory. A use case for the deployment of the additional configuration files is Composes top-level element `configs` in conjunction with the `configs` option for services. ## Supported Distributions diff --git a/roles/docker_compose/meta/argument_specs.yaml b/roles/docker_compose/meta/argument_specs.yaml index 81ce504..c588ba0 100644 --- a/roles/docker_compose/meta/argument_specs.yaml +++ b/roles/docker_compose/meta/argument_specs.yaml @@ -7,6 +7,12 @@ argument_specs: `/ansible_docker_compose/compose.yaml`. type: str required: true + docker_compose__env_file_content: + description: >- + The content of the .env file at + `/ansible_docker_compose/.env`. + type: str + required: false docker_compose__configuration_files: description: >- A list of configuration files to be deployed in the diff --git a/roles/docker_compose/tasks/main.yaml b/roles/docker_compose/tasks/main.yaml index af7f717..7b01304 100644 --- a/roles/docker_compose/tasks/main.yaml +++ b/roles/docker_compose/tasks/main.yaml @@ -17,6 +17,17 @@ become: true notify: docker compose down +- name: deploy the .env file + ansible.builtin.copy: + content: "{{ docker_compose__env_file_content }}" + dest: /ansible_docker_compose/.env + mode: "0644" + owner: root + group: root + become: true + when: docker_compose__env_file_content is defined + notify: docker compose down + - name: make sure the `/ansible_docker_compose/configs` directory exists ansible.builtin.file: path: /ansible_docker_compose/configs From 747e5b2d4c1d3286fc4636180000b0d7bef2f658 Mon Sep 17 00:00:00 2001 From: June Date: Fri, 24 Oct 2025 22:15:48 +0200 Subject: [PATCH 3/5] zammad(host): change to .env configuration Align the compose.yaml to upstreams v11.2.0 version. This is a first step to hopefully then just use the upstreams version directly and not vendor it. --- inventories/chaosknoten/host_vars/zammad.yaml | 3 +- .../chaosknoten/zammad/docker_compose/.env.j2 | 15 +++++ .../{compose.yaml.j2 => compose.yaml} | 67 +++++++------------ 3 files changed, 42 insertions(+), 43 deletions(-) create mode 100644 resources/chaosknoten/zammad/docker_compose/.env.j2 rename resources/chaosknoten/zammad/docker_compose/{compose.yaml.j2 => compose.yaml} (61%) diff --git a/inventories/chaosknoten/host_vars/zammad.yaml b/inventories/chaosknoten/host_vars/zammad.yaml index 88ad99c..65ea352 100644 --- a/inventories/chaosknoten/host_vars/zammad.yaml +++ b/inventories/chaosknoten/host_vars/zammad.yaml @@ -1,4 +1,5 @@ -docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/compose.yaml.j2') }}" +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/zammad/docker_compose/compose.yaml') }}" +docker_compose__env_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/.env.j2') }}" docker_compose__configuration_files: [ ] certbot__version_spec: "" diff --git a/resources/chaosknoten/zammad/docker_compose/.env.j2 b/resources/chaosknoten/zammad/docker_compose/.env.j2 new file mode 100644 index 0000000..85a848b --- /dev/null +++ b/resources/chaosknoten/zammad/docker_compose/.env.j2 @@ -0,0 +1,15 @@ +ELASTICSEARCH_VERSION=8.19.4 +IMAGE_REPO=ghcr.io/zammad/zammad +MEMCACHE_SERVERS=zammad-memcached:11211 +MEMCACHE_VERSION=1.6-alpine +POSTGRES_DB=zammad_production +POSTGRES_PASS={{ secret__zammad_db_password }} +POSTGRES_USER=zammad +POSTGRES_HOST=zammad-postgresql +POSTGRES_PORT=5432 +POSTGRES_VERSION=15-alpine +REDIS_URL=redis://zammad-redis:6379 +REDIS_VERSION=7-alpine +RESTART=always +VERSION=6 +NGINX_SERVER_SCHEME=https diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml similarity index 61% rename from resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 rename to resources/chaosknoten/zammad/docker_compose/compose.yaml index ab1ed85..55446e1 100644 --- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml @@ -1,33 +1,16 @@ --- -{# -https://github.com/zammad/zammad-docker-compose -Docker Compose does not allow defining variables in the compose file (only in .env files), so we use Jinja variables instead -see https://github.com/zammad/zammad-docker-compose/blob/master/.env -#} -{%- set ELASTICSEARCH_VERSION = "8.19.4" | quote -%} -{%- set IMAGE_REPO = "ghcr.io/zammad/zammad" | quote -%} -{%- set MEMCACHE_SERVERS = "zammad-memcached:11211" | quote -%} -{%- set MEMCACHE_VERSION = "1.6-alpine" | quote -%} -{%- set POSTGRES_DB = "zammad_production" | quote -%} -{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%} -{%- set POSTGRES_USER = "zammad" | quote -%} -{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%} -{%- set POSTGRES_PORT = "5432" | quote -%} -{%- set POSTGRES_VERSION = "15-alpine" | quote -%} -{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%} -{%- set REDIS_VERSION = "7-alpine" | quote -%} -{%- set RESTART = "always" | quote -%} -{%- set VERSION = "6" | quote -%} +version: '3.8' + x-shared: zammad-service: &zammad-service environment: &zammad-environment - MEMCACHE_SERVERS: {{ MEMCACHE_SERVERS }} - POSTGRESQL_DB: {{ POSTGRES_DB }} - POSTGRESQL_HOST: {{ POSTGRES_HOST }} - POSTGRESQL_USER: {{ POSTGRES_USER }} - POSTGRESQL_PASS: {{ POSTGRES_PASS }} - POSTGRESQL_PORT: {{ POSTGRES_PORT }} - REDIS_URL: {{ REDIS_URL }} + MEMCACHE_SERVERS: ${MEMCACHE_SERVERS} + POSTGRESQL_DB: ${POSTGRES_DB} + POSTGRESQL_HOST: ${POSTGRES_HOST} + POSTGRESQL_USER: ${POSTGRES_USER} + POSTGRESQL_PASS: ${POSTGRES_PASS} + POSTGRESQL_PORT: ${POSTGRES_PORT} + REDIS_URL: ${REDIS_URL} # Allow passing in these variables via .env: AUTOWIZARD_JSON: AUTOWIZARD_RELATIVE_PATH: @@ -40,7 +23,7 @@ x-shared: ELASTICSEARCH_SSL_VERIFY: NGINX_PORT: NGINX_SERVER_NAME: - NGINX_SERVER_SCHEME: https + NGINX_SERVER_SCHEME: POSTGRESQL_DB_CREATE: POSTGRESQL_OPTIONS: RAILS_TRUSTED_PROXIES: @@ -48,8 +31,8 @@ x-shared: ZAMMAD_SESSION_JOBS: ZAMMAD_PROCESS_SCHEDULED: ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: - image: {{ IMAGE_REPO }}:{{ VERSION }} - restart: {{ RESTART }} + image: ${IMAGE_REPO}:${VERSION} + restart: ${RESTART} volumes: - zammad-storage:/opt/zammad/storage - zammad-var:/opt/zammad/var @@ -71,8 +54,8 @@ services: BACKUP_TIME: "03:00" HOLD_DAYS: "10" TZ: Europe/Berlin - image: postgres:{{ POSTGRES_VERSION }} - restart: {{ RESTART }} + image: postgres:${POSTGRES_VERSION} + restart: ${RESTART} volumes: - zammad-backup:/var/tmp/zammad - zammad-storage:/opt/zammad/storage:ro @@ -80,8 +63,8 @@ services: - ./scripts/backup.sh:/usr/local/bin/backup.sh:ro zammad-elasticsearch: - image: elasticsearch:{{ ELASTICSEARCH_VERSION }} - restart: {{ RESTART }} + image: elasticsearch:${ELASTICSEARCH_VERSION} + restart: ${RESTART} volumes: - elasticsearch-data:/usr/share/elasticsearch/data environment: @@ -102,8 +85,8 @@ services: zammad-memcached: command: memcached -m 256M - image: memcached:{{ MEMCACHE_VERSION }} - restart: {{ RESTART }} + image: memcached:${MEMCACHE_VERSION} + restart: ${RESTART} zammad-nginx: <<: *zammad-service @@ -119,11 +102,11 @@ services: zammad-postgresql: environment: - POSTGRES_DB: {{ POSTGRES_DB }} - POSTGRES_USER: {{ POSTGRES_USER }} - POSTGRES_PASSWORD: {{ POSTGRES_PASS }} - image: postgres:{{ POSTGRES_VERSION }} - restart: {{ RESTART }} + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASS} + image: postgres:${POSTGRES_VERSION} + restart: ${RESTART} volumes: - postgresql-data:/var/lib/postgresql/data @@ -132,8 +115,8 @@ services: command: ["zammad-railsserver"] zammad-redis: - image: redis:{{ REDIS_VERSION }} - restart: {{ RESTART }} + image: redis:${REDIS_VERSION} + restart: ${RESTART} volumes: - redis-data:/data From df32e1cac87262bdda6f4aaa24816e6b4f8e110f Mon Sep 17 00:00:00 2001 From: June Date: Fri, 24 Oct 2025 22:57:03 +0200 Subject: [PATCH 4/5] zammad(host): move to latest upstream compose file version (v14.1.1) It hopefully fixes bugs we had in the past, so removing the workarounds and it also comes with default values now, so removing all variables set to those defaults. --- .../chaosknoten/zammad/docker_compose/.env.j2 | 11 -- .../zammad/docker_compose/compose.yaml | 110 +++++++++--------- 2 files changed, 57 insertions(+), 64 deletions(-) diff --git a/resources/chaosknoten/zammad/docker_compose/.env.j2 b/resources/chaosknoten/zammad/docker_compose/.env.j2 index 85a848b..adeeb48 100644 --- a/resources/chaosknoten/zammad/docker_compose/.env.j2 +++ b/resources/chaosknoten/zammad/docker_compose/.env.j2 @@ -1,15 +1,4 @@ -ELASTICSEARCH_VERSION=8.19.4 -IMAGE_REPO=ghcr.io/zammad/zammad -MEMCACHE_SERVERS=zammad-memcached:11211 -MEMCACHE_VERSION=1.6-alpine -POSTGRES_DB=zammad_production POSTGRES_PASS={{ secret__zammad_db_password }} -POSTGRES_USER=zammad -POSTGRES_HOST=zammad-postgresql -POSTGRES_PORT=5432 POSTGRES_VERSION=15-alpine -REDIS_URL=redis://zammad-redis:6379 REDIS_VERSION=7-alpine -RESTART=always -VERSION=6 NGINX_SERVER_SCHEME=https diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml b/resources/chaosknoten/zammad/docker_compose/compose.yaml index 55446e1..66192da 100644 --- a/resources/chaosknoten/zammad/docker_compose/compose.yaml +++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml @@ -1,70 +1,83 @@ --- -version: '3.8' +version: "3.8" + +# Taken from: https://github.com/zammad/zammad-docker-compose/blob/master/docker-compose.yml +# Version: v14.1.1 +# Update from new tag by replacing all content. +# Configuration should be done in the .env.j2. x-shared: zammad-service: &zammad-service environment: &zammad-environment - MEMCACHE_SERVERS: ${MEMCACHE_SERVERS} - POSTGRESQL_DB: ${POSTGRES_DB} - POSTGRESQL_HOST: ${POSTGRES_HOST} - POSTGRESQL_USER: ${POSTGRES_USER} - POSTGRESQL_PASS: ${POSTGRES_PASS} - POSTGRESQL_PORT: ${POSTGRES_PORT} - REDIS_URL: ${REDIS_URL} + MEMCACHE_SERVERS: ${MEMCACHE_SERVERS:-zammad-memcached:11211} + POSTGRESQL_DB: ${POSTGRES_DB:-zammad_production} + POSTGRESQL_HOST: ${POSTGRES_HOST:-zammad-postgresql} + POSTGRESQL_USER: ${POSTGRES_USER:-zammad} + POSTGRESQL_PASS: ${POSTGRES_PASS:-zammad} + POSTGRESQL_PORT: ${POSTGRES_PORT:-5432} + POSTGRESQL_OPTIONS: ${POSTGRESQL_OPTIONS:-?pool=50} + POSTGRESQL_DB_CREATE: + REDIS_URL: ${REDIS_URL:-redis://zammad-redis:6379} + S3_URL: + # Backup settings + BACKUP_DIR: "${BACKUP_DIR:-/var/tmp/zammad}" + BACKUP_TIME: "${BACKUP_TIME:-03:00}" + HOLD_DAYS: "${HOLD_DAYS:-10}" + TZ: "${TZ:-Europe/Berlin}" # Allow passing in these variables via .env: AUTOWIZARD_JSON: AUTOWIZARD_RELATIVE_PATH: ELASTICSEARCH_ENABLED: + ELASTICSEARCH_SCHEMA: ELASTICSEARCH_HOST: ELASTICSEARCH_PORT: - ELASTICSEARCH_SCHEMA: + ELASTICSEARCH_USER: + ELASTICSEARCH_PASS: ELASTICSEARCH_NAMESPACE: ELASTICSEARCH_REINDEX: - ELASTICSEARCH_SSL_VERIFY: NGINX_PORT: + NGINX_CLIENT_MAX_BODY_SIZE: NGINX_SERVER_NAME: NGINX_SERVER_SCHEME: - POSTGRESQL_DB_CREATE: - POSTGRESQL_OPTIONS: RAILS_TRUSTED_PROXIES: + ZAMMAD_HTTP_TYPE: + ZAMMAD_FQDN: ZAMMAD_WEB_CONCURRENCY: - ZAMMAD_SESSION_JOBS: - ZAMMAD_PROCESS_SCHEDULED: + ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS: + ZAMMAD_PROCESS_SCHEDULED_JOBS_WORKERS: ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: - image: ${IMAGE_REPO}:${VERSION} - restart: ${RESTART} + # ZAMMAD_SESSION_JOBS_CONCURRENT is deprecated, please use ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS instead. + ZAMMAD_SESSION_JOBS_CONCURRENT: + # Variables used by ngingx-proxy container for reverse proxy creations + # for docs refer to https://github.com/nginx-proxy/nginx-proxy + VIRTUAL_HOST: + VIRTUAL_PORT: + # Variables used by acme-companion for retrieval of LetsEncrypt certificate + # for docs refer to https://github.com/nginx-proxy/acme-companion + LETSENCRYPT_HOST: + LETSENCRYPT_EMAIL: + + image: ${IMAGE_REPO:-ghcr.io/zammad/zammad}:${VERSION:-6.5.2} + restart: ${RESTART:-always} volumes: - zammad-storage:/opt/zammad/storage - - zammad-var:/opt/zammad/var depends_on: - zammad-memcached - zammad-postgresql - zammad-redis services: - zammad-backup: + <<: *zammad-service command: ["zammad-backup"] - depends_on: - - zammad-railsserver - - zammad-postgresql - entrypoint: /usr/local/bin/backup.sh - environment: - <<: *zammad-environment - BACKUP_TIME: "03:00" - HOLD_DAYS: "10" - TZ: Europe/Berlin - image: postgres:${POSTGRES_VERSION} - restart: ${RESTART} volumes: - zammad-backup:/var/tmp/zammad - zammad-storage:/opt/zammad/storage:ro - - zammad-var:/opt/zammad/var:ro - - ./scripts/backup.sh:/usr/local/bin/backup.sh:ro + user: 0:0 zammad-elasticsearch: - image: elasticsearch:${ELASTICSEARCH_VERSION} - restart: ${RESTART} + image: elasticsearch:${ELASTICSEARCH_VERSION:-8.19.4} + restart: ${RESTART:-always} volumes: - elasticsearch-data:/usr/share/elasticsearch/data environment: @@ -79,34 +92,29 @@ services: - zammad-postgresql restart: on-failure user: 0:0 - volumes: - - zammad-storage:/opt/zammad/storage - - zammad-var:/opt/zammad/var zammad-memcached: command: memcached -m 256M - image: memcached:${MEMCACHE_VERSION} - restart: ${RESTART} + image: memcached:${MEMCACHE_VERSION:-1.6.39-alpine} + restart: ${RESTART:-always} zammad-nginx: <<: *zammad-service command: ["zammad-nginx"] expose: - - "8080" + - "${NGINX_PORT:-8080}" ports: - - "8080:8080" + - "${NGINX_EXPOSE_PORT:-8080}:${NGINX_PORT:-8080}" depends_on: - zammad-railsserver - volumes: - - zammad-var:/opt/zammad/var:ro # required for the zammad-ready check file zammad-postgresql: environment: - POSTGRES_DB: ${POSTGRES_DB} - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASS} - image: postgres:${POSTGRES_VERSION} - restart: ${RESTART} + POSTGRES_DB: ${POSTGRES_DB:-zammad_production} + POSTGRES_USER: ${POSTGRES_USER:-zammad} + POSTGRES_PASSWORD: ${POSTGRES_PASS:-zammad} + image: postgres:${POSTGRES_VERSION:-17.6-alpine} + restart: ${RESTART:-always} volumes: - postgresql-data:/var/lib/postgresql/data @@ -115,16 +123,14 @@ services: command: ["zammad-railsserver"] zammad-redis: - image: redis:${REDIS_VERSION} - restart: ${RESTART} + image: redis:${REDIS_VERSION:-7.4.5-alpine} + restart: ${RESTART:-always} volumes: - redis-data:/data zammad-scheduler: <<: *zammad-service command: ["zammad-scheduler"] - volumes: - - /ansible_docker_compose/zammad-scheduler-database.yml:/opt/zammad/config/database.yml # workaround for connection pool issue zammad-websocket: <<: *zammad-service @@ -141,5 +147,3 @@ volumes: driver: local zammad-storage: driver: local - zammad-var: - driver: local From 6ca98d7231b70573c40d6b94e0fe7157cfd37b65 Mon Sep 17 00:00:00 2001 From: Renovate Date: Fri, 24 Oct 2025 22:30:39 +0000 Subject: [PATCH 5/5] Update docker.io/prom/prometheus Docker tag to v3.7.2 --- resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 436669a..d739b2f 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: prometheus: - image: docker.io/prom/prometheus:v3.7.1@sha256:ff7e389acbe064a4823212a500393d40a28a8f362e4b05cbf6742a9a3ef736b2 + image: docker.io/prom/prometheus:v3.7.2@sha256:23031bfe0e74a13004252caaa74eccd0d62b6c6e7a04711d5b8bf5b7e113adc7 container_name: prometheus command: - '--config.file=/etc/prometheus/prometheus.yml'