diff --git a/inventories/chaosknoten/host_vars/zammad.yaml b/inventories/chaosknoten/host_vars/zammad.yaml index 88ad99c..65ea352 100644 --- a/inventories/chaosknoten/host_vars/zammad.yaml +++ b/inventories/chaosknoten/host_vars/zammad.yaml @@ -1,4 +1,5 @@ -docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/compose.yaml.j2') }}" +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/zammad/docker_compose/compose.yaml') }}" +docker_compose__env_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/.env.j2') }}" docker_compose__configuration_files: [ ] certbot__version_spec: "" diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 398d814..af766ea 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.14@sha256:9541969afa16d1ac724e16d1cf3c26ddd0c5bae5dd1c230118a7f5b9c14cde1f + image: docker.io/library/postgres:18.0@sha256:1ffc019dae94eca6b09a49ca67d37398951346de3c3d0cfe23d8d4ca33da83fb restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index 8537ead..d97bf1b 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -56,7 +56,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine@sha256:7c8f4870583184ebadf7f17a6513620aac5f365a7938dc6a6911c1d5df2f481a + image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40 volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 014b8af..2e68fd8 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 + image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40 environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 66f6172..25a1e7f 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 + image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40 environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 057da55..60fc2b1 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 + image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40 environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}" diff --git a/resources/chaosknoten/zammad/docker_compose/.env.j2 b/resources/chaosknoten/zammad/docker_compose/.env.j2 new file mode 100644 index 0000000..adeeb48 --- /dev/null +++ b/resources/chaosknoten/zammad/docker_compose/.env.j2 @@ -0,0 +1,4 @@ +POSTGRES_PASS={{ secret__zammad_db_password }} +POSTGRES_VERSION=15-alpine +REDIS_VERSION=7-alpine +NGINX_SERVER_SCHEME=https diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml b/resources/chaosknoten/zammad/docker_compose/compose.yaml new file mode 100644 index 0000000..66192da --- /dev/null +++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml @@ -0,0 +1,149 @@ +--- +version: "3.8" + +# Taken from: https://github.com/zammad/zammad-docker-compose/blob/master/docker-compose.yml +# Version: v14.1.1 +# Update from new tag by replacing all content. +# Configuration should be done in the .env.j2. + +x-shared: + zammad-service: &zammad-service + environment: &zammad-environment + MEMCACHE_SERVERS: ${MEMCACHE_SERVERS:-zammad-memcached:11211} + POSTGRESQL_DB: ${POSTGRES_DB:-zammad_production} + POSTGRESQL_HOST: ${POSTGRES_HOST:-zammad-postgresql} + POSTGRESQL_USER: ${POSTGRES_USER:-zammad} + POSTGRESQL_PASS: ${POSTGRES_PASS:-zammad} + POSTGRESQL_PORT: ${POSTGRES_PORT:-5432} + POSTGRESQL_OPTIONS: ${POSTGRESQL_OPTIONS:-?pool=50} + POSTGRESQL_DB_CREATE: + REDIS_URL: ${REDIS_URL:-redis://zammad-redis:6379} + S3_URL: + # Backup settings + BACKUP_DIR: "${BACKUP_DIR:-/var/tmp/zammad}" + BACKUP_TIME: "${BACKUP_TIME:-03:00}" + HOLD_DAYS: "${HOLD_DAYS:-10}" + TZ: "${TZ:-Europe/Berlin}" + # Allow passing in these variables via .env: + AUTOWIZARD_JSON: + AUTOWIZARD_RELATIVE_PATH: + ELASTICSEARCH_ENABLED: + ELASTICSEARCH_SCHEMA: + ELASTICSEARCH_HOST: + ELASTICSEARCH_PORT: + ELASTICSEARCH_USER: + ELASTICSEARCH_PASS: + ELASTICSEARCH_NAMESPACE: + ELASTICSEARCH_REINDEX: + NGINX_PORT: + NGINX_CLIENT_MAX_BODY_SIZE: + NGINX_SERVER_NAME: + NGINX_SERVER_SCHEME: + RAILS_TRUSTED_PROXIES: + ZAMMAD_HTTP_TYPE: + ZAMMAD_FQDN: + ZAMMAD_WEB_CONCURRENCY: + ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS: + ZAMMAD_PROCESS_SCHEDULED_JOBS_WORKERS: + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: + # ZAMMAD_SESSION_JOBS_CONCURRENT is deprecated, please use ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS instead. + ZAMMAD_SESSION_JOBS_CONCURRENT: + # Variables used by ngingx-proxy container for reverse proxy creations + # for docs refer to https://github.com/nginx-proxy/nginx-proxy + VIRTUAL_HOST: + VIRTUAL_PORT: + # Variables used by acme-companion for retrieval of LetsEncrypt certificate + # for docs refer to https://github.com/nginx-proxy/acme-companion + LETSENCRYPT_HOST: + LETSENCRYPT_EMAIL: + + image: ${IMAGE_REPO:-ghcr.io/zammad/zammad}:${VERSION:-6.5.2} + restart: ${RESTART:-always} + volumes: + - zammad-storage:/opt/zammad/storage + depends_on: + - zammad-memcached + - zammad-postgresql + - zammad-redis + +services: + zammad-backup: + <<: *zammad-service + command: ["zammad-backup"] + volumes: + - zammad-backup:/var/tmp/zammad + - zammad-storage:/opt/zammad/storage:ro + user: 0:0 + + zammad-elasticsearch: + image: elasticsearch:${ELASTICSEARCH_VERSION:-8.19.4} + restart: ${RESTART:-always} + volumes: + - elasticsearch-data:/usr/share/elasticsearch/data + environment: + discovery.type: single-node + xpack.security.enabled: 'false' + ES_JAVA_OPTS: ${ELASTICSEARCH_JAVA_OPTS:--Xms1g -Xmx1g} + + zammad-init: + <<: *zammad-service + command: ["zammad-init"] + depends_on: + - zammad-postgresql + restart: on-failure + user: 0:0 + + zammad-memcached: + command: memcached -m 256M + image: memcached:${MEMCACHE_VERSION:-1.6.39-alpine} + restart: ${RESTART:-always} + + zammad-nginx: + <<: *zammad-service + command: ["zammad-nginx"] + expose: + - "${NGINX_PORT:-8080}" + ports: + - "${NGINX_EXPOSE_PORT:-8080}:${NGINX_PORT:-8080}" + depends_on: + - zammad-railsserver + + zammad-postgresql: + environment: + POSTGRES_DB: ${POSTGRES_DB:-zammad_production} + POSTGRES_USER: ${POSTGRES_USER:-zammad} + POSTGRES_PASSWORD: ${POSTGRES_PASS:-zammad} + image: postgres:${POSTGRES_VERSION:-17.6-alpine} + restart: ${RESTART:-always} + volumes: + - postgresql-data:/var/lib/postgresql/data + + zammad-railsserver: + <<: *zammad-service + command: ["zammad-railsserver"] + + zammad-redis: + image: redis:${REDIS_VERSION:-7.4.5-alpine} + restart: ${RESTART:-always} + volumes: + - redis-data:/data + + zammad-scheduler: + <<: *zammad-service + command: ["zammad-scheduler"] + + zammad-websocket: + <<: *zammad-service + command: ["zammad-websocket"] + +volumes: + elasticsearch-data: + driver: local + postgresql-data: + driver: local + redis-data: + driver: local + zammad-backup: + driver: local + zammad-storage: + driver: local diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 deleted file mode 100644 index ab1ed85..0000000 --- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 +++ /dev/null @@ -1,162 +0,0 @@ ---- -{# -https://github.com/zammad/zammad-docker-compose -Docker Compose does not allow defining variables in the compose file (only in .env files), so we use Jinja variables instead -see https://github.com/zammad/zammad-docker-compose/blob/master/.env -#} -{%- set ELASTICSEARCH_VERSION = "8.19.4" | quote -%} -{%- set IMAGE_REPO = "ghcr.io/zammad/zammad" | quote -%} -{%- set MEMCACHE_SERVERS = "zammad-memcached:11211" | quote -%} -{%- set MEMCACHE_VERSION = "1.6-alpine" | quote -%} -{%- set POSTGRES_DB = "zammad_production" | quote -%} -{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%} -{%- set POSTGRES_USER = "zammad" | quote -%} -{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%} -{%- set POSTGRES_PORT = "5432" | quote -%} -{%- set POSTGRES_VERSION = "15-alpine" | quote -%} -{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%} -{%- set REDIS_VERSION = "7-alpine" | quote -%} -{%- set RESTART = "always" | quote -%} -{%- set VERSION = "6" | quote -%} -x-shared: - zammad-service: &zammad-service - environment: &zammad-environment - MEMCACHE_SERVERS: {{ MEMCACHE_SERVERS }} - POSTGRESQL_DB: {{ POSTGRES_DB }} - POSTGRESQL_HOST: {{ POSTGRES_HOST }} - POSTGRESQL_USER: {{ POSTGRES_USER }} - POSTGRESQL_PASS: {{ POSTGRES_PASS }} - POSTGRESQL_PORT: {{ POSTGRES_PORT }} - REDIS_URL: {{ REDIS_URL }} - # Allow passing in these variables via .env: - AUTOWIZARD_JSON: - AUTOWIZARD_RELATIVE_PATH: - ELASTICSEARCH_ENABLED: - ELASTICSEARCH_HOST: - ELASTICSEARCH_PORT: - ELASTICSEARCH_SCHEMA: - ELASTICSEARCH_NAMESPACE: - ELASTICSEARCH_REINDEX: - ELASTICSEARCH_SSL_VERIFY: - NGINX_PORT: - NGINX_SERVER_NAME: - NGINX_SERVER_SCHEME: https - POSTGRESQL_DB_CREATE: - POSTGRESQL_OPTIONS: - RAILS_TRUSTED_PROXIES: - ZAMMAD_WEB_CONCURRENCY: - ZAMMAD_SESSION_JOBS: - ZAMMAD_PROCESS_SCHEDULED: - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: - image: {{ IMAGE_REPO }}:{{ VERSION }} - restart: {{ RESTART }} - volumes: - - zammad-storage:/opt/zammad/storage - - zammad-var:/opt/zammad/var - depends_on: - - zammad-memcached - - zammad-postgresql - - zammad-redis - -services: - - zammad-backup: - command: ["zammad-backup"] - depends_on: - - zammad-railsserver - - zammad-postgresql - entrypoint: /usr/local/bin/backup.sh - environment: - <<: *zammad-environment - BACKUP_TIME: "03:00" - HOLD_DAYS: "10" - TZ: Europe/Berlin - image: postgres:{{ POSTGRES_VERSION }} - restart: {{ RESTART }} - volumes: - - zammad-backup:/var/tmp/zammad - - zammad-storage:/opt/zammad/storage:ro - - zammad-var:/opt/zammad/var:ro - - ./scripts/backup.sh:/usr/local/bin/backup.sh:ro - - zammad-elasticsearch: - image: elasticsearch:{{ ELASTICSEARCH_VERSION }} - restart: {{ RESTART }} - volumes: - - elasticsearch-data:/usr/share/elasticsearch/data - environment: - discovery.type: single-node - xpack.security.enabled: 'false' - ES_JAVA_OPTS: ${ELASTICSEARCH_JAVA_OPTS:--Xms1g -Xmx1g} - - zammad-init: - <<: *zammad-service - command: ["zammad-init"] - depends_on: - - zammad-postgresql - restart: on-failure - user: 0:0 - volumes: - - zammad-storage:/opt/zammad/storage - - zammad-var:/opt/zammad/var - - zammad-memcached: - command: memcached -m 256M - image: memcached:{{ MEMCACHE_VERSION }} - restart: {{ RESTART }} - - zammad-nginx: - <<: *zammad-service - command: ["zammad-nginx"] - expose: - - "8080" - ports: - - "8080:8080" - depends_on: - - zammad-railsserver - volumes: - - zammad-var:/opt/zammad/var:ro # required for the zammad-ready check file - - zammad-postgresql: - environment: - POSTGRES_DB: {{ POSTGRES_DB }} - POSTGRES_USER: {{ POSTGRES_USER }} - POSTGRES_PASSWORD: {{ POSTGRES_PASS }} - image: postgres:{{ POSTGRES_VERSION }} - restart: {{ RESTART }} - volumes: - - postgresql-data:/var/lib/postgresql/data - - zammad-railsserver: - <<: *zammad-service - command: ["zammad-railsserver"] - - zammad-redis: - image: redis:{{ REDIS_VERSION }} - restart: {{ RESTART }} - volumes: - - redis-data:/data - - zammad-scheduler: - <<: *zammad-service - command: ["zammad-scheduler"] - volumes: - - /ansible_docker_compose/zammad-scheduler-database.yml:/opt/zammad/config/database.yml # workaround for connection pool issue - - zammad-websocket: - <<: *zammad-service - command: ["zammad-websocket"] - -volumes: - elasticsearch-data: - driver: local - postgresql-data: - driver: local - redis-data: - driver: local - zammad-backup: - driver: local - zammad-storage: - driver: local - zammad-var: - driver: local diff --git a/roles/docker_compose/README.md b/roles/docker_compose/README.md index d407a62..d3204ec 100644 --- a/roles/docker_compose/README.md +++ b/roles/docker_compose/README.md @@ -1,8 +1,8 @@ # Role `docker_compose` A role for deploying a Docker-Compose-based application. -It deploys the given Compose file as well as configuration files to the specified hosts and makes sure all services are up-to-date and running. -The Compose file gets deployed to `/ansible_docker_compose/compose.yaml` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory. +It deploys the given Compose file, an optional `.env` file, as well as configuration files to the specified hosts and makes sure all services are up-to-date and running. +The Compose file gets deployed to `/ansible_docker_compose/compose.yaml`, the `.env` file to `/ansible_docker_compose/.env` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory. A use case for the deployment of the additional configuration files is Composes top-level element `configs` in conjunction with the `configs` option for services. ## Supported Distributions diff --git a/roles/docker_compose/meta/argument_specs.yaml b/roles/docker_compose/meta/argument_specs.yaml index 81ce504..c588ba0 100644 --- a/roles/docker_compose/meta/argument_specs.yaml +++ b/roles/docker_compose/meta/argument_specs.yaml @@ -7,6 +7,12 @@ argument_specs: `/ansible_docker_compose/compose.yaml`. type: str required: true + docker_compose__env_file_content: + description: >- + The content of the .env file at + `/ansible_docker_compose/.env`. + type: str + required: false docker_compose__configuration_files: description: >- A list of configuration files to be deployed in the diff --git a/roles/docker_compose/tasks/main.yaml b/roles/docker_compose/tasks/main.yaml index af7f717..7b01304 100644 --- a/roles/docker_compose/tasks/main.yaml +++ b/roles/docker_compose/tasks/main.yaml @@ -17,6 +17,17 @@ become: true notify: docker compose down +- name: deploy the .env file + ansible.builtin.copy: + content: "{{ docker_compose__env_file_content }}" + dest: /ansible_docker_compose/.env + mode: "0644" + owner: root + group: root + become: true + when: docker_compose__env_file_content is defined + notify: docker compose down + - name: make sure the `/ansible_docker_compose/configs` directory exists ansible.builtin.file: path: /ansible_docker_compose/configs