Update docker.io/library/postgres Docker tag to v18

Use the community.docker.docker_compose_v2 module as it supports proper
changed handling out of the box, making the roles code more
straightforward and work. Also just do a docker compose restart instead
of having the custom docker compose reload script.

https://docs.ansible.com/ansible/latest/collections/community/docker/docker_compose_v2_module.html

inventories/chaosknoten/host_vars/cloud.yaml

@@ -1,7 +1,7 @@
 # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 nextcloud__version: 32
 # renovate: datasource=docker depName=docker.io/library/postgres
-nextcloud__postgres_version: 15.14
+nextcloud__postgres_version: 18.0
 nextcloud__fqdn: cloud.hamburg.ccc.de
 nextcloud__data_dir: /data/nextcloud
 nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"

inventories/z9/host_vars/yate.yaml

@@ -6,4 +6,3 @@ docker_compose__configuration_files:
     content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regexroute.conf.j2') }}"
   - name: regfile.conf
     content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regfile.conf.j2') }}"
-docker_compose__restart_cmd: "exec yate sh -c 'kill -1 1'"

requirements.yml

@@ -6,3 +6,6 @@ collections:
   - name: community.sops
     version: ">=2.2.4"
     source: https://galaxy.ansible.com
+  - name: community.docker
+    version: ">=5.0.0"
+    source: https://galaxy.ansible.com

resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2

@@ -46,7 +46,7 @@ services:
       - "8080:8080"
 
   db:
-    image: docker.io/library/postgres:15.14@sha256:424e79b81868f5fc5cf515eaeac69d288692ebcca7db86d98f91b50d4bce64bb
+    image: docker.io/library/postgres:18.0@sha256:1ffc019dae94eca6b09a49ca67d37398951346de3c3d0cfe23d8d4ca33da83fb
     restart: unless-stopped
     networks:
       - keycloak

resources/chaosknoten/lists/docker_compose/compose.yaml

@@ -56,7 +56,7 @@ services:
       - POSTGRES_DB=mailmandb
       - POSTGRES_USER=mailman
       - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
-    image: docker.io/library/postgres:12-alpine@sha256:7c8f4870583184ebadf7f17a6513620aac5f365a7938dc6a6911c1d5df2f481a
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     volumes:
       - /opt/mailman/database:/var/lib/postgresql/data
     networks:

resources/chaosknoten/pad/docker_compose/compose.yaml.j2

@@ -3,7 +3,7 @@
 
 services:
   database:
-    image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     environment:
       - "POSTGRES_USER=hedgedoc"
       - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"

resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2

@@ -3,7 +3,7 @@
 
 services:
   database:
-    image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     environment:
       - "POSTGRES_USER=pretalx"
       - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"

resources/chaosknoten/tickets/docker_compose/compose.yaml.j2

@@ -1,7 +1,7 @@
 ---
 services:
   database:
-    image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     environment:
       - "POSTGRES_USER=pretix"
       - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"

roles/docker_compose/README.md

@@ -7,17 +7,18 @@ A use case for the deployment of the additional configuration files is Composes
 
 ## Supported Distributions
 
-The following distributions are supported:
-
-- Debian 11
+Should work on Debian-based distributions.
 
 ## Required Arguments
 
-For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yaml).
+- `docker_compose__compose_file_content`: The content to deploy to the Compose file at `/ansible_docker_compose/compose.yaml`.
 
-## `hosts`
+## Optional Arguments
 
-The `hosts` for this role need to be the machines, for which you want to make sure the given Compose file is deployed and all services of it are up-to-date and running.
+- `docker_compose__env_file_content`: The content to deploy to the `.env` file at `/ansible_docker_compose/.env`.
+- `docker_compose__configuration_files`: A list of configuration files to deploy to the `/ansible_docker_compose/configs/` directory.
+- `docker_compose__configuration_files.*.name`: The name of the configuration file.
+- `docker_compose__configuration_files.*.content`: The content to deploy to the configuration file.
 
 ## Links & Resources
 

roles/docker_compose/defaults/main.yaml

@@ -1,2 +1 @@
 docker_compose__configuration_files: [ ]
-docker_compose__restart_cmd: ""

roles/docker_compose/handlers/main.yaml

@@ -1,13 +1,11 @@
 - name: docker compose down
-  ansible.builtin.command:
-    cmd: /usr/bin/docker compose down
-    chdir: /ansible_docker_compose
+  community.docker.docker_compose_v2:
+    project_src: /ansible_docker_compose
+    state: absent
   become: true
-  changed_when: true  # This is always changed.
-- name: docker compose reload script
-  ansible.builtin.command:
-    cmd: /usr/bin/docker compose {{ docker_compose__restart_cmd }}
-    chdir: /ansible_docker_compose
+
+- name: docker compose restart
+  community.docker.docker_compose_v2:
+    project_src: /ansible_docker_compose
+    state: restarted
   become: true
-  changed_when: true  # Mark this as always changed (for now?).
-  when: docker_compose__restart_cmd != ""

roles/docker_compose/meta/argument_specs.yaml

@@ -2,31 +2,20 @@ argument_specs:
   main:
     options:
       docker_compose__compose_file_content:
-        description: >-
-          The content of the Compose file at
-          `/ansible_docker_compose/compose.yaml`.
         type: str
         required: true
       docker_compose__env_file_content:
-        description: >-
-          The content of the .env file at
-          `/ansible_docker_compose/.env`.
         type: str
         required: false
       docker_compose__configuration_files:
-        description: >-
-          A list of configuration files to be deployed in the
-          `/ansible_docker_compose/configs/` directory.
         type: list
         elements: dict
         required: false
         default: [ ]
         options:
           name:
-            description: The name of the configuration file.
             type: str
             required: true
           content:
-            description: The content of the configuration file.
             type: str
             required: true

roles/docker_compose/meta/main.yaml

@@ -1,10 +1,3 @@
 ---
 dependencies:
-  - role: distribution_check
-    vars:
-      distribution_check__distribution_support_spec:
-        - name: Debian
-          major_versions:
-            - 11
-            - 12
   - role: docker

roles/docker_compose/tasks/main.yaml

@@ -59,7 +59,7 @@
     state: absent
   become: true
   loop: "{{ docker_compose__config_files_to_remove.files }}"
-  # notify: docker compose down
+  notify: docker compose restart
 
 - name: make sure all given configuration files are deployed
   ansible.builtin.copy:
@@ -70,45 +70,19 @@
     group: root
   become: true
   loop: "{{ docker_compose__configuration_files }}"
-  # notify: docker compose down
-  notify: docker compose reload script
+  notify: docker compose restart
 
-- name: Flush handlers to make "docker compose down" handler run now
+- name: Flush handlers to make "docker compose down" and "docker compose restart" handlers run now
   ansible.builtin.meta: flush_handlers
 
-- name: docker compose ps --format json before docker compose up
-  ansible.builtin.command:
-    cmd: /usr/bin/docker compose ps --format json
-    chdir: /ansible_docker_compose
+- name: docker compose up
+  community.docker.docker_compose_v2:
+    project_src: /ansible_docker_compose
+    state: present
+    build: always
+    pull: always
+    remove_orphans: true
   become: true
-  changed_when: false
-  register: docker_compose__ps_json_before_up
-
-- name: docker compose up --detach --pull always --build
-  ansible.builtin.command:
-    cmd: /usr/bin/docker compose up --detach --pull always --build --remove-orphans
-    chdir: /ansible_docker_compose
-  become: true
-  changed_when: false
-  # The changed for this task is tried to be determined by the "potentially
-  # report changed" task together with the "docker compose ps --format json
-  # [...]" tasks.
-
-- name: docker compose ps --format json after docker compose up
-  ansible.builtin.command:
-    cmd: /usr/bin/docker compose ps --format json
-    chdir: /ansible_docker_compose
-  become: true
-  changed_when: false
-  register: docker_compose__ps_json_after_up
-
-# Doesn't work anymore. Dunno why.
-# TODO: Fix
-# - name: potentially report changed
-#   ansible.builtin.debug:
-#     msg: "If this reports changed, then the docker compose containers changed."
-#   changed_when: (docker_compose__ps_json_before_up.stdout | from_json | community.general.json_query('[].ID') | sort)
-#                 != (docker_compose__ps_json_after_up.stdout | from_json | community.general.json_query('[].ID') | sort)
 
 - name: Make sure anacron is installed
   become: true