Homepage: refactoring

.ansible-lint.yml

@@ -1,3 +1,3 @@
 ---
 exclude_paths:
-- 'galaxy.roles/'
+  - "galaxy.roles/"

files/homepage/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 services:
   homepage_app:
-    image: "${WEB_SERVICE_IMAGE}"
+    image: "{{ registry_homepage_web_image }}"
     container_name: homepage_app
-    ports:
-      - "127.0.0.1:${WEB_SERVICE_PORT}:80"
     restart: unless-stopped
+    ports:
+      - "127.0.0.1:{{ homepage_port }}:80"

playbook-app-homepage.yml

@@ -1,64 +0,0 @@
----
-- name: "Deploy homepage application"
-  hosts: all
-
-  vars_files:
-    - vars/ports.yml
-    - vars/vars.yml
-
-  vars:
-    app_name: "homepage"
-    base_dir: "/home/major/applications/{{ app_name }}/"
-    docker_registry_prefix: "cr.yandex/crplfk0168i4o8kd7ade"
-    homepage_web_image: "{{ homepage_web_image | default(omit) }}"
-
-  tasks:
-    - name: "Check is web service imape passed"
-      ansible.builtin.assert:
-        that:
-          - "homepage_web_image is defined"
-        fail_msg: 'You must pass variable "homepage_web_image"'
-
-    - name: "Create full image name with container registry"
-      ansible.builtin.set_fact:
-        registry_homepage_web_image: "{{ (docker_registry_prefix, homepage_web_image) | path_join }}"
-
-    - name: "Push web service image to remote registry"
-      community.docker.docker_image:
-        state: present
-        source: local
-        name: "{{ homepage_web_image }}"
-        repository: "{{ registry_homepage_web_image }}"
-        push: true
-      delegate_to: 127.0.0.1
-
-    - name: "Create application directories"
-      ansible.builtin.file:
-        path: "{{ item }}"
-        state: "directory"
-        mode: "0755"
-      loop:
-        - "{{ base_dir }}"
-
-    - name: "Copy application files"
-      ansible.builtin.copy:
-        src: "{{ item }}"
-        dest: "{{ base_dir }}"
-        mode: "0644"
-      loop:
-        - "./files/{{ app_name }}/docker-compose.yml"
-
-    - name: "Set up environment variables for application"
-      ansible.builtin.template:
-        src: "env.j2"
-        dest: '{{ (base_dir, ".env") | path_join }}'
-        mode: "0644"
-      vars:
-        env_dict:
-          WEB_SERVICE_IMAGE: "{{ registry_homepage_web_image }}"
-          WEB_SERVICE_PORT: "{{ homepage_port }}"
-
-    - name: "Run application with docker compose"
-      community.docker.docker_compose_v2:
-        project_src: "{{ base_dir }}"
-        state: "present"

playbook-homepage.yml

@@ -0,0 +1,74 @@
+---
+# Play 1: Setup environment for the application
+- name: "Setup environment for homepage application"
+  hosts: all
+  vars_files:
+    - vars/ports.yml
+    - vars/vars.yml
+    - vars/homepage.yml
+  tags:
+    - setup
+  tasks:
+    - name: "Create user and environment"
+      ansible.builtin.import_role:
+        name: owner
+      vars:
+        owner_name: "{{ app_user }}"
+        owner_extra_groups:
+          - "docker"
+        owner_ssh_keys:
+          - "{{ lookup('file', 'files/av_id_rsa.pub') }}"
+        owner_env:
+          PROJECT_NAME: "{{ app_name }}"
+          DOCKER_PREFIX: "{{ app_name }}"
+          IMAGE_PREFIX: "{{ app_name }}"
+          CONTAINER_PREFIX: "{{ app_name }}"
+          USER_UID: "{{ user_create_result.uid }}"
+          USER_GID: "{{ user_create_result.group }}"
+
+    - name: "Login to yandex docker registry."
+      ansible.builtin.script:
+        cmd: "files/yandex-docker-registry-auth.sh"
+
+# Play 2: Deploy the application
+- name: "Deploy homepage application"
+  hosts: all
+  vars_files:
+    - vars/ports.yml
+    - vars/vars.yml
+    - vars/homepage.yml
+  tags:
+    - deploy
+  tasks:
+    - name: "Check is web service image passed"
+      ansible.builtin.assert:
+        that:
+          - "homepage_web_image is defined"
+        fail_msg: 'You must pass variable "homepage_web_image"'
+
+    - name: "Create full image name with container registry"
+      ansible.builtin.set_fact:
+        registry_homepage_web_image: "{{ (docker_registry_prefix, homepage_web_image) | path_join }}"
+
+    - name: "Push web service image to remote registry"
+      community.docker.docker_image:
+        state: present
+        source: local
+        name: "{{ homepage_web_image }}"
+        repository: "{{ registry_homepage_web_image }}"
+        push: true
+      delegate_to: 127.0.0.1
+
+    - name: "Copy docker compose file"
+      ansible.builtin.template:
+        src: "./files/{{ app_name }}/docker-compose.yml.j2"
+        dest: "{{ base_dir }}/docker-compose.yml"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0640"
+
+    - name: "Run application with docker compose"
+      community.docker.docker_compose_v2:
+        project_src: "{{ base_dir }}"
+        state: "present"
+        remove_orphans: true

playbook-netdata.yml

@@ -6,12 +6,44 @@
     - vars/ports.yml
     - vars/vars.yml
 
-  tasks:
-    - name: "Install Netdata from role"
-      ansible.builtin.import_role:
-        name: netdata
   vars:
     netdata_version: "v2.4.0"
+    netdata_image: "netdata/netdata:{{ netdata_version }}"
     netdata_exposed_port: "{{ netdata_port }}"
-      tags:
+
-        - monitoring
+  tasks:
+    - name: "Grab docker group id."
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail
+          grep docker /etc/group | cut -d ':' -f 3
+        executable: /bin/bash
+      register: netdata_docker_group_output
+      changed_when: netdata_docker_group_output.rc != 0
+
+    - name: "Create NetData container from {{ netdata_image }}"
+      community.docker.docker_container:
+        name: netdata
+        image: "{{ netdata_image }}"
+        image_name_mismatch: "recreate"
+        restart_policy: "unless-stopped"
+        published_ports:
+          - "127.0.0.1:{{ netdata_exposed_port }}:19999"
+        volumes:
+          - "/:/host/root:ro,rslave"
+          - "/etc/group:/host/etc/group:ro"
+          - "/etc/localtime:/etc/localtime:ro"
+          - "/etc/os-release:/host/etc/os-release:ro"
+          - "/etc/passwd:/host/etc/passwd:ro"
+          - "/proc:/host/proc:ro"
+          - "/run/dbus:/run/dbus:ro"
+          - "/sys:/host/sys:ro"
+          - "/var/log:/host/var/log:ro"
+          - "/var/run/docker.sock:/var/run/docker.sock:ro"
+        capabilities:
+          - "SYS_PTRACE"
+          - "SYS_ADMIN"
+        security_opts:
+          - "apparmor:unconfined"
+        env:
+          PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"

roles/eget/defaults/main.yml

@@ -1,8 +1,8 @@
 ---
 # defaults file for eget
-eget_version: '1.3.4'
+eget_version: "1.3.4"
-eget_download_url: 'https://github.com/zyedidia/eget/releases/download/v{{ eget_version }}/eget-{{ eget_version }}-linux_amd64.tar.gz'
+eget_download_url: "https://github.com/zyedidia/eget/releases/download/v{{ eget_version }}/eget-{{ eget_version }}-linux_amd64.tar.gz"
-eget_install_path: '/usr/bin/eget'
+eget_install_path: "/usr/bin/eget"
 
 eget_download_dest: '/tmp/{{ eget_download_url | split("/") | last }}'
 eget_unarchive_dest: '{{ eget_download_dest | regex_replace("(\.tar\.gz|\.zip)$", "") }}'

roles/eget/meta/main.yml

@@ -1,6 +1,7 @@
+---
 galaxy_info:
-  author: 'Anton Vakhrushev'
+  author: "Anton Vakhrushev"
-  description: 'Role for installation eget utility'
+  description: "Role for installation eget utility"
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -13,9 +14,9 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: 'MIT'
+  license: "MIT"
 
-  min_ansible_version: '2.1'
+  min_ansible_version: "2.1"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:

roles/eget/tasks/install.yml

@@ -1,30 +1,30 @@
 ---
 - name: 'Download eget from url "{{ eget_download_url }}"'
   ansible.builtin.get_url:
-    url: '{{ eget_download_url }}'
+    url: "{{ eget_download_url }}"
-    dest: '{{ eget_download_dest }}'
+    dest: "{{ eget_download_dest }}"
-    mode: '0600'
+    mode: "0600"
 
-- name: 'Unarchive eget'
+- name: "Unarchive eget"
   ansible.builtin.unarchive:
-    src: '{{ eget_download_dest }}'
+    src: "{{ eget_download_dest }}"
-    dest: '/tmp'
+    dest: "/tmp"
     list_files: true
     remote_src: true
 
-- name: 'Install eget binary'
+- name: "Install eget binary"
   ansible.builtin.copy:
     src: '{{ (eget_unarchive_dest, "eget") | path_join }}'
-    dest: '{{ eget_install_path }}'
+    dest: "{{ eget_install_path }}"
-    mode: '0755'
+    mode: "0755"
     remote_src: true
 
-- name: 'Remove temporary files'
+- name: "Remove temporary files"
   ansible.builtin.file:
-    path: '{{ eget_download_dest }}'
+    path: "{{ eget_download_dest }}"
     state: absent
 
-- name: 'Remove temporary directories'
+- name: "Remove temporary directories"
   ansible.builtin.file:
-    path: '{{ eget_unarchive_dest }}'
+    path: "{{ eget_unarchive_dest }}"
     state: absent

roles/eget/tasks/main.yml

@@ -1,24 +1,24 @@
 ---
 # tasks file for eget
 
-- name: 'Check if eget installed'
+- name: "Check if eget installed"
   ansible.builtin.command:
-    cmd: '{{ eget_install_path }} --version'
+    cmd: "{{ eget_install_path }} --version"
   register: eget_installed_output
   ignore_errors: true
   changed_when: false
 
-- name: 'Check eget installed version'
+- name: "Check eget installed version"
   ansible.builtin.set_fact:
-    eget_need_install: '{{ not (eget_installed_output.rc == 0 and eget_version in eget_installed_output.stdout) }}'
+    eget_need_install: "{{ not (eget_installed_output.rc == 0 and eget_version in eget_installed_output.stdout) }}"
 
-- name: 'Assert that installation flag is defined'
+- name: "Assert that installation flag is defined"
   ansible.builtin.assert:
     that:
       - eget_need_install is defined
       - eget_need_install is boolean
 
-- name: 'Download eget and install eget'
+- name: "Download eget and install eget"
   ansible.builtin.include_tasks:
-    file: 'install.yml'
+    file: "install.yml"
   when: eget_need_install

roles/netdata/defaults/main.yml

@@ -1,4 +0,0 @@
----
-netdata_version: 'v2.0.0'
-netdata_image: 'netdata/netdata:{{ netdata_version }}'
-netdata_exposed_port: '19999'

roles/netdata/tasks/main.yml

@@ -1,36 +0,0 @@
----
-- name: 'Grab docker group id.'
-  ansible.builtin.shell:
-    cmd: |
-      set -o pipefail
-      grep docker /etc/group | cut -d ':' -f 3
-    executable: /bin/bash
-  register: netdata_docker_group_output
-  changed_when: netdata_docker_group_output.rc != 0
-
-- name: 'Create NetData container from {{ netdata_image }}'
-  community.docker.docker_container:
-    name: netdata
-    image: '{{ netdata_image }}'
-    image_name_mismatch: 'recreate'
-    restart_policy: 'always'
-    published_ports:
-      - '127.0.0.1:{{ netdata_exposed_port }}:19999'
-    volumes:
-      - '/:/host/root:ro,rslave'
-      - '/etc/group:/host/etc/group:ro'
-      - '/etc/localtime:/etc/localtime:ro'
-      - '/etc/os-release:/host/etc/os-release:ro'
-      - '/etc/passwd:/host/etc/passwd:ro'
-      - '/proc:/host/proc:ro'
-      - '/run/dbus:/run/dbus:ro'
-      - '/sys:/host/sys:ro'
-      - '/var/log:/host/var/log:ro'
-      - '/var/run/docker.sock:/var/run/docker.sock:ro'
-    capabilities:
-      - 'SYS_PTRACE'
-      - 'SYS_ADMIN'
-    security_opts:
-      - 'apparmor:unconfined'
-    env:
-      PGID: '{{ netdata_docker_group_output.stdout | default(999) }}'

roles/owner/tasks/main.yml

@@ -27,8 +27,8 @@
 
 - name: "Prepare env variables."
   ansible.builtin.set_fact:
-    env_dict: '{{ owner_env | combine({ "CURRENT_UID": user_create_result.uid | default(owner_name), "CURRENT_GID": user_create_result.group | default(owner_group)
+    env_dict: '{{ owner_env | combine({"CURRENT_UID": user_create_result.uid | default(owner_name), "CURRENT_GID": user_create_result.group | default(owner_group)})
-      }) }}'
+      }}'
 
 - name: 'Set up environment variables for user "{{ owner_name }}".'
   ansible.builtin.template:

vars/homepage.yml

@@ -0,0 +1,8 @@
+app_name: "homepage"
+app_user: "{{ app_name }}"
+base_dir: "/home/{{ app_name }}"
+docker_registry_prefix: "cr.yandex/crplfk0168i4o8kd7ade"
+
+env_deploy_file: "{{ (base_dir, '.env.deploy') | path_join }}"
+
+homepage_web_image: "{{ homepage_web_image | default(omit) }}"