diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..8fcf189 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,11 @@ +--- + +exclude_paths: + - ./molecule + - ./.github +parseable: true +skip_list: + - '204' + - '208' +use_default_rules: true +verbosity: 1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..aae6a25 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.yml linguist-detectable=true +*.yaml linguist-detectable=true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..6b2a49d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,42 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - main + +defaults: + run: + working-directory: 'blalop.docker_arm' + +jobs: + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + include: + - distro: debian11 + - distro: debian10 + + steps: + - name: Check out the codebase + uses: actions/checkout@v2 + with: + path: 'blalop.docker_arm' + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies + run: pip3 install ansible molecule[docker] docker yamllint ansible-lint + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..7a7686a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,38 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'blalop.docker_arm' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase + uses: actions/checkout@v2 + with: + path: 'blalop.docker_arm' + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy + run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..325a34d --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +__pycache__ +*.pyc + +.pytest_cache +.molecule +.cache + +*.iml +.idea +.project + +**/.vscode \ No newline at end of file diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..e910237 --- /dev/null +++ b/.yamllint @@ -0,0 +1,31 @@ +--- + +# Based on ansible-lint config +extends: default + +ignore: | + molecule/**/tests/ + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + empty-lines: + max: 3 + level: error + hyphens: + level: error + key-duplicates: enable + line-length: disable + new-lines: + type: unix + truthy: disable diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..17d5ce1 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,9 @@ +# Change Log +All notable changes to this project will be documented in this file. +This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a changelog](https://github.com/olivierlacan/keep-a-changelog). + +## [Unreleased](https://github.com/blalop/ansible-role-docker_arm/tree/main) + +## [0.1.0](https://github.com/blalop/ansible-role-docker_arm/tree/0.1.0) - 2021-09-27 +### Added +* Initial release @blalop diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d467c06 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2021 Alejandro Blanco + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..2b909cb --- /dev/null +++ b/README.md @@ -0,0 +1,26 @@ +# Ansible role: Docker for ARM + +[![CI](https://github.com/blalop/ansible-role-docker_arm/workflows/CI/badge.svg?event=push)](https://github.com/blalop/ansible-role-docker_arm/actions?query=workflow%3ACI) +[![Ansible Galaxy](https://img.shields.io/badge/galaxy-blalop.docker_arm-B62682.svg)](https://galaxy.ansible.com/blalop/docker_arm) + + +A heavily opinionated role to install Docker using the convenience script and docker-compose using pip. This role is intended to be used in ARM-based devices like Raspberry Pi although still being runnable on x64 hosts. + +## Requirements + +No special requirements. Use it in your playbook like this: + +``` +- hosts: all + roles: + - blalop.docker_arm +``` + +## Testing + +Test the role via molecule: + +``` +pip install molecule +molecule test +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..52998b8 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,4 @@ +--- +docker_install_compose: true + +docker_daemon_options: [] diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..ec73c51 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: Restart docker + systemd: + name: docker + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..fb41648 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,19 @@ +--- + +galaxy_info: + role_name: docker_arm + author: blalop + description: Docker Role for ARM + min_ansible_version: 2.8.0 + license: MIT + galaxy-tags: + - system + - networking + - web + - raspberry + - docker + platforms: + - name: Debian + versions: + - buster + - bullseye diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..6669022 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,9 @@ +--- +- name: Converge + hosts: all + become: true + vars: + docker_daemon_options: + storage-driver: "vfs" + roles: + - role: blalop.docker_arm diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..5f1622c --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,29 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +lint: | + yamllint . + ansible-lint . + +platforms: + - name: docker_arm + groups: + - docker_arm_group + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + pre_build_image: true + privileged: true + volumes: + - '/sys/fs/cgroup:/sys/fs/cgroup:ro' + command: '/lib/systemd/systemd' + stop_signal: 'RTMIN+3' + dns_servers: + - 8.8.8.8 + +provisioner: + name: ansible +verifier: + name: ansible diff --git a/molecule/default/tests/test_docker.yml b/molecule/default/tests/test_docker.yml new file mode 100644 index 0000000..0e688d4 --- /dev/null +++ b/molecule/default/tests/test_docker.yml @@ -0,0 +1,11 @@ +--- + +service: + docker: + enabled: true + running: true + +command: + hello-world: + exec: "docker run hello-world" + exit-status: 0 \ No newline at end of file diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..5f3a204 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,53 @@ +--- + +- name: Verify docker_arm + hosts: + - docker_arm + become: true + vars: + goss_version: v0.3.16 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + + vars_files: + - ../../defaults/main.yml + + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: tests/test_docker.yml + dest: "{{ goss_test_directory }}/test_docker.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..b8293e1 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,68 @@ +--- + +- name: Include distribution and version-specific vars + ansible.builtin.include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + skip: true + +- name: Define docker_arm_required_packages + set_fact: + docker_arm_required_packages: "{{ __docker_arm_required_packages }}" + when: docker_arm_required_packages is not defined + +- name: Check if Docker is already present + ansible.builtin.command: which docker + failed_when: false + changed_when: false + check_mode: false + register: docker_command_result + +- name: Download Docker install convenience script + ansible.builtin.get_url: + url: https://get.docker.com/ + dest: /tmp/get-docker.sh + mode: 0775 + when: docker_command_result.rc == 1 + +- name: Run Docker install convenience script + ansible.builtin.command: /tmp/get-docker.sh + environment: + CHANNEL: stable + when: docker_command_result.rc == 1 + +- name: Ensure Docker is started + ansible.builtin.service: + name: docker + state: started + enabled: true + +- name: Ensure dependencies are installed + ansible.builtin.apt: + name: "{{ docker_arm_required_packages }}" + state: present + +- name: Configure Docker daemon options. + copy: + content: "{{ docker_daemon_options | to_nice_json }}" + dest: /etc/docker/daemon.json + mode: 0644 + when: docker_daemon_options.keys() | length > 0 + notify: Restart docker + +- name: Install Docker Compose using Pip + ansible.builtin.pip: + name: docker-compose + state: present + executable: pip3 + when: docker_install_compose + +- name: "Ensure {{ ansible_user_id }} user is added to the docker group" + ansible.builtin.user: + name: "{{ ansible_user_id }}" + groups: docker + append: true + +- name: Reset connection so docker group is picked up. + meta: reset_connection diff --git a/vars/Debian-10.yml b/vars/Debian-10.yml new file mode 100644 index 0000000..402abd1 --- /dev/null +++ b/vars/Debian-10.yml @@ -0,0 +1,8 @@ +--- + +__docker_arm_required_packages: + - libffi-dev + - libssl-dev + - python3-dev + - python3-pip + - git diff --git a/vars/Debian-11.yml b/vars/Debian-11.yml new file mode 100644 index 0000000..402abd1 --- /dev/null +++ b/vars/Debian-11.yml @@ -0,0 +1,8 @@ +--- + +__docker_arm_required_packages: + - libffi-dev + - libssl-dev + - python3-dev + - python3-pip + - git