From f3c6c611307498be4788700c45ceb8f42f38569b Mon Sep 17 00:00:00 2001 From: Iurii Tatishchev Date: Thu, 27 Jun 2024 15:19:52 -0700 Subject: [PATCH] updates: prepare for upgrade to debian 12 --- group_vars/docker_hosts.yml | 2 +- .../arrstack/templates/docker-compose.yml.j2 | 2 - .../gitea/templates/docker-compose.yml.j2 | 2 - .../jellyfin/templates/docker-compose.yml.j2 | 2 - .../nextcloud/templates/.env.nextcloud.j2 | 2 +- .../nextcloud/templates/docker-compose.yml.j2 | 2 - .../authentik/templates/docker-compose.yml.j2 | 2 - .../minio/templates/docker-compose.yml.j2 | 2 - .../templates/docker-compose.yml.j2 | 21 ++++++++- .../prometheus_config/prometheus.yml.j2 | 2 +- .../traefik/templates/docker-compose.yml.j2 | 5 +- roles/alpina/tasks/deploy_compose_stack.yml | 2 +- roles/common/tasks/main.yml | 24 +++------- roles/common/templates/default/cadvisor.j2 | 47 ------------------- 14 files changed, 32 insertions(+), 85 deletions(-) delete mode 100644 roles/common/templates/default/cadvisor.j2 diff --git a/group_vars/docker_hosts.yml b/group_vars/docker_hosts.yml index 46efc8c..bcf8e9c 100644 --- a/group_vars/docker_hosts.yml +++ b/group_vars/docker_hosts.yml @@ -3,4 +3,4 @@ my_svc_path: ~/alpina base_volume_path: /mnt/dock media_volume_path: /mnt/media -traefik_ip: 172.16.122.254 +traefik_subnet: 172.16.122.0 diff --git a/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 b/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 index 890599d..c2a8570 100644 --- a/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: {{ helpers.default_network(249) | indent(2) }} diff --git a/roles/alpina/collections/apps/gitea/templates/docker-compose.yml.j2 b/roles/alpina/collections/apps/gitea/templates/docker-compose.yml.j2 index 49632f0..230f0ab 100644 --- a/roles/alpina/collections/apps/gitea/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/apps/gitea/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: {{ helpers.default_network(199) | indent(2) }} diff --git a/roles/alpina/collections/apps/jellyfin/templates/docker-compose.yml.j2 b/roles/alpina/collections/apps/jellyfin/templates/docker-compose.yml.j2 index b52cabb..519a053 100644 --- a/roles/alpina/collections/apps/jellyfin/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/apps/jellyfin/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: {{ helpers.default_network(197) | indent(2) }} diff --git a/roles/alpina/collections/apps/nextcloud/templates/.env.nextcloud.j2 b/roles/alpina/collections/apps/nextcloud/templates/.env.nextcloud.j2 index 3d4cffd..ee8e30f 100644 --- a/roles/alpina/collections/apps/nextcloud/templates/.env.nextcloud.j2 +++ b/roles/alpina/collections/apps/nextcloud/templates/.env.nextcloud.j2 @@ -17,7 +17,7 @@ SMTP_PASSWORD={{ sendgrid_api_key }} MAIL_FROM_ADDRESS=nc MAIL_DOMAIN=cazzzer.com -TRUSTED_PROXIES={{ traefik_ip }} +TRUSTED_PROXIES={{ traefik_subnet }} OVERWRITEHOST=nc.{{ domain }} OVERWRITEPROTOCOL=https OVERWRITECLIURL=https://nc.{{ domain }} diff --git a/roles/alpina/collections/apps/nextcloud/templates/docker-compose.yml.j2 b/roles/alpina/collections/apps/nextcloud/templates/docker-compose.yml.j2 index 3dfce78..b9effce 100644 --- a/roles/alpina/collections/apps/nextcloud/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/apps/nextcloud/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: {{ helpers.default_network(198) | indent(2) }} diff --git a/roles/alpina/collections/services/authentik/templates/docker-compose.yml.j2 b/roles/alpina/collections/services/authentik/templates/docker-compose.yml.j2 index 3754fbf..e205b52 100644 --- a/roles/alpina/collections/services/authentik/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/services/authentik/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: {{ helpers.default_network(253) | indent(2) }} diff --git a/roles/alpina/collections/services/minio/templates/docker-compose.yml.j2 b/roles/alpina/collections/services/minio/templates/docker-compose.yml.j2 index 05f94a1..8690cb1 100644 --- a/roles/alpina/collections/services/minio/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/services/minio/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: {{ helpers.default_network(252) | indent(2) }} diff --git a/roles/alpina/collections/services/monitoring/templates/docker-compose.yml.j2 b/roles/alpina/collections/services/monitoring/templates/docker-compose.yml.j2 index a169128..cb626d2 100644 --- a/roles/alpina/collections/services/monitoring/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/services/monitoring/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: {{ helpers.default_network(251) | indent(2) }} @@ -68,6 +66,25 @@ services: - {{ base_volume_path }}/monitoring/prometheus_configs:/etc/prometheus/extra:ro - {{ base_volume_path }}/monitoring/prometheus:/prometheus + node-exporter: + image: prom/node-exporter:latest + container_name: node-exporter + restart: unless-stopped + network_mode: host + pid: host + volumes: + - /:/host:ro,rslave + + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + container_name: cadvisor + restart: unless-stopped + volumes: + - /:/rootfs:ro + - /var/run:/var/run:rw + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + influxdb: image: influxdb:2.7-alpine container_name: influxdb diff --git a/roles/alpina/collections/services/monitoring/templates/prometheus_config/prometheus.yml.j2 b/roles/alpina/collections/services/monitoring/templates/prometheus_config/prometheus.yml.j2 index c13bb56..6ff8cf3 100644 --- a/roles/alpina/collections/services/monitoring/templates/prometheus_config/prometheus.yml.j2 +++ b/roles/alpina/collections/services/monitoring/templates/prometheus_config/prometheus.yml.j2 @@ -16,7 +16,7 @@ scrape_configs: - job_name: "cadvisor" static_configs: - - targets: ["{{ ansible_host }}:9110"] + - targets: ["cadvisor:8080"] - job_name: "traefik" static_configs: diff --git a/roles/alpina/collections/services/traefik/templates/docker-compose.yml.j2 b/roles/alpina/collections/services/traefik/templates/docker-compose.yml.j2 index d6610d8..580ccf4 100644 --- a/roles/alpina/collections/services/traefik/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/services/traefik/templates/docker-compose.yml.j2 @@ -1,6 +1,4 @@ {% import 'contrib/compose_helpers.j2' as helpers with context %} -{##} -version: "3.9" networks: traefik: @@ -8,7 +6,8 @@ networks: enable_ipv6: true ipam: config: - - subnet: {{ traefik_ip }}/24 + # TODO: Consider removing traefik network, it shouldn't be needed with host networking + - subnet: {{ traefik_subnet }}/24 - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, 255) }} services: diff --git a/roles/alpina/tasks/deploy_compose_stack.yml b/roles/alpina/tasks/deploy_compose_stack.yml index 630b504..d828789 100644 --- a/roles/alpina/tasks/deploy_compose_stack.yml +++ b/roles/alpina/tasks/deploy_compose_stack.yml @@ -29,7 +29,7 @@ when: item.state == "file" - name: Deploy docker-compose for {{ current_stack_name }} - command: docker compose -f "{{ current_stack_dest }}/docker-compose.yml" up -d --pull --remove-orphans + command: docker compose -f "{{ current_stack_dest }}/docker-compose.yml" up -d --pull always --remove-orphans register: docker_compose_output # Not perfect idempotency, but the built-in docker_compose module doesn't support docker-compose v2 # And of course there's an IPv6 bug in docker-compose v1, smh diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 63e3c2e..45e01ce 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,12 +1,3 @@ -- name: Configure cadvisor - become: yes - template: - src: default/cadvisor.j2 - dest: /etc/default/cadvisor - owner: root - group: root - mode: 0644 - - name: Install Debian packages become: yes ansible.builtin.apt: @@ -14,8 +5,6 @@ - docker-ce - docker-compose-plugin - firewalld - - prometheus-node-exporter - - cadvisor state: latest - name: Upgrade Debian packages @@ -28,6 +17,13 @@ state: latest register: apt_upgrades +- name: Ensure firewalld is running + become: yes + service: + name: firewalld + state: started + enabled: yes + - name: Allow SSH become: yes firewalld: @@ -68,12 +64,6 @@ state: enabled immediate: yes -- name: Enable Firewall - become: yes - firewalld: - state: enabled - immediate: yes - - name: Reboot if needed become: yes ansible.builtin.reboot: diff --git a/roles/common/templates/default/cadvisor.j2 b/roles/common/templates/default/cadvisor.j2 deleted file mode 100644 index 1b35da0..0000000 --- a/roles/common/templates/default/cadvisor.j2 +++ /dev/null @@ -1,47 +0,0 @@ -# config options for cadvisor(1) -# - -# Docker endpoint to connect to -# Default: unix:///var/run/docker.sock -CADVISOR_DOCKER_ENDPOINT="unix:///var/run/docker.sock" - -# Port to listen on -# Default: 8080 -CADVISOR_PORT="9110" - -# Storage driver -# Default: none/blank -# -# Available Options: -# - -# - bigquery -# - elasticsearch -# - kafka -# - redis -# - statsd -# - stdout -CADVISOR_STORAGE_DRIVER="" - -# Storage driver host -# Default: localhost:8086" -CADVISOR_STORAGE_DRIVER_HOST="localhost:8086" - -# Storage driver password -# Default: root -CADVISOR_STORAGE_DRIVER_PASSWORD="root" - -# Storage driver secure connection -# Default: false -CADVISOR_STORAGE_DRIVER_SECURE="false" - -# Storage driver user -# Default: root -CADVISOR_STORAGE_DRIVER_USER="root" - -# Log to stderr ("true" logs to journal on systemd -# and "false" to "/var/log/cadvisor.log" on SysV) -# Default: true -CADVISOR_LOG_TO_STDERR="true" - -# Other options: -#DAEMON_ARGS=""