feat(docker): Added cadvisor on all hosts, added docker metric exporter, added docker compose restart as handler, moved repetetive directory/permission creation into loops, moved repetetive values into variables, cleanup compose template for better empty lines

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-01-17 21:50:36 +01:00
parent 1017fed848
commit ae929ca09d
18 changed files with 97 additions and 100 deletions
--- a/playbook/common-k3s.yml
+++ b/playbook/common-k3s.yml
--- a/playbook/db.yml
+++ b/playbook/db.yml
--- a/playbook/docker-host.yml
+++ b/playbook/docker-host.yml
--- a/playbook/docker-lb.yml
+++ b/playbook/docker-lb.yml
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -2,6 +2,7 @@
 # Essential
 #
 root: root
 user: tudattr
 timezone: Europe/Berlin
 puid: "1000"
--- a/group_vars/docker/vars.yml
+++ b/group_vars/docker/vars.yml
@@ -1,7 +1,9 @@
 docker:
  url: "https://download.docker.com/linux"
  apt_release_channel: "stable"
-  dirs: "/opt/docker"
+  directories:
    opt: "/opt/docker/"
    compose: "/opt/docker/compose"
 caddy:
  admin_email: me+acme@tudattr.dev
@@ -443,6 +445,47 @@ services:
      - TZ=Europe/Berlin
      - QBT_EULA="accept"
      - QBT_WEBUI_PORT="8082"
  - name: cadvisor
    vm:
      - docker-host00
      - docker-host01
      - docker-host02
    container_name: cadvisor
    image: gcr.io/cadvisor/cadvisor:latest
    restart: unless-stopped
    ports:
      - name: ""
        internal: 8080
        external: 8081
    volumes:
      - name: "Root"
        internal: /rootfs:ro
        external: /
      - name: "Run"
        internal: /var/run:rw
        external: /var/run
      - name: "System"
        internal: /sys:ro
        external: /sys
      - name: "Docker"
        internal: /var/lib/docker:ro
        external: /var/lib/docker
  # - name: template
  #   vm:
  #     -
  #   container_name:
  #   image:
  #   restart:
  #   volumes:
  #     - name:
  #       internal:
  #       external:
  #   ports:
  #     - name:
  #       internal:
  #       external:
  #   environment:
  #     -
  # - name: calibre
  #   vm:
  #     - docker-host00
--- a/playbook/k3s-agents.yml
+++ b/playbook/k3s-agents.yml
--- a/playbook/k3s-servers.yml
+++ b/playbook/k3s-servers.yml
--- a/playbook/k3s-storage.yml
+++ b/playbook/k3s-storage.yml
--- a/playbook/loadbalancer.yml
+++ b/playbook/loadbalancer.yml
--- a/roles/docker_host/files/daemon.json
+++ b/roles/docker_host/files/daemon.json
@@ -0,0 +1,3 @@
 {
  "metrics-addr": "0.0.0.0:9323"
 }
--- a/roles/docker_host/handlers/main.yml
+++ b/roles/docker_host/handlers/main.yml
@@ -4,4 +4,8 @@
    name: docker
    state: restarted
  become: true
-# TODO also do docker compose restart
+
 - name: Restart compose
  community.docker.docker_compose_v2:
    project_src: "{{ docker.directories.compose }}"
    state: restarted
--- a/roles/docker_host/tasks/deploy_compose.yml
+++ b/roles/docker_host/tasks/deploy_compose.yml
@@ -2,11 +2,12 @@
 - name: Copy docker compose file to target
  ansible.builtin.template:
    src: "templates/compose.yaml.j2"
-    dest: "/opt/docker/compose/compose.yaml"
+    dest: "{{ docker.directories.compose }}/compose.yaml"
    owner: "{{ user }}"
    group: "{{ user }}"
    mode: "644"
    backup: true
  notify:
    - Restart docker
    - Restart compose
  become: true
--- a/roles/docker_host/tasks/directory_setup.yml
+++ b/roles/docker_host/tasks/directory_setup.yml
@@ -1,106 +1,40 @@
 ---
- name: Create /media/docker directory
+- name: Create directories
  ansible.builtin.file:
-    path: /media/docker
+    path: "{{ item }}"
    state: directory
    mode: "0755"
  loop:
    - /media/docker
    - /media/series
    - /media/movies
    - /media/songs
    - "{{ docker.directories.opt }}"
    - "{{ docker.directories.compose }}"
    - /opt/local
  become: true
- name: Create /media/series directory
+- name: Set ownership to {{ user }}
  ansible.builtin.file:
-    path: /media/series
+    path: "{{ item }}"
-    state: directory
+    owner: "{{ user }}"
-    mode: "0755"
+    group: "{{ user }}"
  loop:
    - "{{ docker.directories.opt }}"
    - /opt/local
    - /media
  become: true
- name: Create /media/movies directory
+- name: Ensure NFS mounts
  ansible.builtin.file:
    path: /media/movies
    state: directory
    mode: "0755"
  become: true
 - name: Create /media/songs directory
  ansible.builtin.file:
    path: /media/songs
    state: directory
    mode: "0755"
  become: true
 - name: Create /opt/docker directory
  ansible.builtin.file:
    path: /opt/docker
    state: directory
    mode: "0755"
  become: true
 - name: Create /opt/docker/compose directory
  ansible.builtin.file:
    path: /opt/docker/compose
    state: directory
    mode: "0755"
  become: true
 - name: Create /opt/local directory
  ansible.builtin.file:
    path: /opt/local
    state: directory
    mode: "0755"
  become: true
 - name: Set ownership of /opt/local to tudattr
  ansible.builtin.file:
    path: /opt/local
    owner: tudattr
    group: tudattr
  become: true
 - name: Set ownership of /opt/docker to tudattr
  ansible.builtin.file:
    path: /opt/docker
    owner: tudattr
    group: tudattr
  become: true
 - name: Set ownership of /media directories to tudattr
  ansible.builtin.file:
    path: /media/
    owner: tudattr
    group: tudattr
  become: true
 - name: Ensure /media/docker is mounted via NFS
  ansible.posix.mount:
-    path: /media/docker
+    path: "{{ item }}"
-    src: 192.168.20.12:/media/docker
+    src: "192.168.20.12:{{ item }}"
    fstype: nfs
    opts: defaults,nolock
    state: mounted
  become: true
 - name: Ensure /media/series is mounted via NFS
  ansible.posix.mount:
    path: /media/series
    src: 192.168.20.12:/media/series
    fstype: nfs
    opts: defaults,nolock
    state: mounted
  become: true
 - name: Ensure /media/movies is mounted via NFS
  ansible.posix.mount:
    path: /media/movies
    src: 192.168.20.12:/media/movies
    fstype: nfs
    opts: defaults,nolock
    state: mounted
  become: true
 - name: Ensure /media/songs is mounted via NFS
  ansible.posix.mount:
    path: /media/songs
    src: 192.168.20.12:/media/songs
    fstype: nfs
    opts: defaults,nolock
    state: mounted
  loop:
    - /media/docker
    - /media/series
    - /media/movies
    - /media/songs
  become: true
--- a/roles/docker_host/tasks/export.yml
+++ b/roles/docker_host/tasks/export.yml
@@ -0,0 +1,11 @@
 ---
 - name: Copy exporter config to host
  ansible.builtin.copy:
    src: files/daemon.json
    dest: /etc/docker/daemon.json
    owner: "{{ root }}"
    group: "{{ root }}"
    mode: "0644"
  notify:
    - Restart docker
  become: true
--- a/roles/docker_host/tasks/main.yml
+++ b/roles/docker_host/tasks/main.yml
@@ -13,3 +13,6 @@
 - name: Deploy docker compose
  ansible.builtin.include_tasks: deploy_compose.yml
 - name: Publish metrics
  ansible.builtin.include_tasks: export.yml
--- a/roles/docker_host/templates/compose.yaml.j2
+++ b/roles/docker_host/templates/compose.yaml.j2
@@ -56,8 +56,8 @@ services:
      - {{device.external}}:{{device.internal}}
 {% endfor %}
 {% endif %}
 {% if service.name == 'paperless' %}
  {{service.name}}-broker:
    container_name: paperless-broker
    image: docker.io/library/redis:7
@@ -79,13 +79,10 @@ services:
      POSTGRES_DB: paperless
      POSTGRES_USER: paperless
      POSTGRES_PASSWORD: 5fnhn%u2YWY3paNvMAjdoufYPQ2Hf3Yi
  {% endif %}
 {% endif %}
 {% endif %}
 {% endfor %}
 networks:
  net:
    driver: bridge
--- a/playbook/test.yml
+++ b/playbook/test.yml