171 lines
4.9 KiB
YAML
171 lines
4.9 KiB
YAML
---
|
||
|
||
- name: check if service file exists already
|
||
stat:
|
||
path: "{{ service_files_dir }}/{{ service_name }}"
|
||
register: service_file_before_template
|
||
|
||
- name: do tasks when "{{ service_name }}" state is "running"
|
||
block:
|
||
|
||
- name: ensure podman is installed
|
||
package:
|
||
name: podman
|
||
state: installed
|
||
when: not skip_podman_install
|
||
|
||
- name: running single container, get image Id if it exists
|
||
# command: podman inspect -f {{.Id}} "{{ container_image }}"
|
||
command: "podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}' {{ container_image }}"
|
||
register: pre_pull_id
|
||
ignore_errors: yes
|
||
when: container_image is defined
|
||
|
||
- name: running single container, ensure we have up to date container image
|
||
command: "podman pull {{ container_image }}"
|
||
when: container_image is defined
|
||
|
||
- name: running single container, get image Id if it exists
|
||
command: "podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}' {{ container_image }}"
|
||
register: post_pull_id
|
||
when: container_image is defined
|
||
|
||
- name: force restart after image change
|
||
debug: msg="image has changed"
|
||
changed_when: True
|
||
notify: restart service
|
||
when:
|
||
- container_image is defined
|
||
- pre_pull_id.stdout != post_pull_id.stdout
|
||
- pre_pull_id is succeeded
|
||
|
||
# XXX remove above comparison if future podman tells image changed.
|
||
|
||
- name: seems we use several container images, ensure all are up to date
|
||
command: "podman pull {{ item }}"
|
||
when: container_image_list is defined
|
||
with_items: "{{ container_image_list }}"
|
||
|
||
- name: if running pod, ensure configuration file exists
|
||
stat:
|
||
path: "{{ container_pod_yaml }}"
|
||
register: pod_file
|
||
when: container_pod_yaml is defined
|
||
- name: fail if pod configuration file is missing
|
||
fail:
|
||
msg: "Error: Asking to run pod, but pod definition yaml file is missing: {{ container_pod_yaml }}"
|
||
when:
|
||
- container_pod_yaml is defined
|
||
- not pod_file.stat.exists
|
||
|
||
- name: "create systemd service file for container: {{ container_name }}"
|
||
template:
|
||
src: systemd-service-single.j2
|
||
dest: "{{ service_files_dir }}/{{ service_name }}"
|
||
owner: root
|
||
group: root
|
||
mode: 0644
|
||
notify: reload systemctl
|
||
register: service_file
|
||
when: container_image is defined
|
||
|
||
- name: "create systemd service file for pod: {{ container_name }}"
|
||
template:
|
||
src: systemd-service-pod.j2
|
||
dest: "{{ service_files_dir }}/{{ service_name }}"
|
||
owner: root
|
||
group: root
|
||
mode: 0644
|
||
notify:
|
||
- reload systemctl
|
||
- start service
|
||
register: service_file
|
||
when: container_image_list is defined
|
||
|
||
- name: ensure "{{ service_name }}" is enabled at boot, and systemd reloaded
|
||
systemd:
|
||
name: "{{ service_name }}"
|
||
enabled: yes
|
||
daemon_reload: yes
|
||
|
||
- name: ensure "{{ service_name }}" is running
|
||
service:
|
||
name: "{{ service_name }}"
|
||
state: started
|
||
when: not service_file_before_template.stat.exists
|
||
|
||
- name: "ensure {{ service_name }} is restarted due config change"
|
||
debug: msg="config has changed:"
|
||
changed_when: True
|
||
notify: restart service
|
||
when:
|
||
- service_file_before_template.stat.exists
|
||
- service_file.changed
|
||
|
||
when: container_state == "running"
|
||
|
||
- name: configure firewall if container_firewall_ports is defined
|
||
block:
|
||
|
||
- name: set firewall ports state to enabled when container state is running
|
||
set_fact:
|
||
fw_state: enabled
|
||
when: container_state == "running"
|
||
|
||
- name: set firewall ports state to disabled when container state is not running
|
||
set_fact:
|
||
fw_state: disabled
|
||
when: container_state != "running"
|
||
|
||
- name: ensure firewalld is installed
|
||
tags: firewall
|
||
package: name=firewalld state=installed
|
||
|
||
- name: ensure firewall service is running
|
||
tags: firewall
|
||
service: name=firewalld state=started
|
||
|
||
- name: ensure container's exposed ports firewall state
|
||
tags: firewall
|
||
firewalld:
|
||
port: "{{ item }}"
|
||
permanent: yes
|
||
immediate: yes
|
||
state: "{{ fw_state }}"
|
||
with_items: "{{ container_firewall_ports }}"
|
||
|
||
when: container_firewall_ports is defined
|
||
|
||
|
||
- name: do cleanup stuff when container_state is "absent"
|
||
block:
|
||
|
||
- name: ensure "{{ service_name }}" is disabled at boot
|
||
service:
|
||
name: "{{ service_name }}"
|
||
enabled: false
|
||
when:
|
||
- service_file_before_template.stat.exists
|
||
|
||
- name: ensure "{{ service_name }}" is stopped
|
||
service:
|
||
name: "{{ service_name }}"
|
||
state: stopped
|
||
enabled: no
|
||
when:
|
||
- service_file_before_template.stat.exists
|
||
|
||
- name: clean up systemd service file
|
||
file:
|
||
path: "{{ service_files_dir }}/{{ service_name }}"
|
||
state: absent
|
||
notify: reload systemctl
|
||
|
||
- name: clean up pod configuration file
|
||
file:
|
||
path: "{{ container_pod_yaml }}"
|
||
state: absent
|
||
when: container_pod_yaml is defined
|
||
|
||
when: container_state == "absent"
|