From f6ef3b181c15fdad6ed2d1a03ec42f8b70a3a2a1 Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <6413499+elberfeld@users.noreply.github.com>
Date: Sun, 28 Jan 2024 01:08:02 +0100
Subject: [PATCH] install watchtower on webserver and verwaltung
---
common/docker_watchtower/tasks/main.yml | 29 +++++++++++
.../templates/docker-compose.yml | 48 +++++++++++++++++++
group_vars/prod | 1 +
host_vars/verwaltung | 1 +
host_vars/webserver | 1 +
site.yml | 10 ++++
6 files changed, 90 insertions(+)
create mode 100644 common/docker_watchtower/tasks/main.yml
create mode 100644 common/docker_watchtower/templates/docker-compose.yml
diff --git a/common/docker_watchtower/tasks/main.yml b/common/docker_watchtower/tasks/main.yml
new file mode 100644
index 00000000..c7caa580
--- /dev/null
+++ b/common/docker_watchtower/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+ with_items:
+ - { path: "{{ basedir }}/matrix_notification_access_token", length: -1 }
+
+
+- name: "create folder struct for {{ servicename }}"
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - "{{ basedir }}"
+
+
+- name: Konfig-Dateien erstellen (base,graphite)
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - docker-compose.yml
+ register: dockerconfig
+
+
+- name: "start {{ servicename }} docker"
+ docker_compose:
+ project_src: "{{ basedir }}"
+ state: present
+ build: "{{ dockerconfig.changed }}"
diff --git a/common/docker_watchtower/templates/docker-compose.yml b/common/docker_watchtower/templates/docker-compose.yml
new file mode 100644
index 00000000..1a47da1c
--- /dev/null
+++ b/common/docker_watchtower/templates/docker-compose.yml
@@ -0,0 +1,48 @@
+
+
+version: "2.4"
+
+services:
+
+ app:
+
+ image: containrrr/watchtower:latest
+ restart: always
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ environment:
+ TZ: "Europe/Berlin"
+ #WATCHTOWER_RUN_ONCE: "true"
+ WATCHTOWER_MONITOR_ONLY: "true"
+ WATCHTOWER_NOTIFICATION_REPORT: "true"
+ WATCHTOWER_NOTIFICATION_URL: >
+ matrix://:{{ matrix_notification_access_token }}@{{ matrix.domain }}/?rooms={{ matrix.notifications_room_id }}
+ WATCHTOWER_NOTIFICATION_TEMPLATE: |
+ Watchtower @ {{ inventory_hostname }} {% raw %} {{"\n"}}
+ {{- if .Report -}}
+ {{- with .Report -}}
+ {{len .Scanned}} Scanned, {{len .Updated}} Updated, {{len .Failed}} Failed
+ {{- range .Updated}}
+ - {{.Name}} ({{.ImageName}}): {{.CurrentImageID.ShortID}} updated to {{.LatestImageID.ShortID}}
+ {{- end -}}
+ {{- range .Fresh}}
+ - {{.Name}} ({{.ImageName}}): {{.State}}
+ {{- end -}}
+ {{- range .Skipped}}
+ - {{.Name}} ({{.ImageName}}): {{.State}}: {{.Error}}
+ {{- end -}}
+ {{- range .Failed}}
+ - {{.Name}} ({{.ImageName}}): {{.State}}: {{.Error}}
+ {{- end -}}
+ {{- end -}}
+ {{- else -}}
+ {{range .Entries -}}{{.Message}}{{"\n"}}{{- end -}}
+ {{- end -}}
+ {% endraw %}
+
+
+
+
+
+
+
diff --git a/group_vars/prod b/group_vars/prod
index 12f44120..6689d758 100644
--- a/group_vars/prod
+++ b/group_vars/prod
@@ -88,6 +88,7 @@ matrix:
domain: matrix.warpzone.ms
public_url: https://matrix.warpzone.ms
identity_server: https://matrix.warpzone.ms
+ notifications_room_id: "!iYefxbySFEfFQfUGEK:matrix.warpzone.ms"
# Monitoring
monitoring:
diff --git a/host_vars/verwaltung b/host_vars/verwaltung
index b6ca5b64..5603af51 100644
--- a/host_vars/verwaltung
+++ b/host_vars/verwaltung
@@ -78,6 +78,7 @@ alert:
- { name: "nextcloud_redis_1" }
- { name: "nextcloud_webcron_1" }
- { name: "traefik_app_1" }
+ - { name: "watchtower_app_1" }
disks:
- { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
- { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
diff --git a/host_vars/webserver b/host_vars/webserver
index d0500026..d5f3ffc9 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -112,6 +112,7 @@ alert:
- { name: "traefik_app_1" }
- { name: "vpnserver_app_1" }
- { name: "warpapi_app_1" }
+ - { name: "watchtower_app_1" }
- { name: "wordpress_app_1" }
- { name: "wordpress_db_1" }
- { name: "workadventure_back_1" }
diff --git a/site.yml b/site.yml
index 5b4b2305..813938bf 100644
--- a/site.yml
+++ b/site.yml
@@ -161,6 +161,11 @@
domain_default: "www.warpzone.ms",
matrix_federation: true
}
+ - {
+ role: common/docker_watchtower, tags: watchtower,
+ servicename: watchtower,
+ basedir: /srv/watchtower,
+ }
- {
role: webserver/docker_coturn, tags: coturn,
servicename: "coturn",
@@ -265,6 +270,11 @@
basedir: /srv/traefik,
domain: "warpzone.ms",
}
+ - {
+ role: common/docker_watchtower, tags: watchtower,
+ servicename: watchtower,
+ basedir: /srv/watchtower,
+ }
- {
role: verwaltung/docker_gitea, tags: gitea,
servicename: "gitea",
--
GitLab