Merge pull request #159 from open-austin/updates4release

Update Ansible roles; set default session to 87

src/Vagrantfile

@@ -5,7 +5,7 @@ Vagrant.configure(2) do |config|
   # https://docs.vagrantup.com.
 
   # boxes at https://atlas.hashicorp.com/search.
-  config.vm.box = "ubuntu/xenial64"
+  config.vm.box = "ubuntu/focal64"
   config.vm.hostname = "inftx.dev.local.net"
 
   # Create a forwarded port mapping which allows access to a specific port
@@ -31,14 +31,14 @@ Vagrant.configure(2) do |config|
   # Install pre-reqs
   config.vm.provision "shell", :privileged => true, inline: <<-SHELL
     apt-get update
-    apt-get install -y python-minimal
+    apt-get install -y python3-minimal sudo acl
   SHELL
 
   config.vm.provision "ansible_local" do |ansible|
     ansible.provisioning_path = "/vagrant/ansible/inventory/vagrant/"
     ansible.playbook = "playbook.yml"
-    ansible.install_mode = "pip"
-    ansible.version = "2.2.2.0"
+    ansible.install_mode = "pip3"
+    ansible.version = "2.9.6"
   end
 
   # Install application

src/ansible/inventory/vagrant/group_vars/all.yml

@@ -11,7 +11,7 @@ postgresql_databases:
 postgresql_users:
   - name: influencetx
     pass: mysecretpassword
-    encrypted: no               # denotes if the password is already encrypted.
+    encrypted: yes              # denotes if the password is already encrypted, postgresql >= 10 does only accepts encrypted passwords
 postgresql_user_privileges:
   - name: influencetx           # user name
     db: influencetx             # database

src/ansible/inventory/vagrant/playbook.yml

@@ -2,7 +2,7 @@
 - hosts: all
   become: yes
   roles:
-    - role-postgresql
+    - ansible-role-postgresql
     - ansible-role-docker
   tasks:
     - name: setup root key

src/ansible/roles/ansible-role-docker/.ansible-lint

@@ -0,0 +1,4 @@
+skip_list:
+  - 'yaml'
+  - 'risky-shell-pipe'
+  - 'role-name'

src/ansible/roles/ansible-role-docker/.gitignore

@@ -1,2 +1,5 @@
 *.retry
-tests/test.sh
+*/__pycache__
+*.pyc
+.cache
+

src/ansible/roles/ansible-role-docker/.yamllint

@@ -0,0 +1,11 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 200
+    level: warning
+
+ignore: |
+  .github/stale.yml
+  .travis.yml

src/ansible/roles/ansible-role-docker/README.md

@@ -1,6 +1,6 @@
 # Ansible Role: Docker
 
-[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-docker.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-docker)
+[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI)
 
 An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
 
@@ -17,24 +17,48 @@ Available variables are listed below, along with default values (see `defaults/m
     docker_package: "docker-{{ docker_edition }}"
     docker_package_state: present
 
-The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using a format like `docker-{{ docker_edition }}-<VERSION>`. And you can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively.
+The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>`; Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>`.
+
+You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
+
+    docker_service_state: started
+    docker_service_enabled: true
+    docker_restart_handler_state: restarted
+
+Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`.
 
     docker_install_compose: true
-    docker_compose_version: "1.15.0"
+    docker_compose_version: "1.26.0"
     docker_compose_path: /usr/local/bin/docker-compose
 
 Docker Compose installation options.
 
     docker_apt_release_channel: stable
-    docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+    docker_apt_arch: amd64
+    docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+    docker_apt_ignore_key_error: True
+    docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+
+(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
 
-(Used only for Debian/Ubuntu.) You can switch the channel to `edge` if you want to use the Edge release.
+You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
+Usually in combination with changing `docker_apt_repository` as well.
 
     docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo
-    docker_yum_repo_enable_edge: 0
-    docker_yum_repo_enable_test: 0
+    docker_yum_repo_enable_nightly: '0'
+    docker_yum_repo_enable_test: '0'
+    docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
+
+(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
+
+You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
+Usually in combination with changing `docker_yum_repository` as well.
+
+    docker_users:
+      - user1
+      - user2
 
-(Used only for RedHat/CentOS.) You can enable the Edge or Test repo by setting the respective vars to `1`.
+A list of system users to be added to the `docker` group (so they can use Docker on the server).
 
 ## Use with Ansible (and `docker` Python library)
 

src/ansible/roles/ansible-role-docker/defaults/main.yml

@@ -4,16 +4,28 @@ docker_edition: 'ce'
 docker_package: "docker-{{ docker_edition }}"
 docker_package_state: present
 
+# Service options.
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+
 # Docker Compose options.
 docker_install_compose: true
-docker_compose_version: "1.15.0"
-docker_compose_path: /usr/bin/docker-compose
+docker_compose_version: "1.26.0"
+docker_compose_path: /usr/local/bin/docker-compose
 
-# Used only for Debian/Ubuntu. Switch 'stable' to 'edge' if needed.
+# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
 docker_apt_release_channel: stable
-docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_arch: amd64
+docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_ignore_key_error: true
+docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+
+# Used only for RedHat/CentOS/Fedora.
+docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo
+docker_yum_repo_enable_nightly: '0'
+docker_yum_repo_enable_test: '0'
+docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
 
-# Used only for RedHat/CentOS.
-docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo
-docker_yum_repo_enable_edge: 0
-docker_yum_repo_enable_test: 0
+# A list of users who will be added to the docker group.
+docker_users: []

src/ansible/roles/ansible-role-docker/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
 - name: restart docker
-  service: name=docker state=restarted
+  service: "name=docker state={{ docker_restart_handler_state }}"

src/ansible/roles/ansible-role-docker/molecule/default/converge.yml

@@ -0,0 +1,24 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  pre_tasks:
+    - name: Update apt cache.
+      apt: update_cache=yes cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+
+    - name: Wait for systemd to complete initialization.  # noqa 303
+      command: systemctl is-system-running
+      register: systemctl_status
+      until: >
+        'running' in systemctl_status.stdout or
+        'degraded' in systemctl_status.stdout
+      retries: 30
+      delay: 5
+      when: ansible_service_mgr == 'systemd'
+      changed_when: false
+      failed_when: systemctl_status.rc > 1
+
+  roles:
+    - role: geerlingguy.docker

src/ansible/roles/ansible-role-docker/molecule/default/molecule.yml

@@ -0,0 +1,17 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}

src/ansible/roles/ansible-role-docker/tasks/docker-users.yml

@@ -0,0 +1,7 @@
+---
+- name: Ensure docker users are added to the docker group.
+  user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  with_items: "{{ docker_users }}"

src/ansible/roles/ansible-role-docker/tasks/main.yml

@@ -1,18 +1,27 @@
 ---
-- include: setup-RedHat.yml
+- include_tasks: setup-RedHat.yml
   when: ansible_os_family == 'RedHat'
 
-- include: setup-Debian.yml
+- include_tasks: setup-Debian.yml
   when: ansible_os_family == 'Debian'
 
 - name: Install Docker.
-  package: name={{ docker_package }} state={{ docker_package_state }}
+  package:
+    name: "{{ docker_package }}"
+    state: "{{ docker_package_state }}"
+  notify: restart docker
 
 - name: Ensure Docker is started and enabled at boot.
   service:
     name: docker
-    state: started
-    enabled: yes
+    state: "{{ docker_service_state }}"
+    enabled: "{{ docker_service_enabled }}"
 
-- include: docker-compose.yml
-  when: docker_install_compose
+- name: Ensure handlers are notified now to avoid firewall conflicts.
+  meta: flush_handlers
+
+- include_tasks: docker-compose.yml
+  when: docker_install_compose | bool
+
+- include_tasks: docker-users.yml
+  when: docker_users | length > 0

src/ansible/roles/ansible-role-docker/tasks/setup-Debian.yml

@@ -1,40 +1,40 @@
 ---
 - name: Ensure old versions of Docker are not installed.
   package:
-    name: '{{ item }}'
+    name:
+      - docker
+      - docker-engine
     state: absent
-  with_items:
-    - docker
-    - docker-engine
 
-- name: Ensure depdencies are installed.
+- name: Ensure dependencies are installed.
   apt:
-    name: "{{ item }}"
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg2
     state: present
-  with_items:
-    - apt-transport-https
-    - ca-certificates
 
 - name: Add Docker apt key.
   apt_key:
-    url: https://download.docker.com/linux/ubuntu/gpg
+    url: "{{ docker_apt_gpg_key }}"
     id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
     state: present
   register: add_repository_key
-  ignore_errors: true
+  ignore_errors: "{{ docker_apt_ignore_key_error }}"
 
 - name: Ensure curl is present (on older systems without SNI).
   package: name=curl state=present
-  when: add_repository_key|failed
+  when: add_repository_key is failed
 
 - name: Add Docker apt key (alternative for older systems without SNI).
-  shell: "curl -sSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -"
+  shell: >
+    curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add -
   args:
-    warn: no
-  when: add_repository_key|failed
+    warn: false
+  when: add_repository_key is failed
 
 - name: Add Docker repository.
   apt_repository:
     repo: "{{ docker_apt_repository }}"
     state: present
-    update_cache: yes
+    update_cache: true