From 2dfe9f9b928ca6e63368f57805f5b6fdf78bb347 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Fri, 7 Mar 2025 18:19:53 +0100 Subject: [PATCH] feat(shepherd): Add auto update shepherd role Deprecates diun as it provides a simpler implementation for docker swarm. Mark any containers you want auto updated with `shepherd.autoupdate=true` and the rest with `shepherd.autoupdate=false`. Everything untagged will not be watched (by default), though this can be changed by setting the ansible default variable `shepherd_filter_services: `. --- roles/shepherd/README.md | 6 +++ roles/shepherd/defaults/main.yml | 13 +++++ roles/shepherd/meta/main.yml | 10 ++++ roles/shepherd/tasks/main.yml | 11 +++++ roles/shepherd/templates/docker-stack.yml.j2 | 52 ++++++++++++++++++++ roles/shepherd/vars/main.yml | 6 +++ 6 files changed, 98 insertions(+) create mode 100644 roles/shepherd/README.md create mode 100644 roles/shepherd/defaults/main.yml create mode 100644 roles/shepherd/meta/main.yml create mode 100644 roles/shepherd/tasks/main.yml create mode 100644 roles/shepherd/templates/docker-stack.yml.j2 create mode 100644 roles/shepherd/vars/main.yml diff --git a/roles/shepherd/README.md b/roles/shepherd/README.md new file mode 100644 index 0000000..ff26192 --- /dev/null +++ b/roles/shepherd/README.md @@ -0,0 +1,6 @@ +# shepherd + +Monitor the deployed swarm containers for updates. +Will notify you when it found any update for any container. + +Can notify you through a wide variety of services using the apprise api. diff --git a/roles/shepherd/defaults/main.yml b/roles/shepherd/defaults/main.yml new file mode 100644 index 0000000..39e8fcb --- /dev/null +++ b/roles/shepherd/defaults/main.yml @@ -0,0 +1,13 @@ +--- +shepherd_version: latest + +shepherd_tz: Europe/Berlin + +shepherd_ignored_services: label=shepherd.autoupdate=false +shepherd_filter_services: label=shepherd.autoupdate=true + +shepherd_sleeptime: 5m +shepherd_rollback_on_failure: true +shepherd_image_autoclean_limit: 5 + +shepherd_notification_targets: diff --git a/roles/shepherd/meta/main.yml b/roles/shepherd/meta/main.yml new file mode 100644 index 0000000..b0824dd --- /dev/null +++ b/roles/shepherd/meta/main.yml @@ -0,0 +1,10 @@ +--- +galaxy_info: + author: Marty Oehme + description: Apply docker swarm container updates + license: GPL-3.0-only + min_ansible_version: "2.9" + galaxy_tags: [] + +dependencies: + - docker-swarm diff --git a/roles/shepherd/tasks/main.yml b/roles/shepherd/tasks/main.yml new file mode 100644 index 0000000..c2bef7f --- /dev/null +++ b/roles/shepherd/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Deploy shepherd stack to swarm + community.general.docker_stack: + name: "{{ stack_name }}" + state: present + prune: yes + compose: + - "{{ stack_compose }}" + become: true + tags: + - docker-swarm diff --git a/roles/shepherd/templates/docker-stack.yml.j2 b/roles/shepherd/templates/docker-stack.yml.j2 new file mode 100644 index 0000000..fdd5a50 --- /dev/null +++ b/roles/shepherd/templates/docker-stack.yml.j2 @@ -0,0 +1,52 @@ +version: '3.4' + +services: + app: + image: "{{ stack_image }}:{{ shepherd_version }}" + # healthcheck: + # test: ["CMD", "wget", "--spider", "-q", "127.0.0.1"] + # interval: 1m + # timeout: 10s + # retries: 3 + # start_period: 1m + command: serve + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + environment: + - "TZ={{ shepherd_tz }}" + - "SLEEP_TIME={{ shepherd_sleeptime }}" + - "IGNORELIST_SERVICES={{ shepherd_ignored_services }}" +{% if shepherd_filter_services is defined and not None %} + - "FILTER_SERVICES={{ shepherd_filter_services }}" +{% endif %} + - "ROLLBACK_ON_FAILURE={{ shepherd_rollback_on_failure }}" + - "IMAGE_AUTOCLEAN_LIMIT={{ shepherd_image_autoclean_limit }}" + - "VERBOSE=true" +{% if shepherd_notification_targets is defined and not None %} + - "APPRISE_SIDECAR_URL: notify:5000" +{% endif %} + networks: + - backend + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.role == manager + +{% if shepherd_notification_targets is defined and not None %} + notify: + image: mazzolino/apprise-microservice:latest + environment: + NOTIFICATION_URLS: {{ shepherd_notification_targets }} + networks: + - backend +{% endif %} + +volumes: + data: + +networks: + "{{ docker_swarm_public_network_name }}": + external: true + backend: diff --git a/roles/shepherd/vars/main.yml b/roles/shepherd/vars/main.yml new file mode 100644 index 0000000..d8415bd --- /dev/null +++ b/roles/shepherd/vars/main.yml @@ -0,0 +1,6 @@ +--- +stack_name: shepherd + +stack_image: "containrrr/shepherd" + +stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"