feat(shepherd): Add auto update shepherd role

Deprecates diun as it provides a simpler implementation for docker
swarm. Mark any containers you want auto updated with
`shepherd.autoupdate=true` and the rest with
`shepherd.autoupdate=false`. Everything untagged will not be watched (by
default), though this can be changed by setting the ansible default
variable `shepherd_filter_services: `.

roles/shepherd/README.md

@@ -0,0 +1,6 @@
+# shepherd
+
+Monitor the deployed swarm containers for updates.
+Will notify you when it found any update for any container.
+
+Can notify you through a wide variety of services using the apprise api.

roles/shepherd/defaults/main.yml

@@ -0,0 +1,13 @@
+---
+shepherd_version: latest
+
+shepherd_tz: Europe/Berlin
+
+shepherd_ignored_services: label=shepherd.autoupdate=false
+shepherd_filter_services: label=shepherd.autoupdate=true
+
+shepherd_sleeptime: 5m
+shepherd_rollback_on_failure: true
+shepherd_image_autoclean_limit: 5
+
+shepherd_notification_targets:

roles/shepherd/meta/main.yml

@@ -0,0 +1,10 @@
+---
+galaxy_info:
+  author: Marty Oehme
+  description: Apply docker swarm container updates
+  license: GPL-3.0-only
+  min_ansible_version: "2.9"
+  galaxy_tags: []
+
+dependencies:
+  - docker-swarm

roles/shepherd/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Deploy shepherd stack to swarm
+  community.general.docker_stack:
+    name: "{{ stack_name }}"
+    state: present
+    prune: yes
+    compose:
+      - "{{ stack_compose }}"
+  become: true
+  tags:
+    - docker-swarm

roles/shepherd/templates/docker-stack.yml.j2

@@ -0,0 +1,52 @@
+version: '3.4'
+
+services:
+  app:
+    image: "{{ stack_image }}:{{ shepherd_version }}"
+    # healthcheck:
+    #   test: ["CMD", "wget", "--spider", "-q", "127.0.0.1"]
+    #   interval: 1m
+    #   timeout: 10s
+    #   retries: 3
+    #   start_period: 1m
+    command: serve
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      - "TZ={{ shepherd_tz }}"
+      - "SLEEP_TIME={{ shepherd_sleeptime }}"
+      - "IGNORELIST_SERVICES={{ shepherd_ignored_services }}"
+{% if shepherd_filter_services is defined and not None %}
+      - "FILTER_SERVICES={{ shepherd_filter_services }}"
+{% endif %}
+      - "ROLLBACK_ON_FAILURE={{ shepherd_rollback_on_failure }}"
+      - "IMAGE_AUTOCLEAN_LIMIT={{ shepherd_image_autoclean_limit }}"
+      - "VERBOSE=true"
+{% if shepherd_notification_targets is defined and not None %}
+      - "APPRISE_SIDECAR_URL: notify:5000"
+{% endif %}
+    networks:
+      - backend
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == manager
+
+{% if shepherd_notification_targets is defined and not None %}
+  notify:
+    image: mazzolino/apprise-microservice:latest
+    environment:
+      NOTIFICATION_URLS: {{ shepherd_notification_targets }}
+    networks:
+      - backend
+{% endif %}
+
+volumes:
+  data:
+
+networks:
+  "{{ docker_swarm_public_network_name }}":
+    external: true
+  backend:

roles/shepherd/vars/main.yml

@@ -0,0 +1,6 @@
+---
+stack_name: shepherd
+
+stack_image: "containrrr/shepherd"
+
+stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"