Fix gitea admin deployment to be less brittle

Admin deployment was very timing-dependent: If the server took a while to set it up, it would always error out while deploying. This commit adds sufficient grace-time into the admin request call before the error occurs which should avoid it in most deployments (unless the server is severely underpowered or over-taxed). Also fixes admin creation to avoid root usage in the container when it is not called for.
2022-12-18 12:00:33 +01:00 · 2022-12-18 12:00:33 +01:00 · 8aaefd3f60
commit 8aaefd3f60
parent 32b1b13ef4
2 changed files with 17 additions and 10 deletions
--- a/roles/gitea/handlers/main.yml
+++ b/roles/gitea/handlers/main.yml
@ -1,9 +1,10 @@
 - name: Add admin user
-  community.docker.docker_container_exec: 
+  community.docker.docker_container_exec:
    container: "{{ gitea_app_container_name['stdout'] }}"
    command: >
      gitea admin user create --admin --username {{ gitea_app_admin_username }} --password {{ gitea_app_admin_password }} --email {{ gitea_app_admin_email }}
-  become: yes
+    user: git
+  become: true
  listen: "no admin user"
  
 ## Register reverse proxy
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -17,7 +17,7 @@
  when: gitea_use_ci == True

 - name: Set agent key
-  ansible.builtin.set_fact: 
+  ansible.builtin.set_fact:
    gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}"
  when: gitea_woodpecker_agent_secret.stdout is not undefined and not None

@ -91,29 +91,35 @@
  become: yes
  tags:
    - docker-swarm
+  register: gitea_deployment
  notify: "update gitea upstream"

+- name: Wait 30 seconds for gitea to become healthy
+  wait_for:
+    timeout: 60
+  delegate_to: localhost
+  when: gitea_deployment is changed
+
 - name: Get app container info
  ansible.builtin.command:
    cmd: docker ps -q -f name={{ stack_name }}_app
  become: yes
  until: gitea_app_container_name['rc'] == 0 and gitea_app_container_name['stdout'] | length >= 1
-  retries: 5
+  retries: 10
  delay: 10
  changed_when: False
  register: gitea_app_container_name

 - name: Look for existing admin user
-  community.docker.docker_container_exec: 
+  community.docker.docker_container_exec:
    container: "{{ gitea_app_container_name['stdout'] }}"
    user: git
    command: >
      gitea admin user list --admin
-  become: yes
-  until: "'connection refused' not in gitea_admin_list['stdout'] and 'Failed to run app' not in gitea_admin_list['stdout']"
-  retries: 10
+  until: gitea_admin_list is defined and gitea_admin_list['rc'] == 0
+  retries: 15
  delay: 10
-  changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout'] 
-  failed_when: (gitea_admin_list['rc'] == 1 and gitea_admin_list['attempts'] >= 5) or 'Gitea is not supposed to be run as root' in gitea_admin_list['stdout']
+  become: true
  register: gitea_admin_list
+  changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout']
  notify: "no admin user"