automatic docker pulls and purges

roles/docker/defaults/main.yml

@@ -6,3 +6,8 @@ container_group: containers
 container_gid: 1001
 
 containers: []
+
+# needs a valid systemd timer calendar event expression:
+# https://www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=
+docker_pull_timer: weekly
+docker_purge_timer: monthly

roles/docker/tasks/main.yml

@@ -1,4 +1,9 @@
 ---
+#- debug:
+    #msg: output={{ containers | map(attribute='service_name') | flatten | map('regex_replace', '(.*)', '"\1"') | join(', ') }}
+
+#- meta: end_play 
+
 - name: Install docker packages (Fedora)
   dnf:
     name:
@@ -114,6 +119,41 @@
   with_items:
     - "{{ containers | map(attribute='service_name') | flatten }}"
 
+- name: Copy script for automated docker pull
+  template:
+    src: docker-pull.sh.j2
+    dest: /usr/local/bin/docker-pull.sh
+    owner: root
+    group: root
+    mode: '0750'
+
+- name: Install docker-pull systemd artifacts
+  template:
+    src: docker-pull.{{ item }}.j2
+    dest: /etc/systemd/system/docker-pull.{{ item }}
+    owner: root
+    group: root
+    mode: '0750'
+  loop:
+    - service
+    - timer
+  loop_control:
+    label: docker-pull.{{ item }}
+
+- name: Install docker-purge systemd artifacts
+  template:
+    src: docker-purge.{{ item }}.j2
+    dest: /etc/systemd/system/docker-purge.{{ item }}
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Refresh systemd service files
+  loop:
+    - service
+    - timer
+  loop_control:
+    label: docker-purge.{{ item }}
+
 - meta: flush_handlers
 
 - name: Open up firewall ports
@@ -131,3 +171,12 @@
     state: started
   with_items:
     - "{{ containers | map(attribute='service_name') | flatten }}"
+
+- name: Enable docker timers for automated pull & cleanup
+  systemd:
+    name: "{{ item }}"
+    enabled: yes
+    state: started
+  loop:
+    - docker-pull.timer
+    - docker-purge.timer

roles/docker/templates/docker-pull.service.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+[Unit]
+Description=Pull new docker images
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/docker-pull.sh
+Restart=no
+
+[Install]
+WantedBy=multi-user.target

roles/docker/templates/docker-pull.sh.j2

@@ -0,0 +1,12 @@
+#!/bin/bash
+# {{ ansible_managed }}
+
+declare -a arr=({{ containers | map(attribute='service_name') | flatten | map('regex_replace', '^(.*)$', '"\\1"') | flatten | join(' ') }})
+
+for i in "${arr[@]}"; do
+  output=$(docker-compose -f /root/docker/$i/docker-compose.yml pull)
+
+  if [[ $(echo $output | grep 'Downloaded newer image') ]]; then
+    systemctl restart $i
+  fi
+done

roles/docker/templates/docker-pull.timer.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+[Unit]
+Description=Docker Pull Timer Task
+After=docker.service
+Wants=docker.service
+
+[Timer]
+OnCalendar={{ docker_pull_timer }}
+Persistent=true
+RandomizedDelaySec=14400
+
+[Install]
+WantedBy=timers.target

roles/docker/templates/docker-purge.service.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+[Unit]
+Description=Clean up unused docker artifacts
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/docker system prune -f
+Restart=no
+
+[Install]
+WantedBy=multi-user.target

roles/docker/templates/docker-purge.timer.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+[Unit]
+Description=Docker Prune Timer Task
+After=docker.service
+Wants=docker.service
+
+[Timer]
+OnCalendar={{ docker_purge_timer }}
+Persistent=true
+RandomizedDelaySec=14400
+
+[Install]
+WantedBy=timers.target