docker
======

This role will install Docker and given a list of containers to deploy, will do the following:

1. Create needed docker networks
2. Open up necessary firewall ports
3. Generate docker-compose files (1 per container)
4. Ensure container user/group exists
5. Ensure container persistent directories exist with correct perms and SELinux contexts
6. Generate a systemd service file per container
7. Setup systemd timers to automatically pull new and purge old container images

Requirements
------------

This role is only tested on Fedora/CentOS machines.

Variables
---------

`container_user`: user name to run containers as (will be generated if not exists)<br>
`container_uid`: uid of above user name<br>
`container_group`: group name of container_user (will be generated if not exists)<br>
`container_gid`: gid of above group name<br>

Automated pulls and purges are handled by systemd timers. Any valid [systemd timer calendar event expression](https://www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=) may be passed to them:

`docker_pull_timer`: weekly<br>
`docker_purge_timer`: monthly

    global_env_vars: # will be set on any container which has include_global_env_vars: true
      - PUID={{ container_uid }}
      - PGID={{ container_gid }}
      - TZ=America/Los_Angeles

    firewall_ports: # list of ports to open up on the host
      - 80/tcp
      - 443/tcp

Since this role sets up each container individually, if multiple containers need to talk directly to each other container networks must be outlined:

This role sets up each container as an individual docker-compose.yml file with a 1-to-1 relationship with it's systemd service. This means we can not rely on docker-compose's built-in networking feature for connecting multiple containers together.

Outline any networks you need via container_networks:

    container_networks:
      - name: nginx-proxy
        driver: bridge
        subnet: 172.21.10.0/24
        ip_range: 172.21.10.0/24
        gateway: 172.21.10.1

And specify those networks in the corresponding container's dictionary:

    containers:
      - name: swag
        active: true
        image: linuxserver/swag
        ports:
          - 80:80
          - 443:443
        volumes:
          - /opt/swag:/config
        include_global_env_vars: true
        environment:
          - URL=myexamplesite.biz
          - VALIDATION=http
          - SUBDOMAINS=www,git,
          - EMAIL=admin@myexamplesite.biz
        restart: unless-stopped
        memlimit: 300m
        networks:
          - nginx-proxy

        - name: gogs
          active: true
          image: gogs/gogs
          ports:
            - "10022:22" # https://github.com/go-yaml/yaml/issues/34#issuecomment-55772666
          volumes:
            - /opt/gogs:/data
          include_global_env_vars: false
          restart: unless-stopped
          memlimit: 500m
          networks:
            - nginx-proxy


Usage
-----

This role creates docker-compose.yml files for each entry in the list of containers under the filename:<br>
`/root/docker/<name>/docker-compose.yml`

It also generates systemd services files of the name:<br>
`/etc/systemd/system/<name>.service`

This file is a simple wrapper around docker-compose:

    [root@shareunderware ~]# systemctl cat swag.service
    # /etc/systemd/system/swag.service
    # This file is managed by Ansible. Any local changes may be wiped out!
    [Unit]
    Description=systemd wrapper around docker swag service
    Requires=docker.service
    After=docker.service

    [Service]
    Restart=always
    User=root
    Group=docker

    ExecStartPre=/usr/bin/docker-compose -f /root/docker/swag/docker-compose.yml down -v
    ExecStart=/usr/bin/docker-compose -f /root/docker/swag/docker-compose.yml up
    ExecStop=/usr/bin/docker-compose -f /root/docker/swag/docker-compose.yml down -v

    [Install]
    WantedBy=multi-user.target

This method allows the logs to be captured via journald and can be queried just like any other service:

    [root@shareunderware ~]# journalctl -fu swag.service 
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [cont-init.d] 70-templates: exited 0.
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [cont-init.d] 90-custom-folders: executing...
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [cont-init.d] 90-custom-folders: exited 0.
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [cont-init.d] 99-custom-files: executing...
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [custom-init] no custom files found exiting...
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [cont-init.d] 99-custom-files: exited 0.
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [cont-init.d] done.
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [services.d] starting services
    Apr 25 04:20:59 shareunderware docker-compose[1956]: swag    | [services.d] done.
    Apr 25 04:21:03 shareunderware docker-compose[1956]: swag    | Server ready


License
-------

GPLv3