--- # Copyright (c) 2022 Felix Fontein # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later #################################################################### # WARNING: These are designed specifically for Ansible tests # # and should not be used as examples of how to write Ansible roles # #################################################################### - name: Create random nginx frontend name ansible.builtin.set_fact: daemon_nginx_frontend: '{{ "ansible-docker-test-daemon-frontend-%0x" % ((2**32) | random) }}' - block: - name: Create volume for config files community.docker.docker_volume: name: '{{ daemon_nginx_frontend }}' state: present - name: Create container for nginx frontend for daemon community.docker.docker_container: state: stopped name: '{{ daemon_nginx_frontend }}' image: "{{ docker_test_image_registry_nginx }}" volumes: - '{{ daemon_nginx_frontend }}:/etc/nginx/' - '/var/run/docker.sock:/var/run/docker.sock' network_mode: '{{ current_container_network_ip | default(omit, true) }}' networks: >- {{ [dict([['name', current_container_network_ip]])] if current_container_network_ip not in ['', 'bridge'] else omit }} register: nginx_container - name: Copy config files ansible.builtin.copy: src: "{{ item }}" dest: "{{ remote_tmp_dir }}/{{ item }}" mode: "0644" loop: - nginx.conf - name: Copy static files into volume community.docker.docker_container_copy_into: container: '{{ daemon_nginx_frontend }}' path: '{{ remote_tmp_dir }}/{{ item }}' container_path: '/etc/nginx/{{ item }}' owner_id: 0 group_id: 0 loop: - nginx.conf register: can_copy_files ignore_errors: true - when: can_copy_files is not failed block: - name: Create private keys community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/{{ item }}.key' type: ECC curve: secp256r1 force: true loop: - cert - ca - name: Create CSR for CA certificate community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/ca.csr' privatekey_path: '{{ remote_tmp_dir }}/ca.key' subject: commonName: Ansible test CA for Docker HTTPS connection tests useCommonNameForSAN: false basic_constraints: - 'CA:TRUE' basic_constraints_critical: true key_usage: - digitalSignature - Certificate Sign key_usage_critical: true extended_key_usage: - serverAuth # the same as "TLS Web Server Authentication" extended_key_usage_critical: true - name: Create CA certificate community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ca.pem' csr_path: '{{ remote_tmp_dir }}/ca.csr' privatekey_path: '{{ remote_tmp_dir }}/ca.key' provider: selfsigned - name: Create CSR for frontend certificate community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/cert.csr' privatekey_path: '{{ remote_tmp_dir }}/cert.key' subject_alt_name: - DNS:daemon-tls.ansible.com subject_alt_name_critical: true - name: Create frontend certificate community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert.pem' csr_path: '{{ remote_tmp_dir }}/cert.csr' privatekey_path: '{{ remote_tmp_dir }}/cert.key' ownca_path: '{{ remote_tmp_dir }}/ca.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca.key' provider: ownca - name: Copy dynamic files into volume community.docker.docker_container_copy_into: container: '{{ daemon_nginx_frontend }}' path: '{{ remote_tmp_dir }}/{{ item }}' container_path: '/etc/nginx/{{ item }}' owner_id: 0 group_id: 0 loop: - ca.pem - cert.pem - cert.key - name: Start nginx frontend for daemon community.docker.docker_container: name: '{{ daemon_nginx_frontend }}' state: started register: nginx_container - name: Output nginx container network settings ansible.builtin.debug: var: nginx_container.container.NetworkSettings - name: Get proxied daemon URLs ansible.builtin.set_fact: # Since Docker 29, nginx_container.container.NetworkSettings.IPAddress no longer exists. # Use the bridge network's IP address instead... docker_daemon_frontend_https: >- https://{{ nginx_container.container.NetworkSettings.Networks[current_container_network_ip].IPAddress if current_container_network_ip else ( nginx_container.container.NetworkSettings.IPAddress | default(nginx_container.container.NetworkSettings.Networks['bridge'].IPAddress) ) }}:5000 docker_daemon_frontend_http: >- http://{{ nginx_container.container.NetworkSettings.Networks[current_container_network_ip].IPAddress if current_container_network_ip else ( nginx_container.container.NetworkSettings.IPAddress | default(nginx_container.container.NetworkSettings.Networks['bridge'].IPAddress) ) }}:6000 - name: Wait for registry frontend ansible.builtin.uri: url: '{{ docker_daemon_frontend_http }}/version' register: result until: result is success retries: 5 delay: 1 - name: Get docker daemon information directly community.docker.docker_host_info: register: output_direct - name: Show direct host info ansible.builtin.debug: var: output_direct.host_info | sanitize_host_info - name: Get docker daemon information via HTTP community.docker.docker_host_info: docker_host: '{{ docker_daemon_frontend_http }}' register: output_http - name: Show HTTP host info ansible.builtin.debug: var: output_http.host_info | sanitize_host_info - name: Check that information matches ansible.builtin.assert: that: - (output_direct.host_info | sanitize_host_info) == (output_http.host_info | sanitize_host_info) - name: Get docker daemon information via HTTPS community.docker.docker_host_info: docker_host: '{{ docker_daemon_frontend_https }}' tls_hostname: daemon-tls.ansible.com ca_cert: '{{ remote_tmp_dir }}/ca.pem' tls: true validate_certs: true register: output_https - name: Show HTTPS host info ansible.builtin.debug: var: output_https.host_info | sanitize_host_info - name: Check that information matches ansible.builtin.assert: that: - (output_direct.host_info | sanitize_host_info) == (output_https.host_info | sanitize_host_info) always: - name: Obtain logs from the nginx frontend ansible.builtin.command: docker logs {{ daemon_nginx_frontend }} register: output ignore_errors: true - ansible.builtin.debug: var: output.stdout_lines ignore_errors: true - name: Remove container community.docker.docker_container: state: absent name: '{{ daemon_nginx_frontend }}' force_kill: true ignore_errors: true - name: Remove volume community.docker.docker_volume: name: '{{ daemon_nginx_frontend }}' state: absent ignore_errors: true