Use registry.kadet.net/podlike insted of official one

This build is able to use private registries so pre-deploy task with
image pull is not longer required

roles/kadet.docker-swarm/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 swarm_global_networks: []
+swarm_global_secrets: []

roles/kadet.docker-swarm/tasks/main.yml

@@ -11,3 +11,9 @@
     driver: "{{ item.driver|default('overlay') }}"
     scope: swarm
   loop: "{{ swarm_global_networks }}"
+
+- name: Init global secrets for swarm
+  community.docker.docker_secret:
+    name: "{{ item.name }}"
+    data: "{{ item.data|string }}"
+  loop: "{{ swarm_global_secrets }}"

services/wipe/config/.env

@@ -1,5 +1,5 @@
 APP_ENV=prod
-APP_KEY=base64:{{ wipe_secret|b64encode }}
+APP_KEY={{ wipe_app_key }}
 APP_DEBUG=false
 APP_URL=https://wipe.kadet.net
 APP_DATABASE=mysql://{{ wipe_database.user }}:{{ wipe_database.password }}@{{ database_mysql_host }}/{{ wipe_database.name }}

services/wipe/stack.yml

@@ -2,7 +2,7 @@ version: '{{ compose_version }}'
 
 services:
   site:
-    image: rycus86/podlike
+    image: registry.kadet.net/podlike
     command: -logs -ipc=false
     networks: ['{{ ingress_network }}']
     deploy:
@@ -26,10 +26,12 @@ services:
         image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
         volumes:
           - www-data:/var/www
+          - storage-data:/var/www/storage
       pod.component.nginx: |
         image: nginx:latest
         volumes:
           - www-data:/var/www
+          - storage-data:/var/www/storage
           - nginx-config:/etc/nginx/templates
       pod.copy.fpm: /var/conf/wipe/.env:/var/www/.env
       pod.init.components: |
@@ -38,6 +40,11 @@ services:
           command: ["cp -r /var/www/* /mnt/www"]
           volumes:
             - www-data:/mnt/www
+        - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
+          entrypoint: ["/bin/sh", "-c"]
+          command: ["cp -rnp /var/www/storage/* /mnt/storage"]
+          volumes:
+            - storage-data:/mnt/storage
         - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
           entrypoint: ["/bin/sh", "-c"]
           command: ["cp -r /var/www/nginx/* /mnt/config"]
@@ -46,10 +53,19 @@ services:
     configs:
       - source: dotenv_{{ dotenv_file.checksum }}
         target: /var/conf/wipe/.env
+    secrets:
+      - source: dockerregistryauth
+        target: /var/run/secrets/podlike/dockerregistryauth.json
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - nginx-config:/mnt/nginx-config
       - www-data:/mnt/www-data
+      - storage-data:/mnt/storage-data
+
+secrets:
+  dockerregistryauth:
+    name: dockerregistryauth
+    external: true
 
 configs:
   dotenv_{{ dotenv_file.checksum }}:
@@ -64,3 +80,7 @@ volumes:
     name: {{'www-data.{{.Task.ID}}'}}
     labels:
       com.github.rycus86.podlike.volume-ref: www-data
+  storage-data:
+    name: {{'www-data.{{.Task.ID}}'}}
+    labels:
+      com.github.rycus86.podlike.volume-ref: storage-data

services/wipe/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 wipe_host: https://wipe.kadet.net
-wipe_version: latest
+wipe_version: '2022.1.0-dev'
 wipe_database:
   name: wipe
   user: wipe

tasks/deploy.yml

@@ -47,6 +47,7 @@
     name: "{{ service }}"
     prune: yes 
     resolve_image: "always"
+    with_registry_auth: yes
     compose:
       - "{{ remote_service_path }}/stack.yml"
       - version: "{{ compose_version }}"

templates/dockerregistryauth.json.j2

@@ -0,0 +1,8 @@
+{
+  "auths": {
+    "registry.kadet.net": {
+      "username": "{{ swarm_registry_user.name }}",
+      "password": "{{ swarm_registry_user.password }}"
+    }
+  }
+}

vars/environment.yml

@@ -13,3 +13,16 @@ pip_executable: pip3
 swarm_global_networks:
  - name: traefik
 swarm_host_address: "{{ ansible_docker0.ipv4.address }}"
+swarm_registry_user:
+  name: docker-swarm
+  password: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    62333030343330666634643234323865303633343330333030303066363264323434656637356233
+    6165386664316536366235366336393561306139346235610a393566633363383734353933366331
+    36343364643366626230303463633164393336363736633662643536646539616235393232643930
+    3266326630393535660a393764376130343264643064613131393663333836356337613566343130
+    65353438613864373962636463613836313034633963613834393233376136313861303538346265
+    6139666332373137303962646530353364333732353339313262
+swarm_global_secrets:
+ - name: dockerregistryauth
+   data: "{{ lookup('ansible.builtin.template', 'templates/dockerregistryauth.json.j2', convert_data=False)|string }}"

vars/services.yml

@@ -77,14 +77,15 @@ service_config:
           3630326566313239320a653634383431613333636138313330306634626139333830643135373331
           37303233613065646638303535643535386162316330316161383537313132626261356465313065
           6134633232366434643833333762316462363639653034636438
-    wipe_secret: !vault |
+    wipe_app_key: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          65376438366231353937393636626635383236353261653230333438623532373162376465393730
-          3337376563306331616261663136626136373330656138660a363434656133386565363634376237
-          38633266386533333836363333323832333630366538323463343637343364656564383734643731
-          6638396338366430620a643931636661343336353838373834313163623566653237653263643363
-          65623661623039306461326136636162363834616563346632343730383730616633623861383865
-          3332393865376631346632653462366363623231393839613366
+          30306566363866333062336664383663643432386536396630363136636464643831633966333839
+          6538383236363132346639363634366164353231636163320a633136336434386230323962356132
+          34313763633238333132396264613836646632613438366666393038393836633231663666353635
+          3164633461356431370a383834626262613838363961346132316330663838366335666565333739
+          33323335636233376563383331663732303863383761343739393039633662386565613962663165
+          62643132313336356365313465353263626565616434633963343764653330316566613633633638
+          623838613832393239343036396439383561
     wipe_mail:
       host: smtp.googlemail.com
       user: !vault |
@@ -117,6 +118,7 @@ service_config:
 
   registry:
     registry_users:
+      - "{{ swarm_registry_user }}"
       - name: kadet
         password: !vault |
           $ANSIBLE_VAULT;1.1;AES256
@@ -135,15 +137,6 @@ service_config:
           3861393364356136350a393433613066663535333934636664613164653139323166343030633566
           36343734666637336665316231636631313633336331306633386665616337363166646132366133
           6166376237646566656166386631303732633831323961363038
-      - name: docker-swarm
-        password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          62333030343330666634643234323865303633343330333030303066363264323434656637356233
-          6165386664316536366235366336393561306139346235610a393566633363383734353933366331
-          36343364643366626230303463633164393336363736633662643536646539616235393232643930
-          3266326630393535660a393764376130343264643064613131393663333836356337613566343130
-          65353438613864373962636463613836313034633963613834393233376136313861303538346265
-          6139666332373137303962646530353364333732353339313262
       - name: andrzej
         password: !vault |
           $ANSIBLE_VAULT;1.1;AES256