From dbf7f6e002f834b3c4dcb88fcfe2a2c4aa778fd3 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Sat, 8 Nov 2025 16:05:53 +0100
Subject: [PATCH] fix: Replace shell script with Ansible modules for Docker
 daemon config

- Replace Python heredoc in shell script with native Ansible modules
- Use slurp to read existing daemon.json
- Use set_fact and copy modules to update configuration
- Fixes YAML parsing error with heredoc syntax
- More idempotent and Ansible-native approach
---
 deployment/ansible/playbooks/deploy-image.yml | 85 ++++++++++++-------
 1 file changed, 53 insertions(+), 32 deletions(-)

diff --git a/deployment/ansible/playbooks/deploy-image.yml b/deployment/ansible/playbooks/deploy-image.yml
index 0a1460db..45a4b3c5 100644
--- a/deployment/ansible/playbooks/deploy-image.yml
+++ b/deployment/ansible/playbooks/deploy-image.yml
@@ -174,40 +174,61 @@
       when: not env_file_exists.stat.exists
       become: yes
 
-    - name: Configure Docker to use HTTP for git.michaelschiemer.de:5000 registry
-      shell: |
-        # Check if insecure-registries is already configured
-        if ! grep -q "git.michaelschiemer.de:5000" /etc/docker/daemon.json 2>/dev/null; then
-          # Backup existing daemon.json
-          cp /etc/docker/daemon.json /etc/docker/daemon.json.bak 2>/dev/null || echo '{}' > /etc/docker/daemon.json.bak
-          # Add insecure-registries if not present
-          python3 << 'EOF'
-import json
-import sys
-try:
-    with open('/etc/docker/daemon.json', 'r') as f:
-        config = json.load(f)
-except (FileNotFoundError, json.JSONDecodeError):
-    config = {}
-if 'insecure-registries' not in config:
-    config['insecure-registries'] = []
-if 'git.michaelschiemer.de:5000' not in config['insecure-registries']:
-    config['insecure-registries'].append('git.michaelschiemer.de:5000')
-    with open('/etc/docker/daemon.json', 'w') as f:
-        json.dump(config, f, indent=2)
-    sys.exit(0)  # Changed
-sys.exit(1)  # No change
-EOF
-          # Restart Docker daemon if configuration changed
-          if [ $? -eq 0 ]; then
-            systemctl restart docker || service docker restart || true
-            sleep 2
-          fi
-        fi
+    - name: Check if Docker daemon.json exists
+      stat:
+        path: /etc/docker/daemon.json
+      register: docker_daemon_json
+      become: yes
+
+    - name: Read existing Docker daemon.json
+      slurp:
+        src: /etc/docker/daemon.json
+      register: docker_daemon_config
+      when: docker_daemon_json.stat.exists
+      become: yes
+      changed_when: false
+
+    - name: Set Docker daemon configuration with insecure registry
+      set_fact:
+        docker_daemon_config_dict: "{{ docker_daemon_config.content | b64decode | from_json if (docker_daemon_json.stat.exists and docker_daemon_config.content is defined) else {} }}"
+
+    - name: Merge insecure registry into Docker daemon config
+      set_fact:
+        docker_daemon_config_merged: >-
+          {%- set config = docker_daemon_config_dict.copy() -%}
+          {%- if 'insecure-registries' not in config -%}
+            {%- set _ = config.update({'insecure-registries': []}) -%}
+          {%- endif -%}
+          {%- if 'git.michaelschiemer.de:5000' not in config['insecure-registries'] -%}
+            {%- set _ = config['insecure-registries'].append('git.michaelschiemer.de:5000') -%}
+          {%- endif -%}
+          {{ config }}
+
+    - name: Update Docker daemon.json with insecure registry
+      copy:
+        dest: /etc/docker/daemon.json
+        content: "{{ docker_daemon_config_merged | to_json(indent=2) }}"
+        mode: '0644'
+      when: docker_daemon_config_merged != docker_daemon_config_dict
+      become: yes
+      register: docker_daemon_updated
+
+    - name: Restart Docker daemon if configuration changed
+      systemd:
+        name: docker
+        state: restarted
+      when: docker_daemon_updated.changed | default(false)
       become: yes
       ignore_errors: yes
-      changed_when: false
-      failed_when: false
+
+    - name: Wait for Docker daemon to be ready
+      wait_for:
+        port: 2375
+        host: localhost
+        timeout: 10
+      when: docker_daemon_updated.changed | default(false)
+      ignore_errors: yes
+      become: no
 
     - name: Deploy application stack with new image
       shell: |