fix: Replace shell script with Ansible modules for Docker daemon config

- Replace Python heredoc in shell script with native Ansible modules - Use slurp to read existing daemon.json - Use set_fact and copy modules to update configuration - Fixes YAML parsing error with heredoc syntax - More idempotent and Ansible-native approach
2025-11-08 16:05:53 +01:00
parent 76ec4cf28d
commit dbf7f6e002
1 changed files with 53 additions and 32 deletions
--- a/deployment/ansible/playbooks/deploy-image.yml
+++ b/deployment/ansible/playbooks/deploy-image.yml
@@ -174,40 +174,61 @@
      when: not env_file_exists.stat.exists
      become: yes
-    - name: Configure Docker to use HTTP for git.michaelschiemer.de:5000 registry
+    - name: Check if Docker daemon.json exists
-      shell: |
+      stat:
-        # Check if insecure-registries is already configured
+        path: /etc/docker/daemon.json
-        if ! grep -q "git.michaelschiemer.de:5000" /etc/docker/daemon.json 2>/dev/null; then
+      register: docker_daemon_json
-          # Backup existing daemon.json
+      become: yes
-          cp /etc/docker/daemon.json /etc/docker/daemon.json.bak 2>/dev/null || echo '{}' > /etc/docker/daemon.json.bak
+
-          # Add insecure-registries if not present
+    - name: Read existing Docker daemon.json
-          python3 << 'EOF'
+      slurp:
-import json
+        src: /etc/docker/daemon.json
-import sys
+      register: docker_daemon_config
-try:
+      when: docker_daemon_json.stat.exists
-    with open('/etc/docker/daemon.json', 'r') as f:
+      become: yes
-        config = json.load(f)
+      changed_when: false
-except (FileNotFoundError, json.JSONDecodeError):
+
-    config = {}
+    - name: Set Docker daemon configuration with insecure registry
-if 'insecure-registries' not in config:
+      set_fact:
-    config['insecure-registries'] = []
+        docker_daemon_config_dict: "{{ docker_daemon_config.content | b64decode | from_json if (docker_daemon_json.stat.exists and docker_daemon_config.content is defined) else {} }}"
-if 'git.michaelschiemer.de:5000' not in config['insecure-registries']:
+
-    config['insecure-registries'].append('git.michaelschiemer.de:5000')
+    - name: Merge insecure registry into Docker daemon config
-    with open('/etc/docker/daemon.json', 'w') as f:
+      set_fact:
-        json.dump(config, f, indent=2)
+        docker_daemon_config_merged: >-
-    sys.exit(0)  # Changed
+          {%- set config = docker_daemon_config_dict.copy() -%}
-sys.exit(1)  # No change
+          {%- if 'insecure-registries' not in config -%}
-EOF
+            {%- set _ = config.update({'insecure-registries': []}) -%}
-          # Restart Docker daemon if configuration changed
+          {%- endif -%}
-          if [ $? -eq 0 ]; then
+          {%- if 'git.michaelschiemer.de:5000' not in config['insecure-registries'] -%}
-            systemctl restart docker || service docker restart || true
+            {%- set _ = config['insecure-registries'].append('git.michaelschiemer.de:5000') -%}
-            sleep 2
+          {%- endif -%}
-          fi
+          {{ config }}
-        fi
+
    - name: Update Docker daemon.json with insecure registry
      copy:
        dest: /etc/docker/daemon.json
        content: "{{ docker_daemon_config_merged | to_json(indent=2) }}"
        mode: '0644'
      when: docker_daemon_config_merged != docker_daemon_config_dict
      become: yes
      register: docker_daemon_updated
    - name: Restart Docker daemon if configuration changed
      systemd:
        name: docker
        state: restarted
      when: docker_daemon_updated.changed | default(false)
      become: yes
      ignore_errors: yes
-      changed_when: false
+
-      failed_when: false
+    - name: Wait for Docker daemon to be ready
      wait_for:
        port: 2375
        host: localhost
        timeout: 10
      when: docker_daemon_updated.changed | default(false)
      ignore_errors: yes
      become: no
    - name: Deploy application stack with new image
      shell: |