Basic volume example working.

README.md

@@ -238,4 +238,39 @@ If all goes well, you should have four new docker images:
 
 ### Time to push!
 
+#### Prerequisites
+
+* Docker registry to you have permissions to push to
+* Changes made to the [inventory variables](examples/organized-environment/group_vars/all.yml) for:
+  * registry
+  * registry_username
+  * registry_password
+  * repository_path (optional)
+* Changes made to the [inventory hosts](examples/organized-environment/inventory.yml) list for:
+  * docker_nodes
+
+#### The push playbook
+
+From the directory containing this set of playbooks, run:
+
+`ansible-playbook -i examples/organized-environment/inventory.yml push.yml`
+
+This will log in to the repository and perform the necessary tasks to have your newly built images pushed to your Docker
+registry.
+
+That's it! There's very little to this step, but it is separated out to prevent unintentional pushing of an image prior
+to validation that it is correct.
+
 ### Time to deploy!
+
+#### Prerequisites
+
+* Operational Docker Swarm environment.
+
+TODO - Add Swarm bringup playbooks and documentation.
+
+#### The deploy playbook
+
+From the directory containing this set of playbooks, run:
+
+`ansible-playbook -i examples/organized-environment/inventory.yml deploy.yml`

examples/organized-environment/group_vars/all.yml

@@ -26,4 +26,18 @@ common_stage_items:
     # because dest is, effectively, /opt/splunk, have this directory copied to a subdirectory
     dest_sub_path: etc/apps/docker_forwarder_outputs
     # but only when building the primary (not standalone) build
-    condition: "{{ build_vars.primary_build }}"
+    condition: "{{ build_vars.primary_build }}"
+
+# common swarm service limits
+limit_cpu: 1
+limit_memory: 2G
+restart_policy: any
+
+# hostname and path to the registry.  this should include only any path components that are general to the registry,
+# and not any that are specific to where your image will be stored on that registry
+#registry:
+# log in to the registry with these credentials
+#registry_username:
+#registry_password:
+# path on the registry to our repository (optional)
+#repository_path:

examples/organized-environment/inventory.yml

@@ -1,35 +1,73 @@
 all:
   children:
-    # defines which host will perform the build
-    # only the first host in this group will ever be used
-    docker_build_hosts:
-      hosts:
-        # for these examples we'll build images on the same host ansible is running on
-        localhost:
-          connection: local
-
-    docker_build_images:
-
-      # each image we want to build is defined as a host, and thus can make use of ansible's variable precedence
-      hosts:
-
-        # don't do much other than run splunk
-        hello_swarm_forwarder:
-          # every image definition must have a version
-          version: 1.0.0
-
-        # enable healthcheck for the _internal index
-        internal_healthcheck_forwarder:
-          # remember every image must have a version number
-          version: 1.0.0
-
-          # perform the check every 30 seconds
-          healthcheck_interval_seconds: 30
-
-          # in splunk's metrics.log
-          # for the per_index_thruput group
-          healthcheck_metrics_group: per_index_thruput
-          # for the _internal series
-          healthcheck_metrics_series: _internal
-          # expect to see non-zero thruput no older than 60 seconds
-          healthcheck_allowed_age_seconds: 6
+    # docker_nodes is the parent group for docker_build_hosts and docker_swarm_nodes
+    docker_nodes:
+      children:
+        # defines which host will perform the build
+        # only the first host in this group will ever be used
+        docker_build_hosts:
+          hosts:
+            # for these examples we'll build images on the same host ansible is running on
+            # but we give it a made up name, which doesn't matter as we override connection
+            docker-build:
+              ansible_host: localhost
+              ansible_connection: local
+        docker_swarm_nodes:
+          children:
+            # swarm managers are a subset of swarm nodes that are defined as managers of the node
+            # however it is valid, and potentially preferred, for all swarm nodes to be managers
+            docker_swarm_managers:
+              hosts:
+                # for these examples we'll deploy images on the same host ansible is running on
+                # but we give it a made up name, which doesn't matter as we override connection
+                docker-swarm01:
+                  ansible_hostname: localhost
+                  ansible_connection: local
+
+
+    # because we plan on deploying all of our images that we've built, docker_services is a group that contains
+    # docker_build_images
+    docker_services:
+      children:
+        docker_build_images:
+
+          # each image we want to build is defined as a host, and thus can make use of ansible's variable precedence
+          hosts:
+
+            # don't do much other than run splunk
+            hello_swarm_forwarder:
+              # every image definition must have a version
+              version: 1.0.0
+
+            # enable healthcheck for the _internal index
+            internal_healthcheck_forwarder:
+              # remember every image must have a version number
+              version: 1.0.0
+
+              # perform the check every 30 seconds
+              healthcheck_interval_seconds: 30
+
+              # in splunk's metrics.log
+              # for the per_index_thruput group
+              healthcheck_metrics_group: per_index_thruput
+              # for the _internal series
+              healthcheck_metrics_series: _internal
+              # expect to see non-zero thruput no older than 60 seconds
+              healthcheck_allowed_age_seconds: 6
+
+            # bind mount
+            volumes_mounted_forwarder:
+              version: 1.0.0
+
+              host_volumes:
+                # create a bind mount to see how the container can be made aware of specific host data
+                - mount_type: service_bind
+                  source: /etc/hosts
+                  target: "{{ splunk_home }}/host_etc_hosts"
+
+                # create a persistent volume for $SPLUNK_HOME/var
+                # note that if your swarm nodes don't have a common storage path, this likely needs to be NFS
+                # or it's only persistent per node, and not across all nodes
+                - mount_type: service_volume
+                  name: volumes_mounted_forwarder_service_volume
+                  path: "{{ splunk_home }}/var"

roles/docker_image_push/tasks/push_image.yml

@@ -2,7 +2,8 @@
   docker_image:
     name: "{{ repository_push_image }}"
     state: absent
-  become: yes
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"
   when: build_vars.push_when | default(false)
 
 - name: "{{ build_vars.tag }} perform docker push"
@@ -14,5 +15,6 @@
     # to trigger a push of an existing image/tag, the key seems to be for repository to be set to <registry>/<image>
     repository: "{{ repository }}/{{ docker_image_name }}"
     push: yes
-  become: yes
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"
   when: build_vars.push_when | default(false)

roles/docker_login/tasks/main.yml

@@ -3,6 +3,7 @@
     registry: "{{ registry }}"
     username: "{{ registry_username }}"
     password: "{{ registry_password }}"
-  become: yes
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"
   loop: "{{ groups['docker_nodes'] }}"
   delegate_to: "{{ item }}"

roles/docker_service_deploy/defaults/main.yml

@@ -5,3 +5,9 @@ host_publish: []
 
 common_docker_configs: []
 host_docker_configs: []
+
+splunk_home: /opt/splunk
+splunk_user: splunk
+splunk_user_id: 8089
+splunk_group: splunk
+splunk_group_id: 8089

roles/docker_service_deploy/tasks/create_configs.yml

@@ -6,4 +6,5 @@
     name: "{% if intermediate_configs is defined and intermediate_configs %}{{ item.content | to_uuid }}{% else %}{{ item.name }}{% endif %}"
   loop: "{{ docker_configs }}"
   when: item is default_or_present
-  become: true
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"

roles/docker_service_deploy/tasks/create_service.yml

@@ -16,7 +16,8 @@
     user: "{{ user }}"
     log_driver: "{{ log_driver | default(omit) }}"
     log_driver_options: "{{ log_driver_options | default(omit) }}"
-  become: true
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"
   # tagged to allow skipping to allow only management of volumes
   tags:
     - service

roles/docker_service_deploy/tasks/create_volume.yml

@@ -1,24 +1,25 @@
 # the volume_ variables are templated in this role's vars/main.yml
 
-- name: create volume's persistent storage path
+- name: create nfs volume's persistent storage path
   file:
     path: "{{ volume_create_path }}"
     state: directory
     owner: "{{ volume_owner }}"
     group: "{{ volume_group }}"
-  when: volume_create_path != ''
   become: true
+  when: volume_type == 'nfs' and volume_create_path != ''
 
 # each node needs to be individually configured for the volume
 - name: create volume
   docker_volume:
     name: "{{ volume_name }}"
-    driver: "{{ volume_driver }}"
+    driver: "{{ volume_driver | default(omit) }}"
     driver_options:
-      type: "{{ volume_driver_option_type }}"
-      o: "{{ volume_driver_option_o }}"
-      device: "{{ volume_driver_option_device }}"
+      type: "{{ volume_driver_option_type | default(omit) }}"
+      o: "{{ volume_driver_option_o | default(omit) }}"
+      device: "{{ volume_driver_option_device | default(omit) }}"
     state: present
-  become: true
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"
   loop: "{{ groups['docker_swarm_nodes'] }}"
   delegate_to: "{{ item }}"

roles/docker_service_deploy/tasks/main.yml

@@ -4,7 +4,7 @@
   vars:
     volume_path: "{{ volume_item.path }}"
     volume_name: "{{ volume_item.name }}"
-    volume_type: "{{ volume_item.volume_type }}"
+    volume_type: "{{ volume_item.volume_type | default('vanilla') }}"
     volume_owner: "{{ volume_item.owner | default(omit) }}"
     volume_group: "{{ volume_item.group | default(omit) }}"
   when: "(volume_item.mount_type == 'service_volume') and (state|default('present') == 'present') and (volume_item is default_or_present)"

roles/docker_service_deploy/tasks/remove_configs.yml

@@ -4,4 +4,5 @@
     state: absent
   loop: "{{ docker_configs }}"
   when: "(state is defined and state=='absent') or (item is defined_absent) or (intermediate_configs is defined and intermediate_configs)"
-  become: true
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"

roles/docker_service_deploy/tasks/remove_volume.yml

@@ -3,6 +3,7 @@
   docker_volume:
     name: "{{ volume_name }}"
     state: absent
-  become: true
+  become: "{{ docker_become_user is defined }}"
+  become_user: "{{ docker_become_user|default(omit) }}"
   loop: "{{ groups['docker_swarm_nodes'] }}"
   delegate_to: "{{ item }}"

roles/docker_service_deploy/vars/docker_service_templated_config.yml.j2

@@ -1,4 +1,4 @@
-{% if volumes %}
+{% if volumes | selectattr('mount_type', 'in', ['service_volume', 'service_bind']) | list %}
 volumes:
 {% for volume in volumes %}
 {% if volume.mount_type == 'service_volume' %}
@@ -15,7 +15,7 @@ volumes:
 {% endif %}
 {% endfor %}
 {% else %}
-volume_configs: {{ omit }}
+volumes: {{ omit }}
 {% endif %}
 
 # this is the final set of configs, with the predictable and defined names

roles/docker_service_deploy/vars/main.yml

@@ -1,3 +1,9 @@
+# the "normal" volumes don't need these options
+vanilla_volume_driver: "{{ omit }}"
+vanilla_volume_driver_option_type: "{{ omit }}"
+vanilla_volume_driver_option_o: "{{ omit }}"
+vanilla_volume_driver_option_device: "{{ omit }}"
+
 # these vars are used to aid dynamic variable names
 
 # template volume driver var *names* (not values)