SET-626 Olympus - Ensure Ansible updates Nginx images

jboss-set · Mar 17, 2024 · 7a8a11d · 7a8a11d
1 parent 85784bb
commit 7a8a11d
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 0 deletions.
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
@@ -10,6 +10,7 @@ nginx_https_ssl_home: "/home/nginx/ssl"
 nginx_https_ssl_cert: "nginx.crt"
 nginx_https_ssl_private_key: "nginx.pem"
 nginx_https_ssl_csr: "nginx.csr"
+nginx_latest_image: "nginx:latest"
 nginx_apps:
   - { name: 'prbz_view', url: "{{ prbz_overview_url | default('/prbz-overview/') }}", logo: 'img/pr-bz-overview-logo.png' }
   - { name: 'jenkins',   url: "https://{{ ansible_nodename }}/jenkins", logo: 'img/jenkins-logo.png' }

diff --git a/roles/nginx/tasks/nginx_update.yml b/roles/nginx/tasks/nginx_update.yml
@@ -0,0 +1,44 @@
+---
+- name: Gather info on a current nginx image
+  containers.podman.podman_image_info:
+    name: "{{ files.name }}"
+  register: local_image_tags
+  with_items: "{{ podman.images.remotes }}"
+  loop_control:
+    loop_var: files
+
+- name: Store current nginx image value in a variable
+  set_fact:
+    nginx_latest_image_tag: "{{ item.images[0].RepoTags[0] }}"
+  when: "'nginx' in item.images[0].RepoTags[0]"
+  loop: "{{ local_image_tags.results }}"
+
+- name: Pull the latest Nginx image
+  shell: "podman pull {{ nginx.latest_image }}"
+  register: nginx_latest_image_result
+  when: "nginx.latest_image not in nginx_latest_image_tag"
+
+- name: Get current Nginx container info
+  command: podman ps --format "{{ '{{.Names}}' }}" --filter ancestor="{{ nginx_latest_image_tag }}"
+  register: nginx_container_info
+  when: nginx_latest_image_result.changed  # Only execute if the image was updated
+
+- name: Extract current container name
+  set_fact:
+    container_name: "{{ nginx_container_info.stdout_lines | first }}"
+  when: nginx_latest_image_result.changed
+
+- name: Stop and remove the current container
+  containers.podman.podman_container:
+    name: "{{ container_name }}"
+    state: absent
+  ignore_errors: true  # Ignore errors if the container doesn't exist
+
+- name: Start the latest Nginx container
+  containers.podman.podman_container:
+    name: "{{ container_name }}"
+    image: "{{ nginx.latest_image }}"
+    state: started
+  when: nginx_latest_image_result.changed
+  notify:
+    - restart nginx
diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml
@@ -7,6 +7,7 @@ nginx:
   home: "{{ nginx_home }}"
   volume: "{{ nginx_volume }}"
   docroot: "{{ nginx_http_docroot }}"
+  latest_image: "{{ nginx_latest_image }}"
   https:
     ssl:
       home: "{{ nginx_https_ssl_home }}"

diff --git a/roles/podman/tasks/images.yml b/roles/podman/tasks/images.yml
@@ -32,6 +32,11 @@
   loop_control:
     loop_var: files
 
+- name: "Update nginx image if required"
+  ansible.builtin.include_role:
+    name: nginx
+    tasks_from: nginx_update.yml
+
 - name: "Ensure local images are successfully build"
   containers.podman.podman_image:
     name: "{{ files.tag }}"