From 4c91837329f2adb780b82165ffa84b243ee28ac1 Mon Sep 17 00:00:00 2001
From: yohan <783b8c87@scimetis.net>
Date: Sat, 13 Apr 2024 16:11:17 +0200
Subject: [PATCH] Create all containers from registry images instead of
 rebuilding images.

---
 DEV_GUIDELINES.md                             |  1 +
 .../tasks/main.yml                            | 26 +++++--------------
 roles/role_deploy_coturn/tasks/main.yml       | 19 +++++---------
 tasks/deploy_mysql-server.yml                 | 21 ++++++---------
 tasks/deploy_reverse-proxy.yml                | 19 +++++---------
 ...sql-server_install_from_backup_stage_2.yml |  3 +--
 6 files changed, 31 insertions(+), 58 deletions(-)
 create mode 100644 DEV_GUIDELINES.md

diff --git a/DEV_GUIDELINES.md b/DEV_GUIDELINES.md
new file mode 100644
index 0000000..15b3956
--- /dev/null
+++ b/DEV_GUIDELINES.md
@@ -0,0 +1 @@
+- Image building must be done in a dedicated playbook and deployment playbooks must pull images from registry (or local cache loaded with images from backup in case of disaster recovery), because building could fail for any number of reasons (assets retrieved from Internet no longer available for example).
diff --git a/roles/role_deploy_SemanticScuttle/tasks/main.yml b/roles/role_deploy_SemanticScuttle/tasks/main.yml
index 6f85197..2d25016 100644
--- a/roles/role_deploy_SemanticScuttle/tasks/main.yml
+++ b/roles/role_deploy_SemanticScuttle/tasks/main.yml
@@ -78,22 +78,17 @@
     - scuttle_php5-fpm_conf
   when: not scuttle_installed_flag.stat.exists
 
-- name: Build image
-  ansible.builtin.include_role:
-    name: role_build_container_image
-  vars:
-    image: "{{ item }}"
-  with_items:
-    - repo_url: "https://git.{{ DOMAIN }}/yohan/docker-apache-for-fpm.git"
-      repo_name: docker-apache-for-fpm
-      name: apache-scuttle
-      result_var: apache_scuttle_result
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  containers.podman.podman_login:
+    username: "{{ private_registry_user }}"
+    password: "{{ private_registry_password }}"
+    registry: "{{ private_registry_domain }}"
+  become: true
 
 - name: Create apache-scuttle container
   containers.podman.podman_container:
     name: apache-scuttle
-    image: apache-scuttle
-    recreate: "{{ apache_scuttle_result is changed }}"
+    image: "{{ private_registry_domain }}/apache-scuttle:72099cd4a1"
     network:
       - reverse-proxy
       - php5-fpm
@@ -104,13 +99,6 @@
       SERVER_NAME: "scuttle.{{ DOMAIN }}"
   become: true
 
-- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
-  containers.podman.podman_login:
-    username: "{{ private_registry_user }}"
-    password: "{{ private_registry_password }}"
-    registry: "{{ private_registry_domain }}"
-  become: true
-
 - name: Create php5-fpm container
   containers.podman.podman_container:
     name: php5-fpm
diff --git a/roles/role_deploy_coturn/tasks/main.yml b/roles/role_deploy_coturn/tasks/main.yml
index f2af385..cbb192c 100644
--- a/roles/role_deploy_coturn/tasks/main.yml
+++ b/roles/role_deploy_coturn/tasks/main.yml
@@ -1,19 +1,15 @@
 ---
-- name: Build image
-  ansible.builtin.include_role:
-    name: role_build_container_image
-  vars:
-    image: "{{ item }}"
-  with_items:
-    - repo_url: "https://git.{{ DOMAIN }}/yohan/docker-coturn.git"
-      repo_name: docker-coturn
-      name: coturn
-      result_var: coturn_result
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  containers.podman.podman_login:
+    username: "{{ private_registry_user }}"
+    password: "{{ private_registry_password }}"
+    registry: "{{ private_registry_domain }}"
+  become: true
 
 - name: Create coturn container
   containers.podman.podman_container:
     name: coturn
-    image: coturn
+    image: "{{ private_registry_domain }}/coturn:075fc0f303"
     command:
       - "--listening-port"
       - "3478"
@@ -30,7 +26,6 @@
       - "0"
       - "--stale-nonce"
       - "--no-multicast-peers"
-    recreate: "{{ coturn_result is changed }}"
     state: present
     network:
       - host
diff --git a/tasks/deploy_mysql-server.yml b/tasks/deploy_mysql-server.yml
index ad7a83f..edb4039 100644
--- a/tasks/deploy_mysql-server.yml
+++ b/tasks/deploy_mysql-server.yml
@@ -8,26 +8,21 @@
   ansible.builtin.include_tasks: "tasks/mysql-server_install_from_backup_stage_1.yml"
   when: not mysql_installed_flag.stat.exists
 
-- name: Build image
-  ansible.builtin.include_role:
-    name: role_build_container_image
-  vars:
-    image: "{{ item }}"
-  with_items:
-    - repo_url: https://github.com/yohan-b/docker-mysql.git
-      repo_name: docker-mysql
-      name: mysql-server
-      result_var: mysql_server_result
-
 - name: Include tasks/mysql-server_install_from_backup_stage_2.yml
   ansible.builtin.include_tasks: "tasks/mysql-server_install_from_backup_stage_2.yml"
   when: not mysql_installed_flag.stat.exists
 
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  containers.podman.podman_login:
+    username: "{{ private_registry_user }}"
+    password: "{{ private_registry_password }}"
+    registry: "{{ private_registry_domain }}"
+  become: true
+
 - name: Create mysql-server container
   containers.podman.podman_container:
     name: mysql-server
-    image: mysql-server
-    recreate: "{{ mysql_server_result is changed }}"
+    image: "{{ private_registry_domain }}/mysql-server:d45a11010d"
     network:
       - mysqlnet
     volume:
diff --git a/tasks/deploy_reverse-proxy.yml b/tasks/deploy_reverse-proxy.yml
index 3ce7914..b408a45 100644
--- a/tasks/deploy_reverse-proxy.yml
+++ b/tasks/deploy_reverse-proxy.yml
@@ -94,22 +94,17 @@
   become: true
   when: not reverse_proxy_installed_flag.stat.exists
 
-- name: Build image
-  ansible.builtin.include_role:
-    name: role_build_container_image
-  vars:
-    image: "{{ item }}"
-  with_items:
-    - repo_url: https://github.com/yohan-b/docker-reverse-proxy.git
-      repo_name: docker-reverse-proxy
-      name: reverse-proxy
-      result_var: reverse_proxy_result
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  containers.podman.podman_login:
+    username: "{{ private_registry_user }}"
+    password: "{{ private_registry_password }}"
+    registry: "{{ private_registry_domain }}"
+  become: true
 
 - name: Create reverse-proxy container
   containers.podman.podman_container:
     name: reverse-proxy
-    image: reverse-proxy
-    recreate: "{{ reverse_proxy_result is changed }}"
+    image: "{{ private_registry_domain }}/reverse-proxy:8c0dc1f517"
     network:
       - reverse-proxy
     ports:
diff --git a/tasks/mysql-server_install_from_backup_stage_2.yml b/tasks/mysql-server_install_from_backup_stage_2.yml
index 3f4843d..04a0ae3 100644
--- a/tasks/mysql-server_install_from_backup_stage_2.yml
+++ b/tasks/mysql-server_install_from_backup_stage_2.yml
@@ -13,8 +13,7 @@
 - name: Populate mysql-server_data volume
   containers.podman.podman_container:
     name: mysql-server-populate
-    image: mysql-server
-    recreate: "{{ image is changed }}"
+    image: mysql-server:d45a11010d
     auto_remove: true
     volume:
       - /mnt/volumes/mysql-server_data/data:/mnt/mysql:z