Create all containers from registry images instead of rebuilding images.

DEV_GUIDELINES.md

@@ -0,0 +1 @@
+- Image building must be done in a dedicated playbook and deployment playbooks must pull images from registry (or local cache loaded with images from backup in case of disaster recovery), because building could fail for any number of reasons (assets retrieved from Internet no longer available for example).

roles/role_deploy_SemanticScuttle/tasks/main.yml

@@ -78,22 +78,17 @@
     - scuttle_php5-fpm_conf
   when: not scuttle_installed_flag.stat.exists
 
-- name: Build image
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
-  ansible.builtin.include_role:
+  containers.podman.podman_login:
-    name: role_build_container_image
+    username: "{{ private_registry_user }}"
-  vars:
+    password: "{{ private_registry_password }}"
-    image: "{{ item }}"
+    registry: "{{ private_registry_domain }}"
-  with_items:
+  become: true
-    - repo_url: "https://git.{{ DOMAIN }}/yohan/docker-apache-for-fpm.git"
-      repo_name: docker-apache-for-fpm
-      name: apache-scuttle
-      result_var: apache_scuttle_result
 
 - name: Create apache-scuttle container
   containers.podman.podman_container:
     name: apache-scuttle
-    image: apache-scuttle
+    image: "{{ private_registry_domain }}/apache-scuttle:72099cd4a1"
-    recreate: "{{ apache_scuttle_result is changed }}"
     network:
       - reverse-proxy
       - php5-fpm
@@ -104,13 +99,6 @@
       SERVER_NAME: "scuttle.{{ DOMAIN }}"
   become: true
 
-- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
-  containers.podman.podman_login:
-    username: "{{ private_registry_user }}"
-    password: "{{ private_registry_password }}"
-    registry: "{{ private_registry_domain }}"
-  become: true
-
 - name: Create php5-fpm container
   containers.podman.podman_container:
     name: php5-fpm

roles/role_deploy_coturn/tasks/main.yml

@@ -1,19 +1,15 @@
 ---
-- name: Build image
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
-  ansible.builtin.include_role:
+  containers.podman.podman_login:
-    name: role_build_container_image
+    username: "{{ private_registry_user }}"
-  vars:
+    password: "{{ private_registry_password }}"
-    image: "{{ item }}"
+    registry: "{{ private_registry_domain }}"
-  with_items:
+  become: true
-    - repo_url: "https://git.{{ DOMAIN }}/yohan/docker-coturn.git"
-      repo_name: docker-coturn
-      name: coturn
-      result_var: coturn_result
 
 - name: Create coturn container
   containers.podman.podman_container:
     name: coturn
-    image: coturn
+    image: "{{ private_registry_domain }}/coturn:075fc0f303"
     command:
       - "--listening-port"
       - "3478"
@@ -30,7 +26,6 @@
       - "0"
       - "--stale-nonce"
       - "--no-multicast-peers"
-    recreate: "{{ coturn_result is changed }}"
     state: present
     network:
       - host

tasks/deploy_mysql-server.yml

@@ -8,26 +8,21 @@
   ansible.builtin.include_tasks: "tasks/mysql-server_install_from_backup_stage_1.yml"
   when: not mysql_installed_flag.stat.exists
 
-- name: Build image
-  ansible.builtin.include_role:
-    name: role_build_container_image
-  vars:
-    image: "{{ item }}"
-  with_items:
-    - repo_url: https://github.com/yohan-b/docker-mysql.git
-      repo_name: docker-mysql
-      name: mysql-server
-      result_var: mysql_server_result
-
 - name: Include tasks/mysql-server_install_from_backup_stage_2.yml
   ansible.builtin.include_tasks: "tasks/mysql-server_install_from_backup_stage_2.yml"
   when: not mysql_installed_flag.stat.exists
 
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  containers.podman.podman_login:
+    username: "{{ private_registry_user }}"
+    password: "{{ private_registry_password }}"
+    registry: "{{ private_registry_domain }}"
+  become: true
+
 - name: Create mysql-server container
   containers.podman.podman_container:
     name: mysql-server
-    image: mysql-server
+    image: "{{ private_registry_domain }}/mysql-server:d45a11010d"
-    recreate: "{{ mysql_server_result is changed }}"
     network:
       - mysqlnet
     volume:

tasks/deploy_reverse-proxy.yml

@@ -94,22 +94,17 @@
   become: true
   when: not reverse_proxy_installed_flag.stat.exists
 
-- name: Build image
+- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
-  ansible.builtin.include_role:
+  containers.podman.podman_login:
-    name: role_build_container_image
+    username: "{{ private_registry_user }}"
-  vars:
+    password: "{{ private_registry_password }}"
-    image: "{{ item }}"
+    registry: "{{ private_registry_domain }}"
-  with_items:
+  become: true
-    - repo_url: https://github.com/yohan-b/docker-reverse-proxy.git
-      repo_name: docker-reverse-proxy
-      name: reverse-proxy
-      result_var: reverse_proxy_result
 
 - name: Create reverse-proxy container
   containers.podman.podman_container:
     name: reverse-proxy
-    image: reverse-proxy
+    image: "{{ private_registry_domain }}/reverse-proxy:8c0dc1f517"
-    recreate: "{{ reverse_proxy_result is changed }}"
     network:
       - reverse-proxy
     ports:

tasks/mysql-server_install_from_backup_stage_2.yml

@@ -13,8 +13,7 @@
 - name: Populate mysql-server_data volume
   containers.podman.podman_container:
     name: mysql-server-populate
-    image: mysql-server
+    image: mysql-server:d45a11010d
-    recreate: "{{ image is changed }}"
     auto_remove: true
     volume:
       - /mnt/volumes/mysql-server_data/data:/mnt/mysql:z