Automatically force-pull :latest images

We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).

roles/matrix-bridge-appservice-discord/defaults/main.yml

@@ -4,6 +4,7 @@
 matrix_appservice_discord_enabled: true
 
 matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest"
+matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"
 
 matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
 

roles/matrix-bridge-appservice-discord/tasks/setup_install.yml

@@ -12,6 +12,8 @@
   docker_image:
     name: "{{ matrix_appservice_discord_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}"
 
 - name: Ensure Appservice Discord base directory exists
   file:

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -4,6 +4,7 @@
 matrix_appservice_irc_enabled: true
 
 matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
+matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 
 matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
 

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -12,6 +12,8 @@
   docker_image:
     name: "{{ matrix_appservice_irc_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
 
 - name: Ensure Appservice IRC base directory exists
   file:

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -4,6 +4,7 @@
 matrix_mautrix_facebook_enabled: true
 
 matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
+matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
 matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/config"

roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -12,6 +12,8 @@
   docker_image:
     name: "{{ matrix_mautrix_facebook_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}"
 
 - name: Ensure Mautrix Facebook paths exist
   file:

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -4,6 +4,7 @@
 matrix_mautrix_telegram_enabled: true
 
 matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.2"
+matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
 

roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -12,6 +12,8 @@
   docker_image:
     name: "{{ matrix_mautrix_telegram_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}"
 
 - name: Ensure Mautrix Telegram base directory exists
   file:

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -4,6 +4,7 @@
 matrix_mautrix_whatsapp_enabled: true
 
 matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
+matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
 

roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -12,6 +12,8 @@
   docker_image:
     name: "{{ matrix_mautrix_whatsapp_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}"
 
 - name: Ensure Mautrix Whatsapp base directory exists
   file:

roles/matrix-corporal/defaults/main.yml

@@ -20,6 +20,8 @@ matrix_corporal_container_extra_arguments: []
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
 matrix_corporal_docker_image: "devture/matrix-corporal:1.4.0"
+matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
+
 matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
 matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
 matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"

roles/matrix-corporal/tasks/setup_corporal.yml

@@ -21,6 +21,8 @@
   docker_image:
     name: "{{ matrix_corporal_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}"
   when: matrix_corporal_enabled|bool
 
 - name: Ensure Matrix Corporal config installed

roles/matrix-coturn/defaults/main.yml

@@ -1,6 +1,7 @@
 matrix_coturn_enabled: true
 
 matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.1"
+matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
 
 # The Docker network that Coturn would be put into.
 #

roles/matrix-coturn/tasks/setup_coturn.yml

@@ -8,6 +8,8 @@
   docker_image:
     name: "{{ matrix_coturn_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}"
   when: matrix_coturn_enabled|bool
 
 - name: Ensure Coturn configuration path exists

roles/matrix-dimension/defaults/main.yml

@@ -13,6 +13,7 @@ matrix_dimension_widgets_allow_self_signed_ssl_certificates: false
 matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension"
 
 matrix_dimension_docker_image: "turt2live/matrix-dimension:latest"
+matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}"
 
 # The user and group id correspond to the node user in the `turt2live/matrix-dimension` image.
 matrix_dimension_user_uid: '1000'

roles/matrix-dimension/tasks/setup_dimension.yml

@@ -26,6 +26,8 @@
   docker_image:
     name: "{{ matrix_dimension_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}"
   when: matrix_dimension_enabled|bool
 
 - name: Ensure matrix-dimension.service installed

roles/matrix-mailer/defaults/main.yml

@@ -3,6 +3,7 @@ matrix_mailer_enabled: true
 matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
 
 matrix_mailer_docker_image: "devture/exim-relay:4.91-r3-0"
+matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
 
 # The user/group that the container runs with.
 # These match the `exim` user/group within the container image.

roles/matrix-mailer/tasks/setup_mailer.yml

@@ -24,6 +24,8 @@
   docker_image:
     name: "{{ matrix_mailer_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
   when: matrix_mailer_enabled|bool
 
 - name: Ensure matrix-mailer.service installed

roles/matrix-mxisd/defaults/main.yml

@@ -4,6 +4,8 @@
 matrix_mxisd_enabled: true
 
 matrix_mxisd_docker_image: "kamax/mxisd:1.4.4"
+matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}"
+
 matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
 matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
 matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"

roles/matrix-mxisd/tasks/setup_mxisd.yml

@@ -20,6 +20,8 @@
   docker_image:
     name: "{{ matrix_mxisd_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mxisd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mxisd_docker_image_force_pull }}"
   when: matrix_mxisd_enabled|bool
 
 - name: Ensure mxisd config installed

roles/matrix-nginx-proxy/defaults/main.yml

@@ -2,8 +2,9 @@ matrix_nginx_proxy_enabled: true
 
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
-# those as more frequently out of date.
+# that is frequently out of date.
 matrix_nginx_proxy_docker_image: "nginx:1.15.12-alpine"
+matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
 
 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
 matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data"
@@ -144,6 +145,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
 matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.33.1"
+matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~
 

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -98,6 +98,8 @@
   docker_image:
     name: "{{ matrix_nginx_proxy_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}"
   when: matrix_nginx_proxy_enabled|bool
 
 - name: Ensure matrix-nginx-proxy.service installed

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml

@@ -37,6 +37,8 @@
   docker_image:
     name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}"
   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
 - name: Obtain Let's Encrypt certificates

roles/matrix-postgres/defaults/main.yml

@@ -13,6 +13,11 @@ matrix_postgres_docker_image_v10: "postgres:10.8-alpine"
 matrix_postgres_docker_image_v11: "postgres:11.3-alpine"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
 
+# This variable is assigned at runtime. Overriding its value has no effect.
+matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'
+
+matrix_postgres_docker_image_force_pull: "{{ matrix_postgres_docker_image_to_use.endswith(':latest') }}"
+
 # A list of extra arguments to pass to the container
 matrix_postgres_container_extra_arguments: []
 

roles/matrix-postgres/tasks/setup_postgres.yml

@@ -28,6 +28,8 @@
   docker_image:
     name: "{{ matrix_postgres_docker_image_to_use }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}"
   when: matrix_postgres_enabled|bool
 
 # We always create these directories, even if an external Postgres is used,

roles/matrix-riot-web/defaults/main.yml

@@ -1,6 +1,7 @@
 matrix_riot_web_enabled: true
 
 matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.1"
+matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
 
 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
 

roles/matrix-riot-web/tasks/setup_riot_web.yml

@@ -17,6 +17,8 @@
   docker_image:
     name: "{{ matrix_riot_web_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_riot_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_riot_web_docker_image_force_pull }}"
   when: matrix_riot_web_enabled|bool
 
 - name: Ensure Matrix riot-web config files installed

roles/matrix-synapse/defaults/main.yml

@@ -4,6 +4,7 @@
 matrix_synapse_enabled: true
 
 matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.5.2"
+matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
 matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
@@ -259,6 +260,7 @@ matrix_synapse_ext_password_provider_ldap_filter: ""
 matrix_s3_media_store_enabled: false
 matrix_s3_media_store_custom_endpoint_enabled: false
 matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
+matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}"
 matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
 matrix_s3_media_store_bucket_name: "your-bucket-name"
 matrix_s3_media_store_aws_access_key: "your-aws-access-key"

roles/matrix-synapse/tasks/goofys/setup_install.yml

@@ -2,6 +2,8 @@
   docker_image:
     name: "{{ matrix_s3_goofys_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}"
 
 # This will throw a Permission Denied error if already mounted
 - name: Check Matrix Goofys external storage mountpoint path

roles/matrix-synapse/tasks/synapse/setup_install.yml

@@ -22,6 +22,8 @@
   docker_image:
     name: "{{ matrix_synapse_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}"
 
 - name: Check if a Synapse signing key exists
   stat: