From d2634d4de42cc723929c0cac16c128e1dcb5b230 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Thu, 30 Apr 2026 23:58:08 +0200 Subject: [PATCH] Modernise Draupnir Role ansible modules and update restart logic Move the draupnir role to use modern ansible docker modules so we get access to fancy features like buildx and smart pulls. No more force pull bullshit. And also make the force restart logic that this commit breaks work again but much smarter. Since if we are pulling diffrent tags (Will happen a lot with test environments) then we dont need to force a restart unessecarily. This also allows people who exclusively run bot mode to still benefit from conditional restarts even if targeting a moving tag like main or latest. --- collections/requirements.yml | 4 +++ .../defaults/main.yml | 10 ++++++- .../tasks/setup_install.yml | 26 +++++++++---------- .../tasks/validate_config.yml | 1 + .../matrix-bot-draupnir/defaults/main.yml | 10 ++++++- .../tasks/setup_install.yml | 26 +++++++++---------- .../tasks/validate_config.yml | 1 + 7 files changed, 50 insertions(+), 28 deletions(-) diff --git a/collections/requirements.yml b/collections/requirements.yml index 483ed156a..05ea9b2d5 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,4 +1,8 @@ --- collections: + # community.docker >= 3.6.0 is required for: + # - community.docker.docker_image_pull module (pull-only operations) + # - community.docker.docker_image_build module (build with BuildKit support) - name: community.general - name: community.docker + version: ">=3.6.0" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml index 6cc6fa9b7..d2f1ce31e 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml @@ -22,7 +22,6 @@ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "ghcr.io/" matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}{{ matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier }}:{{ matrix_appservice_draupnir_for_all_version }}" matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier: "the-draupnir-project/draupnir" -matrix_appservice_draupnir_for_all_container_image_force_pull: "{{ matrix_appservice_draupnir_for_all_container_image.endswith(':latest') }}" matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all" matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config" @@ -47,6 +46,15 @@ matrix_appservice_draupnir_for_all_systemd_required_services_list_custom: [] # List of systemd services that matrix-bot-draupnir.service wants matrix_appservice_draupnir_for_all_systemd_wanted_services_list: [] +# Force restart tag is used to control if the tag that is used is rolling or not. +# When both Draupnir roles are enabled, we only force restart if they are on the same +# version string and that version string matches the moving tag. +matrix_appservice_draupnir_for_all_force_restart_tag: "latest" + +# Force restart the service on all runs only when both roles are enabled, both roles +# are using the same version string, and that version is the moving tag. +matrix_appservice_draupnir_for_all_force_restart: "if {{ matrix_bot_draupnir_enabled | bool and matrix_appservice_draupnir_for_all_enabled | bool and matrix_bot_draupnir_version == matrix_appservice_draupnir_for_all_version and matrix_appservice_draupnir_for_all_version == matrix_appservice_draupnir_for_all_force_restart_tag }} then true else false end" + # The room ID where people can use the bot. The bot has no access controls, so # anyone in this room can use the bot - secure your room! # This should be a room alias - not a matrix.to URL. diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml index 21a1e6f4e..ba01a0b81 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml @@ -26,11 +26,9 @@ when: "item.when | bool" - name: Ensure Draupnir Docker image is pulled - community.docker.docker_image: + community.docker.docker_image_pull: name: "{{ matrix_appservice_draupnir_for_all_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_appservice_draupnir_for_all_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_container_image_force_pull }}" + pull: always when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool" register: matrix_appservice_draupnir_for_all_container_image_pull_result retries: "{{ devture_playbook_help_container_retries_count }}" @@ -49,15 +47,16 @@ when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" - name: Ensure Draupnir Docker image is built - community.docker.docker_image: + # Using docker_image_build with BuildKit for modern, efficient builds. + # docker_image_build automatically rebuilds when the Dockerfile or build context changes. + # The git_pull_results will show if the source was updated above. + community.docker.docker_image_build: name: "{{ matrix_appservice_draupnir_for_all_container_image }}" - source: build - force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}" - pull: true - when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" + dockerfile: Dockerfile + path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}" + pull: true + when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool and matrix_appservice_draupnir_for_all_git_pull_results.changed" + register: matrix_appservice_draupnir_for_all_container_image_build_result - name: Ensure matrix-appservice-draupnir-for-all appservice config installed ansible.builtin.copy: @@ -120,7 +119,8 @@ or matrix_appservice_draupnir_for_all_registration_config_result.changed | default(false) or matrix_appservice_draupnir_for_all_systemd_service_result.changed | default(false) or matrix_appservice_draupnir_for_all_container_image_pull_result.changed | default(false) - or matrix_appservice_draupnir_for_all_container_image_force_pull | bool + or matrix_appservice_draupnir_for_all_container_image_build_result.changed | default(false) + or matrix_appservice_draupnir_for_all_force_restart | bool }} - name: Ensure matrix-appservice-draupnir-for-all.service restarted, if necessary diff --git a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml index 5b41a4a75..40a8fca54 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml @@ -23,6 +23,7 @@ - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream'} - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default'} - {'old': 'matrix_appservice_draupnir_for_all_docker_src_files_path', 'new': 'matrix_appservice_draupnir_for_all_container_src_files_path'} + - {'old': 'matrix_appservice_draupnir_for_all_container_image_force_pull', 'new': ''} - name: Fail if required matrix-bot-draupnir variables are undefined ansible.builtin.fail: diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 77e9a9273..a52ca7b55 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -22,13 +22,21 @@ matrix_bot_draupnir_container_image_registry_namespace_identifier: "the-draupnir matrix_bot_draupnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_container_image_registry_prefix_upstream }}" matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}" matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "ghcr.io/" -matrix_bot_draupnir_container_image_force_pull: "{{ matrix_bot_draupnir_container_image.endswith(':latest') }}" matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir" matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config" matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data" matrix_bot_draupnir_container_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src" +# Force restart tag is used to control if the tag that is used is rolling or not. +# When both Draupnir roles are enabled, we only force restart if they are on the same +# version string and that version string matches the moving tag. +matrix_bot_draupnir_force_restart_tag: "latest" + +# Force restart the service on all runs only when both roles are enabled, both roles +# are using the same version string, and that version is the moving tag. +matrix_bot_draupnir_force_restart: "if {{ matrix_bot_draupnir_enabled | bool and matrix_appservice_draupnir_for_all_enabled | bool and matrix_bot_draupnir_version == matrix_appservice_draupnir_for_all_version and matrix_bot_draupnir_version == matrix_bot_draupnir_force_restart_tag }} then true else false end" + matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}" # noqa var-naming matrix_bot_draupnir_config_web_abuseReporting: false # noqa var-naming diff --git a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml index 3936521ae..8ddb58af5 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml @@ -38,11 +38,9 @@ register: matrix_bot_draupnir_support_files_result - name: Ensure Draupnir Docker image is pulled - community.docker.docker_image: + community.docker.docker_image_pull: name: "{{ matrix_bot_draupnir_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_bot_draupnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_container_image_force_pull }}" + pull: always when: "not matrix_bot_draupnir_container_image_self_build | bool" register: matrix_bot_draupnir_container_image_pull_result retries: "{{ devture_playbook_help_container_retries_count }}" @@ -61,15 +59,16 @@ when: "matrix_bot_draupnir_container_image_self_build | bool" - name: Ensure Draupnir Docker image is built - community.docker.docker_image: + # Using docker_image_build with BuildKit for modern, efficient builds. + # docker_image_build automatically rebuilds when the Dockerfile or build context changes. + # The git_pull_results will show if the source was updated above. + community.docker.docker_image_build: name: "{{ matrix_bot_draupnir_container_image }}" - source: build - force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_bot_draupnir_container_src_files_path }}" - pull: true - when: "matrix_bot_draupnir_container_image_self_build | bool" + dockerfile: Dockerfile + path: "{{ matrix_bot_draupnir_container_src_files_path }}" + pull: true + when: "matrix_bot_draupnir_container_image_self_build | bool and matrix_bot_draupnir_git_pull_results.changed" + register: matrix_bot_draupnir_container_image_build_result - name: Ensure matrix-bot-draupnir config installed ansible.builtin.copy: @@ -113,7 +112,8 @@ or matrix_bot_draupnir_config_result.changed | default(false) or matrix_bot_draupnir_systemd_service_result.changed | default(false) or matrix_bot_draupnir_container_image_pull_result.changed | default(false) - or matrix_bot_draupnir_container_image_force_pull | bool + or matrix_bot_draupnir_container_image_build_result.changed | default(false) + or matrix_bot_draupnir_force_restart | bool }} - name: Ensure matrix-bot-draupnir.service restarted, if necessary diff --git a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml index 624cc2cdb..3fbc6a9c3 100644 --- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml @@ -37,6 +37,7 @@ - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream'} - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream_default'} - {'old': 'matrix_bot_draupnir_docker_src_files_path', 'new': 'matrix_bot_draupnir_container_src_files_path'} + - {'old': 'matrix_bot_draupnir_container_image_force_pull', 'new': ''} - name: Fail if required matrix-bot-draupnir variables are undefined ansible.builtin.fail: