#SPDX-License-Identifier: MIT-0 --- # tasks file for garage - name: Create docker compose directory file: path: "{{ garage_docker_compose_dir }}" state: directory mode: '0755' - name: Create garage meta data directory file: path: "{{ garage_docker_volume_dir }}/meta" state: directory mode: '0755' - name: Create garage data directory file: path: "{{ garage_docker_volume_dir }}/data" state: directory mode: '0755' - name: Generate garage configuration file template: src: garage.toml.j2 dest: "{{ garage_docker_compose_dir }}/garage.toml" mode: '0644' - name: Set webui htpasswd activation fact ansible.builtin.set_fact: # htpasswd only runs when the WebUI is enabled AND authentik ForwardAuth # is not handling authentication. When authentik is in front, the # compose template drops AUTH_USER_PASS so no hash is needed. _garage_webui_htpasswd_active: >- {{ garage_webui_enabled and not (garage_webui_authentik_forward_auth | default(false)) }} - name: Read cached webui htpasswd hash ansible.builtin.slurp: src: "{{ garage_docker_compose_dir }}/webui.htpasswd" register: _garage_webui_htpasswd_cached failed_when: false changed_when: false when: _garage_webui_htpasswd_active - name: Verify cached webui htpasswd hash still matches password ansible.builtin.command: argv: - htpasswd - -vbB - "{{ garage_docker_compose_dir }}/webui.htpasswd" - "{{ garage_webui_username }}" - "{{ garage_webui_password }}" register: _garage_webui_htpasswd_verify failed_when: false changed_when: false no_log: true when: - _garage_webui_htpasswd_active - _garage_webui_htpasswd_cached.content is defined - name: Generate bcrypt hash for webui password using htpasswd ansible.builtin.command: argv: - htpasswd - -nbBC - "10" - "{{ garage_webui_username }}" - "{{ garage_webui_password }}" register: _garage_webui_password_hash_new changed_when: true when: - _garage_webui_htpasswd_active - (_garage_webui_htpasswd_cached.content is not defined) or (_garage_webui_htpasswd_verify.rc | default(1) != 0) - name: Persist webui htpasswd hash on disk ansible.builtin.copy: content: "{{ _garage_webui_password_hash_new.stdout }}\n" dest: "{{ garage_docker_compose_dir }}/webui.htpasswd" mode: '0600' when: - _garage_webui_htpasswd_active - _garage_webui_password_hash_new is changed - name: Load current webui htpasswd hash ansible.builtin.slurp: src: "{{ garage_docker_compose_dir }}/webui.htpasswd" register: _garage_webui_htpasswd_current changed_when: false when: _garage_webui_htpasswd_active - name: Expose current webui htpasswd hash to template ansible.builtin.set_fact: _garage_webui_password_hash: stdout: "{{ (_garage_webui_htpasswd_current.content | b64decode).strip() }}" when: _garage_webui_htpasswd_active - name: Create docker-compose file for garage template: src: docker-compose.yml.j2 dest: "{{ garage_docker_compose_dir }}/docker-compose.yml" mode: '0644' - name: Start garage container community.docker.docker_compose_v2: project_src: "{{ garage_docker_compose_dir }}" state: present - name: Wait for garage container to be running community.docker.docker_container_info: name: "{{ garage_service_name }}" register: _garage_container_info until: _garage_container_info.container.State.Running | default(false) retries: 30 delay: 2 - name: Wait for garage to be ready (check if garage command responds) community.docker.docker_container_exec: container: "{{ garage_service_name }}" command: /garage status register: _garage_status_check until: _garage_status_check.rc == 0 retries: 30 delay: 2 changed_when: false failed_when: false # Include bootstraping tasks (cluster bootstrap) - name: Include garage bootstraping tasks ansible.builtin.include_tasks: bootstrap.yml when: garage_bootstrap_enabled # Include provisioning tasks (S3 keys and buckets) - name: Include garage bootstraping tasks ansible.builtin.include_tasks: provision.yml when: garage_s3_keys | length > 0