From 4f85436fc1912fbaf2ebf2115ecdf8c7c07f9840 Mon Sep 17 00:00:00 2001
From: Thomas Boerger <thomas@webhippie.de>
Date: Thu, 6 Jul 2023 09:54:42 +0200
Subject: [PATCH] feat: move image pull to tasks from service and create
 network

---
 README.md                   | 20 ++++++++++++++++++++
 defaults/main.yml           |  6 ++++++
 tasks/main.yml              | 19 +++++++++++++++++++
 tasks/oauth2.yml            | 18 ++++++++++++++++++
 templates/oauth2/service.j2 |  1 -
 templates/service.j2        |  1 -
 6 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 58c8769..eabed7f 100644
--- a/README.md
+++ b/README.md
@@ -51,10 +51,12 @@ Building and improving this Ansible role have been sponsored by my current and p
   - [prometheus_oauth2_listen_address](#prometheus_oauth2_listen_address)
   - [prometheus_oauth2_network](#prometheus_oauth2_network)
   - [prometheus_oauth2_provider](#prometheus_oauth2_provider)
+  - [prometheus_oauth2_pull_image](#prometheus_oauth2_pull_image)
   - [prometheus_oauth2_static_groups](#prometheus_oauth2_static_groups)
   - [prometheus_oauth2_static_users](#prometheus_oauth2_static_users)
   - [prometheus_oauth2_upstream](#prometheus_oauth2_upstream)
   - [prometheus_oauth2_version](#prometheus_oauth2_version)
+  - [prometheus_pull_image](#prometheus_pull_image)
   - [prometheus_rule_files](#prometheus_rule_files)
   - [prometheus_scrape_configs](#prometheus_scrape_configs)
   - [prometheus_scrape_interval](#prometheus_scrape_interval)
@@ -528,6 +530,14 @@ Provider for OAuth2 authentication
 prometheus_oauth2_provider: keycloak
 ```
 
+### prometheus_oauth2_pull_image
+
+#### Default value
+
+```YAML
+prometheus_oauth2_pull_image: true
+```
+
 ### prometheus_oauth2_static_groups
 
 List of groups assigned to static users
@@ -581,6 +591,16 @@ Version of the OAuth2 Proxy to download
 prometheus_oauth2_version: 7.4.0
 ```
 
+### prometheus_pull_image
+
+Pull image as part of the tasks
+
+#### Default value
+
+```YAML
+prometheus_pull_image: true
+```
+
 ### prometheus_rule_files
 
 List of paths to read rule files from
diff --git a/defaults/main.yml b/defaults/main.yml
index 1c11e91..160dec2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,6 +13,9 @@ prometheus_download: "https://github.com/prometheus/prometheus/releases/download
 # @var prometheus_image:description: Docker image to use for deployment
 prometheus_image: "quay.io/prometheus/prometheus:v{{ prometheus_version }}"
 
+# @var prometheus_pull_image:description: Pull image as part of the tasks
+prometheus_pull_image: True
+
 # @var prometheus_network:description: Optional docker network to attach
 prometheus_network:
 
@@ -166,6 +169,9 @@ prometheus_oauth2_download: "https://github.com/oauth2-proxy/oauth2-proxy/releas
 # @var prometheus_image:description: Docker image to use for deployment on OAuth2 Proxy
 prometheus_oauth2_image: "quay.io/oauth2-proxy/oauth2-proxy:v{{ prometheus_oauth2_version }}"
 
+# @var prometheus_pull_image:description: Pull image as part of the tasks
+prometheus_oauth2_pull_image: True
+
 # @var prometheus_network:description: Optional docker network to attach on OAuth2 Proxy
 prometheus_oauth2_network: "{{ prometheus_network }}"
 
diff --git a/tasks/main.yml b/tasks/main.yml
index 26b0b65..6057ffa 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -269,6 +269,25 @@
   tags:
     - prometheus
 
+- name: Pull docker image
+  when:
+    - prometheus_installation == 'docker'
+    - prometheus_pull_image
+  docker_image:
+    name: "{{ prometheus_image }}"
+    source: pull
+  tags:
+    - prometheus
+
+- name: Create docker network
+  when:
+    - prometheus_installation == 'docker'
+    - prometheus_network | default(False)
+  docker_network:
+    name: '{{ prometheus_network }}'
+  tags:
+    - prometheus
+
 - name: Start prometheus service
   systemd:
     name: prometheus
diff --git a/tasks/oauth2.yml b/tasks/oauth2.yml
index 6eb7b43..402d2cb 100644
--- a/tasks/oauth2.yml
+++ b/tasks/oauth2.yml
@@ -111,6 +111,24 @@
     - prometheus
     - oauth2
 
+- name: Pull docker image
+  when: prometheus_oauth2_pull_image
+  docker_image:
+    name: "{{ prometheus_oauth2_image }}"
+    source: pull
+  tags:
+    - prometheus
+    - oauth2
+
+- name: Create docker network
+  when:
+    - prometheus_oauth2_network | default(False)
+  docker_network:
+    name: '{{ prometheus_oauth2_network }}'
+  tags:
+    - prometheus
+    - oauth2
+
 - name: Start prometheus-oauth2 service
   systemd:
     name: prometheus-oauth2
diff --git a/templates/oauth2/service.j2 b/templates/oauth2/service.j2
index e10a525..b1fe8f6 100644
--- a/templates/oauth2/service.j2
+++ b/templates/oauth2/service.j2
@@ -18,7 +18,6 @@ EnvironmentFile=/etc/environment
 ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true'
 ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true'
 ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true'
-ExecStartPre=/usr/bin/docker pull {{ prometheus_oauth2_image }}
 ExecStart=/usr/bin/docker run --rm \
   --name %p \
   --hostname %p \
diff --git a/templates/service.j2 b/templates/service.j2
index d94cd86..603aad1 100644
--- a/templates/service.j2
+++ b/templates/service.j2
@@ -16,7 +16,6 @@ EnvironmentFile=/etc/environment
 ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true'
 ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true'
 ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true'
-ExecStartPre=/usr/bin/docker pull {{ prometheus_image }}
 ExecStart=/usr/bin/docker run --rm \
   --name %p \
   --hostname %p \