# Proxmox Docker Update

Ansible playbooks for managing Docker containers across Proxmox VMs and LXCs, with Jenkins CI/CD integration.

## Overview

This project automates Docker container updates and maintenance using:
- **Proxmox dynamic inventory** - automatically discovers running VMs/LXCs tagged with `docker`
- **Ansible playbooks** - manages Docker Compose stacks and cleanup
- **Jenkins pipeline** - provides a UI for running playbooks with parameters

## Requirements

- Ansible with `community.docker` and `community.proxmox` collections
- Proxmox API token with inventory read access
- Jenkins (for CI/CD pipeline)
- Docker hosts must be tagged with `docker` in Proxmox

## Playbooks

| Playbook | Description |
|----------|-------------|
| `dockerUpdate.yml` | Pulls latest images and recreates containers for all Docker Compose stacks |
| `dockerPrune.yaml` | Removes unused containers, images, networks, volumes, and build cache |

## Usage

### Via Jenkins

The Jenkins pipeline provides a parameterized build with:

| Parameter | Description |
|-----------|-------------|
| `PLAYBOOK` | Select which playbook to run |
| `LIMIT` | Optionally limit to specific hosts (e.g., `plex`, `media-app`) |
| `DRY_RUN` | Run in check mode without making changes |

The pipeline automatically targets hosts in the `docker_hosts` group. When a limit is provided, it uses an intersection pattern (`docker_hosts:&<limit>`) to ensure only docker hosts matching the limit are affected.

### Via Command Line

```bash
# Update all docker hosts
ansible-playbook -i inventories/inventory.proxmox.yml playbooks/dockerUpdate.yml --limit docker_hosts

# Update a specific host
ansible-playbook -i inventories/inventory.proxmox.yml playbooks/dockerUpdate.yml --limit 'docker_hosts:&plex'

# Prune all docker hosts (dry run)
ansible-playbook -i inventories/inventory.proxmox.yml playbooks/dockerPrune.yaml --limit docker_hosts --check --diff
```

## Inventory

The dynamic inventory (`inventories/inventory.proxmox.yml`) automatically groups hosts by Proxmox tags:

| Group | Tag | Description |
|-------|-----|-------------|
| `docker_hosts` | `docker` | Hosts running Docker |
| `vms` | - | All QEMU virtual machines |
| `lxcs` | - | All LXC containers |

Hosts are resolved as `<hostname>.lan` and use the `jenkins` user for SSH.

## Environment Variables

Required for Proxmox API access:

```bash
export PROXMOX_TOKEN_SECRET=<your-token-secret>
```

In Jenkins, this is configured via the `PROXMOX_TOKEN_SECRET` credential.

## Project Structure

```
.
├── Jenkinsfile                          # CI/CD pipeline
├── inventories/
│   └── inventory.proxmox.yml            # Proxmox dynamic inventory
└── playbooks/
    ├── dockerUpdate.yml                 # Container update playbook
    └── dockerPrune.yaml                 # Cleanup playbook
```