public-infra/maintenance-scripts
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
maintenance-scripts/playbooks/cleanup_docker.yml
rebecca 3574b47a5f Initialize infrastructure maintenance scripts with Ansible playbooks 
Add Ansible-based maintenance scripts for infrastructure operations:
- CVE scanner using NIST NVD database
- Package update checker with OpenAI risk assessment
- Docker cleanup playbook
- Log archiver for rotated logs
- Disk space analyzer

Supports Ubuntu 20.04/22.04/24.04, Debian 11/12/13, and Alpine Linux
2026-01-22 10:37:08 -03:00

170 lines
6.4 KiB
YAML
Raw Blame History

---
- name: Docker System Cleanup
hosts: all
gather_facts: true
vars:
docker_prune_dangling: true
docker_prune_images: true
docker_prune_containers: true
docker_prune_volumes: false
docker_prune_build_cache: true
output_file: "/tmp/docker_cleanup_report_{{ ansible_date_time.iso8601_basic_short }}.json"
tasks:
- name: Check if Docker is installed
command: docker --version
register: docker_check
changed_when: false
failed_when: false
- name: Skip cleanup if Docker is not installed
fail:
msg: "Docker is not installed on this host"
when: docker_check.rc != 0
- name: Get Docker system information before cleanup
command: docker system df
register: docker_df_before
changed_when: false
- name: Parse Docker disk usage before cleanup
set_fact:
docker_disk_before: >-
{{
docker_disk_before | default({}) | combine({
'images_total': docker_df_before.stdout | regex_search('Images\\s+(\\d+)', '\\1') | first | default(0) | int,
'containers_total': docker_df_before.stdout | regex_search('Containers\\s+(\\d+)', '\\1') | first | default(0) | int,
'local_volumes_total': docker_df_before.stdout | regex_search('Local Volumes\\s+(\\d+)', '\\1') | first | default(0) | int,
'build_cache_total': docker_df_before.stdout | regex_search('Build Cache\\s+(\\d+)', '\\1') | first | default(0) | int
})
}}
- name: Remove dangling Docker images
docker_prune:
images: true
images_filters:
dangling: true
register: prune_dangling
when: docker_prune_dangling
failed_when: false
- name: Remove unused Docker images
docker_prune:
images: true
images_filters:
dangling: false
register: prune_images
when: docker_prune_images
failed_when: false
- name: Remove stopped Docker containers
docker_prune:
containers: true
register: prune_containers
when: docker_prune_containers
failed_when: false
- name: Remove unused Docker volumes
docker_prune:
volumes: true
register: prune_volumes
when: docker_prune_volumes
failed_when: false
- name: Remove Docker build cache
docker_prune:
builder_cache: true
register: prune_build_cache
when: docker_prune_build_cache
failed_when: false
- name: Perform full Docker system prune
community.docker.docker_prune:
images: true
containers: true
networks: false
volumes: false
builder_cache: true
register: system_prune
failed_when: false
- name: Get Docker system information after cleanup
command: docker system df
register: docker_df_after
changed_when: false
- name: Parse Docker disk usage after cleanup
set_fact:
docker_disk_after: >-
{{
docker_disk_after | default({}) | combine({
'images_total': docker_df_after.stdout | regex_search('Images\\s+(\\d+)', '\\1') | first | default(0) | int,
'containers_total': docker_df_after.stdout | regex_search('Containers\\s+(\\d+)', '\\1') | first | default(0) | int,
'local_volumes_total': docker_df_after.stdout | regex_search('Local Volumes\\s+(\\d+)', '\\1') | first | default(0) | int,
'build_cache_total': docker_df_after.stdout | regex_search('Build Cache\\s+(\\d+)', '\\1') | first | default(0) | int
})
}}
- name: Calculate space reclaimed
set_fact:
space_reclaimed: >-
{{
{
'images_reclaimed': docker_disk_before.images_total - docker_disk_after.images_total,
'containers_reclaimed': docker_disk_before.containers_total - docker_disk_after.containers_total,
'volumes_reclaimed': docker_disk_before.local_volumes_total - docker_disk_after.local_volumes_total,
'build_cache_reclaimed': docker_disk_before.build_cache_total - docker_disk_after.build_cache_total
}
}}
- name: Generate cleanup report
copy:
dest: "{{ output_file }}"
content: >-
{
"hostname": "{{ ansible_hostname }}",
"ip_address": "{{ ansible_default_ipv4.address }}",
"os": "{{ ansible_distribution }} {{ ansible_distribution_version }}",
"cleanup_date": "{{ ansible_date_time.iso8601 }}",
"before_cleanup": {
"images": {{ docker_disk_before.images_total | default(0) }},
"containers": {{ docker_disk_before.containers_total | default(0) }},
"volumes": {{ docker_disk_before.local_volumes_total | default(0) }},
"build_cache": {{ docker_disk_before.build_cache_total | default(0) }}
},
"after_cleanup": {
"images": {{ docker_disk_after.images_total | default(0) }},
"containers": {{ docker_disk_after.containers_total | default(0) }},
"volumes": {{ docker_disk_after.local_volumes_total | default(0) }},
"build_cache": {{ docker_disk_after.build_cache_total | default(0) }}
},
"reclaimed": {
"images": {{ space_reclaimed.images_reclaimed | default(0) }},
"containers": {{ space_reclaimed.containers_reclaimed | default(0) }},
"volumes": {{ space_reclaimed.volumes_reclaimed | default(0) }},
"build_cache": {{ space_reclaimed.build_cache_reclaimed | default(0) }}
}
}
mode: '0600'
- name: Display cleanup summary
debug:
msg:
- "Docker cleanup completed on {{ ansible_hostname }}"
- "Images reclaimed: {{ space_reclaimed.images_reclaimed }}"
- "Containers reclaimed: {{ space_reclaimed.containers_reclaimed }}"
- "Build cache reclaimed: {{ space_reclaimed.build_cache_reclaimed }}"
- "Report saved to: {{ output_file }}"
- name: Return cleanup findings
set_fact:
docker_cleanup_report:
hostname: ansible_hostname
ip_address: ansible_default_ipv4.address
os: ansible_distribution + ' ' + ansible_distribution_version
before: docker_disk_before
after: docker_disk_after
reclaimed: space_reclaimed
cleanup_date: ansible_date_time.iso8601
report_file: output_file
Reference in New Issue View Git Blame Copy Permalink