From d6d1299ae2e49f6dc074e3163f7bacb56998c27f Mon Sep 17 00:00:00 2001
From: "aynic.os" <support+git@asycn.io>
Date: Sun, 11 Jul 2021 08:56:03 +0100
Subject: [PATCH] wip

---
 Makefile                                          |  4 +-
 ansible/ansible.mk                                | 17 +++--
 ansible/def.ansible.mk                            |  6 ++
 ansible/inventories/host_vars/localhost           |  5 ++
 ansible/roles/aws-cli/tasks/main.yml              | 80 ++---------------------
 ansible/roles/aws-cli/tasks/myos.yml              | 31 +++++++++
 ansible/roles/disks/tasks/main.yml                | 14 ----
 ansible/roles/docker/defaults/main.yml            | 19 ++++--
 ansible/roles/docker/handlers/main.yml            |  7 +-
 ansible/roles/docker/tasks/config.yml             | 18 +++++
 ansible/roles/docker/tasks/group.yml              |  2 +-
 ansible/roles/docker/tasks/main.yml               |  9 ++-
 ansible/roles/docker/tasks/myos.yml               | 61 +++++++++++++++++
 ansible/roles/docker/tasks/myos_ec2.yml           | 20 ++++++
 ansible/roles/docker/tasks/package.yml            |  1 +
 ansible/roles/docker/templates/daemon.json.j2     |  1 +
 ansible/roles/hosts/tasks/files.yml               |  1 +
 ansible/roles/hosts/tasks/git.yml                 |  1 +
 ansible/roles/hosts/tasks/ssh.yml                 | 20 +-----
 ansible/roles/hosts/tasks/user.yml                | 18 ++++-
 ansible/roles/hosts/tests/goss/file.yml           | 19 +++++-
 ansible/roles/hosts/tests/goss/package_alpine.yml |  2 +
 ansible/roles/hosts/tests/goss/package_debian.yml |  2 +
 ansible/roles/hosts/tests/goss/package_redhat.yml |  2 +
 ansible/roles/hosts/vars/alpine.yml               |  1 +
 ansible/roles/hosts/vars/debian.yml               |  1 +
 ansible/roles/hosts/vars/redhat.yml               |  1 +
 make/apps/common.mk                               |  4 +-
 make/apps/def.docker.mk                           |  5 +-
 make/apps/def.setup.mk                            |  4 --
 make/apps/docker.mk                               |  8 +--
 make/apps/install.mk                              | 30 ++++-----
 make/apps/{setup.mk => myos/def.setup.mk}         | 20 ++----
 make/apps/myos/setup.mk                           | 31 +++++++++
 make/def.docker.mk                                |  1 +
 make/def.mk                                       | 69 ++++++++++---------
 make/monorepo/common.mk                           |  4 +-
 packer/def.packer.mk                              |  6 +-
 packer/packer.mk                                  |  4 +-
 stack/base.mk                                     |  2 +-
 stack/node.mk                                     |  2 +-
 41 files changed, 342 insertions(+), 211 deletions(-)
 create mode 100644 ansible/roles/aws-cli/tasks/myos.yml
 create mode 100644 ansible/roles/docker/tasks/myos.yml
 create mode 100644 ansible/roles/docker/tasks/myos_ec2.yml
 create mode 100644 ansible/roles/docker/templates/daemon.json.j2
 delete mode 100644 make/apps/def.setup.mk
 rename make/apps/{setup.mk => myos/def.setup.mk} (61%)
 create mode 100644 make/apps/myos/setup.mk

diff --git a/Makefile b/Makefile
index 3875e52..bd5748a 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ include make/include.mk
 ##
 # APP
 
-app-bootstrap: setup-sysctl setup-nfsd
+app-bootstrap: setup-docker-group setup-nfsd setup-sysctl
 
 app-build: base install-build-config
 	$(call make,docker-compose-build docker-compose-up)
@@ -12,4 +12,6 @@ app-build: base install-build-config
 
 app-install: ansible-run base node
 
+app-tests: ansible-tests
+
 app-start: ssh-add
diff --git a/ansible/ansible.mk b/ansible/ansible.mk
index 1a10c55..d8a2987 100644
--- a/ansible/ansible.mk
+++ b/ansible/ansible.mk
@@ -1,16 +1,16 @@
 # target ansible: Fire docker-build-ansible, Call ansible ANSIBLE_ARGS ARGS or ansible-run target
 .PHONY: ansible
-ansible: $(if $(DOCKER_RUN),docker-build-ansible)
+ansible: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
 	$(call ansible,$(ANSIBLE_ARGS) $(ARGS))
 
 # target ansible-playbook: Call ansible-playbook ANSIBLE_ARGS ARGS
 .PHONY: ansible-playbook
-ansible-playbook: $(if $(DOCKER_RUN),docker-build-ansible)
+ansible-playbook: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
 	$(call ansible-playbook,$(ANSIBLE_ARGS) $(ARGS))
 
 # target ansible-pull: Call ansible-pull ANSIBLE_GIT_REPOSITORY ANSIBLE_PLAYBOOK
 .PHONY: ansible-pull
-ansible-pull:
+ansible-pull: install-ansible
 	$(call ansible-pull,--url $(ANSIBLE_GIT_REPOSITORY) $(if $(ANSIBLE_GIT_KEY_FILE),--key-file $(ANSIBLE_GIT_KEY_FILE)) $(if $(ANSIBLE_GIT_VERSION),--checkout $(ANSIBLE_GIT_VERSION)) $(if $(ANSIBLE_GIT_DIRECTORY),--directory $(ANSIBLE_GIT_DIRECTORY)) $(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(ANSIBLE_EXTRA_VARS)') $(if $(findstring true,$(FORCE)),--force) $(if $(findstring true,$(DRYRUN)),--check) --full $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK))
 
 # target ansible-pull@%: Fire ssh-get-PrivateIpAddress-% for SERVER_NAME, Call ssh-exec make ansible-pull DOCKER_IMAGE_TAG
@@ -24,5 +24,14 @@ ansible-run: ansible-run-localhost
 
 # target ansible-run-%: Fire docker-build-ansible, Call ansible-playbook ANSIBLE_PLAYBOOK
 .PHONY: ansible-run-%
-ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
+ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible) debug-ANSIBLE_PLAYBOOK
 	$(call ansible-playbook,$(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(patsubst target=localhost,target=$*,$(ANSIBLE_EXTRA_VARS))') $(if $(findstring true,$(DRYRUN)),--check) $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK))
+
+# target ansible-tests: Fire ssh-add ansible-tests-localhost
+.PHONY: ansible-tests
+ansible-tests: ansible-tests-localhost
+
+# target ansible-tests-%: Fire docker-run-% with ANSIBLE_PLAYBOOK ansible/roles/*/tests/playbook.yml
+.PHONY: ansible-tests-%
+ansible-tests-%: ANSIBLE_PLAYBOOK := $(wildcard ansible/roles/*/tests/playbook.yml)
+ansible-tests-%: ansible-run-%;
diff --git a/ansible/def.ansible.mk b/ansible/def.ansible.mk
index 95f3675..8889927 100644
--- a/ansible/def.ansible.mk
+++ b/ansible/def.ansible.mk
@@ -46,3 +46,9 @@ define ansible-pull
 	$(call INFO,ansible-pull,$(1))
 	$(call env-run,$(RUN) ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1))
 endef
+# function ansible-user-add-groups: Call ansible to add user 1 in groups 2
+define ansible-user-add-groups
+	$(call INFO,ansible-user-add-groups,$(1)$(comma) $(2))
+	$(if $(DOCKER_RUN),$(call make,docker-build-ansible),$(call make,install-ansible))
+	$(call ansible,-b -m user -a 'name=$(1) groups=$(2) append=yes' localhost)
+endef
diff --git a/ansible/inventories/host_vars/localhost b/ansible/inventories/host_vars/localhost
index 88b624d..dc47a45 100644
--- a/ansible/inventories/host_vars/localhost
+++ b/ansible/inventories/host_vars/localhost
@@ -1,6 +1,11 @@
 ---
 # file: inventories/host_vars/localhost
 
+disks_additional_disks:
+- disk: none
+  fstype: btrfs
+  mount: /var/lib/docker
+  service: docker
 docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
 docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
 hosts_enable_local: true
diff --git a/ansible/roles/aws-cli/tasks/main.yml b/ansible/roles/aws-cli/tasks/main.yml
index 1924c5a..e42c0d7 100644
--- a/ansible/roles/aws-cli/tasks/main.yml
+++ b/ansible/roles/aws-cli/tasks/main.yml
@@ -67,79 +67,7 @@
     mode=0600
     force=yes
 
-- name: aws - check AWS meta-data URI
-  uri:
-    url: http://169.254.169.254/latest/meta-data
-    timeout: 1
-  register: aws_uri_check
-  tags: 'aws'
-  failed_when: False
-
-- name: aws - get instance metadata
-  tags: 'aws'
-  ec2_metadata_facts:
-  when: aws_uri_check.status == 200
-
-- name: aws - get instance tags
-  tags: 'aws'
-  ec2_tag:
-    aws_access_key: "{{ aws_access_key_id }}"
-    aws_secret_key: "{{ aws_secret_access_key }}"
-    region: "{{ ansible_ec2_placement_region }}"
-    resource: "{{ ansible_ec2_instance_id }}"
-    state: list
-  register: ec2_tags
-  when: ansible_ec2_instance_id is defined
-
-- name: aws - set hostname
-  hostname: name="{{ ec2_tags.tags.hostname }}{% if ec2_tags.tags.domainname is defined %}.{{ ec2_tags.tags.domainname }}{% endif %}"
-  tags: 'aws'
-  when: ec2_tags.tags is defined and ec2_tags.tags.hostname is defined
-
-- name: aws - ecr login
-  shell: "$(aws ecr get-login --no-include-email --region {{ aws_region }})"
-  tags: 'aws'
-  when: ec2_tags.tags is defined
-
-# ansible v2.8
-# - name: aws - prune docker objects
-#   docker_prune:
-#     containers: yes
-#     images: yes
-#     images_filters:
-#       dangling: false
-#     networks: yes
-#     volumes: yes
-#     builder_cache: yes
-#   tags: 'aws'
-
-- name: aws - launch docker containers
-  docker_container:
-    image: "{{docker_registry|default(ec2_tags.tags.user)}}/{{ec2_tags.tags.user}}/{{ec2_tags.tags.env}}/{% if ':' in item %}{{item}}{% else %}{{item}}:{{docker_image_tag|default('latest')}}{% endif %}"
-    name: "{{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
-    network_mode: host
-    pull: yes
-    restart_policy: always
-    volumes:
-    - "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}:/shared"
-    - /etc/localtime:/etc/localtime:ro
-    - /var/run/docker.sock:/tmp/docker.sock:ro
-  tags: 'aws'
-  with_items: '{{ec2_tags.tags.services.split(" ")}}'
-  when: ec2_tags.tags is defined and ec2_tags.tags.env is defined and ec2_tags.tags.services is defined and ec2_tags.tags.user is defined
-
-- name: aws - add docker containers to inventory
-  add_host:
-    name: "{{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
-    ansible_connection: docker
-  changed_when: false
-  tags: 'aws'
-  with_items: '{{ec2_tags.tags.services.split(" ")}}'
-  when: ec2_tags.tags is defined and ec2_tags.tags.env is defined and ec2_tags.tags.services is defined and ec2_tags.tags.user is defined
-
-- name: aws - run make deploy-hook in docker containers
-  delegate_to: "{{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
-  raw: "command -v make || exit 0 && make deploy-hook CONTAINER={{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}} HOST={{ansible_ec2_local_ipv4}}"
-  tags: 'aws'
-  with_items: '{{ec2_tags.tags.services.split(" ")}}'
-  when: ec2_tags.tags is defined and ec2_tags.tags.env is defined and ec2_tags.tags.services is defined and ec2_tags.tags.user is defined
+- import_tasks: myos.yml
+  tags:
+    - aws
+    - myos
diff --git a/ansible/roles/aws-cli/tasks/myos.yml b/ansible/roles/aws-cli/tasks/myos.yml
new file mode 100644
index 0000000..e3648a1
--- /dev/null
+++ b/ansible/roles/aws-cli/tasks/myos.yml
@@ -0,0 +1,31 @@
+---
+# file: tasks/myos.yml
+
+- name: myos - check AWS meta-data URI
+  uri:
+    url: http://169.254.169.254/latest/meta-data
+    timeout: 1
+  register: aws_uri_check
+  tags: 'aws'
+  failed_when: False
+
+- name: myos - get instance metadata
+  tags: 'aws'
+  ec2_metadata_facts:
+  when: aws_uri_check.status == 200
+
+- name: myos - get instance tags
+  tags: 'aws'
+  ec2_tag:
+    aws_access_key: "{{ aws_access_key_id }}"
+    aws_secret_key: "{{ aws_secret_access_key }}"
+    region: "{{ ansible_ec2_placement_region }}"
+    resource: "{{ ansible_ec2_instance_id }}"
+    state: list
+  register: ec2_tags
+  when: ansible_ec2_instance_id is defined
+
+- name: myos - set hostname
+  hostname: name="{{ ec2_tags.tags.hostname }}{% if ec2_tags.tags.domainname is defined %}.{{ ec2_tags.tags.domainname }}{% endif %}"
+  tags: 'aws'
+  when: ec2_tags.tags is defined and ec2_tags.tags.hostname is defined
diff --git a/ansible/roles/disks/tasks/main.yml b/ansible/roles/disks/tasks/main.yml
index 63524d8..063dfd4 100644
--- a/ansible/roles/disks/tasks/main.yml
+++ b/ansible/roles/disks/tasks/main.yml
@@ -1,17 +1,3 @@
-- name: 'Install Python PIP'
-  package: >
-    name=py3-pip
-    state=present
-  when: ansible_os_family|lower == "alpine"
-  become: yes
-
-- name: 'Install Python PIP'
-  package: >
-    name=python-pip
-    state=present
-  when: ansible_os_family|lower != "alpine"
-  become: yes
-
 - name: 'Install python-pathlib'
   pip: >
     name=pathlib
diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml
index 7e0d516..9bc77c7 100644
--- a/ansible/roles/docker/defaults/main.yml
+++ b/ansible/roles/docker/defaults/main.yml
@@ -4,6 +4,18 @@
 # minimum kernel version
 docker_check_kernel: '3.10'
 
+# Location of configuration files of docker daemon
+docker_daemon_config_directory: "/etc/docker"
+
+# Configuration files of docker daemon
+docker_daemon_config_file: "{{docker_daemon_config_directory}}/daemon.json"
+
+# Configure docker daemon storage driver
+docker_daemon_config_storage: "{% if ansible_cmdline.fstype == 'btrfs'%}btrfs{% endif %}"
+
+# Docker daemon configuration
+docker_daemon_config: {}
+
 # The docker package name
 docker_package: docker
 
@@ -21,13 +33,6 @@ docker_opts: "OPTIONS"
 docker_services:
   - docker
 
-# dockers
-# dockers:
-#   - nginx
-
-# docker cluster
-# docker_cluster: ""
-
 # Start docker
 docker_start: true
 
diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml
index 96777da..be22ae1 100644
--- a/ansible/roles/docker/handlers/main.yml
+++ b/ansible/roles/docker/handlers/main.yml
@@ -2,7 +2,8 @@
 # file handlers/main.yml
 
 - name: restart docker
+  with_items: "{{docker_services|default([])}}"
   service:
-    name: "{{docker_service}}"
-    state: "restarted"
-
+    name: "{{item}}"
+    state: restarted
+  become: yes
diff --git a/ansible/roles/docker/tasks/config.yml b/ansible/roles/docker/tasks/config.yml
index 37bdd56..7b2f9e4 100644
--- a/ansible/roles/docker/tasks/config.yml
+++ b/ansible/roles/docker/tasks/config.yml
@@ -2,10 +2,27 @@
 # file: tasks/config.yml
 
 - name: config - add docker storage setup
+  notify: restart docker
   lineinfile: dest="{{docker_init_config_directory}}/{{docker_package}}-storage-setup" state="present" line="STORAGE_DRIVER=\"\""
   when: docker_package|length > 0 and ansible_service_mgr == "systemd" and ansible_os_family|lower == "redhat"
   become: yes
 
+- name: config - register docker_daemon_config
+  set_fact:
+    docker_daemon_config: "{{ lookup('file',docker_daemon_config_file)|default('{}')|from_json}}"
+  ignore_errors: true
+
+- name: config - add docker daemon storage configuration for btrfs
+  notify: restart docker
+  template:
+    src: daemon.json.j2
+    dest: "{{docker_daemon_config_file}}"
+    owner: root
+    group: docker
+    mode: "0640"
+  when: docker_package|length > 0
+  become: yes
+
 # - name: config - disable docker iptables setup
 #   lineinfile: dest="/lib/systemd/system/docker.service" state="present" regex="^ExecStart=" line="ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=false"
 #   notify: restart docker
@@ -13,6 +30,7 @@
 #   become: yes
 
 - name: config - setup docker mtu on Openstack VMs
+  notify: restart docker
   lineinfile: dest="{{docker_init_config_directory}}/{{docker_package}}" state="present" backrefs=true regexp='^{{docker_opts}}=(?:\'|\")?((?:\s*[\w=\/\-\.](?<!--mtu=1450)\s*)*)(?:\'|\")?$' line='{{docker_opts}}="\1 --mtu=1450"'
   when: docker_package|length > 0 and ansible_product_name == "OpenStack Nova"
   become: yes
diff --git a/ansible/roles/docker/tasks/group.yml b/ansible/roles/docker/tasks/group.yml
index 268c0e6..b7e3d3a 100644
--- a/ansible/roles/docker/tasks/group.yml
+++ b/ansible/roles/docker/tasks/group.yml
@@ -9,4 +9,4 @@
 - name: group - add me to the docker group
   user: name="{{ansible_user_id}}" groups=docker append=yes
   become: yes
-  when: ansible_os_family|lower != "alpine" and ansible_user_id != "root"
+  when: ansible_os_family|lower != "alpine" and ansible_user_uid != "0"
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index 0d5e9f0..0387876 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -7,15 +7,15 @@
 - import_tasks: check.yml
   tags:
     - check
+- import_tasks: config.yml
+  tags:
+    - config
 - import_tasks: files.yml
   tags:
     - files
 - import_tasks: package.yml
   tags:
     - package
-- import_tasks: config.yml
-  tags:
-    - config
 - import_tasks: service.yml
   tags:
     - service
@@ -28,3 +28,6 @@
 - import_tasks: run.yml
   tags:
     - run
+- import_tasks: myos.yml
+  tags:
+    - myos
diff --git a/ansible/roles/docker/tasks/myos.yml b/ansible/roles/docker/tasks/myos.yml
new file mode 100644
index 0000000..e0d7f7b
--- /dev/null
+++ b/ansible/roles/docker/tasks/myos.yml
@@ -0,0 +1,61 @@
+---
+# file: tasks/myos.yml
+
+- name: myos - register myos
+  lookup:
+    file: ~/.env
+  register: myos
+
+- name: myos - check AWS meta-data URI
+  uri:
+    url: http://169.254.169.254/latest/meta-data
+    timeout: 1
+  register: aws_uri_check
+  tags:
+    - aws
+  failed_when: False
+
+- import_tasks: myos_ec2.yml
+  tags:
+    - aws
+    - ec2
+  when: aws_uri_check.status == 200
+
+# ansible v2.8
+# - name: myos - prune docker objects
+#   docker_prune:
+#     containers: yes
+#     images: yes
+#     images_filters:
+#       dangling: false
+#     networks: yes
+#     volumes: yes
+#     builder_cache: yes
+
+- name: myos - launch docker containers
+  docker_container:
+    image: "{{docker_registry|default(myos.tags.user)}}/{{myos.tags.user}}/{{myos.tags.env}}/{% if ':' in item %}{{item}}{% else %}{{item}}:{{docker_image_tag|default('latest')}}{% endif %}"
+    name: "{{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
+    network_mode: host
+    pull: yes
+    restart_policy: always
+    volumes:
+    - "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}:/shared"
+    - /etc/localtime:/etc/localtime:ro
+    - /var/run/docker.sock:/tmp/docker.sock:ro
+  with_items: '{{myos.tags.services.split(" ")}}'
+  when: myos.tags is defined and myos.tags.env is defined and myos.tags.services is defined and myos.tags.user is defined
+
+- name: myos - add docker containers to inventory
+  add_host:
+    name: "{{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
+    ansible_connection: docker
+  changed_when: false
+  with_items: '{{myos.tags.services.split(" ")}}'
+  when: myos.tags is defined and myos.tags.env is defined and myos.tags.services is defined and myos.tags.user is defined
+
+- name: myos - run make deploy-hook in docker containers
+  delegate_to: "{{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
+  raw: "command -v make || exit 0 && make deploy-hook CONTAINER={{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}} HOST={{ansible_ec2_local_ipv4}}"
+  with_items: '{{myos.tags.services.split(" ")}}'
+  when: myos.tags is defined and myos.tags.env is defined and myos.tags.services is defined and myos.tags.user is defined
diff --git a/ansible/roles/docker/tasks/myos_ec2.yml b/ansible/roles/docker/tasks/myos_ec2.yml
new file mode 100644
index 0000000..fb610c1
--- /dev/null
+++ b/ansible/roles/docker/tasks/myos_ec2.yml
@@ -0,0 +1,20 @@
+---
+# file: tasks/myos_ec2.yml
+
+- name: myos_ec2 - get instance metadata
+  ec2_metadata_facts:
+
+- name: myos_ec2 - get instance tags
+  ec2_tag:
+    aws_access_key: "{{ aws_access_key_id }}"
+    aws_secret_key: "{{ aws_secret_access_key }}"
+    region: "{{ ansible_ec2_placement_region }}"
+    resource: "{{ ansible_ec2_instance_id }}"
+    state: list
+  register: myos
+  when: ansible_ec2_instance_id is defined
+
+- name: myos_ec2 - ecr login
+  shell: "$(aws ecr get-login --no-include-email --region {{ aws_region }})"
+  when: myos.tags is defined
+
diff --git a/ansible/roles/docker/tasks/package.yml b/ansible/roles/docker/tasks/package.yml
index 364f501..5f9fbe0 100644
--- a/ansible/roles/docker/tasks/package.yml
+++ b/ansible/roles/docker/tasks/package.yml
@@ -9,6 +9,7 @@
 - name: package - add docker GPG key
   apt_key: url=https://download.docker.com/linux/debian/gpg
   when: ansible_os_family|lower == "debian"
+  ignore_errors: true
   become: yes
 
 - name: package - define arch
diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2
new file mode 100644
index 0000000..e0bb5d5
--- /dev/null
+++ b/ansible/roles/docker/templates/daemon.json.j2
@@ -0,0 +1 @@
+{{ docker_daemon_config|combine([{ "storage-driver": docker_daemon_config_storage }])|to_nice_json }}
diff --git a/ansible/roles/hosts/tasks/files.yml b/ansible/roles/hosts/tasks/files.yml
index dfd908b..da1224c 100644
--- a/ansible/roles/hosts/tasks/files.yml
+++ b/ansible/roles/hosts/tasks/files.yml
@@ -35,3 +35,4 @@
   - https://raw.githubusercontent.com/dylanaraps/pfetch/master/pfetch
   get_url: url={{item}} dest=/usr/local/bin owner=root group=root mode=0755
   become: yes
+  ignore_errors: true
diff --git a/ansible/roles/hosts/tasks/git.yml b/ansible/roles/hosts/tasks/git.yml
index f06fc3c..3958176 100644
--- a/ansible/roles/hosts/tasks/git.yml
+++ b/ansible/roles/hosts/tasks/git.yml
@@ -8,4 +8,5 @@
     dest: "{{ item.dest|default('/src') }}"
     key_file: "{{ item.key_file|default('~/.ssh/id_rsa') }}"
     version: "{{ item.version|default('HEAD') }}"
+  ignore_errors: true
   become: yes
diff --git a/ansible/roles/hosts/tasks/ssh.yml b/ansible/roles/hosts/tasks/ssh.yml
index 20d26c8..1ef555d 100644
--- a/ansible/roles/hosts/tasks/ssh.yml
+++ b/ansible/roles/hosts/tasks/ssh.yml
@@ -1,29 +1,15 @@
 ---
 # file: tasks/ssh.yml
 
-- name: ssh - add ssh_authorized_keys to file ~/.ssh/authorized_keys
-  authorized_key: user="{{ ansible_user|default('root') }}" key="{{ item }}"
-  with_items: "{{ hosts_ssh_authorized_keys|default([]) }}"
-  ignore_errors: true
-
-- name: ssh - add ssh_public_hosts keys to known_hosts
+- name: ssh - add hosts_ssh_public_hosts keys to known_hosts
   with_items: "{{ hosts_ssh_public_hosts|default([]) }}"
   known_hosts:
+    path: /etc/ssh/ssh_known_hosts
     name: "{{ item }}"
     key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}"
+  become: true
   ignore_errors: true
 
-- name: ssh - copy ssh_private_keys to ~/.ssh/
-  with_items: "{{ hosts_ssh_private_keys|default([]) }}"
-  copy: src="{{ item }}" dest=~/.ssh/ mode=0400
-  ignore_errors: true
-
-- name: ssh - update ~/.ssh/myos/config
-  template:
-    src: ssh_config.j2
-    dest: ~/.ssh/myos/config
-    mode: 0400
-
 - name: ssh - define sshd configuration
   set_fact:
     sshd_config:
diff --git a/ansible/roles/hosts/tasks/user.yml b/ansible/roles/hosts/tasks/user.yml
index c801461..b5f97c2 100644
--- a/ansible/roles/hosts/tasks/user.yml
+++ b/ansible/roles/hosts/tasks/user.yml
@@ -1,6 +1,16 @@
 ---
 # file: tasks/user.yml
 
+- name: user - add hosts_ssh_authorized_keys to ~/.ssh/authorized_keys
+  authorized_key: user="{{ ansible_user|default('root') }}" key="{{ item }}"
+  with_items: "{{ hosts_ssh_authorized_keys|default([]) }}"
+  ignore_errors: true
+
+- name: user - copy hosts_ssh_private_keys to ~/.ssh/
+  with_items: "{{ hosts_ssh_private_keys|default([]) }}"
+  copy: src="{{ item }}" dest=~/.ssh/ mode=0400
+  ignore_errors: true
+
 - name: user - create ~/.env
   template:
     src: env.j2
@@ -56,7 +66,7 @@
 
 - name: user - update ~/.screenrc
   with_items:
-  - defscrollback 1024
+  - defscrollback 4096
   - hardstatus alwayslastline "%{= kw}[%{G}$USER@%H%{-}] \# %?%-Lw%?[%{G}%n%f %t%{-}]%?%+Lw%?%?%=%-17< [%{B}%l%{-}]"
   - shell -$SHELL
   lineinfile: dest=~/.screenrc create=yes line='{{item}}'
@@ -66,6 +76,12 @@
   - include myos/config
   lineinfile: dest=~/.ssh/config create=yes line='{{item}}'
 
+- name: ssh - update ~/.ssh/myos/config
+  template:
+    src: ssh_config.j2
+    dest: ~/.ssh/myos/config
+    mode: 0400
+
 - name: user - update ~/.tmux.conf
   with_items:
   - source-file ~/.tmux/myos/config
diff --git a/ansible/roles/hosts/tests/goss/file.yml b/ansible/roles/hosts/tests/goss/file.yml
index cfdc7a1..3397f7b 100644
--- a/ansible/roles/hosts/tests/goss/file.yml
+++ b/ansible/roles/hosts/tests/goss/file.yml
@@ -1,4 +1,10 @@
 file:
+  /etc/issue.net:
+    exists: true
+    mode: "0644"
+    owner: root
+    group: root
+    filetype: file
   /etc/profile.d/rc.sh:
     exists: true
     mode: "0644"
@@ -11,4 +17,15 @@ file:
     owner: root
     group: root
     filetype: file
-
+  /usr/local/bin/goss:
+    exists: true
+    mode: "0755"
+    owner: root
+    group: root
+    filetype: file
+  /usr/local/bin/pfetch:
+    exists: true
+    mode: "0755"
+    owner: root
+    group: root
+    filetype: file
diff --git a/ansible/roles/hosts/tests/goss/package_alpine.yml b/ansible/roles/hosts/tests/goss/package_alpine.yml
index 99c781b..1738434 100644
--- a/ansible/roles/hosts/tests/goss/package_alpine.yml
+++ b/ansible/roles/hosts/tests/goss/package_alpine.yml
@@ -7,6 +7,8 @@ package:
     installed: true
   openssh-client:
     installed: true
+  py3-pip:
+    installed: true
   util-linux:
     installed: true
   vim:
diff --git a/ansible/roles/hosts/tests/goss/package_debian.yml b/ansible/roles/hosts/tests/goss/package_debian.yml
index d9b16f1..31d0a0f 100644
--- a/ansible/roles/hosts/tests/goss/package_debian.yml
+++ b/ansible/roles/hosts/tests/goss/package_debian.yml
@@ -7,6 +7,8 @@ package:
     installed: true
   openssh-client:
     installed: true
+  python-pip:
+    installed: true
   util-linux:
     installed: true
   vim-nox:
diff --git a/ansible/roles/hosts/tests/goss/package_redhat.yml b/ansible/roles/hosts/tests/goss/package_redhat.yml
index 576da5d..818f639 100644
--- a/ansible/roles/hosts/tests/goss/package_redhat.yml
+++ b/ansible/roles/hosts/tests/goss/package_redhat.yml
@@ -7,5 +7,7 @@ package:
     installed: true
   openssh-clients:
     installed: true
+  python-pip:
+    installed: true
   vim-minimal:
     installed: true
diff --git a/ansible/roles/hosts/vars/alpine.yml b/ansible/roles/hosts/vars/alpine.yml
index 39db34b..c657076 100644
--- a/ansible/roles/hosts/vars/alpine.yml
+++ b/ansible/roles/hosts/vars/alpine.yml
@@ -5,6 +5,7 @@ hosts_packages_distro:
   - { "name": "coreutils", "state": "present" }
   - { "name": "groff", "state": "present" }
   - { "name": "openssh-client", "state": "present" }
+  - { "name": "py3-pip", "state": "present" }
   - { "name": "util-linux", "state": "present" }
   - { "name": "vim", "state": "present" }
 
diff --git a/ansible/roles/hosts/vars/debian.yml b/ansible/roles/hosts/vars/debian.yml
index 36b8e78..249f521 100644
--- a/ansible/roles/hosts/vars/debian.yml
+++ b/ansible/roles/hosts/vars/debian.yml
@@ -5,6 +5,7 @@ hosts_packages_distro:
   - { "name": "coreutils", "state": "present" }
   - { "name": "groff", "state": "present" }
   - { "name": "openssh-client", "state": "present" }
+  - { "name": "python-pip", "state": "present" }
   - { "name": "util-linux", "state": "present" }
   - { "name": "vim-nox", "state": "present" }
 
diff --git a/ansible/roles/hosts/vars/redhat.yml b/ansible/roles/hosts/vars/redhat.yml
index 9c015a8..09aa71b 100644
--- a/ansible/roles/hosts/vars/redhat.yml
+++ b/ansible/roles/hosts/vars/redhat.yml
@@ -5,5 +5,6 @@ hosts_packages_distro:
   - { "name": "groff-base", "state": "present" }
   - { "name": "libselinux-python", "state": "present" }
   - { "name": "openssh-clients", "state": "present" }
+  - { "name": "python-pip", "state": "present" }
   - { "name": "vim-minimal", "state": "present" }
 
diff --git a/make/apps/common.mk b/make/apps/common.mk
index 1399f53..16f5427 100644
--- a/make/apps/common.mk
+++ b/make/apps/common.mk
@@ -9,7 +9,7 @@ bootstrap: bootstrap-git bootstrap-docker app-bootstrap ## Update application fi
 # target bootstrap-docker: Build and start application dockers
 # on local host
 .PHONY: boostrap-docker
-bootstrap-docker: install-bin-docker docker-network-create
+bootstrap-docker: install-bin-docker setup-docker-group
 
 # target bootstrap-git: Fire update-app
 .PHONY: bootstrap-git
@@ -215,4 +215,4 @@ upgrade: update app-upgrade release-upgrade ## Upgrade application
 
 # target %-rule-exists: Print a warning message if % target does not exists
 %-rule-exists:
-	$(if $(filter $*,$(MAKECMDGOALS)),$(if $(filter-out $*,$(MAKE_TARGETS)),$(call WARNING,no target,$*,$(APP))))
+	$(if $(filter $*,$(MAKECMDGOALS)),$(if $(filter-out $*,$(MAKE_TARGETS)),$(call WARNING,target,$*,unavailable in app,$(APP))))
diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk
index 2c746d2..171b2ff 100644
--- a/make/apps/def.docker.mk
+++ b/make/apps/def.docker.mk
@@ -27,7 +27,6 @@ DOCKER_BUILD_TARGETS            ?= $(ENV_DEPLOY)
 DOCKER_BUILD_VARS               ?= APP BRANCH DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
 DOCKER_COMPOSE_DOWN_OPTIONS     ?=
 DOCKER_COMPOSE_UP_OPTIONS       ?= -d
-DOCKER_GID                      ?= $(call gid,docker)
 DOCKER_IMAGE_TAG                ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
 DOCKER_IMAGES                   ?= $(patsubst %/,%,$(patsubst docker/%,%,$(dir $(wildcard docker/*/Dockerfile))))
 DOCKER_PLUGIN                   ?= rexray/s3fs:latest
@@ -45,7 +44,7 @@ DOCKER_REPOSITORY               ?= $(subst _,/,$(COMPOSE_PROJECT_NAME))
 DOCKER_SERVICE                  ?= $(lastword $(DOCKER_SERVICES))
 DOCKER_SERVICES                 ?= $(eval IGNORE_DRYRUN := true)$(shell $(call docker-compose,--log-level critical config --services))$(eval IGNORE_DRYRUN := false)
 DOCKER_SHELL                    ?= $(SHELL)
-ENV_VARS                        += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_GID DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL
+ENV_VARS                        += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL
 
 ifneq ($(DOCKER_RUN),)
 DOCKER_COMPOSE                  ?= docker/compose:$(COMPOSE_VERSION)
@@ -61,7 +60,7 @@ DOCKER_COMPOSE_UP_OPTIONS       := -d --build
 endif
 
 # https://github.com/docker/libnetwork/pull/2348
-ifeq ($(HOST_SYSTEM), DARWIN)
+ifeq ($(OPERATING_SYSTEM),Darwin)
 DOCKER_HOST_IFACE               ?= $(shell docker run --rm -it --net=host alpine /sbin/ip -4 route list match 0/0 2>/dev/null |awk '{print $$5}' |awk '!seen[$$0]++' |head -1)
 DOCKER_HOST_INET                ?= $(shell docker run --rm -it --net=host alpine /sbin/ip -4 addr show $(DOCKER_HOST_IFACE) 2>/dev/null |awk '$$1 == "inet" {sub(/\/.*/,"",$$2); print $$2}')
 DOCKER_INTERNAL_DOCKER_GATEWAY  ?= $(shell docker run --rm -it alpine getent hosts gateway.docker.internal |awk '{print $$1}' |head -1)
diff --git a/make/apps/def.setup.mk b/make/apps/def.setup.mk
deleted file mode 100644
index c141821..0000000
--- a/make/apps/def.setup.mk
+++ /dev/null
@@ -1,4 +0,0 @@
-SETUP_NFSD                      ?= false
-SETUP_NFSD_OSX_CONFIG           ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
-SETUP_SYSCTL                    ?= false
-SETUP_SYSCTL_CONFIG             ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024
diff --git a/make/apps/docker.mk b/make/apps/docker.mk
index 52c2692..11caecc 100644
--- a/make/apps/docker.mk
+++ b/make/apps/docker.mk
@@ -168,7 +168,7 @@ docker-push:
 ifneq ($(filter $(DEPLOY),true),)
 	$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-push,$(service)))
 else
-	$(call WARNING,disabled target,$@,$(APP))
+	$(call WARNING,target,$@,disabled in app,$(APP))
 endif
 
 # target docker-push-%: Call docker-push with tag % for each SERVICES
@@ -177,7 +177,7 @@ docker-push-%:
 ifneq ($(filter $(DEPLOY),true),)
 	$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-push,$(service),,$*))
 else
-	$(call WARNING,disabled target,$@,$(APP))
+	$(call WARNING,target,$@,disabled in app,$(APP))
 endif
 
 # target docker-rebuild: Call docker-build target with DOCKER_BUILD_CAHE=false
@@ -220,7 +220,7 @@ docker-tag:
 ifneq ($(filter $(DEPLOY),true),)
 	$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-tag,$(service)))
 else
-	$(call WARNING,disabled target,$@,$(APP))
+	$(call WARNING,target,$@,disabled in app,$(APP))
 endif
 
 # target docker-tag-%: Call docker-tag with target tag % for each SERVICES
@@ -229,7 +229,7 @@ docker-tag-%:
 ifneq ($(filter $(DEPLOY),true),)
 	$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-tag,$(service),,,,$*))
 else
-	$(call WARNING,disabled target,$@,$(APP))
+	$(call WARNING,target,$@,disabled in app,$(APP))
 endif
 
 # target docker-volume-rm: Fire docker-volume-rm-% for COMPOSE_PROJECT_NAME
diff --git a/make/apps/install.mk b/make/apps/install.mk
index 5cae306..1b4f391 100644
--- a/make/apps/install.mk
+++ b/make/apps/install.mk
@@ -1,6 +1,21 @@
 ##
 # INSTALL
 
+# target install-build-config: Call install-config with file * and dest build
+.PHONY: install-build-config
+install-build-config:
+	$(call install-config,,*,build)
+
+# target install-config: Call install-config
+.PHONY: install-config
+install-config:
+	$(call install-config)
+
+# target install-config-%: Call install-config with app %
+.PHONY: install-config-%
+install-config-%:
+	$(call install-config,$*)
+
 # target install-mysql-database-%: Import %.mysql.gz to database %
 # on local host
 ## it creates database %
@@ -33,18 +48,3 @@ install-pgsql-database-%: myos-base
 	$(call exec,[ $$(PGPASSWORD=$* psql -h postgres -U $* -d $* -c "\d" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.pgsql" ]) \
 		&& $(call exec,$(RUN) sh -c 'PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH SUPERUSER" && PGPASSWORD="postgres" pg_restore -h postgres --no-owner --role=$* -U postgres -d $* ${APP_DIR}/$*.pgsql && PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH NOSUPERUSER"') \
 		||:
-
-# target install-build-config: Call install-config with file * and dest build
-.PHONY: install-build-config
-install-build-config:
-	$(call install-config,,*,build)
-
-# target install-config: Call install-config
-.PHONY: install-config
-install-config:
-	$(call install-config)
-
-# target install-config-%: Call install-config with app %
-.PHONY: install-config-%
-install-config-%:
-	$(call install-config,$*)
diff --git a/make/apps/setup.mk b/make/apps/myos/def.setup.mk
similarity index 61%
rename from make/apps/setup.mk
rename to make/apps/myos/def.setup.mk
index 98bfa34..1bec0d7 100644
--- a/make/apps/setup.mk
+++ b/make/apps/myos/def.setup.mk
@@ -1,19 +1,7 @@
-##
-# SETUP
-
-.PHONY: setup-sysctl
-setup-sysctl:
-ifeq ($(SETUP_SYSCTL),true)
-	$(foreach config,$(SETUP_SYSCTL_CONFIG),$(call docker-run,sysctl -q -w $(config),--privileged alpine) &&) true
-endif
-
-.PHONY: setup-nfsd
-setup-nfsd:
-ifeq ($(SETUP_NFSD),true)
-ifeq ($(HOST_SYSTEM),DARWIN)
-	$(call setup-nfsd-osx)
-endif
-endif
+SETUP_NFSD                      ?= false
+SETUP_NFSD_OSX_CONFIG           ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
+SETUP_SYSCTL                    ?= false
+SETUP_SYSCTL_CONFIG             ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024
 
 define setup-nfsd-osx
 	$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
diff --git a/make/apps/myos/setup.mk b/make/apps/myos/setup.mk
new file mode 100644
index 0000000..745b6a3
--- /dev/null
+++ b/make/apps/myos/setup.mk
@@ -0,0 +1,31 @@
+##
+# SETUP
+
+# target setup-docker-group: Call ansible to add user in docker group if needed
+.PHONY: setup-docker-group
+setup-docker-group:
+ifneq ($(DOCKER),)
+ifeq ($(or $(filter $(USER),$(subst $(comma), ,$(shell awk -F':' '$$1 == "docker" {print $$4}' /etc/group))),$(filter 0,$(UID))),)
+	$(call ansible-user-add-groups,$(USER),docker)
+	$(call WARNING,user,$(USER),added in group,docker)
+endif
+ifeq ($(filter 0 $(DOCKER_GID),$(shell id -G)),)
+	$(call ERROR,YOU MUST LOGOUT NOW AND LOGIN BACK TO GET DOCKER GROUP MEMBERSHIP)
+endif
+endif
+
+# target setup-nfsd: Call setup-nfsd-osx if SETUP_NFSD=true and OPERATING_SYSTEM=Darwin
+.PHONY: setup-nfsd
+setup-nfsd:
+ifeq ($(SETUP_NFSD),true)
+ifeq ($(OPERATING_SYSTEM),Darwin)
+	$(call setup-nfsd-osx)
+endif
+endif
+
+# target setup-sysctl: Add sysctl config for each SETUP_SYSCTL_CONFIG
+.PHONY: setup-sysctl
+setup-sysctl:
+ifeq ($(SETUP_SYSCTL),true)
+	$(foreach config,$(SETUP_SYSCTL_CONFIG),$(call docker-run,sysctl -q -w $(config),--privileged alpine) &&) true
+endif
diff --git a/make/def.docker.mk b/make/def.docker.mk
index 323f4f8..3b7cea9 100644
--- a/make/def.docker.mk
+++ b/make/def.docker.mk
@@ -3,6 +3,7 @@ COMPOSE_PROJECT_NAME_NODE       ?= node
 COMPOSE_VERSION                 ?= 1.29.2
 DOCKER_ENV                      ?= $(env.docker)
 DOCKER_EXEC_OPTIONS             ?=
+DOCKER_GID                      ?= $(call gid,docker)
 DOCKER_IMAGE                    ?= $(DOCKER_IMAGE_CLI)
 DOCKER_IMAGE_CLI                ?= $(DOCKER_REPOSITORY_MYOS)/cli
 DOCKER_IMAGE_SSH                ?= $(DOCKER_REPOSITORY_MYOS)/ssh
diff --git a/make/def.mk b/make/def.mk
index 1da235d..8139cb3 100644
--- a/make/def.mk
+++ b/make/def.mk
@@ -17,19 +17,20 @@ CMD_APK_REMOVE                  ?= $(if $(shell type -p apk),apk --no-cache del)
 CMD_APT_INSTALL                 ?= $(if $(shell type -p apt-get),apt-get update && apt-get -fy install)
 CMD_APT_REMOVE                  ?= $(if $(shell type -p apt-get),apt-get -fy remove)
 CMDS                            ?= exec exec:% exec@% install-app install-apps run run:% run@%
-COLOR_INFO                      ?= $(COLOR_BROWN)
+COLOR_BLUE                      ?= \033[01;34m
+COLOR_BROWN                     ?= \033[33m
+COLOR_CYAN                      ?= \033[36m
+COLOR_DGRAY                     ?= \033[30m
+COLOR_ERROR                     ?= $(COLOR_RED)
+COLOR_GRAY                      ?= \033[37m
+COLOR_GREEN                     ?= \033[32m
 COLOR_HIGHLIGHT                 ?= $(COLOR_GREEN)
+COLOR_INFO                      ?= $(COLOR_BROWN)
+COLOR_RED                       ?= \033[31m
+COLOR_RESET                     ?= \033[0m
 COLOR_VALUE                     ?= $(COLOR_CYAN)
 COLOR_WARNING                   ?= $(COLOR_YELLOW)
-COLOR_RESET                     ?= \033[0m
-COLOR_DGRAY                     ?= \033[30m
-COLOR_RED                       ?= \033[31m
-COLOR_GREEN                     ?= \033[32m
-COLOR_BROWN                     ?= \033[33m
 COLOR_YELLOW                    ?= \033[01;33m
-COLOR_BLUE                      ?= \033[01;34m
-COLOR_CYAN                      ?= \033[36m
-COLOR_GRAY                      ?= \033[37m
 COMMIT                          ?= $(or $(SUBREPO_COMMIT),$(GIT_COMMIT))
 CONFIG                          ?= $(RELATIVE)config
 CONFIG_REPOSITORY               ?= $(CONFIG_REPOSITORY_URL)
@@ -122,20 +123,20 @@ endif
 
 # Guess OS
 ifeq ($(OSTYPE),cygwin)
-HOST_SYSTEM                     := CYGWIN
+OPERATING_SYSTEM                := cygwin
 else ifeq ($(OS),Windows_NT)
-HOST_SYSTEM                     := WINDOWS
+OPERATING_SYSTEM                := Windows_NT
 else
 UNAME_S := $(shell uname -s 2>/dev/null)
 ifeq ($(UNAME_S),Linux)
-HOST_SYSTEM                     := LINUX
+OPERATING_SYSTEM                := Linux
 endif
 ifeq ($(UNAME_S),Darwin)
-HOST_SYSTEM                     := DARWIN
+OPERATING_SYSTEM                := Darwin
 endif
 endif
 
-ifeq ($(HOST_SYSTEM),DARWIN)
+ifeq ($(OPERATING_SYSTEM),Darwin)
 SED_SUFFIX                      := ''
 endif
 
@@ -171,6 +172,19 @@ define conf
 	done < "$(file)"
 endef
 
+ERROR_FD := 2
+# macro ERROR: print colorized warning
+ERROR = \
+printf '${COLOR_ERROR}ERROR:${COLOR_RESET} ${COLOR_INFO}$(APP)${COLOR_RESET}[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}]$(if $@, ${COLOR_VALUE}$@${COLOR_RESET}):${COLOR_RESET} ' >&$(ERROR_FD) \
+  $(if $(2), \
+    && printf '$(1) ${COLOR_HIGHLIGHT}$(2)${COLOR_RESET}' >&$(ERROR_FD) \
+    $(if $(3),&& printf ' $(3)$(if $(4), ${COLOR_VALUE}$(4)${COLOR_RESET})' >&$(ERROR_FD)) \
+  , \
+    && $(strip $(call PRINTF,$(1)) >&$(ERROR_FD)) \
+  ) \
+ && printf '\n' >&$(ERROR_FD) \
+ && exit 2
+
 # macro force: Run command 1 sine die
 ## it starts command 1 if it is not already running
 ## it returns never
@@ -190,15 +204,12 @@ force = $$(while true; do \
 )
 
 # macro gid: Return GID of group 1
-gid = $(shell grep '^$(1):' /etc/group 2>/dev/null |awk -F: '{print $$3}')
+gid = $(shell awk -F':' '$$1 == "$(1)" {print $$3}' /etc/group 2>/dev/null)
 
 INFO_FD := 2
-# macro INFO: customized info
-INFO = \
-$(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
-  printf '${COLOR_INFO}$(APP)${COLOR_RESET}\
-[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}] \
-${COLOR_HIGHLIGHT}$@${COLOR_RESET}:${COLOR_RESET} ' >&$(INFO_FD) \
+# macro INFO: print colorized info
+INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
+  printf '${COLOR_INFO}$(APP)${COLOR_RESET}[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}]$(if $@, ${COLOR_VALUE}$@${COLOR_RESET}):${COLOR_RESET} ' >&$(INFO_FD) \
   $(if $(2), \
     && printf 'Call ${COLOR_HIGHLIGHT}$(1)${COLOR_RESET}$(lbracket)' >&$(INFO_FD) \
     && $(or $(strip $(call PRINTF,$(2))),printf '$(2)') >&$(INFO_FD) \
@@ -207,7 +218,7 @@ ${COLOR_HIGHLIGHT}$@${COLOR_RESET}:${COLOR_RESET} ' >&$(INFO_FD) \
   , \
     && $(strip $(call PRINTF,$(1)) >&$(INFO_FD)) \
   ) \
-  && printf '\n' >&$(INFO_FD) \
+ && printf '\n' >&$(INFO_FD) \
 ))
 
 # function install-app: Run 'git clone url 1 dir 2' or Call update-app with url 1 dir 2
@@ -279,18 +290,16 @@ $(TARGET):
 endef
 
 WARNING_FD := 2
-# macro WARNING: customized warning
-WARNING = printf '${COLOR_WARNING}WARNING:${COLOR_RESET} ${COLOR_INFO}$(APP)${COLOR_RESET}\
-[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}] \
-${COLOR_HIGHLIGHT}$@${COLOR_RESET}:${COLOR_RESET} ' >&$(WARNING_FD) \
+# macro WARNING: print colorized warning
+WARNING = \
+printf '${COLOR_WARNING}WARNING:${COLOR_RESET} ${COLOR_INFO}$(APP)${COLOR_RESET}[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}]$(if $@, ${COLOR_VALUE}$@${COLOR_RESET}):${COLOR_RESET} ' >&$(WARNING_FD) \
   $(if $(2), \
-    && printf '$(1) ' >&$(WARNING_FD) \
-    && printf '${COLOR_HIGHLIGHT}$(2)${COLOR_RESET}' >&$(WARNING_FD) \
-    $(if $(3),&& printf ' in ${COLOR_VALUE}$(3)${COLOR_RESET}' >&$(WARNING_FD)) \
+    && printf '$(1) ${COLOR_HIGHLIGHT}$(2)${COLOR_RESET}' >&$(WARNING_FD) \
+    $(if $(3),&& printf ' $(3)$(if $(4), ${COLOR_VALUE}$(4)${COLOR_RESET})' >&$(WARNING_FD)) \
   , \
     && $(strip $(call PRINTF,$(1)) >&$(WARNING_FD)) \
   ) \
-  && printf '\n' >&$(WARNING_FD)
+ && printf '\n' >&$(WARNING_FD)
 
 # set ENV=env for targets ending with :env
 ## for each env in ENV_LIST
diff --git a/make/monorepo/common.mk b/make/monorepo/common.mk
index b5f1fb1..a2d9796 100644
--- a/make/monorepo/common.mk
+++ b/make/monorepo/common.mk
@@ -24,7 +24,7 @@ config: $(APPS)
 # target copy: Copy files and folders to all APPS
 .PHONY: copy
 copy:
-	$(foreach app,$(APPS),$(foreach file,$(ARGS),$(if $(wildcard $(file)),$(RUN) $(if $(filter LINUX,$(HOST_SYSTEM)),cp -a --parents $(file) $(app)/,rsync -a $(file) $(app)/$(file)) &&)) true &&) true
+	$(foreach app,$(APPS),$(foreach file,$(ARGS),$(if $(wildcard $(file)),$(RUN) $(if $(filter Linux,$(OPERATING_SYSTEM)),cp -a --parents $(file) $(app)/,rsync -a $(file) $(app)/$(file)) &&)) true &&) true
 
 # target deploy: Fire APPS target
 .PHONY: deploy
@@ -95,7 +95,7 @@ upgrade: upgrade-apps release-upgrade ## Upgrade applications
 $(APPS):
 	$(if $(wildcard $@/Makefile), \
       $(call make,$(patsubst apps-%,%,$(MAKECMDGOALS)) STATUS=0,$(patsubst %/,%,$@),APP_PATH_PREFIX), \
-      $(call WARNING,no Makefile in,$@) \
+      $(call WARNING,no,Makefile,available in app,$@) \
 	)
 
 # target apps-%: Fire $(APPS) target to call target % in $(APPS)
diff --git a/packer/def.packer.mk b/packer/def.packer.mk
index f5e9819..05d01fb 100644
--- a/packer/def.packer.mk
+++ b/packer/def.packer.mk
@@ -62,16 +62,16 @@ password                        := $(or $(shell pwgen -csy -r\' 64 1 2>/dev/null
 endif
 endif
 
-ifeq ($(HOST_SYSTEM),DARWIN)
+ifeq ($(OPERATING_SYSTEM),Darwin)
 ifneq ($(DOCKER), true)
 PACKER_QEMU_ACCELERATOR         := hvf
 else
 PACKER_QEMU_ACCELERATOR         := tcg
 PACKER_QEMU_ARGS                += -cpu max,vendor=GenuineIntel,vmware-cpuid-freq=on,+invtsc,+aes,+vmx
 endif
-else ifeq ($(HOST_SYSTEM),LINUX)
+else ifeq ($(OPERATING_SYSTEM),Linux)
 DOCKER_RUN_OPTIONS_PACKER       += $(if $(KVM_GID),--group-add $(KVM_GID)) --device /dev/kvm
-else ifeq ($(HOST_SYSTEM),WINDOWS)
+else ifeq ($(OPERATING_SYSTEM),Windows_NT)
 PACKER_QEMU_ACCELERATOR         := hax
 endif
 
diff --git a/packer/packer.mk b/packer/packer.mk
index c4664ba..0234d6f 100644
--- a/packer/packer.mk
+++ b/packer/packer.mk
@@ -18,7 +18,7 @@ packer-build-templates: $(PACKER_TEMPLATES) ## Build all packer templates
 
 # target $(PACKER_TEMPLATES): Call packer-build $@
 .PHONY: $(PACKER_TEMPLATES)
-ifeq ($(HOST_SYSTEM),DARWIN)
+ifeq ($(OPERATING_SYSTEM),Darwin)
 $(PACKER_TEMPLATES): DOCKER     ?= false
 endif
 $(PACKER_TEMPLATES):
@@ -36,7 +36,7 @@ packer-qemu: packer-qemu-$(PACKER_ISO_NAME) ## Launch iso image in qemu
 
 # target packer-qemu-%: Call packer-qemu PACKER_OUTPUT/%.iso
 .PHONY: packer-qemu-%
-ifeq ($(HOST_SYSTEM),DARWIN)
+ifeq ($(OPERATING_SYSTEM),Darwin)
 packer-qemu-%: DOCKER           ?= false
 endif
 packer-qemu-%: docker-build-packer ## Run iso image in qemu
diff --git a/stack/base.mk b/stack/base.mk
index 22e606e..30f39b5 100644
--- a/stack/base.mk
+++ b/stack/base.mk
@@ -1,3 +1,3 @@
 # target base: Fire ssh-add
 .PHONY: base
-base: $(if $(DOCKER_RUN),install-bin-docker docker-network-create stack-base-up) ssh-add
+base: $(if $(DOCKER_RUN),bootstrap-docker docker-network-create stack-base-up) ssh-add
diff --git a/stack/node.mk b/stack/node.mk
index ccf47f5..f9b98ab 100644
--- a/stack/node.mk
+++ b/stack/node.mk
@@ -2,4 +2,4 @@ ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET
 
 # target node: Fire docker-network-create-% for DOCKER_NETWORK_PUBLIC ssl-certs stack-node-up
 .PHONY: node
-node: docker-network-create-$(DOCKER_NETWORK_PUBLIC) ssl-certs stack-node-up
+node: bootstrap-docker docker-network-create-$(DOCKER_NETWORK_PUBLIC) ssl-certs stack-node-up