uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

service: Add support for template mounts

Browse Source 
Template mounts are templated from jinja2 templates to a service name
-specific directory under /srv and bind mounted inside the container.
This commit is contained in:
uumas
2024-11-19 20:10:33 +02:00
parent b17932816b
commit 1b62d4df72
6 changed files with 68 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/service/meta/argument_specs.yaml
View File

@@ -50,11 +50,13 @@ argument_specs:
choices: choices:
- volume - volume
- bind - bind
- template
source: source:
description: description:
- Mount source. - Mount source.
- If mount type is volume, name of the volume. - If mount type is volume, name of the volume.
- If mount type is bind, host path to bind mount inside the container. - If mount type is bind, host path to bind mount inside the container.
- If mount type is template, the name of the template file, must end in .j2
type: str type: str
required: true required: true
destination: destination:
@@ -62,10 +64,11 @@ argument_specs:
type: str type: str
required: true required: true
readonly: readonly:
description: If true, volume will be mounted as read only inside the container description:
- If true, volume will be mounted as read only inside the container.
- Defaults to false for volume and bind, true for template
type: bool type: bool
required: false required: false
default: false
service_container_secrets: service_container_secrets:
description: A list of secrets available to the service container in /run/secrets/<service name>-<secret name> description: A list of secrets available to the service container in /run/secrets/<service name>-<secret name>
type: list type: list
@@ -145,11 +148,13 @@ argument_specs:
choices: choices:
- volume - volume
- bind - bind
- template
source: source:
description: description:
- Mount source. - Mount source.
- If mount type is volume, name of the volume. - If mount type is volume, name of the volume.
- If mount type is bind, host path to bind mount inside the container. - If mount type is bind, host path to bind mount inside the container.
- If mount type is template, the name of the template file, must end in .j2
type: str type: str
required: true required: true
destination: destination:
@@ -157,10 +162,11 @@ argument_specs:
type: str type: str
required: true required: true
readonly: readonly:
description: If true, volume will be mounted as read only inside the container description:
- If true, volume will be mounted as read only inside the container
- Defaults to false for volume and bind, true for template
type: bool type: bool
required: false required: false
default: false
publish_ports: publish_ports:
description: "A list of published ports in docker format (<host listen address>:<host port>:<container port>)" description: "A list of published ports in docker format (<host listen address>:<host port>:<container port>)"
type: list type: list

2
roles/service/tasks/main.yaml
View File

@@ -25,7 +25,7 @@
when: service_container_mounts | length > 0 when: service_container_mounts | length > 0
- name: Main container for {{ service_name }} - name: Main container for {{ service_name }}
ansible.builtin.include_role: ansible.builtin.import_role:
name: container name: container
vars: vars:
container_name: "{{ service_name }}" container_name: "{{ service_name }}"

32
roles/service/tasks/mount.yaml Normal file
View File

@@ -0,0 +1,32 @@
---
- name: Set container named mounts
ansible.builtin.set_fact:
_service_container_mounts: >
{{ _service_container_mounts +
[mount | combine({'source': service_name + '-' + mount.source})] }}
when: mount.type == 'volume'
- name: Set container named mounts
ansible.builtin.set_fact:
_service_container_mounts: "{{ _service_container_mounts + [mount] }}"
when: mount.type == 'bind'
- name: Template mounts
when: mount.type == 'template'
block:
- name: Set template host path
ansible.builtin.set_fact:
_service_template_host_path: "{{ _service_host_directory }}/mounts/{{ (mount.source | split('.'))[0:-1] | join('.') }}" # Strip .j2 extension
- name: Template files for template mounts
ansible.builtin.template:
src: "{{ mount.source }}"
dest: "{{ _service_template_host_path }}"
mode: "0644"
notify: "Restart container service {{ service_name }}"
- name: Set container template mounts
ansible.builtin.set_fact:
_service_container_mounts: >
{{ _service_container_mounts +
[{'readonly': true} | combine(mount) | combine({'type': 'bind', 'source': _service_template_host_path})] }}

29
roles/service/tasks/mounts.yaml
View File

@@ -1,18 +1,21 @@
--- ---
- name: Set container named mounts - name: Create template mount directories under /srv
ansible.builtin.set_fact: when: _service_template_mounts | length > 0
_service_container_mounts: > block:
{{ _service_container_mounts + - name: Create directory {{ _service_host_directory }}
[mount | combine({'source': service_name + '-' + mount.source})] }} ansible.builtin.file:
when: mount.type == 'volume' path: "{{ _service_host_directory }}"
loop: "{{ service_container_mounts }}" state: directory
loop_control: mode: "0755"
loop_var: mount
- name: Set container named mounts - name: Create directory {{ _service_host_directory + '/mounts' }}
ansible.builtin.set_fact: ansible.builtin.file:
_service_container_mounts: "{{ _service_container_mounts + [mount] }}" path: "{{ _service_host_directory }}/mounts"
when: mount.type == 'bind' state: directory
mode: "0700"
- name: Set mount definitions for {{ service_name }}
ansible.builtin.include_tasks: mount.yaml
loop: "{{ service_container_mounts }}" loop: "{{ service_container_mounts }}"
loop_control: loop_control:
loop_var: mount loop_var: mount

6
roles/service/tasks/validation.yaml
View File

@@ -8,3 +8,9 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: "service_postgres_tag needs to be set when database type is postgres" msg: "service_postgres_tag needs to be set when database type is postgres"
when: "service_database_type == 'postgres' and service_postgres_tag is not defined" when: "service_database_type == 'postgres' and service_postgres_tag is not defined"
- name: Fail if template mount source doesn't end in .j2
ansible.builtin.fail:
msg: "Template mount source file name needs to end in .j2. The file {{ item.source }} of {{ service_name }} doesn't."
when: "item.source | split('.') | last != 'j2'"
loop: "{{ _service_template_mounts }}"

3
roles/service/vars/main.yaml Normal file
View File

@@ -0,0 +1,3 @@
---
_service_template_mounts: "{{ service_container_mounts | selectattr('type', '==', 'template') | list }}"
_service_host_directory: "/srv/{{ service_name }}"