uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

service: Support publishing arbitary ports through sockets

Browse Source
This commit is contained in:
uumas
2026-03-12 00:32:10 +02:00
parent 470b60f988
commit 294b931d19
7 changed files with 122 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
roles/service/meta/argument_specs.yaml
View File

@@ -93,11 +93,44 @@ argument_specs:
default: [] default: []
elements: str elements: str
service_container_publish_ports: service_container_publish_ports:
description: "A list of published ports in docker format (<host listen address>:<host port>:<container port>)" description: A list of ports to publish outside the container
type: list type: list
required: false required: false
default: [] default: []
elements: str elements: dict
options:
name:
description:
- Name of the port.
- If type is socket, the socket will be created at /run/<service name>-<port name>.sock on the host.
- If type is not socket, this is just informative.
type: str
required: true
container_port:
description: Container port to publish
type: int
required: true
type:
description: Whether to publish as a port or socket
type: str
required: false
default: port
choices:
- socket
- port
host_address:
description:
- IP or hostname to listen on on the host
- Ignored if type is socket
type: str
required: false
default: 0.0.0.0
host_port:
description:
- Port to listen on on the host
- Required if type is port, ignored otherwise
type: int
required: false
service_container_mounts: service_container_mounts:
description: List of bind mounts or volumes to be mounted inside the service container(s). description: List of bind mounts or volumes to be mounted inside the service container(s).
type: list type: list

8
roles/service/tasks/additional.yaml
View File

@@ -9,7 +9,7 @@
container_entrypoint: "{{ _service_additional_container.entrypoint | default('') }}" container_entrypoint: "{{ _service_additional_container.entrypoint | default('') }}"
container_user: "{{ service_container_user }}" container_user: "{{ service_container_user }}"
container_mounts: "{{ _service_additional_container_mounts }}" container_mounts: "{{ _service_additional_container_mounts }}"
container_publish_ports: "{{ _service_additional_container.publish_ports | default([]) }}" container_publish_ports: "{{ _service_additional_container_publish_ports }}"
container_networks: "{{ _service_container_networks }}" container_networks: "{{ _service_container_networks }}"
container_ip: "{{ _service_additional_container_ip }}" container_ip: "{{ _service_additional_container_ip }}"
container_secrets: "{{ _service_additional_container.secrets | default(_service_container_secrets) }}" container_secrets: "{{ _service_additional_container.secrets | default(_service_container_secrets) }}"
@@ -23,3 +23,9 @@
loop_control: loop_control:
loop_var: _service_additional_container loop_var: _service_additional_container
index_var: _service_additional_container_index index_var: _service_additional_container_index
- name: Socat sockets for additional containers of {{ service_name }}
ansible.builtin.include_tasks: additional_socat.yaml
loop: "{{ _service_additional_containers }}"
loop_control:
loop_var: _service_additional_container

12
roles/service/tasks/additional_socat.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Socat for socket published ports of {{ service_name }}
ansible.builtin.include_role:
name: socat
loop: "{{ _service_additional_container_publish_socket_ports }}"
loop_control:
loop_var: publish_port
vars:
socat_service_name: "{{ service_name }}-{{ publish_port.name }}"
socat_target_container: "{{ _service_additional_container.name }}"
socat_target_http_port: "{{ publish_port.container_port }}"
socat_auto_update: "{{ service_auto_update }}"

16
roles/service/tasks/main.yaml
View File

@@ -37,7 +37,7 @@
container_user: "{{ service_container_user }}" container_user: "{{ service_container_user }}"
container_mounts: "{{ _service_container_mounts }}" container_mounts: "{{ _service_container_mounts }}"
container_devices: "{{ service_container_devices }}" container_devices: "{{ service_container_devices }}"
container_publish_ports: "{{ service_container_publish_ports }}" container_publish_ports: "{{ _service_container_publish_ports }}"
container_networks: "{{ _service_container_networks }}" container_networks: "{{ _service_container_networks }}"
container_ip: "{{ service_container_ip }}" container_ip: "{{ service_container_ip }}"
container_secrets: "{{ _service_container_secrets }}" container_secrets: "{{ _service_container_secrets }}"
@@ -47,7 +47,7 @@
container_wants: "{{ _service_container_wants }}" container_wants: "{{ _service_container_wants }}"
container_auto_update: "{{ service_auto_update }}" container_auto_update: "{{ service_auto_update }}"
- name: Socat for {{ service_name }} - name: Socat for http of {{ service_name }}
ansible.builtin.include_role: ansible.builtin.include_role:
name: socat name: socat
when: service_container_http_port > 0 when: service_container_http_port > 0
@@ -58,6 +58,18 @@
{{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }} {{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }}
socat_auto_update: "{{ service_auto_update }}" socat_auto_update: "{{ service_auto_update }}"
- name: Socat for socket published ports of {{ service_name }}
ansible.builtin.include_role:
name: socat
loop: "{{ _service_container_publish_socket_ports }}"
loop_control:
loop_var: publish_port
vars:
socat_service_name: "{{ service_name }}-{{ publish_port.name }}"
socat_target_container: "{{ service_name }}"
socat_target_http_port: "{{ publish_port.container_port }}"
socat_auto_update: "{{ service_auto_update }}"
- name: Reverse proxy for {{ service_name }} - name: Reverse proxy for {{ service_name }}
ansible.builtin.include_tasks: proxy.yaml ansible.builtin.include_tasks: proxy.yaml
when: service_domains | length > 0 when: service_domains | length > 0

29
roles/service/vars/main/additional.yaml
View File

@@ -18,6 +18,35 @@ _service_additional_container_ip: >-
if _service_static_ip else '' if _service_static_ip else ''
}} }}
_service_additional_container_publish_ports_with_defaults: >-
{{
([{ 'type': 'port', 'host_address': '0.0.0.0' }] * _service_additional_container.publish_ports | length)
| zip(_service_additional_container.publish_ports)
| map('combine')
}}
_service_additional_container_publish_socket_ports: >-
{{
_service_additional_container_publish_ports_with_defaults | selectattr('type', '==', 'socket')
if _service_additional_container.publish_ports is defined
else
[]
}}
_service_additional_container_publish_port_ports: >-
{{
_service_additional_container_publish_ports_with_defaults | selectattr('type', '==', 'port')
if _service_additional_container.publish_ports is defined
else
[]
}}
_service_additional_container_publish_ports: >-
{{
_service_additional_container_publish_port_ports | map(attribute='host_address') |
zip(
_service_additional_container_publish_port_ports | map(attribute='host_port'),
_service_additional_container_publish_port_ports | map(attribute='container_port')
) | map('join', ':')
}}
_service_additional_volume_mounts: "{{ _service_additional_container.mounts | selectattr('type', '==', 'volume') }}" _service_additional_volume_mounts: "{{ _service_additional_container.mounts | selectattr('type', '==', 'volume') }}"
_service_additional_template_mounts: "{{ _service_additional_container.mounts | selectattr('type', '==', 'template') }}" _service_additional_template_mounts: "{{ _service_additional_container.mounts | selectattr('type', '==', 'template') }}"

4
roles/service/vars/main/general.yaml
View File

@@ -14,6 +14,10 @@ _service_container_wants: >-
service_wants service_wants
+ ([service_name + '-socat.socket'] if service_container_http_port > 0 else []) + ([service_name + '-socat.socket'] if service_container_http_port > 0 else [])
+ ([service_name + '-oauth2-proxy-socat.socket'] if _service_oauth2_proxy else []) + ([service_name + '-oauth2-proxy-socat.socket'] if _service_oauth2_proxy else [])
+ _service_container_publish_socket_ports
| map(attribute='name')
| map('regex_replace', '^', service_name ~ '-')
| map('regex_replace', '$', '-socat.socket')
+ _service_additional_containers + _service_additional_containers
| map(attribute='name') | map(attribute='name')
| map('regex_replace', '$', '.service') | map('regex_replace', '$', '.service')

21
roles/service/vars/main/publish_ports.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
_service_container_publish_ports_with_defaults: >-
{{
([{ 'type': 'port', 'host_address': '0.0.0.0' }] * service_container_publish_ports | length)
| zip(service_container_publish_ports)
| map('combine')
}}
_service_container_publish_socket_ports: >-
{{ _service_container_publish_ports_with_defaults | selectattr('type', '==', 'socket') }}
_service_container_publish_port_ports: >-
{{ _service_container_publish_ports_with_defaults | selectattr('type', '==', 'port') }}
_service_container_publish_ports: >-
{{
_service_container_publish_port_ports | map(attribute='host_address') |
zip(
_service_container_publish_port_ports | map(attribute='host_port'),
_service_container_publish_port_ports | map(attribute='container_port')
) | map('join', ':')
}}