From 31cf49b00491851847fa23d40cc1dc53cc384deb Mon Sep 17 00:00:00 2001 From: uumas Date: Thu, 12 Mar 2026 00:42:00 +0200 Subject: [PATCH] service: Improve additional container support --- roles/service/meta/argument_specs.yaml | 36 +++++++++++++++++++++++++ roles/service/tasks/additional.yaml | 7 ++--- roles/service/tasks/main.yaml | 2 +- roles/service/vars/main/additional.yaml | 27 +++++++++++++++++++ 4 files changed, 68 insertions(+), 4 deletions(-) diff --git a/roles/service/meta/argument_specs.yaml b/roles/service/meta/argument_specs.yaml index 47d8d7c..9ad5086 100644 --- a/roles/service/meta/argument_specs.yaml +++ b/roles/service/meta/argument_specs.yaml @@ -362,6 +362,11 @@ argument_specs: type: str required: false default: "{{ service_container_image }}" + user: + description: The UID to run as inside the container + type: str + required: false + default: "{{ service_container_user }}" command: description: Command to start the container with. type: list @@ -406,6 +411,22 @@ argument_specs: - Defaults to false for volume and bind, true for template type: bool required: false + user: + description: Volume owner uid. Only applicable if mount type is volume. + type: str + required: false + default: "" + group: + description: Volume owner gid. Only applicable if mount type is volume. + type: str + required: false + default: "" + mode: + description: + - Templated file or copied directory/file permissions. + - Defaults to 0644 for files, 0755 for directories + type: str + required: false volume_device: description: >- The path of a device which is mounted for the volume. @@ -428,6 +449,21 @@ argument_specs: elements: str required: false default: [] + devices: + description: List of devices to be added inside the container. + type: list + required: false + default: "{{ service_container_devices }}" + elements: dict + options: + source: + description: Device path on host + type: str + required: true + destination: + description: Device path inside the container. Defaults to same as host. + type: str + required: false publish_ports: description: A list of ports to publish outside the container type: list diff --git a/roles/service/tasks/additional.yaml b/roles/service/tasks/additional.yaml index 406b15c..25e1866 100644 --- a/roles/service/tasks/additional.yaml +++ b/roles/service/tasks/additional.yaml @@ -7,17 +7,18 @@ container_image: "{{ _service_additional_container.image | default(service_container_image) }}" container_command: "{{ _service_additional_container.command | default([]) }}" container_entrypoint: "{{ _service_additional_container.entrypoint | default('') }}" - container_user: "{{ service_container_user }}" + container_user: "{{ _service_additional_container.user | default(service_container_user) }}" container_mounts: "{{ _service_additional_container_mounts }}" + container_devices: "{{ _service_additional_container.devices | default(service_container_devices) }}" container_publish_ports: "{{ _service_additional_container_publish_ports }}" container_networks: "{{ _service_additional_container_networks }}" container_ip: "{{ _service_additional_container_ip }}" - container_secrets: "{{ _service_additional_container.secrets | default(_service_container_secrets) }}" container_hostname: "{{ _service_additional_container.name | regex_replace('^' ~ service_name ~ '-', '') }}" + container_secrets: "{{ _service_additional_container_secrets }}" container_env: "{{ _service_additional_container.env | default(service_container_env) }}" container_add_capabilities: "{{ _service_additional_container.add_capabilities | default(service_container_add_capabilities) }}" container_requires: "{{ _service_container_requires }}" - container_wants: "{{ service_wants }}" + container_wants: "{{ _service_additional_container_wants }}" container_auto_update: "{{ service_auto_update }}" loop: "{{ _service_additional_containers }}" loop_control: diff --git a/roles/service/tasks/main.yaml b/roles/service/tasks/main.yaml index eb1976d..6f08632 100644 --- a/roles/service/tasks/main.yaml +++ b/roles/service/tasks/main.yaml @@ -16,7 +16,7 @@ - name: Template mounts for {{ service_name }} ansible.builtin.include_tasks: host_mounts.yaml - when: (_service_template_mounts + _service_copy_mounts) | length > 0 + when: (_service_all_template_mounts + _service_all_copy_mounts) | length > 0 - name: Additional containers for {{ service_name }} ansible.builtin.include_tasks: additional.yaml diff --git a/roles/service/vars/main/additional.yaml b/roles/service/vars/main/additional.yaml index d317e93..e78e69e 100644 --- a/roles/service/vars/main/additional.yaml +++ b/roles/service/vars/main/additional.yaml @@ -11,6 +11,15 @@ _service_additional_containers: >- | map('combine') }} +_service_additional_container_wants: >- + {{ + service_wants + + _service_additional_container_publish_socket_ports + | map(attribute='name') + | map('regex_replace', '^', service_name ~ '-') + | map('regex_replace', '$', '-socat.socket') + }} + _service_additional_container_networks: >- {{ [service_name] @@ -24,6 +33,24 @@ _service_additional_container_networks: >- ) }} +_service_additional_container_secrets: >- + {{ + ( + _service_additional_container.secrets + | map(attribute='name') + | map('community.general.dict_kv', 'target') + | zip( + _service_additional_container.secrets, + _service_additional_container.secrets + | map(attribute='name') + | map('regex_replace', '^', service_name ~ '-') + | map('community.general.dict_kv', 'name') + ) + | map('combine') + ) if _service_additional_container.secrets is defined + else _service_container_secrets + }} + _service_additional_container_ip: >- {{ service_container_ip |