Add volume role and support setting volume owner
Add volume role container: Use volume role, including support for user and group
This commit is contained in:
uumas
@@ -53,6 +53,16 @@ argument_specs:
|
||||
type: bool
|
||||
required: false
|
||||
default: false
|
||||
user:
|
||||
description: Volume owner uid. Only applicable if mount type is volume.
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
group:
|
||||
description: Volume owner gid. Only applicable if mount type is volume.
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
|
||||
container_publish_ports:
|
||||
description: "A list of published ports in docker format (<host listen address>:<host port>:<container port>)"
|
||||
|
||||
@@ -11,6 +11,17 @@
|
||||
loop_control:
|
||||
loop_var: network
|
||||
|
||||
- name: Create volumes for container {{ container_name }}
|
||||
ansible.builtin.include_role:
|
||||
name: volume
|
||||
vars:
|
||||
volume_name: "{{ volume.source }}"
|
||||
volume_uid: "{{ volume.user | default('') }}"
|
||||
volume_gid: "{{ volume.group | default('') }}"
|
||||
loop: "{{ _container_volumes }}"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Create secrets for container {{ container_name }}
|
||||
containers.podman.podman_secret:
|
||||
name: "{{ item.name }}"
|
||||
@@ -24,7 +35,7 @@
|
||||
name: "{{ container_name }}"
|
||||
command: "{{ container_command or omit }}"
|
||||
user: "{{ container_user or omit }}"
|
||||
mount: "{{ container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}"
|
||||
mount: "{{ _container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}"
|
||||
network: "{{ container_networks | map('regex_replace', '$', '.network') }}"
|
||||
publish: "{{ container_publish_ports }}"
|
||||
secrets: "{{ container_secrets | map(attribute='name') }}"
|
||||
|
||||
@@ -1,4 +1,25 @@
|
||||
---
|
||||
_container_volumes: "{{ container_mounts | selectattr('type', '==', 'volume') }}"
|
||||
|
||||
_container_mount_sources: "{{ container_mounts | map(attribute='source') }}"
|
||||
_container_mount_destinations: "{{ container_mounts | map(attribute='destination') }}"
|
||||
|
||||
_container_volume_mount_sources: >-
|
||||
{{
|
||||
_container_volumes
|
||||
| map(attribute='source')
|
||||
| map('regex_replace', '$', '.volume')
|
||||
| map('community.general.dict_kv', 'source')
|
||||
}}
|
||||
|
||||
_container_mounts: >-
|
||||
{{
|
||||
container_mounts | selectattr('type', '!=', 'volume') +
|
||||
container_mounts | selectattr('type', '==', 'volume')
|
||||
| community.general.remove_keys(['user', 'group'])
|
||||
| zip(_container_volume_mount_sources) | map('combine')
|
||||
}}
|
||||
|
||||
_container_quadlet_unit_options: |
|
||||
[Unit]
|
||||
Description=Container {{ container_name }}
|
||||
|
||||
1
roles/volume/README.md
Normal file
1
roles/volume/README.md
Normal file
@@ -0,0 +1 @@
|
||||
Sets up podman volume with systemd unit (quadlet)
|
||||
3
roles/volume/defaults/main.yaml
Normal file
3
roles/volume/defaults/main.yaml
Normal file
@@ -0,0 +1,3 @@
|
||||
---
|
||||
volume_uid: ""
|
||||
volume_gid: ""
|
||||
19
roles/volume/meta/argument_specs.yaml
Normal file
19
roles/volume/meta/argument_specs.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
description: Sets up podman volume with systemd unit (quadlet)
|
||||
options:
|
||||
volume_name:
|
||||
description: Name of the volume. Must be unique within a host.
|
||||
type: str
|
||||
required: true
|
||||
volume_uid:
|
||||
description: Volume uid (the volume owner)
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
volume_gid:
|
||||
description: Volume gid (the volume owner)
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
3
roles/volume/meta/main.yaml
Normal file
3
roles/volume/meta/main.yaml
Normal file
@@ -0,0 +1,3 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: podman
|
||||
11
roles/volume/tasks/main.yaml
Normal file
11
roles/volume/tasks/main.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: Validate inputs
|
||||
ansible.builtin.import_tasks: validation.yaml
|
||||
|
||||
- name: Create container volume service {{ volume_name }}
|
||||
containers.podman.podman_volume:
|
||||
name: "{{ volume_name }}"
|
||||
options: "{{ volume_options }}"
|
||||
state: quadlet
|
||||
quadlet_file_mode: "0644"
|
||||
notify: Reload systemd daemon
|
||||
7
roles/volume/tasks/validation.yaml
Normal file
7
roles/volume/tasks/validation.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Assert volume_uid and volume_gid are strings
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- volume_uid is string
|
||||
- volume_gid is string
|
||||
fail_msg: "volume_uid and volume_gid must be strings, not int."
|
||||
6
roles/volume/vars/main.yaml
Normal file
6
roles/volume/vars/main.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
volume_mount_options_incl_empty:
|
||||
- "{{ 'uid=' ~ volume_uid if volume_uid | length > 0 else '' }}"
|
||||
- "{{ 'gid=' ~ volume_gid if volume_gid | length > 0 else '' }}"
|
||||
volume_mount_options: "{{ volume_mount_options_incl_empty | select('!=', '') | list }}"
|
||||
volume_options: "{{ ['o=' ~ volume_mount_options | join(',')] if volume_mount_options | length > 0 else [] }}"
|
||||
Reference in New Issue
Block a user