uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

service: Better use podman secrets for database passwords

Browse Source
This commit is contained in:
uumas
2025-04-04 22:15:06 +03:00
parent 68b3dcb49c
commit 7b46279c63
6 changed files with 17 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/service/tasks/database.yaml
View File

@@ -1,8 +1,4 @@
---
- name: Include database variables
ansible.builtin.include_vars:
file: database.yaml
- name: Database container for {{ service_name }}
ansible.builtin.import_role:
name: container
@@ -22,14 +18,3 @@
POSTGRES_PASSWORD_FILE: "/run/secrets/{{ _service_database_name }}"
POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
container_auto_update: "{{ service_auto_update }}"
- name: Get database secret info
containers.podman.podman_secret_info:
name: "{{ _service_database_name }}"
showsecret: true
register: _service_database_secret
- name: Set database-related variables
ansible.builtin.set_fact:
_service_database_password: "{{ _service_database_secret.secrets[0].SecretData }}"
_service_container_requires: "{{ _service_container_requires + [_service_database_name + '.service'] }}"