diff --git a/roles/service/defaults/main.yaml b/roles/service/defaults/main.yaml index c839bde..88d10ab 100644 --- a/roles/service/defaults/main.yaml +++ b/roles/service/defaults/main.yaml @@ -5,6 +5,8 @@ service_container_publish_ports: [] service_container_mounts: [] service_container_env: {} +service_database_type: none + service_additional_containers: [] service_requires: [] diff --git a/roles/service/meta/argument_specs.yaml b/roles/service/meta/argument_specs.yaml index 765281c..cd08d65 100644 --- a/roles/service/meta/argument_specs.yaml +++ b/roles/service/meta/argument_specs.yaml @@ -67,6 +67,23 @@ argument_specs: required: false default: {} + service_database_type: + description: > + Database type to set up. It will be run in a docker container accessible to the service at host -{{ service_database_type }} on the + default port. The database user will be {{ service_name }} and password will be available as the _service_database_password variable. + type: str + required: false + choices: + - postgres + - none + default: none + service_postgres_tag: + description: > + Postgresql version to use. Can be debian (n) or alpine-based (n-alpine), where n can be major version like 14 or minor like 14.13. + Required if service_database_type is postgres. + type: str + required: false + service_additional_containers: description: - List of additional containers for the sercice. diff --git a/roles/service/tasks/database.yaml b/roles/service/tasks/database.yaml new file mode 100644 index 0000000..b7f18dd --- /dev/null +++ b/roles/service/tasks/database.yaml @@ -0,0 +1,34 @@ +--- +- name: Set database name + ansible.builtin.set_fact: + _service_database_name: "{{ service_name }}-{{ service_database_type }}" + +- name: Database container for {{ service_name }} + ansible.builtin.include_role: + name: container + vars: + container_name: "{{ service_name }}-{{ service_database_type }}" # This doesn't use _service_database_name to allow container role handlers to work + container_image: "docker.io/library/postgres:{{ service_postgres_tag }}" + container_mounts: + - type: volume + source: "{{ _service_database_name }}" + destination: /var/lib/postgresql/data + container_networks: + - "{{ service_name }}" + container_secrets: + - name: "{{ _service_database_name }}" + container_env: + POSTGRES_USER: "{{ service_name | replace('-', '_') }}" + POSTGRES_PASSWORD_FILE: "/run/secrets/{{ _service_database_name }}" + container_auto_update: "{{ service_auto_update }}" + +- name: Get database secret info + containers.podman.podman_secret_info: + name: "{{ _service_database_name }}" + showsecret: true + register: _service_database_secret + +- name: Set database-related variables + ansible.builtin.set_fact: + _service_database_password: "{{ _service_database_secret.secrets[0].SecretData }}" + _service_container_requires: "{{ _service_container_requires + [_service_database_name + '.service'] }}" diff --git a/roles/service/tasks/main.yaml b/roles/service/tasks/main.yaml index b73a5ad..0395b7c 100644 --- a/roles/service/tasks/main.yaml +++ b/roles/service/tasks/main.yaml @@ -1,12 +1,20 @@ --- +- name: Validate inputs + ansible.builtin.import_tasks: validation.yaml + - name: Initialize variables ansible.builtin.set_fact: _service_container_mounts: [] + _service_container_requires: "{{ service_requires }}" - name: Mounts for {{ service_name }} ansible.builtin.include_tasks: mounts.yaml when: service_container_mounts | length > 0 +- name: Databse for {{ service_name }} + ansible.builtin.include_tasks: database.yaml + when: "service_database_type != 'none'" + - name: Main container for {{ service_name }} ansible.builtin.include_role: name: container @@ -18,7 +26,7 @@ container_networks: - "{{ service_name }}" container_env: "{{ service_container_env }}" - container_requires: "{{ service_requires }}" + container_requires: "{{ _service_container_requires }}" container_wants: "{{ [service_name + '-socat.socket'] if service_domains | length > 0 else [] }}" container_auto_update: "{{ service_auto_update }}" diff --git a/roles/service/tasks/validation.yaml b/roles/service/tasks/validation.yaml new file mode 100644 index 0000000..da9eb22 --- /dev/null +++ b/roles/service/tasks/validation.yaml @@ -0,0 +1,5 @@ +--- +- name: Fail if service_database_type is postgres but service_postgres_tag is not set + ansible.builtin.fail: + msg: "service_postgres_tag needs to be set when database type is postgres" + when: "service_database_type == 'postgres' and service_postgres_tag is not defined"