service: Add support for service postgres containers

2024-11-11 12:23:53 +02:00
parent e85b753518
commit eccc308bcf
5 changed files with 67 additions and 1 deletions
--- a/roles/service/defaults/main.yaml
+++ b/roles/service/defaults/main.yaml
@@ -5,6 +5,8 @@ service_container_publish_ports: []
 service_container_mounts: []
 service_container_env: {}

+service_database_type: none
+
 service_additional_containers: []

 service_requires: []
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -67,6 +67,23 @@ argument_specs:
        required: false
        default: {}

+      service_database_type:
+        description: >
+          Database type to set up. It will be run in a docker container accessible to the service at host <service name>-{{ service_database_type }} on the
+          default port. The database user will be {{ service_name }} and password will be available as the _service_database_password variable.
+        type: str
+        required: false
+        choices:
+          - postgres
+          - none
+        default: none
+      service_postgres_tag:
+        description: >
+          Postgresql version to use. Can be debian (n) or alpine-based (n-alpine), where n can be major version like 14 or minor like 14.13.
+          Required if service_database_type is postgres.
+        type: str
+        required: false
+
      service_additional_containers:
        description:
          - List of additional containers for the sercice.
--- a/roles/service/tasks/database.yaml
+++ b/roles/service/tasks/database.yaml
@@ -0,0 +1,34 @@
+---
+- name: Set database name
+  ansible.builtin.set_fact:
+    _service_database_name: "{{ service_name }}-{{ service_database_type }}"
+
+- name: Database container for {{ service_name }}
+  ansible.builtin.include_role:
+    name: container
+  vars:
+    container_name: "{{ service_name }}-{{ service_database_type }}" # This doesn't use _service_database_name to allow container role handlers to work
+    container_image: "docker.io/library/postgres:{{ service_postgres_tag }}"
+    container_mounts:
+      - type: volume
+        source: "{{ _service_database_name }}"
+        destination: /var/lib/postgresql/data
+    container_networks:
+      - "{{ service_name }}"
+    container_secrets:
+      - name: "{{ _service_database_name }}"
+    container_env:
+      POSTGRES_USER: "{{ service_name | replace('-', '_') }}"
+      POSTGRES_PASSWORD_FILE: "/run/secrets/{{ _service_database_name }}"
+    container_auto_update: "{{ service_auto_update }}"
+
+- name: Get database secret info
+  containers.podman.podman_secret_info:
+    name: "{{ _service_database_name }}"
+    showsecret: true
+  register: _service_database_secret
+
+- name: Set database-related variables
+  ansible.builtin.set_fact:
+    _service_database_password: "{{ _service_database_secret.secrets[0].SecretData }}"
+    _service_container_requires: "{{ _service_container_requires + [_service_database_name + '.service'] }}"
--- a/roles/service/tasks/main.yaml
+++ b/roles/service/tasks/main.yaml
@@ -1,12 +1,20 @@
 ---
+- name: Validate inputs
+  ansible.builtin.import_tasks: validation.yaml
+
 - name: Initialize variables
  ansible.builtin.set_fact:
    _service_container_mounts: []
+    _service_container_requires: "{{ service_requires }}"

 - name: Mounts for {{ service_name }}
  ansible.builtin.include_tasks: mounts.yaml
  when: service_container_mounts | length > 0

+- name: Databse for {{ service_name }}
+  ansible.builtin.include_tasks: database.yaml
+  when: "service_database_type != 'none'"
+
 - name: Main container for {{ service_name }}
  ansible.builtin.include_role:
    name: container
@@ -18,7 +26,7 @@
    container_networks:
      - "{{ service_name }}"
    container_env: "{{ service_container_env }}"
-    container_requires: "{{ service_requires }}"
+    container_requires: "{{ _service_container_requires }}"
    container_wants: "{{ [service_name + '-socat.socket'] if service_domains | length > 0 else [] }}"
    container_auto_update: "{{ service_auto_update }}"

--- a/roles/service/tasks/validation.yaml
+++ b/roles/service/tasks/validation.yaml
@@ -0,0 +1,5 @@
+---
+- name: Fail if service_database_type is postgres but service_postgres_tag is not set
+  ansible.builtin.fail:
+    msg: "service_postgres_tag needs to be set when database type is postgres"
+  when: "service_database_type == 'postgres' and service_postgres_tag is not defined"