container: Add podman secret support
This commit is contained in:
uumas
@@ -4,6 +4,7 @@ container_user: ""
|
|||||||
container_mounts: []
|
container_mounts: []
|
||||||
container_publish_ports: []
|
container_publish_ports: []
|
||||||
container_networks: []
|
container_networks: []
|
||||||
|
container_secrets: []
|
||||||
container_env: {}
|
container_env: {}
|
||||||
container_auto_start: true
|
container_auto_start: true
|
||||||
container_auto_update: true
|
container_auto_update: true
|
||||||
|
|||||||
@@ -66,6 +66,24 @@ argument_specs:
|
|||||||
required: false
|
required: false
|
||||||
default: []
|
default: []
|
||||||
elements: str
|
elements: str
|
||||||
|
container_secrets:
|
||||||
|
description: A list of secrets available to the container in /run/secrets/<secret name>
|
||||||
|
type: list
|
||||||
|
required: false
|
||||||
|
default: []
|
||||||
|
elements: dict
|
||||||
|
options:
|
||||||
|
name:
|
||||||
|
description: Name of the secret
|
||||||
|
type: str
|
||||||
|
required: true
|
||||||
|
value:
|
||||||
|
description:
|
||||||
|
- Value of the secret. Defaults to a 128-character random string containing alphanumeric characters.
|
||||||
|
- If the value is not explicitly set, it will not be changed if the secret already exists.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
|
||||||
container_env:
|
container_env:
|
||||||
description: A dict of environment variables for the container
|
description: A dict of environment variables for the container
|
||||||
type: dict
|
type: dict
|
||||||
|
|||||||
@@ -8,6 +8,13 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
loop_var: network
|
loop_var: network
|
||||||
|
|
||||||
|
- name: Create secrets for container {{ container_name }}
|
||||||
|
containers.podman.podman_secret:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
data: "{{ item.value | default(lookup('community.general.random_string', special=false, length=128)) }}"
|
||||||
|
skip_existing: "{{ item.value is not defined }}"
|
||||||
|
loop: "{{ container_secrets }}"
|
||||||
|
|
||||||
- name: Create container service {{ container_name }}
|
- name: Create container service {{ container_name }}
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: container.j2
|
src: container.j2
|
||||||
|
|||||||
@@ -30,6 +30,9 @@ Network={{ network }}.network
|
|||||||
{% for port in container_publish_ports %}
|
{% for port in container_publish_ports %}
|
||||||
PublishPort={{ port }}
|
PublishPort={{ port }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for secret in container_secrets %}
|
||||||
|
Secret={{ secret.name }}
|
||||||
|
{% endfor %}
|
||||||
{% for key, value in container_env.items() %}
|
{% for key, value in container_env.items() %}
|
||||||
Environment={{ key }}={{ value }}
|
Environment={{ key }}={{ value }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|||||||
Reference in New Issue
Block a user