uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

container: Allow custom ip addresses for more than one network

Browse Source
This commit is contained in:
uumas
2026-03-14 23:33:04 +02:00
parent ca29ffb271
commit f64ea2cbe3
14 changed files with 82 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/container/defaults/main.yaml
View File

@@ -7,7 +7,6 @@ container_devices: []
container_publish_ports: []
container_networks: []
container_hostname: ""
container_ip: ""
container_secrets: []
container_env: {}
container_auto_start: true

17
roles/container/meta/argument_specs.yaml
View File

@@ -118,17 +118,22 @@ argument_specs:
type: list
required: false
default: []
elements: str
elements: dict
options:
name:
description: Network name
type: str
required: true
ip:
description: Container IPv4 address in the network
type: str
required: false
default: ""
container_hostname:
description: Hostname to set inside the container. Available to other containers on the same network.
type: str
required: false
default: ""
container_ip:
description: IPv4 address for the container in the first network defined in container_networks
type: str
required: false
default: ""
container_secrets:
description: A list of secrets available to the container as file or environment variable

11
roles/container/tasks/main.yaml
View File

@@ -13,14 +13,13 @@
ansible.builtin.include_role:
name: network
vars:
network_name: "{{ network }}"
network_subnet: "{{ _container_network_subnet if network_index == 0 else '' }}"
network_range: "{{ _container_network_range if network_index == 0 else '' }}"
when: network_created_networks is not defined or network not in network_created_networks
network_name: "{{ network.name }}"
network_subnet: "{{ _container_network_subnet }}"
network_range: "{{ _container_network_range }}"
when: network_created_networks is not defined or network.name not in network_created_networks
loop: "{{ container_networks }}"
loop_control:
loop_var: network
index_var: network_index
- name: Create volumes for container {{ container_name }}
ansible.builtin.include_role:
@@ -49,7 +48,7 @@
user: "{{ container_user or omit }}"
mount: "{{ _container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}"
device: "{{ _container_devices }}"
network: "{{ _container_networks_with_ip }}"
network: "{{ _container_networks }}"
hostname: "{{ container_hostname or omit }}"
publish: "{{ container_publish_ports }}"
secrets: "{{ _container_secrets }}"

27
roles/container/vars/main.yaml → roles/container/vars/main/general.yaml
View File

@@ -1,33 +1,6 @@
---
_container_image: "{{ container_image | replace('/', '_') ~ '.image' }}"
_container_networks: "{{ container_networks | map('regex_replace', '$', '.network') }}"
_container_networks_with_ip: >-
{{
[
_container_networks[0] ~ (
':ip=' ~ container_ip if container_ip | length > 0 else ''
)
]
+ _container_networks[1:]
}}
_container_network_subnet: >-
{{ container_ip | ansible.utils.ipsubnet(24) if container_ip | length > 0 else '' }}
_container_network_subnet_ranges: >-
{{
[
_container_network_subnet | ansible.utils.ipsubnet(25, 0),
_container_network_subnet | ansible.utils.ipsubnet(25, 1)
] if container_ip | length > 0 else ''
}}
_container_network_range: >-
{{
_container_network_subnet_ranges |
reject('ansible.utils.supernet_of', container_ip) |
first
if container_ip | length > 0 else ''
}}
_container_volumes: "{{ container_mounts | selectattr('type', '==', 'volume') }}"
_container_mount_sources: "{{ container_mounts | map(attribute='source') }}"

27
roles/container/vars/main/network.yaml Normal file
View File

@@ -0,0 +1,27 @@
---
_container_networks: >-
{{
container_networks
| map(attribute='name')
| map('regex_replace', '$', '.network')
| zip(container_networks | map(attribute='ip', default=''))
| map('reject', 'equalto', '')
| map('join', ':ip=')
}}
_container_network_subnet: >-
{{ network.ip | ansible.utils.ipsubnet(24) if network.ip | default('') | length > 0 else '' }}
_container_network_subnet_ranges: >-
{{
[
_container_network_subnet | ansible.utils.ipsubnet(25, 0),
_container_network_subnet | ansible.utils.ipsubnet(25, 1)
] if network.ip | default('') | length > 0 else []
}}
_container_network_range: >-
{{
_container_network_subnet_ranges |
reject('ansible.utils.supernet_of', network.ip) |
first
if network.ip | default('') | length > 0 else ''
}}

1
roles/service/tasks/additional.yaml
View File

@@ -12,7 +12,6 @@
container_devices: "{{ _service_additional_container.devices | default(service_container_devices) }}"
container_publish_ports: "{{ _service_additional_container_publish_ports }}"
container_networks: "{{ _service_additional_container_networks }}"
container_ip: "{{ _service_additional_container_ip }}"
container_hostname: "{{ _service_additional_container.name | regex_replace('^' ~ service_name ~ '-', '') }}"
container_secrets: "{{ _service_additional_container_secrets }}"
container_env: "{{ _service_additional_container.env | default(service_container_env) }}"

2
roles/service/tasks/database.yaml
View File

@@ -15,8 +15,6 @@
destination: "{{ _service_database_mount_destination }}"
container_networks: "{{ _service_database_networks }}"
container_hostname: "{{ service_database_type }}"
container_ip: >-
{{ service_container_ip | ansible.utils.ipmath(1) if _service_static_ip else '' }}
container_secrets: "{{ _service_database_secrets }}"
container_env: "{{ _service_database_env }}"
container_auto_update: "{{ service_auto_update }}"

3
roles/service/tasks/main.yaml
View File

@@ -44,7 +44,6 @@
container_devices: "{{ service_container_devices }}"
container_publish_ports: "{{ _service_container_publish_ports }}"
container_networks: "{{ _service_container_networks }}"
container_ip: "{{ service_container_ip }}"
container_secrets: "{{ _service_container_secrets }}"
container_env: "{{ service_container_env }}"
container_add_capabilities: "{{ service_container_add_capabilities }}"
@@ -60,7 +59,7 @@
socat_service_name: "{{ service_name }}"
socat_target_http_port: "{{ service_container_http_port }}"
socat_container_ip: >-
{{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }}
{{ service_container_ip | ansible.utils.ipmath(257) if _service_static_ip else '' }}
socat_auto_update: "{{ service_auto_update }}"
- name: Socat for socket published ports of {{ service_name }}

2
roles/service/tasks/oauth2_proxy.yaml
View File

@@ -11,7 +11,7 @@
- --cookie-secret-file
- /run/secrets/cookie-secret
container_networks:
- "{{ service_name }}-oauth2-proxy"
- name: "{{ service_name }}-oauth2-proxy"
container_secrets:
- name: "{{ service_name }}-oauth2-proxy-cookie-secret"
length: 32

5
roles/service/tasks/redis.yaml
View File

@@ -6,8 +6,7 @@
container_name: "{{ service_name }}-redis"
container_image: docker.io/valkey/valkey:alpine
container_networks:
- "{{ service_name }}"
- name: "{{ service_name }}"
ip: "{{ service_container_ip | ansible.utils.ipmath(2) if _service_static_ip else '' }}"
container_hostname: redis
container_ip: >-
{{ service_container_ip | ansible.utils.ipmath(2) if _service_static_ip else '' }}
container_auto_update: "{{ service_auto_update }}"

28
roles/service/vars/main/additional.yaml
View File

@@ -22,14 +22,21 @@ _service_additional_container_wants: >-
_service_additional_container_networks: >-
{{
[service_name]
+ service_container_additional_networks
[{
'name': service_name,
'ip':
service_container_ip | ansible.utils.ipmath(20 + _service_additional_container_index)
if _service_static_ip else ''
}]
+ (
_service_additional_container_publish_socket_ports
| map(attribute='name')
| map('regex_replace', '^', service_name ~ '-')
| map('regex_replace', '$', '-socat')
)
service_container_additional_networks
+ (
_service_additional_container_publish_socket_ports
| map(attribute='name')
| map('regex_replace', '^', service_name ~ '-')
| map('regex_replace', '$', '-socat')
)
) | map('community.general.dict_kv', 'name')
}}
_service_additional_container_secrets: >-
@@ -50,13 +57,6 @@ _service_additional_container_secrets: >-
else _service_container_secrets
}}
_service_additional_container_ip: >-
{{
service_container_ip |
ansible.utils.ipmath(20 + _service_additional_container_index)
if _service_static_ip else ''
}}
_service_additional_container_publish_ports_with_defaults: >-
{{
([{ 'type': 'port', 'host_address': '0.0.0.0' }] * _service_additional_container.publish_ports | length)

7
roles/service/vars/main/database.yaml
View File

@@ -3,8 +3,11 @@ _service_setup_database: "{{ service_database_type != 'none' }}"
_service_database_name: "{{ service_name }}-{{ service_database_type }}"
_service_database_networks: >-
{{
[service_name] +
service_database_additional_networks
[{
'name': service_name,
'ip': service_container_ip | ansible.utils.ipmath(1) if _service_static_ip else ''
}]
+ service_database_additional_networks | map('community.general.dict_kv', 'name')
}}
_service_database_secret:

18
roles/service/vars/main/general.yaml
View File

@@ -1,10 +1,20 @@
---
_service_container_networks: >-
{{
[service_name]
+ service_container_additional_networks
+ ([service_name ~ '-socat'] if service_container_http_port > 0 else [])
+ (_service_container_publish_socket_ports | map(attribute='name') | map('regex_replace', '^', service_name ~ '-'))
[{
'name': service_name,
'ip': service_container_ip
}]
+ (
[{
'name': service_name ~ '-socat',
'ip': service_container_ip | ansible.utils.ipmath(256) if _service_static_ip else ''
}] if service_container_http_port > 0 else []
)
+ (
service_container_additional_networks
+ (_service_container_publish_socket_ports | map(attribute='name') | map('regex_replace', '^', service_name ~ '-'))
) | map('community.general.dict_kv', 'name')
}}
_service_static_ip: "{{ service_container_ip | length > 0 }}"

4
roles/socat/tasks/main.yaml
View File

@@ -18,8 +18,8 @@
- "TCP:{{ socat_target_container }}:{{ socat_target_http_port }}"
container_user: nobody
container_networks:
- "{{ socat_service_name }}-socat"
container_ip: "{{ socat_container_ip }}"
- name: "{{ socat_service_name }}-socat"
ip: "{{ socat_container_ip }}"
container_requires:
- "{{ socat_service_name }}-socat.socket"
- "{{ socat_target_container }}.service"