uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

container: Allow custom ip addresses for more than one network

Browse Source
This commit is contained in:
uumas
2026-03-14 23:33:04 +02:00
parent ca29ffb271
commit f64ea2cbe3
14 changed files with 82 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/container/defaults/main.yaml
View File

@@ -7,7 +7,6 @@ container_devices: []
container_publish_ports: [] container_publish_ports: []
container_networks: [] container_networks: []
container_hostname: "" container_hostname: ""
container_ip: ""
container_secrets: [] container_secrets: []
container_env: {} container_env: {}
container_auto_start: true container_auto_start: true

17
roles/container/meta/argument_specs.yaml
View File

@@ -118,17 +118,22 @@ argument_specs:
type: list type: list
required: false required: false
default: [] default: []
elements: str elements: dict
options:
name:
description: Network name
type: str
required: true
ip:
description: Container IPv4 address in the network
type: str
required: false
default: ""
container_hostname: container_hostname:
description: Hostname to set inside the container. Available to other containers on the same network. description: Hostname to set inside the container. Available to other containers on the same network.
type: str type: str
required: false required: false
default: "" default: ""
container_ip:
description: IPv4 address for the container in the first network defined in container_networks
type: str
required: false
default: ""
container_secrets: container_secrets:
description: A list of secrets available to the container as file or environment variable description: A list of secrets available to the container as file or environment variable

11
roles/container/tasks/main.yaml
View File

@@ -13,14 +13,13 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: network name: network
vars: vars:
network_name: "{{ network }}" network_name: "{{ network.name }}"
network_subnet: "{{ _container_network_subnet if network_index == 0 else '' }}" network_subnet: "{{ _container_network_subnet }}"
network_range: "{{ _container_network_range if network_index == 0 else '' }}" network_range: "{{ _container_network_range }}"
when: network_created_networks is not defined or network not in network_created_networks when: network_created_networks is not defined or network.name not in network_created_networks
loop: "{{ container_networks }}" loop: "{{ container_networks }}"
loop_control: loop_control:
loop_var: network loop_var: network
index_var: network_index
- name: Create volumes for container {{ container_name }} - name: Create volumes for container {{ container_name }}
ansible.builtin.include_role: ansible.builtin.include_role:
@@ -49,7 +48,7 @@
user: "{{ container_user or omit }}" user: "{{ container_user or omit }}"
mount: "{{ _container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}" mount: "{{ _container_mounts | map('items') | map('map', 'join', '=') | map('join', ',') }}"
device: "{{ _container_devices }}" device: "{{ _container_devices }}"
network: "{{ _container_networks_with_ip }}" network: "{{ _container_networks }}"
hostname: "{{ container_hostname or omit }}" hostname: "{{ container_hostname or omit }}"
publish: "{{ container_publish_ports }}" publish: "{{ container_publish_ports }}"
secrets: "{{ _container_secrets }}" secrets: "{{ _container_secrets }}"

27
roles/container/vars/main.yaml → roles/container/vars/main/general.yaml
View File

@@ -1,33 +1,6 @@
--- ---
_container_image: "{{ container_image | replace('/', '_') ~ '.image' }}" _container_image: "{{ container_image | replace('/', '_') ~ '.image' }}"
_container_networks: "{{ container_networks | map('regex_replace', '$', '.network') }}"
_container_networks_with_ip: >-
{{
[
_container_networks[0] ~ (
':ip=' ~ container_ip if container_ip | length > 0 else ''
)
]
+ _container_networks[1:]
}}
_container_network_subnet: >-
{{ container_ip | ansible.utils.ipsubnet(24) if container_ip | length > 0 else '' }}
_container_network_subnet_ranges: >-
{{
[
_container_network_subnet | ansible.utils.ipsubnet(25, 0),
_container_network_subnet | ansible.utils.ipsubnet(25, 1)
] if container_ip | length > 0 else ''
}}
_container_network_range: >-
{{
_container_network_subnet_ranges |
reject('ansible.utils.supernet_of', container_ip) |
first
if container_ip | length > 0 else ''
}}
_container_volumes: "{{ container_mounts | selectattr('type', '==', 'volume') }}" _container_volumes: "{{ container_mounts | selectattr('type', '==', 'volume') }}"
_container_mount_sources: "{{ container_mounts | map(attribute='source') }}" _container_mount_sources: "{{ container_mounts | map(attribute='source') }}"

27
roles/container/vars/main/network.yaml Normal file
View File

@@ -0,0 +1,27 @@
---
_container_networks: >-
{{
container_networks
| map(attribute='name')
| map('regex_replace', '$', '.network')
| zip(container_networks | map(attribute='ip', default=''))
| map('reject', 'equalto', '')
| map('join', ':ip=')
}}
_container_network_subnet: >-
{{ network.ip | ansible.utils.ipsubnet(24) if network.ip | default('') | length > 0 else '' }}
_container_network_subnet_ranges: >-
{{
[
_container_network_subnet | ansible.utils.ipsubnet(25, 0),
_container_network_subnet | ansible.utils.ipsubnet(25, 1)
] if network.ip | default('') | length > 0 else []
}}
_container_network_range: >-
{{
_container_network_subnet_ranges |
reject('ansible.utils.supernet_of', network.ip) |
first
if network.ip | default('') | length > 0 else ''
}}

1
roles/service/tasks/additional.yaml
View File

@@ -12,7 +12,6 @@
container_devices: "{{ _service_additional_container.devices | default(service_container_devices) }}" container_devices: "{{ _service_additional_container.devices | default(service_container_devices) }}"
container_publish_ports: "{{ _service_additional_container_publish_ports }}" container_publish_ports: "{{ _service_additional_container_publish_ports }}"
container_networks: "{{ _service_additional_container_networks }}" container_networks: "{{ _service_additional_container_networks }}"
container_ip: "{{ _service_additional_container_ip }}"
container_hostname: "{{ _service_additional_container.name | regex_replace('^' ~ service_name ~ '-', '') }}" container_hostname: "{{ _service_additional_container.name | regex_replace('^' ~ service_name ~ '-', '') }}"
container_secrets: "{{ _service_additional_container_secrets }}" container_secrets: "{{ _service_additional_container_secrets }}"
container_env: "{{ _service_additional_container.env | default(service_container_env) }}" container_env: "{{ _service_additional_container.env | default(service_container_env) }}"

2
roles/service/tasks/database.yaml
View File

@@ -15,8 +15,6 @@
destination: "{{ _service_database_mount_destination }}" destination: "{{ _service_database_mount_destination }}"
container_networks: "{{ _service_database_networks }}" container_networks: "{{ _service_database_networks }}"
container_hostname: "{{ service_database_type }}" container_hostname: "{{ service_database_type }}"
container_ip: >-
{{ service_container_ip | ansible.utils.ipmath(1) if _service_static_ip else '' }}
container_secrets: "{{ _service_database_secrets }}" container_secrets: "{{ _service_database_secrets }}"
container_env: "{{ _service_database_env }}" container_env: "{{ _service_database_env }}"
container_auto_update: "{{ service_auto_update }}" container_auto_update: "{{ service_auto_update }}"

3
roles/service/tasks/main.yaml
View File

@@ -44,7 +44,6 @@
container_devices: "{{ service_container_devices }}" container_devices: "{{ service_container_devices }}"
container_publish_ports: "{{ _service_container_publish_ports }}" container_publish_ports: "{{ _service_container_publish_ports }}"
container_networks: "{{ _service_container_networks }}" container_networks: "{{ _service_container_networks }}"
container_ip: "{{ service_container_ip }}"
container_secrets: "{{ _service_container_secrets }}" container_secrets: "{{ _service_container_secrets }}"
container_env: "{{ service_container_env }}" container_env: "{{ service_container_env }}"
container_add_capabilities: "{{ service_container_add_capabilities }}" container_add_capabilities: "{{ service_container_add_capabilities }}"
@@ -60,7 +59,7 @@
socat_service_name: "{{ service_name }}" socat_service_name: "{{ service_name }}"
socat_target_http_port: "{{ service_container_http_port }}" socat_target_http_port: "{{ service_container_http_port }}"
socat_container_ip: >- socat_container_ip: >-
{{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }} {{ service_container_ip | ansible.utils.ipmath(257) if _service_static_ip else '' }}
socat_auto_update: "{{ service_auto_update }}" socat_auto_update: "{{ service_auto_update }}"
- name: Socat for socket published ports of {{ service_name }} - name: Socat for socket published ports of {{ service_name }}

2
roles/service/tasks/oauth2_proxy.yaml
View File

@@ -11,7 +11,7 @@
- --cookie-secret-file - --cookie-secret-file
- /run/secrets/cookie-secret - /run/secrets/cookie-secret
container_networks: container_networks:
- "{{ service_name }}-oauth2-proxy" - name: "{{ service_name }}-oauth2-proxy"
container_secrets: container_secrets:
- name: "{{ service_name }}-oauth2-proxy-cookie-secret" - name: "{{ service_name }}-oauth2-proxy-cookie-secret"
length: 32 length: 32

5
roles/service/tasks/redis.yaml
View File

@@ -6,8 +6,7 @@
container_name: "{{ service_name }}-redis" container_name: "{{ service_name }}-redis"
container_image: docker.io/valkey/valkey:alpine container_image: docker.io/valkey/valkey:alpine
container_networks: container_networks:
- "{{ service_name }}" - name: "{{ service_name }}"
ip: "{{ service_container_ip | ansible.utils.ipmath(2) if _service_static_ip else '' }}"
container_hostname: redis container_hostname: redis
container_ip: >-
{{ service_container_ip | ansible.utils.ipmath(2) if _service_static_ip else '' }}
container_auto_update: "{{ service_auto_update }}" container_auto_update: "{{ service_auto_update }}"

28
roles/service/vars/main/additional.yaml
View File

@@ -22,14 +22,21 @@ _service_additional_container_wants: >-
_service_additional_container_networks: >- _service_additional_container_networks: >-
{{ {{
[service_name] [{
+ service_container_additional_networks 'name': service_name,
'ip':
service_container_ip | ansible.utils.ipmath(20 + _service_additional_container_index)
if _service_static_ip else ''
}]
+ ( + (
_service_additional_container_publish_socket_ports service_container_additional_networks
| map(attribute='name') + (
| map('regex_replace', '^', service_name ~ '-') _service_additional_container_publish_socket_ports
| map('regex_replace', '$', '-socat') | map(attribute='name')
) | map('regex_replace', '^', service_name ~ '-')
| map('regex_replace', '$', '-socat')
)
) | map('community.general.dict_kv', 'name')
}} }}
_service_additional_container_secrets: >- _service_additional_container_secrets: >-
@@ -50,13 +57,6 @@ _service_additional_container_secrets: >-
else _service_container_secrets else _service_container_secrets
}} }}
_service_additional_container_ip: >-
{{
service_container_ip |
ansible.utils.ipmath(20 + _service_additional_container_index)
if _service_static_ip else ''
}}
_service_additional_container_publish_ports_with_defaults: >- _service_additional_container_publish_ports_with_defaults: >-
{{ {{
([{ 'type': 'port', 'host_address': '0.0.0.0' }] * _service_additional_container.publish_ports | length) ([{ 'type': 'port', 'host_address': '0.0.0.0' }] * _service_additional_container.publish_ports | length)

7
roles/service/vars/main/database.yaml
View File

@@ -3,8 +3,11 @@ _service_setup_database: "{{ service_database_type != 'none' }}"
_service_database_name: "{{ service_name }}-{{ service_database_type }}" _service_database_name: "{{ service_name }}-{{ service_database_type }}"
_service_database_networks: >- _service_database_networks: >-
{{ {{
[service_name] + [{
service_database_additional_networks 'name': service_name,
'ip': service_container_ip | ansible.utils.ipmath(1) if _service_static_ip else ''
}]
+ service_database_additional_networks | map('community.general.dict_kv', 'name')
}} }}
_service_database_secret: _service_database_secret:

18
roles/service/vars/main/general.yaml
View File

@@ -1,10 +1,20 @@
--- ---
_service_container_networks: >- _service_container_networks: >-
{{ {{
[service_name] [{
+ service_container_additional_networks 'name': service_name,
+ ([service_name ~ '-socat'] if service_container_http_port > 0 else []) 'ip': service_container_ip
+ (_service_container_publish_socket_ports | map(attribute='name') | map('regex_replace', '^', service_name ~ '-')) }]
+ (
[{
'name': service_name ~ '-socat',
'ip': service_container_ip | ansible.utils.ipmath(256) if _service_static_ip else ''
}] if service_container_http_port > 0 else []
)
+ (
service_container_additional_networks
+ (_service_container_publish_socket_ports | map(attribute='name') | map('regex_replace', '^', service_name ~ '-'))
) | map('community.general.dict_kv', 'name')
}} }}
_service_static_ip: "{{ service_container_ip | length > 0 }}" _service_static_ip: "{{ service_container_ip | length > 0 }}"

4
roles/socat/tasks/main.yaml
View File

@@ -18,8 +18,8 @@
- "TCP:{{ socat_target_container }}:{{ socat_target_http_port }}" - "TCP:{{ socat_target_container }}:{{ socat_target_http_port }}"
container_user: nobody container_user: nobody
container_networks: container_networks:
- "{{ socat_service_name }}-socat" - name: "{{ socat_service_name }}-socat"
container_ip: "{{ socat_container_ip }}" ip: "{{ socat_container_ip }}"
container_requires: container_requires:
- "{{ socat_service_name }}-socat.socket" - "{{ socat_service_name }}-socat.socket"
- "{{ socat_target_container }}.service" - "{{ socat_target_container }}.service"