diff --git a/roles/service/handlers/main.yaml b/roles/service/handlers/main.yaml index abd9b78..42f239a 100644 --- a/roles/service/handlers/main.yaml +++ b/roles/service/handlers/main.yaml @@ -5,17 +5,3 @@ state: restarted daemon_reload: true ignore_errors: '{{ ansible_check_mode }}' - -- name: Restart socat socket for {{ service_name }} - ansible.builtin.systemd_service: - name: "{{ service_name }}-socat.socket" - state: restarted - daemon_reload: true - ignore_errors: '{{ ansible_check_mode }}' - -- name: Restart socat socket for {{ service_name ~ '-oauth2-proxy' }} - ansible.builtin.systemd_service: - name: "{{ service_name }}-oauth2-proxy-socat.socket" - state: restarted - daemon_reload: true - ignore_errors: '{{ ansible_check_mode }}' diff --git a/roles/service/tasks/main.yaml b/roles/service/tasks/main.yaml index 0f77e01..165d345 100644 --- a/roles/service/tasks/main.yaml +++ b/roles/service/tasks/main.yaml @@ -47,13 +47,15 @@ container_auto_update: "{{ service_auto_update }}" - name: Socat for {{ service_name }} - ansible.builtin.include_tasks: socat.yaml + ansible.builtin.include_role: + name: socat when: service_container_http_port > 0 vars: socat_service_name: "{{ service_name }}" socat_target_http_port: "{{ service_container_http_port }}" socat_container_ip: >- {{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }} + socat_auto_update: "{{ service_auto_update }}" - name: Reverse proxy for {{ service_name }} ansible.builtin.include_tasks: proxy.yaml diff --git a/roles/service/tasks/oauth2_proxy.yaml b/roles/service/tasks/oauth2_proxy.yaml index 1a1d42c..585c00c 100644 --- a/roles/service/tasks/oauth2_proxy.yaml +++ b/roles/service/tasks/oauth2_proxy.yaml @@ -30,8 +30,10 @@ container_auto_update: "{{ service_auto_update }}" - name: Socat for OAuth2 Proxy for {{ service_name }} - ansible.builtin.import_tasks: socat.yaml + ansible.builtin.import_role: + name: socat vars: socat_service_name: "{{ service_name }}-oauth2-proxy" socat_target_http_port: 4180 socat_container_ip: "" + socat_auto_update: "{{ service_auto_update }}" diff --git a/roles/socat/README.md b/roles/socat/README.md new file mode 100644 index 0000000..dc3392a --- /dev/null +++ b/roles/socat/README.md @@ -0,0 +1 @@ +Sets up a socat container along with a systemd socket unit to forward traffic to it diff --git a/roles/socat/defaults/main.yaml b/roles/socat/defaults/main.yaml new file mode 100644 index 0000000..edefc69 --- /dev/null +++ b/roles/socat/defaults/main.yaml @@ -0,0 +1,4 @@ +--- +socat_target_container: "{{ socat_service_name }}" +socat_container_ip: "" +socat_auto_update: true diff --git a/roles/socat/handlers/main.yaml b/roles/socat/handlers/main.yaml new file mode 100644 index 0000000..2561e6b --- /dev/null +++ b/roles/socat/handlers/main.yaml @@ -0,0 +1,6 @@ +--- +- name: Restart socat socket for {{ socat_service_name }} + ansible.builtin.set_fact: + systemd_restart_units: "{{ systemd_restart_units + [socat_service_name ~ '-socat.socket'] }}" # noqa: var-naming[no-role-prefix] + changed_when: true + notify: Apply systemd unit restarts diff --git a/roles/socat/meta/argument_specs.yaml b/roles/socat/meta/argument_specs.yaml new file mode 100644 index 0000000..61cf46d --- /dev/null +++ b/roles/socat/meta/argument_specs.yaml @@ -0,0 +1,28 @@ +--- +argument_specs: + main: + description: Sets up a socat container along with a systemd socket unit to forward traffic to it + options: + socat_service_name: + description: Name of the socat service, used for systemd unit and container naming + type: str + required: true + socat_target_container: + description: Name of the container to forward traffic to + type: str + required: false + default: "{{ socat_service_name }}" + socat_target_http_port: + description: Port on the target container to forward traffic to + type: int + required: true + socat_container_ip: + description: IP address to assign to the socat container. + type: str + required: false + default: "" + socat_auto_update: + description: Whether to automatically update the socat container + type: bool + required: false + default: true diff --git a/roles/service/tasks/socat.yaml b/roles/socat/tasks/main.yaml similarity index 68% rename from roles/service/tasks/socat.yaml rename to roles/socat/tasks/main.yaml index acfa30e..9b4b343 100644 --- a/roles/service/tasks/socat.yaml +++ b/roles/socat/tasks/main.yaml @@ -4,7 +4,9 @@ src: socat.socket.j2 dest: /etc/systemd/system/{{ socat_service_name }}-socat.socket mode: "0644" - notify: Restart socat socket for {{ socat_service_name }} + notify: + - Reload systemd daemon + - Restart socat socket for {{ socat_service_name }} - name: Socat container for {{ socat_service_name }} ansible.builtin.import_role: @@ -14,13 +16,13 @@ container_image: "docker.io/alpine/socat:latest" container_command: - "ACCEPT-FD:3,fork" - - "TCP:{{ socat_service_name }}:{{ socat_target_http_port }}" + - "TCP:{{ socat_target_container }}:{{ socat_target_http_port }}" container_user: nobody container_networks: - - "{{ socat_service_name }}" + - "{{ socat_service_name }}-socat" container_ip: "{{ socat_container_ip }}" container_requires: - "{{ socat_service_name }}-socat.socket" - - "{{ socat_service_name }}.service" + - "{{ socat_target_container }}.service" container_auto_start: false - container_auto_update: "{{ service_auto_update }}" + container_auto_update: "{{ socat_auto_update }}" diff --git a/roles/service/templates/socat.socket.j2 b/roles/socat/templates/socat.socket.j2 similarity index 75% rename from roles/service/templates/socat.socket.j2 rename to roles/socat/templates/socat.socket.j2 index 9205afb..cb999fb 100644 --- a/roles/service/templates/socat.socket.j2 +++ b/roles/socat/templates/socat.socket.j2 @@ -1,6 +1,7 @@ # {{ ansible_managed }} [Unit] Description={{ socat_service_name }} socat socket +Requires={{ socat_target_container }}.service [Socket] ListenStream=/run/{{ socat_service_name }}-socat.sock