uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Make socat its own role

Browse Source
This commit is contained in:
uumas
2026-03-12 00:05:07 +02:00
parent accd5ece14
commit fce8804653
9 changed files with 53 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/service/handlers/main.yaml
View File

@@ -5,17 +5,3 @@
state: restarted state: restarted
daemon_reload: true daemon_reload: true
ignore_errors: '{{ ansible_check_mode }}' ignore_errors: '{{ ansible_check_mode }}'
- name: Restart socat socket for {{ service_name }}
ansible.builtin.systemd_service:
name: "{{ service_name }}-socat.socket"
state: restarted
daemon_reload: true
ignore_errors: '{{ ansible_check_mode }}'
- name: Restart socat socket for {{ service_name ~ '-oauth2-proxy' }}
ansible.builtin.systemd_service:
name: "{{ service_name }}-oauth2-proxy-socat.socket"
state: restarted
daemon_reload: true
ignore_errors: '{{ ansible_check_mode }}'

4
roles/service/tasks/main.yaml
View File

@@ -47,13 +47,15 @@
container_auto_update: "{{ service_auto_update }}" container_auto_update: "{{ service_auto_update }}"
- name: Socat for {{ service_name }} - name: Socat for {{ service_name }}
ansible.builtin.include_tasks: socat.yaml ansible.builtin.include_role:
name: socat
when: service_container_http_port > 0 when: service_container_http_port > 0
vars: vars:
socat_service_name: "{{ service_name }}" socat_service_name: "{{ service_name }}"
socat_target_http_port: "{{ service_container_http_port }}" socat_target_http_port: "{{ service_container_http_port }}"
socat_container_ip: >- socat_container_ip: >-
{{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }} {{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }}
socat_auto_update: "{{ service_auto_update }}"
- name: Reverse proxy for {{ service_name }} - name: Reverse proxy for {{ service_name }}
ansible.builtin.include_tasks: proxy.yaml ansible.builtin.include_tasks: proxy.yaml

4
roles/service/tasks/oauth2_proxy.yaml
View File

@@ -30,8 +30,10 @@
container_auto_update: "{{ service_auto_update }}" container_auto_update: "{{ service_auto_update }}"
- name: Socat for OAuth2 Proxy for {{ service_name }} - name: Socat for OAuth2 Proxy for {{ service_name }}
ansible.builtin.import_tasks: socat.yaml ansible.builtin.import_role:
name: socat
vars: vars:
socat_service_name: "{{ service_name }}-oauth2-proxy" socat_service_name: "{{ service_name }}-oauth2-proxy"
socat_target_http_port: 4180 socat_target_http_port: 4180
socat_container_ip: "" socat_container_ip: ""
socat_auto_update: "{{ service_auto_update }}"

1
roles/socat/README.md Normal file
View File

@@ -0,0 +1 @@
Sets up a socat container along with a systemd socket unit to forward traffic to it

4
roles/socat/defaults/main.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
socat_target_container: "{{ socat_service_name }}"
socat_container_ip: ""
socat_auto_update: true

6
roles/socat/handlers/main.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Restart socat socket for {{ socat_service_name }}
ansible.builtin.set_fact:
systemd_restart_units: "{{ systemd_restart_units + [socat_service_name ~ '-socat.socket'] }}" # noqa: var-naming[no-role-prefix]
changed_when: true
notify: Apply systemd unit restarts

28
roles/socat/meta/argument_specs.yaml Normal file
View File

@@ -0,0 +1,28 @@
---
argument_specs:
main:
description: Sets up a socat container along with a systemd socket unit to forward traffic to it
options:
socat_service_name:
description: Name of the socat service, used for systemd unit and container naming
type: str
required: true
socat_target_container:
description: Name of the container to forward traffic to
type: str
required: false
default: "{{ socat_service_name }}"
socat_target_http_port:
description: Port on the target container to forward traffic to
type: int
required: true
socat_container_ip:
description: IP address to assign to the socat container.
type: str
required: false
default: ""
socat_auto_update:
description: Whether to automatically update the socat container
type: bool
required: false
default: true

12
roles/service/tasks/socat.yaml → roles/socat/tasks/main.yaml
View File

@@ -4,7 +4,9 @@
src: socat.socket.j2 src: socat.socket.j2
dest: /etc/systemd/system/{{ socat_service_name }}-socat.socket dest: /etc/systemd/system/{{ socat_service_name }}-socat.socket
mode: "0644" mode: "0644"
notify: Restart socat socket for {{ socat_service_name }} notify:
- Reload systemd daemon
- Restart socat socket for {{ socat_service_name }}
- name: Socat container for {{ socat_service_name }} - name: Socat container for {{ socat_service_name }}
ansible.builtin.import_role: ansible.builtin.import_role:
@@ -14,13 +16,13 @@
container_image: "docker.io/alpine/socat:latest" container_image: "docker.io/alpine/socat:latest"
container_command: container_command:
- "ACCEPT-FD:3,fork" - "ACCEPT-FD:3,fork"
- "TCP:{{ socat_service_name }}:{{ socat_target_http_port }}" - "TCP:{{ socat_target_container }}:{{ socat_target_http_port }}"
container_user: nobody container_user: nobody
container_networks: container_networks:
- "{{ socat_service_name }}" - "{{ socat_service_name }}-socat"
container_ip: "{{ socat_container_ip }}" container_ip: "{{ socat_container_ip }}"
container_requires: container_requires:
- "{{ socat_service_name }}-socat.socket" - "{{ socat_service_name }}-socat.socket"
- "{{ socat_service_name }}.service" - "{{ socat_target_container }}.service"
container_auto_start: false container_auto_start: false
container_auto_update: "{{ service_auto_update }}" container_auto_update: "{{ socat_auto_update }}"

1
roles/service/templates/socat.socket.j2 → roles/socat/templates/socat.socket.j2
View File

@@ -1,6 +1,7 @@
# {{ ansible_managed }} # {{ ansible_managed }}
[Unit] [Unit]
Description={{ socat_service_name }} socat socket Description={{ socat_service_name }} socat socket
Requires={{ socat_target_container }}.service
[Socket] [Socket]
ListenStream=/run/{{ socat_service_name }}-socat.sock ListenStream=/run/{{ socat_service_name }}-socat.sock