Add support for --device and --privileged

mhutter · Jun 26, 2020 · 4f717ef · 4f717ef
1 parent df92e26
commit 4f717ef
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -48,6 +48,8 @@ This will create:
 * `container_docker_pull` (default: _yes_) - whether the docker image should be pulled
 * `container_cap_add` (default _[]_) - List of capabilities to add
 * `container_cap_drop` (default _{}_) - List of capabilities to drop
+* `container_devices` (default _[]_) - List of devices to add
+* `container_privileged` (default _false_) - Whether the container should be privileged
 * `container_start_post` - Optional command to be run by systemd after the container has started
 
 #### Systemd service specifics

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -8,6 +8,8 @@ container_ports: []
 container_volumes: []
 container_cap_add: []
 container_cap_drop: []
+container_devices: []
+container_privileged: false
 docker_path: "/usr/bin/docker"
 service_name: "{{ container_name }}_container"
 service_systemd_options: []

diff --git a/templates/unit.j2 b/templates/unit.j2
@@ -1,6 +1,6 @@
 # {{ ansible_managed }}
 {% macro params(name, vals) %}
-{% for v in vals %}-{{ name }} {{ v }} {% endfor %}
+{% for v in vals %}{{ name }} {{ v }} {% endfor %}
 {% endmacro %}
 {% set service_systemd_options_keys = service_systemd_options | selectattr("key") | map(attribute="key") | list %}
 [Unit]
@@ -21,7 +21,20 @@ EnvironmentFile={{ sysconf_dir }}/{{ container_name }}
 ExecStartPre=-{{ docker_path }} rm -f {{ container_name }}
 {% endif %}
 {% if not 'ExecStart' in service_systemd_options_keys %}
-ExecStart={{ docker_path }} run --name {{ container_name }} --rm {% if container_env is defined %}--env-file {{ sysconf_dir }}/{{ container_name }} {% endif %}{{ params('v', container_volumes) }}{% if container_host_network == true %} --network host {% else %}{{ params('p', container_ports) }}{% endif %}{{ params('-link', container_links) }}{{ params('l', container_labels) }}{{ params('-cap-add', container_cap_add) }}{{ params('-cap-drop', container_cap_drop) }}{{ container_args | default('') |trim }} {{ container_image }} {{ container_cmd | default('') | trim }}
+ExecStart={{ docker_path }} run \
+  --name {{ container_name }} \
+  --rm \
+  {% if container_env is defined %}--env-file {{ sysconf_dir }}/{{ container_name }} {% endif %}\
+  {{ params('--volume', container_volumes) }}\
+  {% if container_host_network == true %}--network host {% else %}{{ params('--publish', container_ports) }}{% endif %}\
+  {{ params('--link', container_links) }}\
+  {{ params('--label', container_labels) }}\
+  {{ params('--cap-add', container_cap_add) }}\
+  {{ params('--cap-drop', container_cap_drop) }}\
+  {{ params('--device', container_devices) }}\
+  {% if container_privileged == true %}--privileged{% endif %}\
+  {{ container_args | default('') | trim }} \
+  {{ container_image }} {{ container_cmd | default('') | trim }}
 {% endif %}
 {% if not 'ExecStop' in service_systemd_options_keys %}
 ExecStop=/usr/bin/docker stop {{ container_name }}