Try Spottermanage docker containers
Authors: Cove Schneider (@cove), Joshua Conner (@joshuaconner), Pavel Antonov (@softzilla), Thomas Steinbach (@ThomasSteinbach), Philippe Jandot (@zfil), Daan Oosterveld (@dusdanig), Chris Houseknecht (@chouseknecht), Kassian Sun (@kassiansun), Felix Fontein (@felixfontein)
Install with ansible-galaxy collection install community.general:==1.3.14
collections:
- name: community.general
version: 1.3.14Manage the life cycle of docker containers.
Supports check mode. Run with C(--check) and C(--diff) to view config difference and list of actions to be taken.
- name: Create a data container
community.general.docker_container:
name: mydata
image: busybox
volumes:
- /data
- name: Re-create a redis container
community.general.docker_container:
name: myredis
image: redis
command: redis-server --appendonly yes
state: present
recreate: yes
exposed_ports:
- 6379
volumes_from:
- mydata
- name: Restart a container
community.general.docker_container:
name: myapplication
image: someuser/appimage
state: started
restart: yes
links:
- "myredis:aliasedredis"
devices:
- "/dev/sda:/dev/xvda:rwm"
ports:
# Publish container port 9000 as host port 8080
- "8080:9000"
# Publish container UDP port 9001 as host port 8081 on interface 127.0.0.1
- "127.0.0.1:8081:9001/udp"
# Publish container port 9002 as a random host port
- "9002"
# Publish container port 9003 as a free host port in range 8000-8100
# (the host port will be selected by the Docker daemon)
- "8000-8100:9003"
# Publish container ports 9010-9020 to host ports 7000-7010
- "7000-7010:9010-9020"
env:
SECRET_KEY: "ssssh"
# Values which might be parsed as numbers, booleans or other types by the YAML parser need to be quoted
BOOLEAN_KEY: "yes"
- name: Container present
community.general.docker_container:
name: mycontainer
state: present
image: ubuntu:14.04
command: sleep infinity
- name: Stop a container
community.general.docker_container:
name: mycontainer
state: stopped
- name: Start 4 load-balanced containers
community.general.docker_container:
name: "container{{ item }}"
recreate: yes
image: someuser/anotherappimage
command: sleep 1d
with_sequence: count=4
- name: Remove container
community.general.docker_container:
name: ohno
state: absent
- name: Syslogging output
community.general.docker_container:
name: myservice
image: busybox
log_driver: syslog
log_options:
syslog-address: tcp://my-syslog-server:514
syslog-facility: daemon
# NOTE: in Docker 1.13+ the "syslog-tag" option was renamed to "tag" for
# older docker installs, use "syslog-tag" instead
tag: myservice
- name: Create db container and connect to network
community.general.docker_container:
name: db_test
image: "postgres:latest"
networks:
- name: "{{ docker_network_name }}"
- name: Start container, connect to network and link
community.general.docker_container:
name: sleeper
image: ubuntu:14.04
networks:
- name: TestingNet
ipv4_address: "172.1.1.100"
aliases:
- sleepyzz
links:
- db_test:db
- name: TestingNet2
- name: Start a container with a command
community.general.docker_container:
name: sleepy
image: ubuntu:14.04
command: ["sleep", "infinity"]
- name: Add container to networks
community.general.docker_container:
name: sleepy
networks:
- name: TestingNet
ipv4_address: 172.1.1.18
links:
- sleeper
- name: TestingNet2
ipv4_address: 172.1.10.20
- name: Update network with aliases
community.general.docker_container:
name: sleepy
networks:
- name: TestingNet
aliases:
- sleepyz
- zzzz
- name: Remove container from one network
community.general.docker_container:
name: sleepy
networks:
- name: TestingNet2
purge_networks: yes
- name: Remove container from all networks
community.general.docker_container:
name: sleepy
purge_networks: yes
- name: Start a container and use an env file
community.general.docker_container:
name: agent
image: jenkinsci/ssh-slave
env_file: /var/tmp/jenkins/agent.env
- name: Create a container with limited capabilities
community.general.docker_container:
name: sleepy
image: ubuntu:16.04
command: sleep infinity
capabilities:
- sys_time
cap_drop:
- all
- name: Finer container restart/update control
community.general.docker_container:
name: test
image: ubuntu:18.04
env:
arg1: "true"
arg2: "whatever"
volumes:
- /tmp:/tmp
comparisons:
image: ignore # don't restart containers with older versions of the image
env: strict # we want precisely this environment
volumes: allow_more_present # if there are more volumes, that's ok, as long as `/tmp:/tmp` is there
- name: Finer container restart/update control II
community.general.docker_container:
name: test
image: ubuntu:18.04
env:
arg1: "true"
arg2: "whatever"
comparisons:
'*': ignore # by default, ignore *all* options (including image)
env: strict # except for environment variables; there, we want to be strict
- name: Start container with healthstatus
community.general.docker_container:
name: nginx-proxy
image: nginx:1.13
state: started
healthcheck:
# Check if nginx server is healthy by curl'ing the server.
# If this fails or timeouts, the healthcheck fails.
test: ["CMD", "curl", "--fail", "http://nginx.host.com"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 30s
- name: Remove healthcheck from container
community.general.docker_container:
name: nginx-proxy
image: nginx:1.13
state: started
healthcheck:
# The "NONE" check needs to be specified
test: ["NONE"]
- name: Start container with block device read limit
community.general.docker_container:
name: test
image: ubuntu:18.04
state: started
device_read_bps:
# Limit read rate for /dev/sda to 20 mebibytes per second
- path: /dev/sda
rate: 20M
device_read_iops:
# Limit read rate for /dev/sdb to 300 IO per second
- path: /dev/sdb
rate: 300
- name: Start container with GPUs
community.general.docker_container:
name: test
image: ubuntu:18.04
state: started
device_requests:
- # Add some specific devices to this container
device_ids:
- '0'
- 'GPU-3a23c669-1f69-c64e-cf85-44e9b07e7a2a'
- # Add nVidia GPUs to this container
driver: nvidia
count: -1 # this means we want all
capabilities:
# We have one OR condition: 'gpu' AND 'utility'
- - gpu
- utility
env:
description:
- Dictionary of key,value pairs.
- Values which might be parsed as numbers, booleans or other types by the YAML parser
must be quoted (e.g. C("true")) in order to avoid data loss.
type: dict
tls:
default: false
description:
- Secure the connection to the API by using TLS without verifying the authenticity
of the Docker host server. Note that if I(validate_certs) is set to C(yes) as well,
it will take precedence.
- If the value is not specified in the task, the value of environment variable C(DOCKER_TLS)
will be used instead. If the environment variable is not set, the default value
will be used.
type: bool
tty:
description:
- Allocate a pseudo-TTY.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(no).
type: bool
uts:
description:
- Set the UTS namespace mode for the container.
type: str
cpus:
description:
- Specify how much of the available CPU resources a container can use.
- A value of C(1.5) means that at most one and a half CPU (core) will be used.
type: float
version_added: 0.2.0
version_added_collection: community.general
init:
description:
- Run an init inside the container that forwards signals and reaps processes.
- This option requires Docker API >= 1.25.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(no).
type: bool
name:
description:
- Assign a name to a new container or match an existing container.
- When identifying an existing container name may be a name or a long or short container
ID.
required: true
type: str
pull:
default: false
description:
- If true, always pull the latest version of an image. Otherwise, will only pull an
image when missing.
- '*Note:* images are only pulled when specified by name. If the image is specified
as a image ID (hash), it cannot be pulled.'
type: bool
user:
description:
- Sets the username or UID used and optionally the groupname or GID for the specified
command.
- Can be of the forms C(user), C(user:group), C(uid), C(uid:gid), C(user:gid) or C(uid:group).
type: str
debug:
default: false
description:
- Debug mode
type: bool
image:
description:
- Repository path and tag used to create the container. If an image is not found or
pull is true, the image will be pulled from the registry. If no tag is included,
C(latest) will be used.
- Can also be an image ID. If this is the case, the image is assumed to be available
locally. The I(pull) option is ignored for this case.
type: str
links:
description:
- List of name aliases for linked containers in the format C(container_name:alias).
- Setting this will force container to be restarted.
elements: str
type: list
state:
choices:
- absent
- present
- stopped
- started
default: started
description:
- C(absent) - A container matching the specified name will be stopped and removed.
Use I(force_kill) to kill the container rather than stopping it. Use I(keep_volumes)
to retain anonymous volumes associated with the removed container.
- C(present) - Asserts the existence of a container matching the name and any provided
configuration parameters. If no container matches the name, a container will be
created. If a container matches the name but the provided configuration does not
match, the container will be updated, if it can be. If it cannot be updated, it
will be removed and re-created with the requested config.
- C(started) - Asserts that the container is first C(present), and then if the container
is not running moves it to a running state. Use I(restart) to force a matching container
to be stopped and restarted.
- C(stopped) - Asserts that the container is first C(present), and then if the container
is running moves it to a stopped state.
- To control what will be taken into account when comparing configuration, see the
I(comparisons) option. To avoid that the image version will be taken into account,
you can also use the I(ignore_image) option.
- Use the I(recreate) option to always force re-creation of a matching container,
even if it is running.
- If the container should be killed instead of stopped in case it needs to be stopped
for recreation, or because I(state) is C(stopped), please use the I(force_kill)
option. Use I(keep_volumes) to retain anonymous volumes associated with a removed
container.
- Use I(keep_volumes) to retain anonymous volumes associated with a removed container.
type: str
tmpfs:
description:
- Mount a tmpfs directory.
elements: str
type: list
detach:
description:
- Enable detached mode to leave the container running in background.
- If disabled, the task will reflect the status of the container run (failed if the
command failed).
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(yes).
type: bool
groups:
description:
- List of additional group names and/or IDs that the container process will run as.
elements: str
type: list
labels:
description:
- Dictionary of key value pairs.
type: dict
memory:
description:
- Memory limit in format C(<number>[<unit>]). Number is a positive integer. Unit can
be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte),
or C(P) (pebibyte).
- Omitting the unit defaults to bytes.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C("0").
type: str
mounts:
description:
- Specification for mounts to be added to the container. More powerful alternative
to I(volumes).
elements: dict
suboptions:
consistency:
choices:
- cached
- consistent
- default
- delegated
description:
- The consistency requirement for the mount.
type: str
labels:
description:
- User-defined name and labels for the volume. Only valid for the C(volume) type.
type: dict
no_copy:
description:
- False if the volume should be populated with the data from the target. Only
valid for the C(volume) type.
- The default value is C(false).
type: bool
propagation:
choices:
- private
- rprivate
- shared
- rshared
- slave
- rslave
description:
- Propagation mode. Only valid for the C(bind) type.
type: str
read_only:
description:
- Whether the mount should be read-only.
type: bool
source:
description:
- Mount source (e.g. a volume name or a host path).
type: str
target:
description:
- Path inside the container.
required: true
type: str
tmpfs_mode:
description:
- The permission mode for the tmpfs mount.
type: str
tmpfs_size:
description:
- The size for the tmpfs mount in bytes in format <number>[<unit>].
- Number is a positive integer. Unit can be one of C(B) (byte), C(K) (kibibyte,
1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte).
- Omitting the unit defaults to bytes.
type: str
type:
choices:
- bind
- npipe
- tmpfs
- volume
default: volume
description:
- The mount type.
- Note that C(npipe) is only supported by Docker for Windows.
type: str
volume_driver:
description:
- Specify the volume driver. Only valid for the C(volume) type.
- See L(here,https://docs.docker.com/storage/volumes/#use-a-volume-driver) for
details.
type: str
volume_options:
description:
- Dictionary of options specific to the chosen volume_driver. See L(here,https://docs.docker.com/storage/volumes/#use-a-volume-driver)
for details.
type: dict
type: list
paused:
description:
- Use with the started state to pause running processes inside the container.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(no).
type: bool
ca_cert:
aliases:
- tls_ca_cert
- cacert_path
description:
- Use a CA certificate when performing server verification by providing the path to
a CA certificate file.
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH)
is set, the file C(ca.pem) from the directory specified in the environment variable
C(DOCKER_CERT_PATH) will be used.
type: path
cleanup:
default: false
description:
- Use with I(detach=false) to remove the container after successful execution.
type: bool
command:
description:
- Command to execute when the container starts. A command may be either a string or
a list.
- Prior to version 2.4, strings were split on commas.
type: raw
devices:
description:
- List of host device bindings to add to the container.
- Each binding is a mapping expressed in the format C(<path_on_host>:<path_in_container>:<cgroup_permissions>).
elements: str
type: list
restart:
default: false
description:
- Use with started state to force a matching container to be stopped and restarted.
type: bool
runtime:
description:
- Runtime to use for the container.
type: str
sysctls:
description:
- Dictionary of key,value pairs.
type: dict
timeout:
default: 60
description:
- The maximum amount of time in seconds to wait on a response from the API.
- If the value is not specified in the task, the value of environment variable C(DOCKER_TIMEOUT)
will be used instead. If the environment variable is not set, the default value
will be used.
type: int
ulimits:
description:
- List of ulimit options. A ulimit is specified as C(nofile:262144:262144).
elements: str
type: list
volumes:
description:
- List of volumes to mount within the container.
- 'Use docker CLI-style syntax: C(/host:/container[:mode])'
- Mount modes can be a comma-separated list of various modes such as C(ro), C(rw),
C(consistent), C(delegated), C(cached), C(rprivate), C(private), C(rshared), C(shared),
C(rslave), C(slave), and C(nocopy). Note that the docker daemon might not support
all modes and combinations of such modes.
- SELinux hosts can additionally use C(z) or C(Z) to use a shared or private label
for the volume.
- Note that Ansible 2.7 and earlier only supported one mode, which had to be one of
C(ro), C(rw), C(z), and C(Z).
elements: str
type: list
cap_drop:
description:
- List of capabilities to drop from the container.
elements: str
type: list
dns_opts:
description:
- List of DNS options.
elements: str
type: list
env_file:
description:
- Path to a file, present on the target, containing environment variables I(FOO=BAR).
- If variable also present in I(env), then the I(env) value will override.
type: path
hostname:
description:
- The container's hostname.
type: str
ipc_mode:
description:
- Set the IPC mode for the container.
- Can be one of C(container:<name|id>) to reuse another container's IPC namespace
or C(host) to use the host's IPC namespace within the container.
type: str
networks:
description:
- List of networks the container belongs to.
- For examples of the data structure and usage see EXAMPLES below.
- To remove a container from one or more networks, use the I(purge_networks) option.
- Note that as opposed to C(docker run ...), M(community.general.docker_container)
does not remove the default network if I(networks) is specified. You need to explicitly
use I(purge_networks) to enforce the removal of the default network (and all other
networks not explicitly mentioned in I(networks)). Alternatively, use the I(networks_cli_compatible)
option, which will be enabled by default from community.general 2.0.0 on.
elements: dict
suboptions:
aliases:
description:
- List of aliases for this container in this network. These names can be used
in the network to reach this container.
elements: str
type: list
ipv4_address:
description:
- The container's IPv4 address in this network.
type: str
ipv6_address:
description:
- The container's IPv6 address in this network.
type: str
links:
description:
- A list of containers to link to.
elements: str
type: list
name:
description:
- The network's name.
required: true
type: str
type: list
pid_mode:
description:
- Set the PID namespace mode for the container.
- Note that Docker SDK for Python < 2.0 only supports C(host). Newer versions of the
Docker SDK for Python (docker) allow all values supported by the Docker daemon.
type: str
recreate:
default: false
description:
- Use with present and started states to force the re-creation of an existing container.
type: bool
shm_size:
description:
- Size of C(/dev/shm) in format C(<number>[<unit>]). Number is positive integer. Unit
can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T)
(tebibyte), or C(P) (pebibyte).
- Omitting the unit defaults to bytes. If you omit the size entirely, Docker daemon
uses C(64M).
type: str
cpu_quota:
description:
- Limit CPU CFS (Completely Fair Scheduler) quota.
- See I(cpus) for an easier to use alternative.
type: int
etc_hosts:
description:
- Dict of host-to-IP mappings, where each host name is a key in the dictionary. Each
host name will be added to the container's C(/etc/hosts) file.
type: dict
read_only:
description:
- Mount the container's root file system as read-only.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(no).
type: bool
client_key:
aliases:
- tls_client_key
- key_path
description:
- Path to the client's TLS key file.
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH)
is set, the file C(key.pem) from the directory specified in the environment variable
C(DOCKER_CERT_PATH) will be used.
type: path
cpu_period:
description:
- Limit CPU CFS (Completely Fair Scheduler) period.
- See I(cpus) for an easier to use alternative.
type: int
cpu_shares:
description:
- CPU shares (relative weight).
type: int
domainname:
description:
- Container domainname.
type: str
entrypoint:
description:
- Command that overwrites the default C(ENTRYPOINT) of the image.
elements: str
type: list
force_kill:
aliases:
- forcekill
default: false
description:
- Use the kill command when stopping a running container.
type: bool
log_driver:
description:
- Specify the logging driver. Docker uses C(json-file) by default.
- See L(here,https://docs.docker.com/config/containers/logging/configure/) for possible
choices.
type: str
oom_killer:
description:
- Whether or not to disable OOM Killer for the container.
type: bool
pids_limit:
description:
- Set PIDs limit for the container. It accepts an integer value.
- Set C(-1) for unlimited PIDs.
type: int
privileged:
description:
- Give extended privileges to the container.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(no).
type: bool
api_version:
aliases:
- docker_api_version
default: auto
description:
- The version of the Docker API running on the Docker Host.
- Defaults to the latest version of the API supported by Docker SDK for Python and
the docker daemon.
- If the value is not specified in the task, the value of environment variable C(DOCKER_API_VERSION)
will be used instead. If the environment variable is not set, the default value
will be used.
type: str
auto_remove:
description:
- Enable auto-removal of the container on daemon side when the container's process
exits.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(no).
type: bool
client_cert:
aliases:
- tls_client_cert
- cert_path
description:
- Path to the client's TLS certificate file.
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH)
is set, the file C(cert.pem) from the directory specified in the environment variable
C(DOCKER_CERT_PATH) will be used.
type: path
comparisons:
description:
- Allows to specify how properties of existing containers are compared with module
options to decide whether the container should be recreated / updated or not.
- Only options which correspond to the state of a container as handled by the Docker
daemon can be specified, as well as C(networks).
- Must be a dictionary specifying for an option one of the keys C(strict), C(ignore)
and C(allow_more_present).
- If C(strict) is specified, values are tested for equality, and changes always result
in updating or restarting. If C(ignore) is specified, changes are ignored.
- C(allow_more_present) is allowed only for lists, sets and dicts. If it is specified
for lists or sets, the container will only be updated or restarted if the module
option contains a value which is not present in the container's options. If the
option is specified for a dict, the container will only be updated or restarted
if the module option contains a key which isn't present in the container's option,
or if the value of a key present differs.
- The wildcard option C(*) can be used to set one of the default values C(strict)
or C(ignore) to *all* comparisons which are not explicitly set to other values.
- See the examples for details.
type: dict
cpuset_cpus:
description:
- CPUs in which to allow execution C(1,3) or C(1-3).
type: str
cpuset_mems:
description:
- Memory nodes (MEMs) in which to allow execution C(0-3) or C(0,1).
type: str
dns_servers:
description:
- List of custom DNS servers.
elements: str
type: list
docker_host:
aliases:
- docker_url
default: unix://var/run/docker.sock
description:
- The URL or Unix socket path used to connect to the Docker API. To connect to a remote
host, provide the TCP connection string. For example, C(tcp://192.0.2.23:2376).
If TLS is used to encrypt the connection, the module will automatically replace
C(tcp) in the connection URL with C(https).
- If the value is not specified in the task, the value of environment variable C(DOCKER_HOST)
will be used instead. If the environment variable is not set, the default value
will be used.
type: str
healthcheck:
description:
- Configure a check that is run to determine whether or not containers for this service
are "healthy".
- See the docs for the L(HEALTHCHECK Dockerfile instruction,https://docs.docker.com/engine/reference/builder/#healthcheck)
for details on how healthchecks work.
- 'I(interval), I(timeout) and I(start_period) are specified as durations. They accept
duration as a string in a format that look like: C(5h34m56s), C(1m30s) etc. The
supported units are C(us), C(ms), C(s), C(m) and C(h).'
suboptions:
interval:
description:
- Time between running the check.
- The default used by the Docker daemon is C(30s).
type: str
retries:
description:
- Consecutive number of failures needed to report unhealthy.
- The default used by the Docker daemon is C(3).
type: int
start_period:
description:
- Start period for the container to initialize before starting health-retries
countdown.
- The default used by the Docker daemon is C(0s).
type: str
test:
description:
- Command to run to check health.
- Must be either a string or a list. If it is a list, the first item must be one
of C(NONE), C(CMD) or C(CMD-SHELL).
type: raw
timeout:
description:
- Maximum time to allow one check to run.
- The default used by the Docker daemon is C(30s).
type: str
type: dict
interactive:
description:
- Keep stdin open after a container is launched, even if not attached.
- If I(container_default_behavior) is set to C(compatiblity) (the default value),
this option has a default of C(no).
type: bool
kill_signal:
description:
- Override default signal used to kill a running container.
type: str
log_options:
aliases:
- log_opt
description:
- Dictionary of options specific to the chosen I(log_driver).
- See U(https://docs.docker.com/engine/admin/logging/overview/) for details.
type: dict
mac_address:
description:
- Container MAC address (e.g. 92:d0:c6:0a:29:33).
type: str
memory_swap:
description:
- Total memory limit (memory + swap) in format C(<number>[<unit>]). Number is a positive
integer. Unit can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G)
(gibibyte), C(T) (tebibyte), or C(P) (pebibyte).
- Omitting the unit defaults to bytes.
type: str
output_logs:
default: false
description:
- If set to true, output of the container command will be printed.
- Only effective when I(log_driver) is set to C(json-file) or C(journald).
type: bool
ssl_version:
description:
- Provide a valid SSL version number. Default value determined by ssl.py module.
- If the value is not specified in the task, the value of environment variable C(DOCKER_SSL_VERSION)
will be used instead.
type: str
stop_signal:
description:
- Override default signal used to stop the container.
type: str
userns_mode:
description:
- Set the user namespace mode for the container. Currently, the only valid value are
C(host) and the empty string.
type: str
working_dir:
description:
- Path to the working directory.
type: str
blkio_weight:
description:
- Block IO (relative weight), between 10 and 1000.
type: int
capabilities:
description:
- List of capabilities to add to the container.
elements: str
type: list
ignore_image:
default: false
description:
- When I(state) is C(present) or C(started), the module compares the configuration
of an existing container to requested configuration. The evaluation includes the
image version. If the image version in the registry does not match the container,
the container will be recreated. You can stop this behavior by setting I(ignore_image)
to C(True).
- '*Warning:* This option is ignored if C(image: ignore) or C(*: ignore) is specified
in the I(comparisons) option.'
type: bool
keep_volumes:
default: true
description:
- Retain anonymous volumes associated with a removed container.
type: bool
network_mode:
description:
- Connect the container to a network. Choices are C(bridge), C(host), C(none), C(container:<name|id>),
C(<network_name>) or C(default).
- '*Note* that from community.general 3.0.0 on, if I(networks_cli_compatible) is C(true)
and I(networks) contains at least one network, the default value for I(network_mode)
will be the name of the first network in the I(networks) list. You can prevent this
by explicitly specifying a value for I(network_mode), like the default value C(default)
which will be used by Docker if I(network_mode) is not specified.'
type: str
stop_timeout:
description:
- Number of seconds to wait for the container to stop before sending C(SIGKILL). When
the container is created by this module, its C(StopTimeout) configuration will be
set to this value.
- When the container is stopped, will be used as a timeout for stopping the container.
In case the container has a custom C(StopTimeout) configuration, the behavior depends
on the version of the docker daemon. New versions of the docker daemon will always
use the container's configured C(StopTimeout) value if it has been configured.
type: int
tls_hostname:
default: localhost
description:
- When verifying the authenticity of the Docker Host server, provide the expected
name of the server.
- If the value is not specified in the task, the value of environment variable C(DOCKER_TLS_HOSTNAME)
will be used instead. If the environment variable is not set, the default value
will be used.
type: str
volumes_from:
description:
- List of container names or IDs to get volumes from.
elements: str
type: list
exposed_ports:
aliases:
- exposed
- expose
description:
- List of additional container ports which informs Docker that the container listens
on the specified network ports at runtime.
- If the port is already exposed using C(EXPOSE) in a Dockerfile, it does not need
to be exposed again.
elements: str
type: list
kernel_memory:
description:
- Kernel memory limit in format C(<number>[<unit>]). Number is a positive integer.
Unit can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte),
C(T) (tebibyte), or C(P) (pebibyte). Minimum is C(4M).
- Omitting the unit defaults to bytes.
type: str
oom_score_adj:
description:
- An integer value containing the score given to the container in order to tune OOM
killer preferences.
type: int
security_opts:
description:
- List of security options in the form of C("label:user:User").
elements: str
type: list
volume_driver:
description:
- The container volume driver.
type: str
purge_networks:
default: false
description:
- Remove the container from ALL networks not included in I(networks) parameter.
- Any default networks such as C(bridge), if not found in I(networks), will be removed
as well.
type: bool
restart_policy:
choices:
- 'no'
- on-failure
- always
- unless-stopped
description:
- Container restart policy.
- Place quotes around C(no) option.
type: str
validate_certs:
aliases:
- tls_verify
default: false
description:
- Secure the connection to the API by using TLS and verifying the authenticity of
the Docker host server.
- If the value is not specified in the task, the value of environment variable C(DOCKER_TLS_VERIFY)
will be used instead. If the environment variable is not set, the default value
will be used.
type: bool
device_read_bps:
description:
- List of device path and read rate (bytes per second) from device.
elements: dict
suboptions:
path:
description:
- Device path in the container.
required: true
type: str
rate:
description:
- Device read limit in format C(<number>[<unit>]).
- Number is a positive integer. Unit can be one of C(B) (byte), C(K) (kibibyte,
1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte).
- Omitting the unit defaults to bytes.
required: true
type: str
type: list
device_requests:
description:
- Allows to request additional resources, such as GPUs.
elements: dict
suboptions:
capabilities:
description:
- List of lists of strings to request capabilities.
- The top-level list entries are combined by OR, and for every list entry, the
entries in the list it contains are combined by AND.
- The driver tries to satisfy one of the sub-lists.
- Available capabilities for the C(nvidia) driver can be found at U(https://github.com/NVIDIA/nvidia-container-runtime).
elements: list
type: list
count:
description:
- Number or devices to request.
- Set to C(-1) to request all available devices.
type: int
device_ids:
description:
- List of device IDs.
elements: str
type: list
driver:
description:
- Which driver to use for this device.
type: str
options:
description:
- Driver-specific options.
type: dict
type: list
published_ports:
aliases:
- ports
description:
- List of ports to publish from the container to the host.
- 'Use docker CLI syntax: C(8000), C(9000:8000), or C(0.0.0.0:9000:8000), where 8000
is a container port, 9000 is a host port, and 0.0.0.0 is a host interface.'
- Port ranges can be used for source and destination ports. If two ranges with different
lengths are specified, the shorter range will be used. Since community.general 0.2.0,
if the source port range has length 1, the port will not be assigned to the first
port of the destination range, but to a free port in that range. This is the same
behavior as for C(docker) command line utility.
- Bind addresses must be either IPv4 or IPv6 addresses. Hostnames are *not* allowed.
This is different from the C(docker) command line utility. Use the L(dig lookup,../lookup/dig.html)
to resolve hostnames.
- A value of C(all) will publish all exposed container ports to random host ports,
ignoring any other mappings.
- If I(networks) parameter is provided, will inspect each network to see if there
exists a bridge network with optional parameter C(com.docker.network.bridge.host_binding_ipv4).
If such a network is found, then published ports where no host IP address is specified
will be bound to the host IP pointed to by C(com.docker.network.bridge.host_binding_ipv4).
Note that the first bridge network with a C(com.docker.network.bridge.host_binding_ipv4)
value encountered in the list of I(networks) is the one that will be used.
elements: str
type: list
restart_retries:
description:
- Use with restart policy to control maximum number of restart attempts.
type: int
device_read_iops:
description:
- List of device and read rate (IO per second) from device.
elements: dict
suboptions:
path:
description:
- Device path in the container.
required: true
type: str
rate:
description:
- Device read limit.
- Must be a positive integer.
required: true
type: int
type: list
device_write_bps:
description:
- List of device and write rate (bytes per second) to device.
elements: dict
suboptions:
path:
description:
- Device path in the container.
required: true
type: str
rate:
description:
- Device read limit in format C(<number>[<unit>]).
- Number is a positive integer. Unit can be one of C(B) (byte), C(K) (kibibyte,
1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte).
- Omitting the unit defaults to bytes.
required: true
type: str
type: list
device_write_iops:
description:
- List of device and write rate (IO per second) to device.
elements: dict
suboptions:
path:
description:
- Device path in the container.
required: true
type: str
rate:
description:
- Device read limit.
- Must be a positive integer.
required: true
type: int
type: list
memory_swappiness:
description:
- Tune a container's memory swappiness behavior. Accepts an integer between 0 and
100.
- If not set, the value will be remain the same if container exists and will be inherited
from the host machine if it is (re-)created.
type: int
dns_search_domains:
description:
- List of custom DNS search domains.
elements: str
type: list
memory_reservation:
description:
- Memory soft limit in format C(<number>[<unit>]). Number is a positive integer. Unit
can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T)
(tebibyte), or C(P) (pebibyte).
- Omitting the unit defaults to bytes.
type: str
trust_image_content:
default: false
description:
- If C(yes), skip image verification.
- The option has never been used by the module. It will be removed in community.general
3.0.0.
type: bool
removal_wait_timeout:
description:
- When removing an existing container, the docker daemon API call exists after the
container is scheduled for removal. Removal usually is very fast, but it can happen
that during high I/O load, removal can take longer. By default, the module will
wait until the container has been removed before trying to (re-)create it, however
long this takes.
- By setting this option, the module will wait at most this many seconds for the container
to be removed. If the container is still in the removal phase after this many seconds,
the module will fail.
type: float
version_added: 0.2.0
version_added_collection: community.general
networks_cli_compatible:
description:
- 'When networks are provided to the module via the I(networks) option, the module
behaves differently than C(docker run --network): C(docker run --network other)
will create a container with network C(other) attached, but the default network
not attached. This module with I(networks: {name: other}) will create a container
with both C(default) and C(other) attached. If I(purge_networks) is set to C(yes),
the C(default) network will be removed afterwards.'
- If I(networks_cli_compatible) is set to C(yes), this module will behave as C(docker
run --network) and will *not* add the default network if I(networks) is specified.
If I(networks) is not specified, the default network will be attached.
- '*Note* that docker CLI also sets I(network_mode) to the name of the first network
added if C(--network) is specified. For more compatibility with docker CLI, you
explicitly have to set I(network_mode) to the name of the first network you''re
adding. This behavior will change for community.general 3.0.0: then I(network_mode)
will automatically be set to the first network name in I(networks) if I(network_mode)
is not specified, I(networks) has at least one entry and I(networks_cli_compatible)
is C(true).'
- Current value is C(no). A new default of C(yes) will be set in community.general
2.0.0.
type: bool
container_default_behavior:
choices:
- compatibility
- no_defaults
description:
- Various module options used to have default values. This causes problems with containers
which use different values for these options.
- The default value is C(compatibility), which will ensure that the default values
are used when the values are not explicitly specified by the user.
- From community.general 3.0.0 on, the default value will switch to C(no_defaults).
To avoid deprecation warnings, please set I(container_default_behavior) to an explicit
value.
- This affects the I(auto_remove), I(detach), I(init), I(interactive), I(memory),
I(paused), I(privileged), I(read_only) and I(tty) options.
type: str
version_added: 0.2.0
version_added_collection: community.general
container:
description:
- Facts representing the current state of the container. Matches the docker inspection
output.
- Note that facts are part of the registered vars since Ansible 2.8. For compatibility
reasons, the facts are also accessible directly as C(docker_container). Note that
the returned fact will be removed in community.general 2.0.0.
- Before 2.3 this was C(ansible_docker_container) but was renamed in 2.3 to C(docker_container)
due to conflicts with the connection plugin.
- Empty if I(state) is C(absent)
- If I(detached) is C(false), will include C(Output) attribute containing any output
from container run.
returned: always
sample: '{ "AppArmorProfile": "", "Args": [], "Config": { "AttachStderr": false,
"AttachStdin": false, "AttachStdout": false, "Cmd": [ "/usr/bin/supervisord" ],
"Domainname": "", "Entrypoint": null, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
], "ExposedPorts": { "443/tcp": {}, "80/tcp": {} }, "Hostname": "8e47bf643eb9",
"Image": "lnmp_nginx:v1", "Labels": {}, "OnBuild": null, "OpenStdin": false, "StdinOnce":
false, "Tty": false, "User": "", "Volumes": { "/tmp/lnmp/nginx-sites/logs/": {}
}, ... }'
type: dict