Skip to content

Instantly share code, notes, and snippets.

@alekc
Created October 30, 2019 09:34
Show Gist options
  • Save alekc/9907890e4ffab9a185aaf8a8fee950ba to your computer and use it in GitHub Desktop.
Save alekc/9907890e4ffab9a185aaf8a8fee950ba to your computer and use it in GitHub Desktop.
Live template for ansible docker_container
docker_container:
name: undefined # string- required. Assign a name to a new container or match an existing container.,When identifying an existing container name may be a name or a long or short container ID.
image: undefined # string- not required. Repository path and tag used to create the container. If an image is not found or pull is true, the image will be pulled from the registry. If no tag is included, 'latest' will be used.
api_version: auto # string - not required. The version of the Docker API running on the Docker Host. Defaults to the latest version of the API supported by docker-py.,If the value is not specified in the task, the value of environment variable C(DOCKER_API_VERSION) will be used instead. If the environment variable is not set, the default value will be used.
auto_remove: no # boolean - not required. enable auto-removal of the container on daemon side when the container's process exits
blkio_weight: undefined # not required. Block IO (relative weight), between 10 and 1000.
ca_cert: undefined # path - Use a CA certificate when performing server verification by providing the path to a CA certificate file. If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file ca.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.
cap_drop: undefined # list (>2.7)- List of capabilities to drop from the container.
capabilities: undefined # list - not required. List of capabilities to add to the container.
cleanup: no # boolean (>2.2) - not required. Use with I(detach=false) to remove the container after successful execution.
client_cert: undefined #path - Path to the client's TLS certificate file. If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file cert.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.
client_key: undefined # path - Path to the client's TLS key file.If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file key.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used
command: undefined # raw - not required. Command to execute when the container starts. A command may be either a string or a list. Prior to version 2.4, strings were split on commas.
comparisons: undefined #dict - Allows to specify how properties of existing containers are compared with module options to decide whether the container should be recreated / updated or not
cpu_period: 0 # not required. Limit CPU CFS (Completely Fair Scheduler) period
cpu_quota: 0 # not required. Limit CPU CFS (Completely Fair Scheduler) quota
cpu_shares: undefined # not required. CPU shares (relative weight).
cpuset_cpus: undefined # not required. CPUs in which to allow execution C(1,3) or C(1-3).
cpuset_mems: undefined # not required. Memory nodes (MEMs) in which to allow execution C(0-3) or C(0,1)
debug: false # not required. Debug mode
detach: true # not required. Enable detached mode to leave the container running in background. If disabled, the task will reflect the status of the container run (failed if the command failed).
device_read_bps: undefined #list (>2.8) List of device path and read rate (bytes per second) from device.
device_read_iops: undefined #list (>2.8) List of device and read rate (IO per second) from device.
device_write_bps: undefined #list (>2.8) List of device and write rate (bytes per second) to device.
device_write_iops: undefined #list (>2.8) List of device and write rate (IO per second) to device.
devices: undefined # not required. List of host device bindings to add to the container. Each binding is a mapping expressed in the format: <path_on_host>:<path_in_container>:<cgroup_permissions>
dns_opts: undefined # not required. list of DNS options
dns_search_domains: undefined # not required. List of custom DNS search domains.
dns_servers: undefined # not required. List of custom DNS servers.
docker_host: unix://var/run/docker.sock # not required. The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the TCP connection string. For example, 'tcp://192.0.2.23:2376'. If TLS is used to encrypt the connection, the module will automatically replace 'tcp' in the connection URL with 'https'.,If the value is not specified in the task, the value of environment variable C(DOCKER_HOST) will be used instead. If the environment variable is not set, the default value will be used.
domainname: undefined # not required. Container domainname.
entrypoint: undefined # list - not required. Command that overwrites the default ENTRYPOINT of the image.
env: undefined # not required. Dictionary of key,value pairs.
env_file: undefined # not required. Path to a file, present on the target, containing environment variables I(FOO=BAR).,If variable also present in C(env), then C(env) value will override.
etc_hosts: undefined # not required. Dict of host-to-IP mappings, where each host name is a key in the dictionary. Each host name will be added to the container's /etc/hosts file.
exposed_ports: undefined # not required. List of additional container ports which informs Docker that the container listens on the specified network ports at runtime. If the port is already exposed using EXPOSE in a Dockerfile, it does not need to be exposed again.
force_kill: no # not required. Use the kill command when stopping a running container.
groups: undefined # not required. List of additional group names and/or IDs that the container process will run as.
healthcheck: undefined # dict (>2.8) Configure a check that is run to determine whether or not containers for this service are "healthy".-
hostname: undefined # not required. Container hostname.
ignore_image: no # not required. When C(state) is I(present) or I(started) the module compares the configuration of an existing container to requested configuration. The evaluation includes the image version. If the image version in the registry does not match the container, the container will be recreated. Stop this behavior by setting C(ignore_image) to I(True).
init: no # not required. Run an init inside the container that forwards signals and reaps processes. This option requires Docker API 1.25+.
interactive: no # not required. Keep stdin open after a container is launched, even if not attached.
ipc_mode: undefined # not required. Set the IPC mode for the container. Can be one of 'container:<name|id>' to reuse another container's IPC namespace or 'host' to use the host's IPC namespace within the container.
keep_volumes: yes # not required. Retain volumes associated with a removed container.
kernel_memory: 0 # not required. Kernel memory limit (format: C(<number>[<unit>])). Number is a positive integer. Unit can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte). Minimum is C(4M).,Omitting the unit defaults to bytes.
kill_signal: undefined # not required. Override default signal used to kill a running container.
labels: undefined # not required. Dictionary of key value pairs.
links: undefined # not required. List of name aliases for linked containers in the format C(container_name:alias).,Setting this will force container to be restarted.
log_driver: undefined # not required. Specify the logging driver. Docker uses I(json-file) by default.,See L(here,https://docs.docker.com/config/containers/logging/configure/) for possible choices.
log_options: undefined # not required. Dictionary of options specific to the chosen log_driver. See https://docs.docker.com/engine/admin/logging/overview/ for details.
mac_address: undefined # not required. Container MAC address (e.g. 92:d0:c6:0a:29:33)
memory: 0 # not required. Memory limit (format: C(<number>[<unit>])). Number is a positive integer. Unit can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte).,Omitting the unit defaults to bytes.
memory_reservation: 0 # not required. Memory soft limit (format: C(<number>[<unit>])). Number is a positive integer. Unit can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte).,Omitting the unit defaults to bytes.
memory_swap: 0 # not required. Total memory limit (memory + swap, format: C(<number>[<unit>])). Number is a positive integer. Unit can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte).,Omitting the unit defaults to bytes.
memory_swappiness: 0 # not required. Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
network_mode: undefined # not required. Connect the container to a network. Choices are "bridge", "host", "none" or "container:<name|id>"
networks: undefined # not required. List of networks the container belongs to.,Each network is a dict with keys C(name), C(ipv4_address), C(ipv6_address), C(links), C(aliases).,For each network C(name) is required, all other keys are optional.,If included, C(links) or C(aliases) are lists.,For examples of the data structure and usage see EXAMPLES below.,To remove a container from one or more networks, use the C(purge_networks) option.,Note that as opposed to C(docker run ...), M(docker_container) does not remove the default network if C(networks) is specified. You need to explicity use C(purge_networks) to enforce the removal of the default network (and all other networks not explicitly mentioned in C(networks)).
networks_cli_compatible: undefined # boolean - When networks are provided to the module via the networks option, the module behaves differently than docker run --network: docker run --network other will create a container with network other attached, but the default network not attached. This module with networks: {name: other} will create a container with both default and other attached
oom_killer: no # not required. Whether or not to disable OOM Killer for the container.
oom_score_adj: 0 # not required. An integer value containing the score given to the container in order to tune OOM killer preferences.
output_logs: no # not required. If set to true, output of the container command will be printed (only effective when log_driver is set to json-file or journald.
paused: no # not required. Use with the started state to pause running processes inside the container.
pid_mode: undefined # not required. Set the PID namespace mode for the container. Currently only supports 'host'.
pids_limit: 0 # integer - Set PIDs limit for the container. It accepts an integer value.
privileged: no # not required. Give extended privileges to the container.
published_ports: undefined # list - not required. List of ports to publish from the container to the host.,Use docker CLI syntax: C(8000), C(9000:8000), or C(0.0.0.0:9000:8000), where 8000 is a container port, 9000 is a host port, and 0.0.0.0 is a host interface.,Container ports must be exposed either in the Dockerfile or via the C(expose) option.,A value of all will publish all exposed container ports to random host ports, ignoring any other mappings.,If C(networks) parameter is provided, will inspect each network to see if there exists a bridge network with optional parameter com.docker.network.bridge.host_binding_ipv4. If such a network is found, then published ports where no host IP address is specified will be bound to the host IP pointed to by com.docker.network.bridge.host_binding_ipv4. Note that the first bridge network with a com.docker.network.bridge.host_binding_ipv4 value encountered in the list of C(networks) is the one that will be used.
pull: no # not required. If true, always pull the latest version of an image. Otherwise, will only pull an image when missing.
purge_networks: no # not required. Remove the container from ALL networks not included in C(networks) parameter.,Any default networks such as I(bridge), if not found in C(networks), will be removed as well.
read_only: no # not required. Mount the container's root file system as read-only.
recreate: no # not required. Use with present and started states to force the re-creation of an existing container.
restart: no # not required. Use with started state to force a matching container to be stopped and restarted.
restart_policy: no # not required. choices: no;on-failure;always;unless-stopped. Container restart policy. Place quotes around I(no) option.
restart_retries: 0 # not required. Use with restart policy to control maximum number of restart attempts.
runtime: undefined # string - Runtime to use for the container.
security_opts: undefined # not required. List of security options in the form of C("label:user:User")
shm_size: undefined # not required. Size of C(/dev/shm) (format: C(<number>[<unit>])). Number is positive integer. Unit can be C(B) (byte), C(K) (kibibyte, 1024B), C(M) (mebibyte), C(G) (gibibyte), C(T) (tebibyte), or C(P) (pebibyte).,Omitting the unit defaults to bytes. If you omit the size entirely, the system uses C(64M).
ssl_version: undefined # not required. Provide a valid SSL version number. Default value determined by ssl.py module.,If the value is not specified in the task, the value of environment variable C(DOCKER_SSL_VERSION) will be used instead.
state: absent # not required. choices: absent;present;stopped;started. I(absent) - A container matching the specified name will be stopped and removed. Use force_kill to kill the container rather than stopping it. Use keep_volumes to retain volumes associated with the removed container.,I(present) - Asserts the existence of a container matching the name and any provided configuration parameters. If no container matches the name, a container will be created. If a container matches the name but the provided configuration does not match, the container will be updated, if it can be. If it cannot be updated, it will be removed and re-created with the requested config. Image version will be taken into account when comparing configuration. To ignore image version use the ignore_image option. Use the recreate option to force the re-creation of the matching container. Use force_kill to kill the container rather than stopping it. Use keep_volumes to retain volumes associated with a removed container.,I(started) - Asserts there is a running container matching the name and any provided configuration. If no container matches the name, a container will be created and started. If a container matching the name is found but the configuration does not match, the container will be updated, if it can be. If it cannot be updated, it will be removed and a new container will be created with the requested configuration and started. Image version will be taken into account when comparing configuration. To ignore image version use the ignore_image option. Use recreate to always re-create a matching container, even if it is running. Use restart to force a matching container to be stopped and restarted. Use force_kill to kill a container rather than stopping it. Use keep_volumes to retain volumes associated with a removed container.,I(stopped) - Asserts that the container is first I(present), and then if the container is running moves it to a stopped state. Use force_kill to kill a container rather than stopping it.
stop_signal: undefined # not required. Override default signal used to stop the container.
stop_timeout: undefined # not required. Number of seconds to wait for the container to stop before sending SIGKILL.
sysctls: undefined # not required. Dictionary of key,value pairs.
timeout: 60 # not required. The maximum amount of time in seconds to wait on a response from the API.,If the value is not specified in the task, the value of environment variable C(DOCKER_TIMEOUT) will be used instead. If the environment variable is not set, the default value will be used.
tls: false # not required. Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server.,If the value is not specified in the task, the value of environment variable C(DOCKER_TLS) will be used instead. If the environment variable is not set, the default value will be used.
tls_hostname: localhost # not required. When verifying the authenticity of the Docker Host server, provide the expected name of the server.,If the value is not specified in the task, the value of environment variable C(DOCKER_TLS_HOSTNAME) will be used instead. If the environment variable is not set, the default value will be used.
tmpfs: undefined # not required. Mount a tmpfs directory
trust_image_content: no # not required. If C(yes), skip image verification.
tty: no # not required. Allocate a pseudo-TTY.
ulimits: undefined # not required. List of ulimit options. A ulimit is specified as C(nofile:262144:262144)
user: undefined # not required. Sets the username or UID used and optionally the groupname or GID for the specified command.,Can be [ user | user:group | uid | uid:gid | user:gid | uid:group ]
userns_mode: undefined # not required. User namespace to use
uts: undefined # not required. Set the UTS namespace mode for the container.
validate_certs: no # not required - boolean. Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server.
volume_driver: undefined # not required. The container volume driver.
volumes: undefined # not required. List of volumes to mount within the container.,Use docker CLI-style syntax: C(/host:/container[:mode]),You can specify a read mode for the mount with either C(ro) or C(rw).,SELinux hosts can additionally use C(z) or C(Z) to use a shared or private label for the volume.
volumes_from: undefined # not required. List of container names or Ids to get volumes from.
working_dir: undefined # not required. Path to the working directory.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment