Add support for cgroupns_mode parameter. (#427)

ansible-collections · Jul 15, 2022 · 37c868e · 37c868e
1 parent 2f1d9b3
commit 37c868e
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 0 deletions.
diff --git a/changelogs/fragments/427-docker_container-cgroupns_mode.yml b/changelogs/fragments/427-docker_container-cgroupns_mode.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - "docker_container - add support for ``cgroupns_mode`` (https://github.com/ansible-collections/community.docker/issues/338, https://github.com/ansible-collections/community.docker/pull/427)."
diff --git a/plugins/module_utils/module_container/base.py b/plugins/module_utils/module_container/base.py
@@ -746,6 +746,11 @@ def _preprocess_ports(module, values):
     .add_option('cap_drop', type='set', elements='str')
 )
 
+OPTION_CGROUP_NS_MODE = (
+    OptionGroup()
+    .add_option('cgroupns_mode', type='str', ansible_choices=['private', 'host'])
+)
+
 OPTION_CGROUP_PARENT = (
     OptionGroup()
     .add_option('cgroup_parent', type='str')
@@ -1119,6 +1124,7 @@ def _preprocess_ports(module, values):
     OPTION_BLKIO_WEIGHT,
     OPTION_CAPABILITIES,
     OPTION_CAP_DROP,
+    OPTION_CGROUP_NS_MODE,
     OPTION_CGROUP_PARENT,
     OPTION_COMMAND,
     OPTION_CPU_PERIOD,

diff --git a/plugins/module_utils/module_container/docker_api.py b/plugins/module_utils/module_container/docker_api.py
@@ -21,6 +21,7 @@
     OPTION_BLKIO_WEIGHT,
     OPTION_CAPABILITIES,
     OPTION_CAP_DROP,
+    OPTION_CGROUP_NS_MODE,
     OPTION_CGROUP_PARENT,
     OPTION_COMMAND,
     OPTION_CPU_PERIOD,
@@ -1175,6 +1176,8 @@ def _preprocess_container_names(module, client, api_version, value):
 
 OPTION_CAP_DROP.add_engine('docker_api', DockerAPIEngine.host_config_value('CapDrop'))
 
+OPTION_CGROUP_NS_MODE.add_engine('docker_api', DockerAPIEngine.host_config_value('CgroupnsMode', min_api_version='1.41'))
+
 OPTION_CGROUP_PARENT.add_engine('docker_api', DockerAPIEngine.host_config_value('CgroupParent'))
 
 OPTION_COMMAND.add_engine('docker_api', DockerAPIEngine.config_value('Cmd'))

diff --git a/plugins/modules/docker_container.py b/plugins/modules/docker_container.py
@@ -47,6 +47,15 @@
       - List of capabilities to drop from the container.
     type: list
     elements: str
+  cgroupns_mode:
+    description:
+      - Specify the cgroup namespace mode for the container.
+      - The Docker CLI calls this simply C(cgroupns).
+    type: str
+    choices:
+      - host
+      - private
+    version_added: 3.0.0
   cgroup_parent:
     description:
       - Specify the parent cgroup for the container.

diff --git a/tests/integration/targets/docker_container/tasks/tests/options.yml b/tests/integration/targets/docker_container/tasks/tests/options.yml
@@ -148,6 +148,60 @@
     - capabilities_3 is not changed
     - capabilities_4 is changed
 
+####################################################################
+## cgroupns_mode ###################################################
+####################################################################
+
+- name: cgroupns_mode
+  docker_container:
+    image: "{{ docker_test_image_alpine }}"
+    command: '/bin/sh -c "sleep 10m"'
+    name: "{{ cname }}"
+    state: started
+    cgroupns_mode: host
+  register: cgroupns_mode_1
+  ignore_errors: yes
+
+- name: cgroupns_mode (idempotency)
+  docker_container:
+    image: "{{ docker_test_image_alpine }}"
+    command: '/bin/sh -c "sleep 10m"'
+    name: "{{ cname }}"
+    state: started
+    cgroupns_mode: host
+  register: cgroupns_mode_2
+  ignore_errors: yes
+
+- name: cgroupns_mode (changed)
+  docker_container:
+    image: "{{ docker_test_image_alpine }}"
+    command: '/bin/sh -c "sleep 10m"'
+    name: "{{ cname }}"
+    state: started
+    cgroupns_mode: private
+  register: cgroupns_mode_3
+  ignore_errors: yes
+
+- name: cleanup
+  docker_container:
+    name: "{{ cname }}"
+    state: absent
+    force_kill: yes
+  diff: no
+
+- assert:
+    that:
+    - cgroupns_mode_1 is changed
+    - cgroupns_mode_2 is not changed and cgroupns_mode_2 is not failed
+    - "cgroupns_mode_3 is changed or 'Docker warning: Your kernel does not support cgroup namespaces.  Cgroup namespace setting discarded.' in (cgroupns_mode_3.warnings | default([]))"
+  when: docker_api_version is version('1.41', '>=')
+- assert:
+    that:
+    - cgroupns_mode_1 is failed
+    - |
+      ('API version is ' ~ docker_api_version ~ '.') in cgroupns_mode_1.msg and 'Minimum version required is 1.41 ' in cgroupns_mode_1.msg
+  when: docker_api_version is version('1.41', '<')
+
 ####################################################################
 ## cgroup_parent ###################################################
 ####################################################################