From f9194a387888485144b24d6450e86b3739c84d92 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Thu, 14 Jul 2022 10:08:39 +0200 Subject: [PATCH] Add support for cgroupns_mode parameter. --- .../427-docker_container-cgroupns_mode.yml | 2 + plugins/module_utils/module_container/base.py | 6 +++ .../module_container/docker_api.py | 3 ++ plugins/modules/docker_container.py | 9 ++++ .../docker_container/tasks/tests/options.yml | 54 +++++++++++++++++++ 5 files changed, 74 insertions(+) create mode 100644 changelogs/fragments/427-docker_container-cgroupns_mode.yml diff --git a/changelogs/fragments/427-docker_container-cgroupns_mode.yml b/changelogs/fragments/427-docker_container-cgroupns_mode.yml new file mode 100644 index 000000000..ddec7e47c --- /dev/null +++ b/changelogs/fragments/427-docker_container-cgroupns_mode.yml @@ -0,0 +1,2 @@ +minor_changes: + - "docker_container - add support for ``cgroupns_mode`` (https://github.com/ansible-collections/community.docker/issues/338, https://github.com/ansible-collections/community.docker/pull/427)." diff --git a/plugins/module_utils/module_container/base.py b/plugins/module_utils/module_container/base.py index 97b84bf04..7fd21da08 100644 --- a/plugins/module_utils/module_container/base.py +++ b/plugins/module_utils/module_container/base.py @@ -746,6 +746,11 @@ def _preprocess_ports(module, values): .add_option('cap_drop', type='set', elements='str') ) +OPTION_CGROUP_NS_MODE = ( + OptionGroup() + .add_option('cgroupns_mode', type='str', ansible_choices=['private', 'host']) +) + OPTION_CGROUP_PARENT = ( OptionGroup() .add_option('cgroup_parent', type='str') @@ -1119,6 +1124,7 @@ def _preprocess_ports(module, values): OPTION_BLKIO_WEIGHT, OPTION_CAPABILITIES, OPTION_CAP_DROP, + OPTION_CGROUP_NS_MODE, OPTION_CGROUP_PARENT, OPTION_COMMAND, OPTION_CPU_PERIOD, diff --git a/plugins/module_utils/module_container/docker_api.py b/plugins/module_utils/module_container/docker_api.py index c4f213b12..74e074f72 100644 --- a/plugins/module_utils/module_container/docker_api.py +++ b/plugins/module_utils/module_container/docker_api.py @@ -21,6 +21,7 @@ OPTION_BLKIO_WEIGHT, OPTION_CAPABILITIES, OPTION_CAP_DROP, + OPTION_CGROUP_NS_MODE, OPTION_CGROUP_PARENT, OPTION_COMMAND, OPTION_CPU_PERIOD, @@ -1175,6 +1176,8 @@ def _preprocess_container_names(module, client, api_version, value): OPTION_CAP_DROP.add_engine('docker_api', DockerAPIEngine.host_config_value('CapDrop')) +OPTION_CGROUP_NS_MODE.add_engine('docker_api', DockerAPIEngine.host_config_value('CgroupnsMode', min_api_version='1.41')) + OPTION_CGROUP_PARENT.add_engine('docker_api', DockerAPIEngine.host_config_value('CgroupParent')) OPTION_COMMAND.add_engine('docker_api', DockerAPIEngine.config_value('Cmd')) diff --git a/plugins/modules/docker_container.py b/plugins/modules/docker_container.py index 42f2d5b3d..ac743d497 100644 --- a/plugins/modules/docker_container.py +++ b/plugins/modules/docker_container.py @@ -47,6 +47,15 @@ - List of capabilities to drop from the container. type: list elements: str + cgroupns_mode: + description: + - Specify the cgroup namespace mode for the container. + - The Docker CLI calls this simply C(cgroupns). + type: str + choices: + - host + - private + version_added: 3.0.0 cgroup_parent: description: - Specify the parent cgroup for the container. diff --git a/tests/integration/targets/docker_container/tasks/tests/options.yml b/tests/integration/targets/docker_container/tasks/tests/options.yml index 4a0ccf775..6b6a689c0 100644 --- a/tests/integration/targets/docker_container/tasks/tests/options.yml +++ b/tests/integration/targets/docker_container/tasks/tests/options.yml @@ -148,6 +148,60 @@ - capabilities_3 is not changed - capabilities_4 is changed +#################################################################### +## cgroupns_mode ################################################### +#################################################################### + +- name: cgroupns_mode + docker_container: + image: "{{ docker_test_image_alpine }}" + command: '/bin/sh -c "sleep 10m"' + name: "{{ cname }}" + state: started + cgroupns_mode: host + register: cgroupns_mode_1 + ignore_errors: yes + +- name: cgroupns_mode (idempotency) + docker_container: + image: "{{ docker_test_image_alpine }}" + command: '/bin/sh -c "sleep 10m"' + name: "{{ cname }}" + state: started + cgroupns_mode: host + register: cgroupns_mode_2 + ignore_errors: yes + +- name: cgroupns_mode (changed) + docker_container: + image: "{{ docker_test_image_alpine }}" + command: '/bin/sh -c "sleep 10m"' + name: "{{ cname }}" + state: started + cgroupns_mode: private + register: cgroupns_mode_3 + ignore_errors: yes + +- name: cleanup + docker_container: + name: "{{ cname }}" + state: absent + force_kill: yes + diff: no + +- assert: + that: + - cgroupns_mode_1 is changed + - cgroupns_mode_2 is not changed and cgroupns_mode_2 is not failed + - "cgroupns_mode_3 is changed or 'Docker warning: Your kernel does not support cgroup namespaces. Cgroup namespace setting discarded.' in (cgroupns_mode_3.warnings | default([]))" + when: docker_api_version is version('1.41', '>=') +- assert: + that: + - cgroupns_mode_1 is failed + - | + ('API version is ' ~ docker_api_version ~ '.') in cgroupns_mode_1.msg and 'Minimum version required is 1.41 ' in cgroupns_mode_1.msg + when: docker_api_version is version('1.41', '<') + #################################################################### ## cgroup_parent ################################################### ####################################################################