--- # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - name: Registering container name ansible.builtin.set_fact: cname: "{{ cname_prefix ~ '-options' }}" cname_h1: "{{ cname_prefix ~ '-options-h1' }}" cname_h2: "{{ cname_prefix ~ '-options-h2' }}" cname_h3: "{{ cname_prefix ~ '-options-h3' }}" - name: Registering container name ansible.builtin.set_fact: cnames: "{{ cnames + [cname, cname_h1, cname_h2, cname_h3] }}" #################################################################### ## auto_remove ##################################################### #################################################################### - name: auto_remove community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "echo"' name: "{{ cname }}" state: started auto_remove: true register: auto_remove_1 - name: Give container 1 second to be sure it terminated ansible.builtin.pause: seconds: 1 - name: auto_remove (verify) community.docker.docker_container: name: "{{ cname }}" state: absent register: auto_remove_2 - ansible.builtin.assert: that: - auto_remove_1 is changed - auto_remove_2 is not changed #################################################################### ## blkio_weight #################################################### #################################################################### - name: blkio_weight community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started blkio_weight: 123 register: blkio_weight_1 ignore_errors: true - name: blkio_weight (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started blkio_weight: 123 register: blkio_weight_2 ignore_errors: true - name: blkio_weight (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started blkio_weight: 234 force_kill: true register: blkio_weight_3 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - when: blkio_weight_1 is failed ansible.builtin.assert: that: - "'setting cgroup config for procHooks process caused: failed to write' in blkio_weight_1.msg" - when: blkio_weight_1 is not failed ansible.builtin.assert: that: - blkio_weight_1 is changed - blkio_weight_2 is not failed - >- blkio_weight_2 is not changed or ('Docker warning: Your kernel does not support Block I/O weight or the cgroup is not mounted. Weight discarded.' in (blkio_weight_2.warnings | default([]))) - blkio_weight_3 is not failed - blkio_weight_3 is changed #################################################################### ## cap_drop, capabilities ########################################## #################################################################### - name: capabilities, cap_drop community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started capabilities: - sys_time cap_drop: - all register: capabilities_1 - name: capabilities, cap_drop (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started capabilities: - sys_time cap_drop: - all register: capabilities_2 - name: capabilities, cap_drop (less) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started capabilities: [] cap_drop: - all register: capabilities_3 - name: capabilities, cap_drop (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started capabilities: - setgid cap_drop: - all force_kill: true register: capabilities_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - capabilities_1 is changed - capabilities_2 is not changed - capabilities_3 is not changed - capabilities_4 is changed #################################################################### ## cgroupns_mode ################################################### #################################################################### - name: cgroupns_mode community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started cgroupns_mode: host register: cgroupns_mode_1 ignore_errors: true - name: cgroupns_mode (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started cgroupns_mode: host register: cgroupns_mode_2 ignore_errors: true - name: cgroupns_mode (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started cgroupns_mode: private register: cgroupns_mode_3 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cgroupns_mode_1 is changed - cgroupns_mode_2 is not changed and cgroupns_mode_2 is not failed - >- cgroupns_mode_3 is changed or ('Docker warning: Your kernel does not support cgroup namespaces. Cgroup namespace setting discarded.' in (cgroupns_mode_3.warnings | default([]))) or (cgroupns_mode_3 is failed and 'error mounting "cgroup" to rootfs at "/sys/fs/cgroup"' in cgroupns_mode_3.msg) when: docker_api_version is version('1.41', '>=') and cgroupns_mode_1 is not failed - ansible.builtin.assert: that: - >- 'error mounting "cgroup" to rootfs at "/sys/fs/cgroup"' in cgroupns_mode_1.msg when: docker_api_version is version('1.41', '>=') and cgroupns_mode_1 is failed - ansible.builtin.assert: that: - cgroupns_mode_1 is failed - | ('API version is ' ~ docker_api_version ~ '.') in cgroupns_mode_1.msg and 'Minimum version required is 1.41 ' in cgroupns_mode_1.msg when: docker_api_version is version('1.41', '<') #################################################################### ## cgroup_parent ################################################### #################################################################### - name: cgroup_parent community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started cgroup_parent: '' register: cgroup_parent_1 - name: cgroup_parent (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started cgroup_parent: '' register: cgroup_parent_2 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cgroup_parent_1 is changed - cgroup_parent_2 is not changed #################################################################### ## command ######################################################### #################################################################### # old - name: command (compatibility) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility command: '/bin/sh -v -c "sleep 10m"' name: "{{ cname }}" state: started register: command_1 - name: command (compatibility, idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility command: '/bin/sh -v -c "sleep 10m"' name: "{{ cname }}" state: started register: command_2 - name: command (compatibility, idempotency, list) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility command: - /bin/sh - '-v' - '-c' - '"sleep 10m"' name: "{{ cname }}" state: started register: command_3 - name: command (compatibility, fewer parameters) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started force_kill: true register: command_4 - name: command (compatibility, empty list) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility command: [] name: "{{ cname }}" state: started force_kill: true register: command_5 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - command_1 is changed - command_2 is not changed - command_3 is not changed - command_4 is changed - command_5 is not changed # new - name: command (correct) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct command: '/bin/sh -v -c "sleep 10m"' name: "{{ cname }}" state: started register: command_1 - name: command (correct, idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct command: '/bin/sh -v -c "sleep 10m"' name: "{{ cname }}" state: started register: command_2 - name: command (correct, idempotency, list) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct command: - /bin/sh - '-v' - '-c' - sleep 10m name: "{{ cname }}" state: started register: command_3 - name: command (correct, fewer parameters) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started force_kill: true register: command_4 - name: command (correct, empty list) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct command: [] name: "{{ cname }}" state: started force_kill: true register: command_5 - name: command (correct, empty list, idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct command: [] name: "{{ cname }}" state: present # the container will use the default command and likely has been exited by this point, so don't use 'state: started' here force_kill: true register: command_6 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - command_1 is changed - command_2 is not changed - command_3 is not changed - command_4 is changed - command_5 is changed - command_6 is not changed #################################################################### ## cpu_period ###################################################### #################################################################### - name: cpu_period community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_period: 90000 state: started register: cpu_period_1 - name: cpu_period (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_period: 90000 state: started register: cpu_period_2 - name: cpu_period (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_period: 50000 state: started force_kill: true register: cpu_period_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cpu_period_1 is changed - cpu_period_2 is not changed - cpu_period_3 is changed #################################################################### ## cpu_quota ####################################################### #################################################################### - name: cpu_quota community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_quota: 150000 state: started register: cpu_quota_1 - name: cpu_quota (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_quota: 150000 state: started register: cpu_quota_2 - name: cpu_quota (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_quota: 50000 state: started force_kill: true register: cpu_quota_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cpu_quota_1 is changed - cpu_quota_2 is not changed - cpu_quota_3 is changed #################################################################### ## cpu_shares ###################################################### #################################################################### - name: cpu_shares community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_shares: 900 state: started register: cpu_shares_1 - name: cpu_shares (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_shares: 900 state: started register: cpu_shares_2 - name: cpu_shares (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpu_shares: 1100 state: started force_kill: true register: cpu_shares_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cpu_shares_1 is changed - cpu_shares_2 is not changed - cpu_shares_3 is changed #################################################################### ## cpuset_cpus ##################################################### #################################################################### - name: cpuset_cpus community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpuset_cpus: "0" state: started register: cpuset_cpus_1 - name: cpuset_cpus (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpuset_cpus: "0" state: started register: cpuset_cpus_2 - name: cpuset_cpus (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpuset_cpus: "1" state: started force_kill: true # This will fail if the system the test is run on doesn't have # multiple CPUs/cores available. ignore_errors: true register: cpuset_cpus_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cpuset_cpus_1 is changed - cpuset_cpus_2 is not changed - cpuset_cpus_3 is failed or cpuset_cpus_3 is changed #################################################################### ## cpuset_mems ##################################################### #################################################################### - name: cpuset_mems community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpuset_mems: "0" state: started register: cpuset_mems_1 - name: cpuset_mems (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpuset_mems: "0" state: started register: cpuset_mems_2 - name: cpuset_mems (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpuset_mems: "1" state: started force_kill: true # This will fail if the system the test is run on doesn't have # multiple MEMs available. ignore_errors: true register: cpuset_mems_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cpuset_mems_1 is changed - cpuset_mems_2 is not changed - cpuset_mems_3 is failed or cpuset_mems_3 is changed #################################################################### ## cpus ############################################################ #################################################################### - name: cpus community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpus: 1 state: started register: cpus_1 - name: cpus (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpus: 1 state: started register: cpus_2 - name: cpus (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" cpus: 1.5 state: started force_kill: true # This will fail if the system the test is run on doesn't have # multiple MEMs available. register: cpus_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - cpus_1 is changed - cpus_2 is not changed and cpus_2 is not failed - cpus_3 is failed or cpus_3 is changed #################################################################### ## debug ########################################################### #################################################################### - name: debug (create) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: present debug: true register: debug_1 - name: debug (start) community.docker.docker_container: name: "{{ cname }}" state: started debug: true register: debug_2 - name: debug (stop) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" name: "{{ cname }}" state: stopped force_kill: true debug: true register: debug_3 - name: debug (absent) community.docker.docker_container: name: "{{ cname }}" state: absent debug: true force_kill: true register: debug_4 - ansible.builtin.assert: that: - debug_1 is changed - debug_2 is changed - debug_3 is changed - debug_4 is changed #################################################################### ## detach, cleanup ################################################# #################################################################### - name: detach without cleanup community.docker.docker_container: name: "{{ cname }}" image: "{{ docker_test_image_hello_world }}" detach: false register: detach_no_cleanup - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent register: detach_no_cleanup_cleanup diff: false - name: detach with cleanup community.docker.docker_container: name: "{{ cname }}" image: "{{ docker_test_image_hello_world }}" detach: false cleanup: true register: detach_cleanup - name: cleanup (unnecessary) community.docker.docker_container: name: "{{ cname }}" state: absent register: detach_cleanup_cleanup diff: false - name: detach with auto_remove and cleanup community.docker.docker_container: name: "{{ cname }}" image: "{{ docker_test_image_hello_world }}" detach: false auto_remove: true cleanup: true register: detach_auto_remove ignore_errors: true - name: cleanup (unnecessary) community.docker.docker_container: name: "{{ cname }}" state: absent register: detach_auto_remove_cleanup diff: false - name: detach with cleanup and non-zero status community.docker.docker_container: name: "{{ cname }}" image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "exit 42"' detach: false cleanup: true register: detach_cleanup_nonzero ignore_errors: true - ansible.builtin.assert: that: # NOTE that 'Output' sometimes fails to contain the correct output # of hello-world. We don't know why this happens, but it happens # often enough to be annoying. That's why we disable this for now, # and simply test that 'Output' is contained in the result. - "'Output' in detach_no_cleanup.container" - detach_no_cleanup.status == 0 # - "'Hello from Docker!' in detach_no_cleanup.container.Output" - detach_no_cleanup_cleanup is changed - "'Output' in detach_cleanup.container" - detach_cleanup.status == 0 # - "'Hello from Docker!' in detach_cleanup.container.Output" - detach_cleanup_cleanup is not changed - detach_cleanup_nonzero is failed - detach_cleanup_nonzero.status == 42 - "'Output' in detach_cleanup_nonzero.container" - "detach_cleanup_nonzero.container.Output == ''" - "'Cannot retrieve result as auto_remove is enabled' == detach_auto_remove.container.Output" - detach_auto_remove_cleanup is not changed #################################################################### ## devices ######################################################### #################################################################### - name: devices community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started devices: - "/dev/random:/dev/virt-random:rwm" - "/dev/urandom:/dev/virt-urandom:rwm" register: devices_1 - name: devices (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started devices: - "/dev/urandom:/dev/virt-urandom:rwm" - "/dev/random:/dev/virt-random:rwm" register: devices_2 - name: devices (less) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started devices: - "/dev/random:/dev/virt-random:rwm" register: devices_3 - name: devices (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started devices: - "/dev/random:/dev/virt-random:rwm" - "/dev/null:/dev/virt-null:rwm" force_kill: true register: devices_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - devices_1 is changed - devices_2 is not changed - devices_3 is not changed - devices_4 is changed #################################################################### ## device_read_bps ################################################# #################################################################### - name: device_read_bps community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_bps: - path: /dev/random rate: 20M - path: /dev/urandom rate: 10K register: device_read_bps_1 ignore_errors: true - name: device_read_bps (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_bps: - path: /dev/urandom rate: 10K - path: /dev/random rate: 20M register: device_read_bps_2 ignore_errors: true - name: device_read_bps (lesser entries) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_bps: - path: /dev/random rate: 20M register: device_read_bps_3 ignore_errors: true - name: device_read_bps (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_bps: - path: /dev/random rate: 10M - path: /dev/urandom rate: 5K force_kill: true register: device_read_bps_4 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - when: device_read_bps_1 is not failed ansible.builtin.assert: that: - device_read_bps_1 is not failed - device_read_bps_1 is changed - device_read_bps_2 is not failed - device_read_bps_2 is not changed - device_read_bps_3 is not failed - device_read_bps_3 is not changed - device_read_bps_4 is not failed - device_read_bps_4 is changed - when: device_read_bps_1 is failed ansible.builtin.assert: that: - "'error setting cgroup config for procHooks process' in device_read_bps_1.msg and 'blkio.throttle.read_bps_device: no such device' in device_read_bps_1.msg" #################################################################### ## device_read_iops ################################################ #################################################################### - name: device_read_iops community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_iops: - path: /dev/random rate: 10 - path: /dev/urandom rate: 20 register: device_read_iops_1 ignore_errors: true - name: device_read_iops (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_iops: - path: /dev/urandom rate: "20" - path: /dev/random rate: 10 register: device_read_iops_2 ignore_errors: true - name: device_read_iops (less) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_iops: - path: /dev/random rate: 10 register: device_read_iops_3 ignore_errors: true - name: device_read_iops (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_read_iops: - path: /dev/random rate: 30 - path: /dev/urandom rate: 50 force_kill: true register: device_read_iops_4 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - when: device_read_iops_1 is not failed ansible.builtin.assert: that: - device_read_iops_1 is not failed - device_read_iops_1 is changed - device_read_iops_2 is not failed - device_read_iops_2 is not changed - device_read_iops_3 is not failed - device_read_iops_3 is not changed - device_read_iops_4 is not failed - device_read_iops_4 is changed - when: device_read_iops_1 is failed ansible.builtin.assert: that: - "'error setting cgroup config for procHooks process' in device_read_iops_1.msg and 'blkio.throttle.read_iops_device: no such device' in device_read_iops_1.msg" #################################################################### ## device_write_bps and device_write_iops ########################## #################################################################### - name: device_write_bps and device_write_iops community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_write_bps: - path: /dev/random rate: 10M device_write_iops: - path: /dev/urandom rate: 30 register: device_write_limit_1 ignore_errors: true - name: device_write_bps and device_write_iops (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_write_bps: - path: /dev/random rate: 10M device_write_iops: - path: /dev/urandom rate: 30 register: device_write_limit_2 ignore_errors: true - name: device_write_bps device_write_iops (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_write_bps: - path: /dev/random rate: 20K device_write_iops: - path: /dev/urandom rate: 100 force_kill: true register: device_write_limit_3 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - when: device_write_limit_1 is not failed ansible.builtin.assert: that: - device_write_limit_1 is not failed and device_write_limit_2 is not failed and device_write_limit_3 is not failed - device_write_limit_1 is changed - device_write_limit_2 is not changed - device_write_limit_3 is changed - when: device_write_limit_1 is failed ansible.builtin.assert: that: - "'error setting cgroup config for procHooks process' in device_write_limit_1.msg and 'blkio.throttle.write_bps_device: no such device' in device_write_limit_1.msg" #################################################################### ## device_requests ################################################# #################################################################### - name: device_requests community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_requests: [] register: device_requests_1 ignore_errors: true - name: device_requests (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started device_requests: [] register: device_requests_2 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - device_requests_1 is changed - device_requests_2 is not changed when: docker_api_version is version('1.40', '>=') - ansible.builtin.assert: that: - device_requests_1 is failed - | ('API version is ' ~ docker_api_version ~ '.') in device_requests_1.msg and 'Minimum version required is 1.40 ' in device_requests_1.msg when: docker_api_version is version('1.40', '<') #################################################################### ## device_cgroup_rules ################################################### #################################################################### - name: device_cgroup_rules community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started force_kill: true device_cgroup_rules: - "c 42:* rmw" register: device_cgroup_rules_1 ignore_errors: true - name: cgroupns_mode (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started force_kill: true device_cgroup_rules: - "c 42:* rmw" register: device_cgroup_rules_2 ignore_errors: true - name: cgroupns_mode (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started force_kill: true device_cgroup_rules: - "c 189:* rmw" register: device_cgroup_rules_3 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - device_cgroup_rules_1 is changed - device_cgroup_rules_2 is not changed - device_cgroup_rules_3 is changed when: docker_api_version is version('1.28', '>=') - ansible.builtin.assert: that: - device_cgroup_rules_1 is failed - | ('API version is ' ~ docker_api_version ~ '.') in device_cgroup_rules_1.msg and 'Minimum version required is 1.28 ' in device_cgroup_rules_1.msg when: docker_api_version is version('1.28', '<') #################################################################### ## dns_opts ######################################################## #################################################################### - name: dns_opts community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_opts: - "timeout:10" - rotate register: dns_opts_1 - name: dns_opts (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_opts: - rotate - "timeout:10" register: dns_opts_2 - name: dns_opts (less resolv.conf options) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_opts: - "timeout:10" register: dns_opts_3 - name: dns_opts (more resolv.conf options) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_opts: - "timeout:10" - no-check-names force_kill: true register: dns_opts_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - dns_opts_1 is changed - dns_opts_2 is not changed - dns_opts_3 is not changed - dns_opts_4 is changed #################################################################### ## dns_search_domains ############################################## #################################################################### - name: dns_search_domains community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_search_domains: - example.com - example.org register: dns_search_domains_1 - name: dns_search_domains (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_search_domains: - example.com - example.org register: dns_search_domains_2 - name: dns_search_domains (different order) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_search_domains: - example.org - example.com force_kill: true register: dns_search_domains_3 - name: dns_search_domains (changed elements) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_search_domains: - ansible.com - example.com force_kill: true register: dns_search_domains_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - dns_search_domains_1 is changed - dns_search_domains_2 is not changed - dns_search_domains_3 is changed - dns_search_domains_4 is changed #################################################################### ## dns_servers ##################################################### #################################################################### - name: dns_servers community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_servers: - 1.1.1.1 - 8.8.8.8 register: dns_servers_1 - name: dns_servers (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_servers: - 1.1.1.1 - 8.8.8.8 register: dns_servers_2 - name: dns_servers (changed order) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_servers: - 8.8.8.8 - 1.1.1.1 force_kill: true register: dns_servers_3 - name: dns_servers (changed elements) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started dns_servers: - 8.8.8.8 - 9.9.9.9 force_kill: true register: dns_servers_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - dns_servers_1 is changed - dns_servers_2 is not changed - dns_servers_3 is changed - dns_servers_4 is changed #################################################################### ## domainname ###################################################### #################################################################### - name: domainname community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" domainname: example.com state: started register: domainname_1 - name: domainname (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" domainname: example.com state: started register: domainname_2 - name: domainname (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" domainname: example.org state: started force_kill: true register: domainname_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - domainname_1 is changed - domainname_2 is not changed - domainname_3 is changed #################################################################### ## entrypoint ###################################################### #################################################################### # Old - name: entrypoint (compatibility) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility entrypoint: - /bin/sh - "-v" - "-c" - "'sleep 10m'" name: "{{ cname }}" state: started register: entrypoint_1 - name: entrypoint (compatibility, idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility entrypoint: - /bin/sh - "-v" - "-c" - "'sleep 10m'" name: "{{ cname }}" state: started register: entrypoint_2 - name: entrypoint (compatibility, change order, should not be idempotent) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility entrypoint: - /bin/sh - "-c" - "'sleep 10m'" - "-v" name: "{{ cname }}" state: started force_kill: true register: entrypoint_3 - name: entrypoint (compatibility, fewer parameters) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility entrypoint: - /bin/sh - "-c" - "'sleep 10m'" name: "{{ cname }}" state: started force_kill: true register: entrypoint_4 - name: entrypoint (compatibility, other parameters) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility entrypoint: - /bin/sh - "-c" - "'sleep 5m'" name: "{{ cname }}" state: started force_kill: true register: entrypoint_5 - name: entrypoint (compatibility, force empty) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: compatibility entrypoint: [] name: "{{ cname }}" state: started force_kill: true register: entrypoint_6 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - entrypoint_1 is changed - entrypoint_2 is not changed - entrypoint_3 is changed - entrypoint_4 is changed - entrypoint_5 is changed - entrypoint_6 is not changed # New - name: entrypoint (correct) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct entrypoint: - /bin/sh - "-v" - "-c" - "sleep 10m" name: "{{ cname }}" state: started register: entrypoint_1 - name: entrypoint (correct, idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct entrypoint: - /bin/sh - "-v" - "-c" - "sleep 10m" name: "{{ cname }}" state: started register: entrypoint_2 - name: entrypoint (correct, change order, should not be idempotent) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct entrypoint: - /bin/sh - "-c" - "sleep 10m" - "-v" name: "{{ cname }}" state: started force_kill: true register: entrypoint_3 - name: entrypoint (correct, fewer parameters) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct entrypoint: - /bin/sh - "-c" - "sleep 10m" name: "{{ cname }}" state: started force_kill: true register: entrypoint_4 - name: entrypoint (correct, other parameters) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct entrypoint: - /bin/sh - "-c" - "sleep 5m" name: "{{ cname }}" state: started force_kill: true register: entrypoint_5 - name: entrypoint (correct, force empty) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command_handling: correct entrypoint: [] name: "{{ cname }}" state: started force_kill: true register: entrypoint_6 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - entrypoint_1 is changed - entrypoint_2 is not changed - entrypoint_3 is changed - entrypoint_4 is changed - entrypoint_5 is changed - entrypoint_6 is changed #################################################################### ## env ############################################################# #################################################################### - name: env community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env: TEST1: val1 TEST2: val2 TEST3: "False" TEST4: "true" TEST5: "yes" register: env_1 - name: env (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env: TEST2: val2 TEST1: val1 TEST5: "yes" TEST3: "False" TEST4: "true" register: env_2 - name: env (less environment variables) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env: TEST1: val1 register: env_3 - name: env (more environment variables) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env: TEST1: val1 TEST3: val3 force_kill: true register: env_4 - name: env (fail unwrapped values) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env: TEST1: true force_kill: true register: env_5 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - env_1 is changed - "'TEST1=val1' in env_1.container.Config.Env" - "'TEST2=val2' in env_1.container.Config.Env" - "'TEST3=False' in env_1.container.Config.Env" - "'TEST4=true' in env_1.container.Config.Env" - "'TEST5=yes' in env_1.container.Config.Env" - env_2 is not changed - env_3 is not changed - "'TEST1=val1' in env_4.container.Config.Env" - "'TEST2=val2' not in env_4.container.Config.Env" - "'TEST3=val3' in env_4.container.Config.Env" - env_4 is changed - env_5 is failed - "('Non-string value found for env option.') in env_5.msg" #################################################################### ## env_file ######################################################### #################################################################### - name: Copy env-file ansible.builtin.copy: src: env-file dest: "{{ remote_tmp_dir }}/env-file" - name: env_file community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env_file: "{{ remote_tmp_dir }}/env-file" register: env_file_1 - name: env_file (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env_file: "{{ remote_tmp_dir }}/env-file" register: env_file_2 - name: env_file (with env, idempotent) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env_file: "{{ remote_tmp_dir }}/env-file" env: TEST3: val3 register: env_file_3 - name: env_file (with env) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env_file: "{{ remote_tmp_dir }}/env-file" env: TEST1: val1 TEST3: val3 force_kill: true register: env_file_4 - name: env_file (with env, idempotent) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env_file: "{{ remote_tmp_dir }}/env-file" env: TEST1: val1 register: env_file_5 - name: env_file (with env, override) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started env_file: "{{ remote_tmp_dir }}/env-file" env: TEST2: val2 TEST4: val4alt force_kill: true register: env_file_6 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - env_file_1 is changed - "'TEST3=val3' in env_file_1.container.Config.Env" - "'TEST4=val4' in env_file_1.container.Config.Env" - env_file_2 is not changed - env_file_3 is not changed - env_file_4 is changed - "'TEST1=val1' in env_file_4.container.Config.Env" - "'TEST3=val3' in env_file_4.container.Config.Env" - "'TEST4=val4' in env_file_4.container.Config.Env" - env_file_5 is not changed - env_file_6 is changed - "'TEST2=val2' in env_file_6.container.Config.Env" - "'TEST3=val3' in env_file_6.container.Config.Env" - "'TEST4=val4alt' in env_file_6.container.Config.Env" #################################################################### ## etc_hosts ####################################################### #################################################################### - name: etc_hosts community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started etc_hosts: example.com: 1.2.3.4 example.org: 4.3.2.1 register: etc_hosts_1 - name: etc_hosts (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started etc_hosts: example.org: 4.3.2.1 example.com: 1.2.3.4 register: etc_hosts_2 - name: etc_hosts (less hosts) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started etc_hosts: example.com: 1.2.3.4 register: etc_hosts_3 - name: etc_hosts (more hosts) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started etc_hosts: example.com: 1.2.3.4 example.us: 1.2.3.5 force_kill: true register: etc_hosts_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - etc_hosts_1 is changed - etc_hosts_2 is not changed - etc_hosts_3 is not changed - etc_hosts_4 is changed #################################################################### ## exposed_ports ################################################### #################################################################### - name: exposed_ports community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started exposed_ports: - "9001" - "9002" register: exposed_ports_1 - name: exposed_ports (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started exposed_ports: - "9002" - "9001" register: exposed_ports_2 - name: exposed_ports (less ports) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started exposed_ports: - "9002" register: exposed_ports_3 - name: exposed_ports (more ports) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started exposed_ports: - "9002" - "9003" force_kill: true register: exposed_ports_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - exposed_ports_1 is changed - exposed_ports_2 is not changed - exposed_ports_3 is not changed - exposed_ports_4 is changed #################################################################### ## force_kill ###################################################### #################################################################### # TODO: - force_kill #################################################################### ## groups ########################################################## #################################################################### - name: groups community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started groups: - "1234" - "5678" register: groups_1 - name: groups (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started groups: - "5678" - "1234" register: groups_2 - name: groups (less groups) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started groups: - "1234" register: groups_3 - name: groups (more groups) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started groups: - "1234" - "2345" force_kill: true register: groups_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - groups_1 is changed - groups_2 is not changed - groups_3 is not changed - groups_4 is changed #################################################################### ## healthcheck ##################################################### #################################################################### - name: healthcheck community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: - CMD - sleep - 1 timeout: 2s interval: 0h0m2s3ms4us retries: 2 force_kill: true register: healthcheck_1 - name: healthcheck (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: - CMD - sleep - 1 timeout: 2s interval: 0h0m2s3ms4us retries: 2 force_kill: true register: healthcheck_2 - name: healthcheck (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: - CMD - sleep - 1 timeout: 3s interval: 0h1m2s3ms4us retries: 3 force_kill: true register: healthcheck_3 - name: healthcheck (no change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started force_kill: true register: healthcheck_4 - name: healthcheck (disabled) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: - NONE force_kill: true register: healthcheck_5 - name: healthcheck (disabled, idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: - NONE force_kill: true register: healthcheck_6 - name: healthcheck (disabled, idempotency, strict) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: - NONE force_kill: true comparisons: '*': strict register: healthcheck_7 - name: healthcheck (string in healthcheck test, changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: "sleep 1" force_kill: true register: healthcheck_8 - name: healthcheck (string in healthcheck test, idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started healthcheck: test: "sleep 1" force_kill: true register: healthcheck_9 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - healthcheck_1 is changed - healthcheck_2 is not changed - healthcheck_3 is changed - healthcheck_4 is not changed - healthcheck_5 is changed - healthcheck_6 is not changed - healthcheck_7 is not changed - healthcheck_8 is changed - healthcheck_9 is not changed #################################################################### ## hostname ######################################################## #################################################################### - name: hostname community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" hostname: me.example.com state: started register: hostname_1 - name: hostname (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" hostname: me.example.com state: started register: hostname_2 - name: hostname (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" hostname: me.example.org state: started force_kill: true register: hostname_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - hostname_1 is changed - hostname_2 is not changed - hostname_3 is changed #################################################################### ## init ############################################################ #################################################################### - name: init community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" init: true state: started register: init_1 - name: init (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" init: true state: started register: init_2 - name: init (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" init: false state: started force_kill: true register: init_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - init_1 is changed - init_2 is not changed - init_3 is changed #################################################################### ## interactive ##################################################### #################################################################### - name: interactive community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" interactive: true state: started register: interactive_1 - name: interactive (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" interactive: true state: started register: interactive_2 - name: interactive (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" interactive: false state: started force_kill: true register: interactive_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - interactive_1 is changed - interactive_2 is not changed - interactive_3 is changed #################################################################### ## image / image_comparison ######################################## #################################################################### - name: Pull images to make sure ignore_image test succeeds # If the image isn't there, it will pull it and return 'changed'. community.docker.docker_image_pull: name: "{{ item }}" loop: - "{{ docker_test_image_hello_world }}" - "{{ docker_test_image_registry_nginx }}" - name: image community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started register: image_1 - name: image (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started register: image_2 diff: true - name: ignore_image community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" comparisons: image: ignore name: "{{ cname }}" state: started register: ignore_image diff: true - name: ignore_image (labels and env differ in image, image_comparison=current-image) community.docker.docker_container: image: "{{ docker_test_image_registry_nginx }}" comparisons: image: ignore image_comparison: current-image name: "{{ cname }}" state: started register: ignore_image_2 diff: true - name: ignore_image (labels and env differ in image, image_comparison=desired-image) community.docker.docker_container: image: "{{ docker_test_image_registry_nginx }}" comparisons: image: ignore image_comparison: desired-image name: "{{ cname }}" state: started force_kill: true register: ignore_image_3 diff: true - name: image change community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: started force_kill: true register: image_change diff: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - image_1 is changed - image_2 is not changed - ignore_image is not changed - ignore_image_2 is not changed - ignore_image_3 is changed - image_change is changed #################################################################### ## image_label_mismatch ############################################ #################################################################### - name: Registering image name ansible.builtin.set_fact: iname_labels: "{{ cname_prefix ~ '-labels' }}" - name: Registering image name ansible.builtin.set_fact: inames: "{{ inames + [iname_labels] }}" - name: build image with labels ansible.builtin.command: cmd: "docker build --label img_label=base --tag {{ iname_labels }} -" stdin: "FROM {{ docker_test_image_alpine }}" - name: image_label_mismatch community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started register: image_label_mismatch_1 - name: image_label_mismatch (ignore,unmanaged labels) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: ignore state: started register: image_label_mismatch_2 - name: image_label_mismatch (ignore,missing img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: ignore labels: {} state: started register: image_label_mismatch_3 - name: image_label_mismatch (ignore,match img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: ignore labels: img_label: base state: started register: image_label_mismatch_4 - name: image_label_mismatch (ignore,mismatched img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: ignore labels: img_label: override state: started force_kill: true register: image_label_mismatch_5 - name: image_label_mismatch (ignore,remove img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: ignore labels: {} state: started force_kill: true register: image_label_mismatch_6 - name: image_label_mismatch (fail,unmanaged labels) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: fail state: started register: image_label_mismatch_7 - name: image_label_mismatch (fail,non-strict,missing img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: fail labels: {} state: started register: image_label_mismatch_8 - name: image_label_mismatch (fail,strict,missing img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: fail comparisons: labels: strict labels: {} state: started ignore_errors: true register: image_label_mismatch_9 - name: image_label_mismatch (fail,match img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: fail labels: img_label: base state: started register: image_label_mismatch_10 - name: image_label_mismatch (fail,mismatched img label) community.docker.docker_container: image: "{{ iname_labels }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_label_mismatch: fail labels: img_label: override state: started force_kill: true register: image_label_mismatch_11 - name: cleanup container community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - name: cleanup image community.docker.docker_image_remove: name: "{{ iname_labels }}" diff: false - ansible.builtin.assert: that: - image_label_mismatch_1 is changed - image_label_mismatch_1.container.Config.Labels.img_label == "base" - image_label_mismatch_2 is not changed - image_label_mismatch_3 is not changed - image_label_mismatch_4 is not changed - image_label_mismatch_5 is changed - image_label_mismatch_5.container.Config.Labels.img_label == "override" - image_label_mismatch_6 is changed - image_label_mismatch_6.container.Config.Labels.img_label == "base" - image_label_mismatch_7 is not changed - image_label_mismatch_8 is not changed - image_label_mismatch_9 is failed - >- image_label_mismatch_9.msg == ("Some labels should be removed but are present in the base image. You can set image_label_mismatch to 'ignore' to ignore this error. " ~ 'Labels: "img_label"') - image_label_mismatch_10 is not changed - image_label_mismatch_11 is changed #################################################################### ## image_name_mismatch ############################################# #################################################################### - name: Pull images to make sure ignore_image test succeeds # If the image isn't there, it will pull it and return 'changed'. community.docker.docker_image_pull: name: "{{ item }}" loop: - "{{ docker_test_image_hello_world }}" - "{{ docker_test_image_registry_nginx }}" - name: image community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started register: image_1 - name: image (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started register: image_2 diff: true - name: ignore_image community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" comparisons: image: ignore name: "{{ cname }}" state: started register: ignore_image diff: true - name: ignore_image (labels and env differ in image, image_comparison=current-image) community.docker.docker_container: image: "{{ docker_test_image_registry_nginx }}" image_comparison: current-image comparisons: image: ignore name: "{{ cname }}" state: started register: ignore_image_2 diff: true - name: ignore_image (labels and env differ in image, image_comparison=desired-image) community.docker.docker_container: image: "{{ docker_test_image_registry_nginx }}" image_comparison: desired-image comparisons: image: ignore name: "{{ cname }}" state: started force_kill: true register: ignore_image_3 diff: true - name: image change community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: started force_kill: true register: image_change diff: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - image_1 is changed - image_2 is not changed - ignore_image is not changed - ignore_image_2 is not changed - ignore_image_3 is changed - image_change is changed #################################################################### ## image_name_mismatch ############################################# #################################################################### - name: Registering image name ansible.builtin.set_fact: iname_name_mismatch: "{{ cname_prefix ~ '-image-name' }}" - name: Registering image name ansible.builtin.set_fact: inames: "{{ inames + [iname_name_mismatch] }}" - name: Tag hello world image (pulled earlier) with new name community.docker.docker_image_tag: name: "{{ docker_test_image_registry_nginx }}" repository: "{{ iname_name_mismatch }}:latest" - name: image_name_mismatch community.docker.docker_container: image: "{{ docker_test_image_registry_nginx }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started register: image_name_mismatch_1 - name: image_name_mismatch (ignore) community.docker.docker_container: image: "{{ iname_name_mismatch }}:latest" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_name_mismatch: ignore state: started register: image_name_mismatch_2 - name: image_name_mismatch (recreate) community.docker.docker_container: image: "{{ iname_name_mismatch }}:latest" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" image_name_mismatch: recreate state: started force_kill: true register: image_name_mismatch_3 - name: Cleanup container community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - name: Cleanup image community.docker.docker_image_remove: name: "{{ iname_name_mismatch }}" diff: false - ansible.builtin.assert: that: - image_name_mismatch_1 is changed - image_name_mismatch_2 is not changed - image_name_mismatch_3 is changed - image_name_mismatch_3.container.Image == image_name_mismatch_2.container.Image #################################################################### ## ipc_mode ######################################################## #################################################################### - name: start helpers community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ container_name }}" state: started ipc_mode: shareable loop: - "{{ cname_h1 }}" loop_control: loop_var: container_name - name: ipc_mode community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started ipc_mode: "container:{{ cname_h1 }}" # ipc_mode: shareable register: ipc_mode_1 - name: ipc_mode (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started ipc_mode: "container:{{ cname_h1 }}" # ipc_mode: shareable register: ipc_mode_2 - name: ipc_mode (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started ipc_mode: private force_kill: true register: ipc_mode_3 - name: cleanup community.docker.docker_container: name: "{{ container_name }}" state: absent force_kill: true loop: - "{{ cname }}" - "{{ cname_h1 }}" loop_control: loop_var: container_name diff: false - ansible.builtin.assert: that: - ipc_mode_1 is changed - ipc_mode_2 is not changed - ipc_mode_3 is changed #################################################################### ## kernel_memory ################################################### #################################################################### - name: kernel_memory community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" kernel_memory: 8M state: started register: kernel_memory_1 ignore_errors: true - name: kernel_memory (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" kernel_memory: 8M state: started register: kernel_memory_2 ignore_errors: true - name: kernel_memory (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" kernel_memory: 6M state: started force_kill: true register: kernel_memory_3 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - kernel_memory_1 is changed - kernel_memory_2 is not changed - kernel_memory_3 is changed when: - kernel_memory_1 is not failed or 'kernel memory accounting disabled in this runc build' not in kernel_memory_1.msg - >- 'Docker warning: Specifying a kernel memory limit is deprecated and will be removed in a future release.' not in (kernel_memory_1.warnings | default([])) # API version 1.42 seems to remove the kernel memory option completely - "'KernelMemory' in kernel_memory_1.container.HostConfig or docker_api_version is version('1.42', '<')" #################################################################### ## kill_signal ##################################################### #################################################################### # TODO: - kill_signal #################################################################### ## labels ########################################################## #################################################################### - name: labels community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started labels: ansible.test.1: hello ansible.test.2: world register: labels_1 - name: labels (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started labels: ansible.test.2: world ansible.test.1: hello register: labels_2 - name: labels (less labels) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started labels: ansible.test.1: hello register: labels_3 - name: labels (more labels) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started labels: ansible.test.1: hello ansible.test.3: ansible force_kill: true register: labels_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - labels_1 is changed - labels_2 is not changed - labels_3 is not changed - labels_4 is changed #################################################################### ## links ########################################################### #################################################################### - name: start helpers community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ container_name }}" state: started loop: - "{{ cname_h1 }}" - "{{ cname_h2 }}" - "{{ cname_h3 }}" loop_control: loop_var: container_name - name: links community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started links: - "{{ cname_h1 }}:test1" - "{{ cname_h2 }}:test2" register: links_1 - name: links (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started links: - "{{ cname_h2 }}:test2" - "{{ cname_h1 }}:test1" register: links_2 - name: links (less links) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started links: - "{{ cname_h1 }}:test1" register: links_3 - name: links (more links) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started links: - "{{ cname_h1 }}:test1" - "{{ cname_h3 }}:test3" force_kill: true register: links_4 - name: cleanup community.docker.docker_container: name: "{{ container_name }}" state: absent force_kill: true loop: - "{{ cname }}" - "{{ cname_h1 }}" - "{{ cname_h2 }}" - "{{ cname_h3 }}" loop_control: loop_var: container_name diff: false - ansible.builtin.assert: that: - links_1 is changed - links_2 is not changed - links_3 is not changed - links_4 is changed #################################################################### ## log_driver ###################################################### #################################################################### - name: log_driver community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started log_driver: json-file register: log_driver_1 - name: log_driver (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started log_driver: json-file register: log_driver_2 - name: log_driver (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started log_driver: syslog force_kill: true register: log_driver_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - log_driver_1 is changed - log_driver_2 is not changed - log_driver_3 is changed #################################################################### ## log_options ##################################################### #################################################################### - name: log_options community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started log_driver: json-file log_options: labels: production_status env: os,customer max-file: 5 register: log_options_1 - name: log_options (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started log_driver: json-file log_options: env: os,customer labels: production_status max-file: 5 register: log_options_2 - name: log_options (less log options) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started log_driver: json-file log_options: labels: production_status register: log_options_3 - name: log_options (more log options) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started log_driver: json-file log_options: labels: production_status max-size: 10m force_kill: true register: log_options_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - log_options_1 is changed - log_options_2 is not changed - message in (log_options_2.warnings | default([])) - log_options_3 is not changed - log_options_4 is changed vars: message: >- Non-string value found for log_options option 'max-file'. The value is automatically converted to '5'. If this is not correct, or you want to avoid such warnings, please quote the value, or explicitly convert the values to strings when templating them. #################################################################### ## mac_address ##################################################### #################################################################### - when: docker_api_version is version('1.44', '<') block: - name: mac_address community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" mac_address: 92:d0:c6:0a:29:33 state: started register: mac_address_1 - name: mac_address (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" mac_address: 92:d0:c6:0a:29:33 state: started register: mac_address_2 - name: mac_address (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" mac_address: 92:d0:c6:0a:29:44 state: started force_kill: true register: mac_address_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - mac_address_1 is changed - mac_address_2 is not changed - mac_address_3 is changed #################################################################### ## memory ########################################################## #################################################################### - name: memory community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory: 64M state: started register: memory_1 - name: memory (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory: 64M state: started register: memory_2 - name: memory (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory: 48M state: started force_kill: true register: memory_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - memory_1 is changed - memory_2 is not changed - memory_3 is changed #################################################################### ## memory_reservation ############################################## #################################################################### - name: memory_reservation community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory_reservation: 64M state: started register: memory_reservation_1 - name: memory_reservation (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory_reservation: 64M state: started register: memory_reservation_2 - name: memory_reservation (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory_reservation: 48M state: started force_kill: true register: memory_reservation_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - memory_reservation_1 is changed - memory_reservation_2 is not changed - memory_reservation_3 is changed #################################################################### ## memory_swap ##################################################### #################################################################### - name: memory_swap community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" # Docker daemon does not accept memory_swap if memory is not specified memory: 32M memory_swap: 64M state: started debug: true register: memory_swap_1 - name: memory_swap (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" # Docker daemon does not accept memory_swap if memory is not specified memory: 32M memory_swap: 64M state: started debug: true register: memory_swap_2 - name: memory_swap (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" # Docker daemon does not accept memory_swap if memory is not specified memory: 32M memory_swap: 48M state: started force_kill: true debug: true register: memory_swap_3 - name: memory_swap (unlimited) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" # Docker daemon does not accept memory_swap if memory is not specified memory: 32M memory_swap: unlimited state: started force_kill: true debug: true register: memory_swap_4 - name: memory_swap (unlimited via -1) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" # Docker daemon does not accept memory_swap if memory is not specified memory: 32M memory_swap: -1 state: started force_kill: true debug: true register: memory_swap_5 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - memory_swap_1 is changed # Sometimes (in particular during integration tests, maybe when not running # on a proper VM), memory_swap cannot be set and will be -1 afterwards. - memory_swap_2 is not changed or memory_swap_2.container.HostConfig.MemorySwap == -1 - memory_swap_3 is changed # Unlimited memory_swap (using 'unlimited') should be allowed # (If the value was already -1 because of the above reasons, it won't change) - (memory_swap_4 is changed or memory_swap_3.container.HostConfig.MemorySwap == -1) and memory_swap_4.container.HostConfig.MemorySwap == -1 # Unlimited memory_swap (using '-1') should be allowed - memory_swap_5 is not changed and memory_swap_5.container.HostConfig.MemorySwap == -1 - ansible.builtin.debug: var=memory_swap_1 when: memory_swap_2 is changed - ansible.builtin.debug: var=memory_swap_2 when: memory_swap_2 is changed - ansible.builtin.debug: var=memory_swap_3 when: memory_swap_2 is changed #################################################################### ## memory_swappiness ############################################### #################################################################### - name: memory_swappiness community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory_swappiness: 40 state: started register: memory_swappiness_1 - name: memory_swappiness (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory_swappiness: 40 state: started register: memory_swappiness_2 - name: memory_swappiness (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" memory_swappiness: 60 state: started force_kill: true register: memory_swappiness_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - memory_swappiness_1 is changed - memory_swappiness_2 is not changed - memory_swappiness_3 is changed when: >- 'Docker warning: Your kernel does not support memory swappiness capabilities or the cgroup is not mounted. Memory swappiness discarded.' not in (memory_swappiness_1.warnings | default([])) #################################################################### ## oom_killer ###################################################### #################################################################### - name: oom_killer community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" oom_killer: true state: started register: oom_killer_1 - name: oom_killer (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" oom_killer: true state: started register: oom_killer_2 - name: oom_killer (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" oom_killer: false state: started force_kill: true register: oom_killer_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - oom_killer_1 is changed - oom_killer_2 is not changed - oom_killer_3 is changed when: >- 'Docker warning: Your kernel does not support OomKillDisable. OomKillDisable discarded.' not in (oom_killer_1.warnings | default([])) #################################################################### ## oom_score_adj ################################################### #################################################################### - name: oom_score_adj community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" oom_score_adj: 5 state: started register: oom_score_adj_1 - name: oom_score_adj (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" oom_score_adj: 5 state: started register: oom_score_adj_2 - name: oom_score_adj (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" oom_score_adj: 7 state: started force_kill: true register: oom_score_adj_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - oom_score_adj_1 is changed - oom_score_adj_2 is not changed - oom_score_adj_3 is changed when: >- 'Docker warning: Your kernel does not support OomScoreAdj. OomScoreAdj discarded.' not in (oom_score_adj_1.warnings | default([])) #################################################################### ## output_logs ##################################################### #################################################################### # TODO: - output_logs #################################################################### ## paused ########################################################## #################################################################### - name: paused community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: "/bin/sh -c 'sleep 10m'" name: "{{ cname }}" state: started paused: true force_kill: true register: paused_1 - name: inspect paused ansible.builtin.command: "docker inspect -f {% raw %}'{{.State.Status}} {{.State.Paused}}'{% endraw %} {{ cname }}" register: paused_2 - name: paused (idempotent) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: "/bin/sh -c 'sleep 10m'" name: "{{ cname }}" state: started paused: true force_kill: true register: paused_3 - name: paused (continue) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: "/bin/sh -c 'sleep 10m'" name: "{{ cname }}" state: started paused: false force_kill: true register: paused_4 - name: inspect paused ansible.builtin.command: "docker inspect -f {% raw %}'{{.State.Status}} {{.State.Paused}}'{% endraw %} {{ cname }}" register: paused_5 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - paused_1 is changed - 'paused_2.stdout == "paused true"' - paused_3 is not changed - paused_4 is changed - 'paused_5.stdout == "running false"' #################################################################### ## pid_mode ######################################################## #################################################################### - name: start helpers community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname_h1 }}" state: started register: pid_mode_helper - name: pid_mode community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started pid_mode: "container:{{ pid_mode_helper.container.Id }}" register: pid_mode_1 - name: pid_mode (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started pid_mode: "container:{{ cname_h1 }}" register: pid_mode_2 - name: pid_mode (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started pid_mode: host force_kill: true register: pid_mode_3 - name: cleanup community.docker.docker_container: name: "{{ container_name }}" state: absent force_kill: true loop: - "{{ cname }}" - "{{ cname_h1 }}" loop_control: loop_var: container_name diff: false - ansible.builtin.assert: that: - pid_mode_1 is changed - pid_mode_2 is not changed - pid_mode_3 is changed #################################################################### ## pids_limit ###################################################### #################################################################### - name: pids_limit community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started pids_limit: 10 register: pids_limit_1 - name: pids_limit (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started pids_limit: 10 register: pids_limit_2 - name: pids_limit (changed) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started pids_limit: 20 force_kill: true register: pids_limit_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - pids_limit_1 is changed - pids_limit_2 is not changed - pids_limit_3 is changed #################################################################### ## platform ######################################################## #################################################################### - name: Remove test image community.docker.docker_image_remove: name: "{{ docker_test_image_simple_1 }}" - name: platform community.docker.docker_container: image: "{{ docker_test_image_simple_1 }}" name: "{{ cname }}" state: present pull: true platform: linux/amd64 debug: true register: platform_1 ignore_errors: true - name: platform (idempotency with full name) # Docker daemon only returns 'linux' as the platform for the container, # so this has to be handled correctly by our additional code community.docker.docker_container: image: "{{ docker_test_image_simple_1 }}" name: "{{ cname }}" state: present platform: linux/amd64 debug: true register: platform_2 ignore_errors: true - name: platform (idempotency with shorter name) community.docker.docker_container: image: "{{ docker_test_image_simple_1 }}" name: "{{ cname }}" state: present platform: linux debug: true register: platform_3 ignore_errors: true - name: platform (idempotency with shorter name) community.docker.docker_container: image: "{{ docker_test_image_simple_1 }}" name: "{{ cname }}" state: present platform: amd64 debug: true register: platform_4 ignore_errors: true - name: platform (changed) community.docker.docker_container: image: "{{ docker_test_image_simple_1 }}" name: "{{ cname }}" state: present pull: true platform: linux/386 force_kill: true debug: true comparisons: # Do not restart because of the changed image ID image: ignore register: platform_5 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - platform_1 is changed - platform_2 is not changed and platform_2 is not failed - platform_3 is not changed and platform_3 is not failed - platform_4 is not changed and platform_4 is not failed - platform_5 is changed when: docker_api_version is version('1.41', '>=') - ansible.builtin.assert: that: - platform_1 is failed - | ('API version is ' ~ docker_api_version ~ '.') in platform_1.msg and 'Minimum version required is 1.41 ' in platform_1.msg when: docker_api_version is version('1.41', '<') #################################################################### ## pull / pull_check_mode_behavior ################################# #################################################################### - name: Remove hello-world image community.docker.docker_image_remove: name: "{{ docker_test_image_hello_world }}" - name: pull (pull=never) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: never debug: true register: pull_1 ignore_errors: true - name: pull (pull=missing, check mode) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: missing debug: true register: pull_2 check_mode: true ignore_errors: true - name: pull (pull=missing) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: missing debug: true register: pull_3 ignore_errors: true - name: pull (pull=missing, idempotent, check mode) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: missing debug: true register: pull_4 check_mode: true ignore_errors: true - name: pull (pull=missing, idempotent) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: missing debug: true register: pull_5 ignore_errors: true - name: pull (pull=always, check mode, pull_check_mode_behavior=image_not_present) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: always pull_check_mode_behavior: image_not_present debug: true register: pull_6 check_mode: true ignore_errors: true - name: pull (pull=always, check mode, pull_check_mode_behavior=always) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: always pull_check_mode_behavior: always debug: true register: pull_7 check_mode: true ignore_errors: true - name: pull (pull=always) community.docker.docker_container: image: "{{ docker_test_image_hello_world }}" name: "{{ cname }}" state: present pull: always debug: true register: pull_8 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - pull_1 is failed - pull_1.msg == ("Cannot find image with name " ~ docker_test_image_hello_world ~ ", and pull=never") - pull_2 is changed - pulled_image_action not in pull_2.actions - pulled_image_action_changed in pull_2.actions - pulled_image_action_unchanged not in pull_2.actions - pull_3 is changed - pulled_image_action not in pull_3.actions - pulled_image_action_changed in pull_3.actions - pulled_image_action_unchanged not in pull_3.actions - pull_4 is not changed - pulled_image_action not in pull_4.actions - pulled_image_action_changed not in pull_4.actions - pulled_image_action_unchanged not in pull_4.actions - pull_5 is not changed - pulled_image_action not in pull_5.actions - pulled_image_action_changed not in pull_5.actions - pulled_image_action_unchanged not in pull_5.actions - pull_6 is not changed - pulled_image_action not in pull_6.actions - pulled_image_action_changed not in pull_6.actions - pulled_image_action_unchanged not in pull_6.actions - pull_7 is changed - pulled_image_action in pull_7.actions - pulled_image_action_changed not in pull_7.actions - pulled_image_action_unchanged not in pull_7.actions - pull_8 is not changed - pulled_image_action not in pull_8.actions - pulled_image_action_changed not in pull_8.actions - pulled_image_action_unchanged in pull_8.actions vars: pulled_image_action: pulled_image: "{{ docker_test_image_hello_world }}" pulled_image_action_changed: pulled_image: "{{ docker_test_image_hello_world }}" changed: true pulled_image_action_unchanged: pulled_image: "{{ docker_test_image_hello_world }}" changed: false #################################################################### ## privileged ###################################################### #################################################################### - name: privileged community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" privileged: true state: started register: privileged_1 - name: privileged (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" privileged: true state: started register: privileged_2 - name: privileged (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" privileged: false state: started force_kill: true register: privileged_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - privileged_1 is changed - privileged_2 is not changed - privileged_3 is changed #################################################################### ## published_ports and default_host_ip ############################# #################################################################### - name: published_ports community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9001' - '9002' register: published_ports_1 - name: published_ports (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9002' - '9001' register: published_ports_2 - name: published_ports (less published_ports) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9002' register: published_ports_3 - name: published_ports (more published_ports) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9002' - '9003' force_kill: true register: published_ports_4 - name: published_ports (ports with IP addresses) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '127.0.0.1:9002:9002/tcp' - '[::1]:9003:9003/tcp' - '[fe80::1%test]:90:90/tcp' force_kill: true register: published_ports_5 when: docker_host_info.host_info.ServerVersion is version('27.0.0', '<') - name: published_ports (ports with IP addresses, idempotent) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '127.0.0.1:9002:9002/tcp' - '[::1]:9003:9003/tcp' - '[fe80::1%test]:90:90/tcp' register: published_ports_6 when: docker_host_info.host_info.ServerVersion is version('27.0.0', '<') - name: published_ports (no published ports) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: [] comparisons: published_ports: strict force_kill: true register: published_ports_7 - name: published_ports (default_host_ip not set) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9001' - '9002' force_kill: true register: published_ports_8 - name: published_ports (default_host_ip set to empty string) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9002' - '9001' default_host_ip: '' force_kill: true register: published_ports_9 - name: published_ports (default_host_ip set to empty string, idempotent) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9002' - '9001' default_host_ip: '' register: published_ports_10 - name: published_ports (default_host_ip unset) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started published_ports: - '9002' - '9001' force_kill: true register: published_ports_11 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - published_ports_1 is changed - published_ports_2 is not changed - published_ports_3 is not changed - published_ports_4 is changed - (published_ports_5 is changed and published_ports_5 is not skipped) or published_ports_5 is skipped - (published_ports_6 is not changed and published_ports_6 is not skipped) or published_ports_6 is skipped - published_ports_7 is changed - published_ports_8 is changed - published_ports_9 is changed - published_ports_10 is not changed - published_ports_11 is changed #################################################################### ## pull ############################################################ #################################################################### # TODO: - pull #################################################################### ## read_only ####################################################### #################################################################### - name: read_only community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" read_only: true state: started register: read_only_1 - name: read_only (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" read_only: true state: started register: read_only_2 - name: read_only (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" read_only: false state: started force_kill: true register: read_only_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - read_only_1 is changed - read_only_2 is not changed - read_only_3 is changed #################################################################### ## restart_policy ################################################## #################################################################### - name: restart_policy community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" restart_policy: always state: started register: restart_policy_1 - name: restart_policy (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" restart_policy: always state: started register: restart_policy_2 - name: restart_policy (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" restart_policy: unless-stopped state: started force_kill: true register: restart_policy_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - restart_policy_1 is changed - restart_policy_2 is not changed - restart_policy_3 is changed #################################################################### ## restart_retries ################################################# #################################################################### - name: restart_retries community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" restart_policy: on-failure restart_retries: 5 state: started register: restart_retries_1 - name: restart_retries (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" restart_policy: on-failure restart_retries: 5 state: started register: restart_retries_2 - name: restart_retries (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" restart_policy: on-failure restart_retries: 2 state: started force_kill: true register: restart_retries_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - restart_retries_1 is changed - restart_retries_2 is not changed - restart_retries_3 is changed #################################################################### ## runtime ######################################################### #################################################################### - name: runtime community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" runtime: runc state: started register: runtime_1 - name: runtime (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" runtime: runc state: started register: runtime_2 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - runtime_1 is changed - runtime_2 is not changed #################################################################### ## security_opts ################################################### #################################################################### # In case some of the options stop working, here are some more # options which *currently* work with all integration test targets: # no-new-privileges # label:disable # label=disable # label:level:s0:c100,c200 # label=level:s0:c100,c200 # label:type:svirt_apache_t # label=type:svirt_apache_t # label:user:root # label=user:root # seccomp:unconfined # seccomp=unconfined # apparmor:docker-default # apparmor=docker-default - name: security_opts community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started security_opts: - "label:level:s0:c100,c200" - "no-new-privileges" register: security_opts_1 - name: security_opts (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started security_opts: - "no-new-privileges" - "label:level:s0:c100,c200" register: security_opts_2 - name: security_opts (less security options) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started security_opts: - "no-new-privileges" register: security_opts_3 - name: security_opts (more security options) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started security_opts: - "label:disable" - "no-new-privileges" force_kill: true register: security_opts_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - security_opts_1 is changed - security_opts_2 is not changed - security_opts_3 is not changed - security_opts_4 is changed #################################################################### ## shm_size ######################################################## #################################################################### - name: shm_size community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" shm_size: 96M state: started register: shm_size_1 - name: shm_size (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" shm_size: 96M state: started register: shm_size_2 - name: shm_size (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" shm_size: 75M state: started force_kill: true register: shm_size_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - shm_size_1 is changed - shm_size_2 is not changed - shm_size_3 is changed #################################################################### ## stop_signal ##################################################### #################################################################### - name: stop_signal community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" stop_signal: "30" state: started register: stop_signal_1 - name: stop_signal (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" stop_signal: "30" state: started register: stop_signal_2 - name: stop_signal (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" stop_signal: "9" state: started force_kill: true register: stop_signal_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - stop_signal_1 is changed - stop_signal_2 is not changed - stop_signal_3 is changed #################################################################### ## stop_timeout #################################################### #################################################################### - name: stop_timeout community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" stop_timeout: 2 state: started register: stop_timeout_1 - name: stop_timeout (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" stop_timeout: 2 state: started register: stop_timeout_2 - name: stop_timeout (no change) # stop_timeout changes are ignored by default community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" stop_timeout: 1 state: started register: stop_timeout_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - stop_timeout_1 is changed - stop_timeout_2 is not changed - stop_timeout_3 is not changed #################################################################### ## storage_opts #################################################### #################################################################### - name: storage_opts community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" storage_opts: size: 12m state: started register: storage_opts_1 ignore_errors: true - name: storage_opts (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" storage_opts: size: 12m state: started register: storage_opts_2 ignore_errors: true - name: storage_opts (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" storage_opts: size: 24m state: started force_kill: true register: storage_opts_3 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - storage_opts_1 is changed - storage_opts_2 is not failed and storage_opts_2 is not changed - storage_opts_3 is not failed and storage_opts_3 is changed when: storage_opts_1 is not failed - ansible.builtin.assert: that: - "'is supported only for' in storage_opts_1.msg" - storage_opts_2 is failed - storage_opts_3 is failed when: storage_opts_1 is failed #################################################################### ## sysctls ######################################################### #################################################################### # In case some of the options stop working, here are some more # options which *currently* work with all integration test targets: # net.ipv4.conf.default.log_martians: 1 # net.ipv4.conf.default.secure_redirects: 0 # net.ipv4.conf.default.send_redirects: 0 # net.ipv4.conf.all.log_martians: 1 # net.ipv4.conf.all.accept_redirects: 0 # net.ipv4.conf.all.secure_redirects: 0 # net.ipv4.conf.all.send_redirects: 0 - name: sysctls community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started sysctls: net.ipv4.icmp_echo_ignore_all: 1 net.ipv4.ip_forward: 1 register: sysctls_1 - name: sysctls (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started sysctls: net.ipv4.ip_forward: 1 net.ipv4.icmp_echo_ignore_all: 1 register: sysctls_2 - name: sysctls (less sysctls) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started sysctls: net.ipv4.icmp_echo_ignore_all: 1 register: sysctls_3 - name: sysctls (more sysctls) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started sysctls: net.ipv4.icmp_echo_ignore_all: 1 net.ipv6.conf.default.accept_redirects: 0 force_kill: true register: sysctls_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - sysctls_1 is changed - sysctls_2 is not changed - sysctls_3 is not changed - sysctls_4 is changed #################################################################### ## tmpfs ########################################################### #################################################################### - name: tmpfs community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started tmpfs: - "/test1:rw,noexec,nosuid,size=65536k" - "/test2:rw,noexec,nosuid,size=65536k" register: tmpfs_1 - name: tmpfs (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started tmpfs: - "/test2:rw,noexec,nosuid,size=65536k" - "/test1:rw,noexec,nosuid,size=65536k" register: tmpfs_2 - name: tmpfs (less tmpfs) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started tmpfs: - "/test1:rw,noexec,nosuid,size=65536k" register: tmpfs_3 - name: tmpfs (more tmpfs) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started tmpfs: - "/test1:rw,noexec,nosuid,size=65536k" - "/test3:rw,noexec,nosuid,size=65536k" force_kill: true register: tmpfs_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - tmpfs_1 is changed - tmpfs_2 is not changed - tmpfs_3 is not changed - tmpfs_4 is changed #################################################################### ## tty ############################################################# #################################################################### - name: tty community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" tty: true state: started register: tty_1 ignore_errors: true - name: tty (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" tty: true state: started register: tty_2 ignore_errors: true - name: tty (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" tty: false state: started force_kill: true register: tty_3 ignore_errors: true - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - tty_1 is changed - tty_2 is not changed and tty_2 is not failed - tty_3 is changed when: tty_1 is not failed - ansible.builtin.assert: that: - "'error during container init: open /dev/pts/' in tty_1.msg" - "': operation not permitted: ' in tty_1.msg" when: tty_1 is failed #################################################################### ## ulimits ######################################################### #################################################################### - name: ulimits community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started ulimits: - "nofile:1234:1234" - "nproc:3:6" register: ulimits_1 - name: ulimits (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started ulimits: - "nproc:3:6" - "nofile:1234:1234" register: ulimits_2 - name: ulimits (less ulimits) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started ulimits: - "nofile:1234:1234" register: ulimits_3 - name: ulimits (more ulimits) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" state: started ulimits: - "nofile:1234:1234" - "sigpending:100:200" force_kill: true register: ulimits_4 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - ulimits_1 is changed - ulimits_2 is not changed - ulimits_3 is not changed - ulimits_4 is changed #################################################################### ## user ############################################################ #################################################################### - name: user community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" user: nobody state: started register: user_1 - name: user (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" user: nobody state: started register: user_2 - name: user (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" user: root state: started force_kill: true register: user_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - user_1 is changed - user_2 is not changed - user_3 is changed #################################################################### ## userns_mode ##################################################### #################################################################### - name: userns_mode community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" userns_mode: host state: started register: userns_mode_1 - name: userns_mode (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" userns_mode: host state: started register: userns_mode_2 - name: userns_mode (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" userns_mode: "" state: started force_kill: true register: userns_mode_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - userns_mode_1 is changed - userns_mode_2 is not changed - userns_mode_3 is changed #################################################################### ## uts ############################################################# #################################################################### - name: uts community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" uts: host state: started register: uts_1 - name: uts (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" uts: host state: started register: uts_2 - name: uts (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" uts: "" state: started force_kill: true register: uts_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - uts_1 is changed - uts_2 is not changed - uts_3 is changed #################################################################### ## working_dir ##################################################### #################################################################### - name: working_dir community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" working_dir: /tmp state: started register: working_dir_1 - name: working_dir (idempotency) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" working_dir: /tmp state: started register: working_dir_2 - name: working_dir (change) community.docker.docker_container: image: "{{ docker_test_image_alpine }}" command: '/bin/sh -c "sleep 10m"' name: "{{ cname }}" working_dir: / state: started force_kill: true register: working_dir_3 - name: cleanup community.docker.docker_container: name: "{{ cname }}" state: absent force_kill: true diff: false - ansible.builtin.assert: that: - working_dir_1 is changed - working_dir_2 is not changed - working_dir_3 is changed #################################################################### #################################################################### ####################################################################