Support for pids_limit parameter in docker_container module (#49319)

* Support for pids_limit parameter in docker_container module

This add pids_limit parameter support in docker_container module

Fixes #43337

Signed-off-by: Akshay <akshay@localhost.localdomain>

* Add changelog for pids_limit parameter

Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>

* Remove unnecessary lines of code

The map is needed if the names are different.

Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>

* Update pids_limit option tests

It also run for docker-py < 1.10.0

Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
This commit is contained in:
Akshay Gaikwad 2018-12-03 11:22:43 +00:00 committed by John R Barker
parent 9fd5d01d67
commit 597e449afe
3 changed files with 67 additions and 4 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- "docker_container - Added support for ``pids_limit`` parameter in docker_container."

View file

@ -408,6 +408,12 @@ options:
description: description:
- Set the PID namespace mode for the container. - Set the PID namespace mode for the container.
- Note that docker-py < 2.0 only supports 'host'. Newer versions allow all values supported by the docker daemon. - Note that docker-py < 2.0 only supports 'host'. Newer versions allow all values supported by the docker daemon.
pids_limit:
description:
- Set PIDs limit for the container. It accepts an integer value.
- Set -1 for unlimited PIDs.
type: int
version_added: "2.8"
privileged: privileged:
description: description:
- Give extended privileges to the container. - Give extended privileges to the container.
@ -1012,6 +1018,7 @@ class TaskParameters(DockerBaseClass):
self.oom_score_adj = None self.oom_score_adj = None
self.paused = None self.paused = None
self.pid_mode = None self.pid_mode = None
self.pids_limit = None
self.privileged = None self.privileged = None
self.purge_networks = None self.purge_networks = None
self.pull = None self.pull = None
@ -1276,6 +1283,7 @@ class TaskParameters(DockerBaseClass):
device_write_bps='device_write_bps', device_write_bps='device_write_bps',
device_read_iops='device_read_iops', device_read_iops='device_read_iops',
device_write_iops='device_write_iops', device_write_iops='device_write_iops',
pids_limit='pids_limit',
) )
if self.client.docker_py_version >= LooseVersion('1.9') and self.client.docker_api_version >= LooseVersion('1.22'): if self.client.docker_py_version >= LooseVersion('1.9') and self.client.docker_api_version >= LooseVersion('1.22'):
@ -1686,10 +1694,6 @@ class Container(DockerBaseClass):
self.parameters_map['expected_cmd'] = 'command' self.parameters_map['expected_cmd'] = 'command'
self.parameters_map['expected_devices'] = 'devices' self.parameters_map['expected_devices'] = 'devices'
self.parameters_map['expected_healthcheck'] = 'healthcheck' self.parameters_map['expected_healthcheck'] = 'healthcheck'
self.parameters_map['device_read_bps'] = 'device_read_bps'
self.parameters_map['device_write_bps'] = 'device_write_bps'
self.parameters_map['device_read_iops'] = 'device_read_iops'
self.parameters_map['device_write_iops'] = 'device_write_iops'
def fail(self, msg): def fail(self, msg):
self.parameters.client.module.fail_json(msg=msg) self.parameters.client.module.fail_json(msg=msg)
@ -1814,6 +1818,7 @@ class Container(DockerBaseClass):
device_write_bps=host_config.get('BlkioDeviceWriteBps'), device_write_bps=host_config.get('BlkioDeviceWriteBps'),
device_read_iops=host_config.get('BlkioDeviceReadIOps'), device_read_iops=host_config.get('BlkioDeviceReadIOps'),
device_write_iops=host_config.get('BlkioDeviceWriteIOps'), device_write_iops=host_config.get('BlkioDeviceWriteIOps'),
pids_limit=host_config.get('PidsLimit'),
) )
# Options which don't make sense without their accompanying option # Options which don't make sense without their accompanying option
if self.parameters.restart_policy: if self.parameters.restart_policy:
@ -2782,6 +2787,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
sysctls=dict(docker_py_version='1.10.0', docker_api_version='1.24'), sysctls=dict(docker_py_version='1.10.0', docker_api_version='1.24'),
userns_mode=dict(docker_py_version='1.10.0', docker_api_version='1.23'), userns_mode=dict(docker_py_version='1.10.0', docker_api_version='1.23'),
uts=dict(docker_py_version='3.5.0', docker_api_version='1.25'), uts=dict(docker_py_version='3.5.0', docker_api_version='1.25'),
pids_limit=dict(docker_py_version='1.10.0', docker_api_version='1.23'),
# specials # specials
ipvX_address_supported=dict(docker_py_version='1.9.0', detect_usage=detect_ipvX_address_usage, ipvX_address_supported=dict(docker_py_version='1.9.0', detect_usage=detect_ipvX_address_usage,
usage_msg='ipv4_address or ipv6_address in networks'), usage_msg='ipv4_address or ipv6_address in networks'),
@ -2937,6 +2943,7 @@ def main():
output_logs=dict(type='bool', default=False), output_logs=dict(type='bool', default=False),
paused=dict(type='bool', default=False), paused=dict(type='bool', default=False),
pid_mode=dict(type='str'), pid_mode=dict(type='str'),
pids_limit=dict(type='int'),
privileged=dict(type='bool', default=False), privileged=dict(type='bool', default=False),
published_ports=dict(type='list', aliases=['ports'], elements='str'), published_ports=dict(type='list', aliases=['ports'], elements='str'),
pull=dict(type='bool', default=False), pull=dict(type='bool', default=False),

View file

@ -2773,6 +2773,60 @@
- pid_mode_3 is changed - pid_mode_3 is changed
when: docker_py_version is version('2.0.0', '<') when: docker_py_version is version('2.0.0', '<')
####################################################################
## pids_limit ######################################################
####################################################################
- name: pids_limit
docker_container:
image: alpine:3.8
command: '/bin/sh -c "sleep 10m"'
name: "{{ cname }}"
state: started
pids_limit: 10
register: pids_limit_1
ignore_errors: yes
- name: pids_limit (idempotency)
docker_container:
image: alpine:3.8
command: '/bin/sh -c "sleep 10m"'
name: "{{ cname }}"
state: started
pids_limit: 10
register: pids_limit_2
ignore_errors: yes
- name: pids_limit (changed)
docker_container:
image: alpine:3.8
command: '/bin/sh -c "sleep 10m"'
name: "{{ cname }}"
state: started
pids_limit: 20
force_kill: yes
register: pids_limit_3
ignore_errors: yes
- name: cleanup
docker_container:
name: "{{ cname }}"
state: absent
force_kill: yes
diff: no
- assert:
that:
- pids_limit_1 is changed
- pids_limit_2 is not changed
- pids_limit_3 is changed
when: docker_py_version is version('1.10.0', '>=')
- assert:
that:
- pids_limit_1 is failed
- "('version is ' ~ docker_py_version ~'. Minimum version required is 1.10.0') in pids_limit_1.msg"
when: docker_py_version is version('1.10.0', '<')
#################################################################### ####################################################################
## privileged ###################################################### ## privileged ######################################################
#################################################################### ####################################################################