Support for pids_limit parameter in docker_container module (#49319)
* Support for pids_limit parameter in docker_container module This add pids_limit parameter support in docker_container module Fixes #43337 Signed-off-by: Akshay <akshay@localhost.localdomain> * Add changelog for pids_limit parameter Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com> * Remove unnecessary lines of code The map is needed if the names are different. Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com> * Update pids_limit option tests It also run for docker-py < 1.10.0 Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
This commit is contained in:
parent
9fd5d01d67
commit
597e449afe
3 changed files with 67 additions and 4 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- "docker_container - Added support for ``pids_limit`` parameter in docker_container."
|
|
@ -408,6 +408,12 @@ options:
|
||||||
description:
|
description:
|
||||||
- Set the PID namespace mode for the container.
|
- Set the PID namespace mode for the container.
|
||||||
- Note that docker-py < 2.0 only supports 'host'. Newer versions allow all values supported by the docker daemon.
|
- Note that docker-py < 2.0 only supports 'host'. Newer versions allow all values supported by the docker daemon.
|
||||||
|
pids_limit:
|
||||||
|
description:
|
||||||
|
- Set PIDs limit for the container. It accepts an integer value.
|
||||||
|
- Set -1 for unlimited PIDs.
|
||||||
|
type: int
|
||||||
|
version_added: "2.8"
|
||||||
privileged:
|
privileged:
|
||||||
description:
|
description:
|
||||||
- Give extended privileges to the container.
|
- Give extended privileges to the container.
|
||||||
|
@ -1012,6 +1018,7 @@ class TaskParameters(DockerBaseClass):
|
||||||
self.oom_score_adj = None
|
self.oom_score_adj = None
|
||||||
self.paused = None
|
self.paused = None
|
||||||
self.pid_mode = None
|
self.pid_mode = None
|
||||||
|
self.pids_limit = None
|
||||||
self.privileged = None
|
self.privileged = None
|
||||||
self.purge_networks = None
|
self.purge_networks = None
|
||||||
self.pull = None
|
self.pull = None
|
||||||
|
@ -1276,6 +1283,7 @@ class TaskParameters(DockerBaseClass):
|
||||||
device_write_bps='device_write_bps',
|
device_write_bps='device_write_bps',
|
||||||
device_read_iops='device_read_iops',
|
device_read_iops='device_read_iops',
|
||||||
device_write_iops='device_write_iops',
|
device_write_iops='device_write_iops',
|
||||||
|
pids_limit='pids_limit',
|
||||||
)
|
)
|
||||||
|
|
||||||
if self.client.docker_py_version >= LooseVersion('1.9') and self.client.docker_api_version >= LooseVersion('1.22'):
|
if self.client.docker_py_version >= LooseVersion('1.9') and self.client.docker_api_version >= LooseVersion('1.22'):
|
||||||
|
@ -1686,10 +1694,6 @@ class Container(DockerBaseClass):
|
||||||
self.parameters_map['expected_cmd'] = 'command'
|
self.parameters_map['expected_cmd'] = 'command'
|
||||||
self.parameters_map['expected_devices'] = 'devices'
|
self.parameters_map['expected_devices'] = 'devices'
|
||||||
self.parameters_map['expected_healthcheck'] = 'healthcheck'
|
self.parameters_map['expected_healthcheck'] = 'healthcheck'
|
||||||
self.parameters_map['device_read_bps'] = 'device_read_bps'
|
|
||||||
self.parameters_map['device_write_bps'] = 'device_write_bps'
|
|
||||||
self.parameters_map['device_read_iops'] = 'device_read_iops'
|
|
||||||
self.parameters_map['device_write_iops'] = 'device_write_iops'
|
|
||||||
|
|
||||||
def fail(self, msg):
|
def fail(self, msg):
|
||||||
self.parameters.client.module.fail_json(msg=msg)
|
self.parameters.client.module.fail_json(msg=msg)
|
||||||
|
@ -1814,6 +1818,7 @@ class Container(DockerBaseClass):
|
||||||
device_write_bps=host_config.get('BlkioDeviceWriteBps'),
|
device_write_bps=host_config.get('BlkioDeviceWriteBps'),
|
||||||
device_read_iops=host_config.get('BlkioDeviceReadIOps'),
|
device_read_iops=host_config.get('BlkioDeviceReadIOps'),
|
||||||
device_write_iops=host_config.get('BlkioDeviceWriteIOps'),
|
device_write_iops=host_config.get('BlkioDeviceWriteIOps'),
|
||||||
|
pids_limit=host_config.get('PidsLimit'),
|
||||||
)
|
)
|
||||||
# Options which don't make sense without their accompanying option
|
# Options which don't make sense without their accompanying option
|
||||||
if self.parameters.restart_policy:
|
if self.parameters.restart_policy:
|
||||||
|
@ -2782,6 +2787,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
|
||||||
sysctls=dict(docker_py_version='1.10.0', docker_api_version='1.24'),
|
sysctls=dict(docker_py_version='1.10.0', docker_api_version='1.24'),
|
||||||
userns_mode=dict(docker_py_version='1.10.0', docker_api_version='1.23'),
|
userns_mode=dict(docker_py_version='1.10.0', docker_api_version='1.23'),
|
||||||
uts=dict(docker_py_version='3.5.0', docker_api_version='1.25'),
|
uts=dict(docker_py_version='3.5.0', docker_api_version='1.25'),
|
||||||
|
pids_limit=dict(docker_py_version='1.10.0', docker_api_version='1.23'),
|
||||||
# specials
|
# specials
|
||||||
ipvX_address_supported=dict(docker_py_version='1.9.0', detect_usage=detect_ipvX_address_usage,
|
ipvX_address_supported=dict(docker_py_version='1.9.0', detect_usage=detect_ipvX_address_usage,
|
||||||
usage_msg='ipv4_address or ipv6_address in networks'),
|
usage_msg='ipv4_address or ipv6_address in networks'),
|
||||||
|
@ -2937,6 +2943,7 @@ def main():
|
||||||
output_logs=dict(type='bool', default=False),
|
output_logs=dict(type='bool', default=False),
|
||||||
paused=dict(type='bool', default=False),
|
paused=dict(type='bool', default=False),
|
||||||
pid_mode=dict(type='str'),
|
pid_mode=dict(type='str'),
|
||||||
|
pids_limit=dict(type='int'),
|
||||||
privileged=dict(type='bool', default=False),
|
privileged=dict(type='bool', default=False),
|
||||||
published_ports=dict(type='list', aliases=['ports'], elements='str'),
|
published_ports=dict(type='list', aliases=['ports'], elements='str'),
|
||||||
pull=dict(type='bool', default=False),
|
pull=dict(type='bool', default=False),
|
||||||
|
|
|
@ -2773,6 +2773,60 @@
|
||||||
- pid_mode_3 is changed
|
- pid_mode_3 is changed
|
||||||
when: docker_py_version is version('2.0.0', '<')
|
when: docker_py_version is version('2.0.0', '<')
|
||||||
|
|
||||||
|
####################################################################
|
||||||
|
## pids_limit ######################################################
|
||||||
|
####################################################################
|
||||||
|
|
||||||
|
- name: pids_limit
|
||||||
|
docker_container:
|
||||||
|
image: alpine:3.8
|
||||||
|
command: '/bin/sh -c "sleep 10m"'
|
||||||
|
name: "{{ cname }}"
|
||||||
|
state: started
|
||||||
|
pids_limit: 10
|
||||||
|
register: pids_limit_1
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: pids_limit (idempotency)
|
||||||
|
docker_container:
|
||||||
|
image: alpine:3.8
|
||||||
|
command: '/bin/sh -c "sleep 10m"'
|
||||||
|
name: "{{ cname }}"
|
||||||
|
state: started
|
||||||
|
pids_limit: 10
|
||||||
|
register: pids_limit_2
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: pids_limit (changed)
|
||||||
|
docker_container:
|
||||||
|
image: alpine:3.8
|
||||||
|
command: '/bin/sh -c "sleep 10m"'
|
||||||
|
name: "{{ cname }}"
|
||||||
|
state: started
|
||||||
|
pids_limit: 20
|
||||||
|
force_kill: yes
|
||||||
|
register: pids_limit_3
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: cleanup
|
||||||
|
docker_container:
|
||||||
|
name: "{{ cname }}"
|
||||||
|
state: absent
|
||||||
|
force_kill: yes
|
||||||
|
diff: no
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- pids_limit_1 is changed
|
||||||
|
- pids_limit_2 is not changed
|
||||||
|
- pids_limit_3 is changed
|
||||||
|
when: docker_py_version is version('1.10.0', '>=')
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- pids_limit_1 is failed
|
||||||
|
- "('version is ' ~ docker_py_version ~'. Minimum version required is 1.10.0') in pids_limit_1.msg"
|
||||||
|
when: docker_py_version is version('1.10.0', '<')
|
||||||
|
|
||||||
####################################################################
|
####################################################################
|
||||||
## privileged ######################################################
|
## privileged ######################################################
|
||||||
####################################################################
|
####################################################################
|
||||||
|
|
Loading…
Reference in a new issue