search

ansible-collections / community.docker

Community Docker Collection for Ansible: modules and plugins for working with Docker
https://galaxy.ansible.com/ui/repo/published/community/docker/
GNU General Public License v3.0
196 stars 109 forks source link

Support customisation of ingress network in docker_network #69

Open elduds opened 3 years ago

elduds commented 3 years ago
SUMMARY

Support manipulation of swarm ingress network.

ISSUE TYPE

The ingress network is a special case in that it is a swarm network and there can only be one of them, so some special logic would be required in the module (or a new module created?). Currently the logic for manipulating docker networks does not work for the ingress.

COMPONENT NAME

docker_network.py

ADDITIONAL INFORMATION

Current use case is to delete and recreate the ingress network with a larger subnet CIDR than the swarm default network sizes (subnet_size and default_addr_pool from the docker_swarm module) upon initial swarm creation. Workaround is doing this manually with docker network CLI following the instructions here: https://docs.docker.com/network/overlay/#customize-the-default-ingress-network

Currently using play

- name: Reconfigure ingress network with custom IP range
  docker_network:
    state: present
    driver: overlay
    force: yes
    scope: swarm
    name: ingress
    enable_ipv6: no
    ipam_config:
      - gateway: "172.19.252.1"
        subnet: "172.19.252.0/24"

Results in

The full traceback is:
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/usr/lib/python3/dist-packages/requests/models.py", line 935, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http+docker://localhost/v1.41/networks/ingress/disconnect

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/tmp/ansible_docker_network_payload_v3_ezum8/ansible_docker_network_payload.zip/ansible_collections/community/general/plugins/modules/docker_network.py", line 708, in main
  File "/tmp/ansible_docker_network_payload_v3_ezum8/ansible_docker_network_payload.zip/ansible_collections/community/general/plugins/modules/docker_network.py", line 413, in __init__
  File "/tmp/ansible_docker_network_payload_v3_ezum8/ansible_docker_network_payload.zip/ansible_collections/community/general/plugins/modules/docker_network.py", line 631, in present
  File "/tmp/ansible_docker_network_payload_v3_ezum8/ansible_docker_network_payload.zip/ansible_collections/community/general/plugins/modules/docker_network.py", line 574, in remove_network
  File "/tmp/ansible_docker_network_payload_v3_ezum8/ansible_docker_network_payload.zip/ansible_collections/community/general/plugins/modules/docker_network.py", line 612, in disconnect_all_containers
  File "/tmp/ansible_docker_network_payload_v3_ezum8/ansible_docker_network_payload.zip/ansible_collections/community/general/plugins/modules/docker_network.py", line 616, in disconnect_container
  File "/usr/local/lib/python3.6/dist-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/docker/api/network.py", line 274, in disconnect_container_from_network
    self._raise_for_status(res)
  File "/usr/local/lib/python3.6/dist-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/local/lib/python3.6/dist-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.NotFound: 404 Client Error for http+docker://localhost/v1.41/networks/ingress/disconnect: Not Found ("No such container: ingress-endpoint")
fatal: [awssyddoc01d-00]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "api_version": "auto",
            "appends": false,
            "attachable": null,
            "ca_cert": null,
            "client_cert": null,
            "client_key": null,
            "connected": [],
            "debug": false,
            "docker_host": "unix://var/run/docker.sock",
            "driver": "overlay",
            "driver_options": {
                "ingress": true
            },
            "enable_ipv6": false,
            "force": true,
            "internal": null,
            "ipam_config": [
                {
                    "aux_addresses": null,
                    "gateway": "172.19.252.1",
                    "iprange": null,
                    "subnet": "172.19.252.0/24"
                }
            ],
            "ipam_driver": null,
            "ipam_driver_options": null,
            "ipam_options": {
                "aux_addresses": null,
                "gateway": null,
                "iprange": null,
                "subnet": null
            },
            "labels": {},
            "name": "ingress",
            "scope": "swarm",
            "ssl_version": null,
            "state": "present",
            "timeout": 60,
            "tls": false,
            "tls_hostname": "localhost",
            "validate_certs": false
        }
    },
    "msg": "An unexpected docker error occurred: 404 Client Error for http+docker://localhost/v1.41/networks/ingress/disconnect: Not Found (\"No such container: ingress-endpoint\")"
}
felixfontein commented 3 years ago

The module right now only handles plain docker networks. If someone wants to extend it with swarm functionality, it would need to be backwards compatible and still work fine without swarm. A related issue is #14; see also https://github.com/ansible/ansible/issues/65742#issuecomment-565757991.

serut commented 2 years ago

I would be interested too.