community.docker.docker_stack module – docker stack module

Note

This module is part of the community.docker collection (version 3.13.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.docker. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.docker.docker_stack.

Synopsis

  • Manage docker stacks using the docker stack command on the target node (see examples).

Requirements

The below requirements are needed on the host that executes this module.

  • Docker CLI tool docker

  • jsondiff

  • pyyaml

Parameters

Parameter

Comments

absent_retries

integer

If larger than 0 and state=absent the module will retry up to absent_retries times to delete the stack until all the resources have been effectively deleted. If the last try still reports the stack as not completely removed the module will fail.

Default: 0

absent_retries_interval

integer

Interval in seconds between consecutive absent_retries.

Default: 1

api_version

aliases: docker_api_version

string

added in community.docker 3.6.0

The version of the Docker API running on the Docker Host.

Defaults to the latest version of the API supported by this collection and the docker daemon.

If the value is not specified in the task, the value of environment variable DOCKER_API_VERSION will be used instead. If the environment variable is not set, the default value will be used.

Default: "auto"

ca_path

aliases: ca_cert, tls_ca_cert, cacert_path

path

added in community.docker 3.6.0

Use a CA certificate when performing server verification by providing the path to a CA certificate file.

If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file ca.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.

cli_context

string

added in community.docker 3.6.0

The Docker CLI context to use.

Mutually exclusive with docker_host.

client_cert

aliases: tls_client_cert, cert_path

path

added in community.docker 3.6.0

Path to the client’s TLS certificate file.

If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file cert.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.

client_key

aliases: tls_client_key, key_path

path

added in community.docker 3.6.0

Path to the client’s TLS key file.

If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file key.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.

compose

list / elements=any

List of compose definitions. Any element may be a string referring to the path of the compose file on the target host or the YAML contents of a compose file nested as dictionary.

Default: []

docker_cli

path

added in community.docker 3.6.0

Path to the Docker CLI. If not provided, will search for Docker CLI on the PATH.

docker_host

aliases: docker_url

string

added in community.docker 3.6.0

The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the TCP connection string. For example, tcp://192.0.2.23:2376. If TLS is used to encrypt the connection, the module will automatically replace tcp in the connection URL with https.

If the value is not specified in the task, the value of environment variable DOCKER_HOST will be used instead. If the environment variable is not set, the default value will be used.

Mutually exclusive with cli_context. If neither docker_host nor cli_context are provided, the value unix:///var/run/docker.sock is used.

name

string / required

Stack name

prune

boolean

If true will add the --prune option to the docker stack deploy command. This will have docker remove the services not present in the current stack definition.

Choices:

  • false ← (default)

  • true

resolve_image

string

If set will add the --resolve-image option to the docker stack deploy command. This will have docker query the registry to resolve image digest and supported platforms. If not set, docker use “always” by default.

Choices:

  • "always"

  • "changed"

  • "never"

state

string

Service state.

Choices:

  • "present" ← (default)

  • "absent"

tls

boolean

added in community.docker 3.6.0

Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server. Note that if validate_certs is set to true as well, it will take precedence.

If the value is not specified in the task, the value of environment variable DOCKER_TLS will be used instead. If the environment variable is not set, the default value will be used.

Choices:

  • false ← (default)

  • true

tls_hostname

string

added in community.docker 3.6.0

When verifying the authenticity of the Docker Host server, provide the expected name of the server.

If the value is not specified in the task, the value of environment variable DOCKER_TLS_HOSTNAME will be used instead. If the environment variable is not set, the default value will be used.

validate_certs

aliases: tls_verify

boolean

added in community.docker 3.6.0

Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server.

If the value is not specified in the task, the value of environment variable DOCKER_TLS_VERIFY will be used instead. If the environment variable is not set, the default value will be used.

Choices:

  • false ← (default)

  • true

with_registry_auth

boolean

If true will add the --with-registry-auth option to the docker stack deploy command. This will have docker send registry authentication details to Swarm agents.

Choices:

  • false ← (default)

  • true

Attributes

Attribute

Support

Description

action_group

Action groups: community.docker.docker, docker

added in community.docker 3.6.0

Use group/docker or group/community.docker.docker in module_defaults to set defaults for this module.

check_mode

Support: none

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

Examples

- name: Deploy stack from a compose file
  community.docker.docker_stack:
    state: present
    name: mystack
    compose:
      - /opt/docker-compose.yml

- name: Deploy stack from base compose file and override the web service
  community.docker.docker_stack:
    state: present
    name: mystack
    compose:
      - /opt/docker-compose.yml
      - version: '3'
        services:
          web:
            image: nginx:latest
            environment:
              ENVVAR: envvar

- name: Remove stack
  community.docker.docker_stack:
    name: mystack
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

stack_spec_diff

dictionary

dictionary containing the differences between the ‘Spec’ field of the stack services before and after applying the new stack definition.

Returned: on change

Sample: "\"stack_spec_diff\": {'test_stack_test_service': {u'TaskTemplate': {u'ContainerSpec': {delete: [u'Env']}}}}\n"

Authors

  • Dario Zanzico (@dariko)