community.docker.docker_swarm module – Manage Swarm cluster

Note

This module is part of the community.docker collection (version 4.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.docker. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.docker.docker_swarm.

Synopsis

  • Create a new Swarm cluster.

  • Add/Remove nodes or managers to an existing cluster.

Requirements

The below requirements are needed on the host that executes this module.

  • Docker API >= 1.25

  • Docker SDK for Python: Please note that the docker-py Python module has been superseded by docker (see here for details). Note that both modules should *not* be installed at the same time. Also note that when both modules are installed and one of them is uninstalled, the other might no longer function and a reinstall of it is required.

  • Docker SDK for Python >= 1.10.0

Parameters

Parameter

Comments

advertise_addr

string

Externally reachable address advertised to other nodes.

This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567.

If the port number is omitted, the port number from the listen address is used.

If advertise_addr is not specified, it will be automatically detected when possible.

Only used when swarm is initialised or joined. Because of this it is not considered for idempotency checking.

api_version

aliases: docker_api_version

string

The version of the Docker API running on the Docker Host.

Defaults to the latest version of the API supported by Docker SDK for Python and the docker daemon.

If the value is not specified in the task, the value of environment variable DOCKER_API_VERSION will be used instead. If the environment variable is not set, the default value will be used.

Default: "auto"

autolock_managers

boolean

If set, generate a key and use it to lock data stored on the managers.

Docker default value is false.

community.docker.docker_swarm_info can be used to retrieve the unlock key.

Choices:

  • false

  • true

ca_force_rotate

integer

An integer whose purpose is to force swarm to generate a new signing CA certificate and key, if none have been specified.

Docker default value is 0.

Requires API version >= 1.30.

ca_path

aliases: ca_cert, tls_ca_cert, cacert_path

path

Use a CA certificate when performing server verification by providing the path to a CA certificate file.

If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file ca.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.

This option was called ca_cert and got renamed to ca_path in community.docker 3.6.0. The old name has been added as an alias and can still be used.

client_cert

aliases: tls_client_cert, cert_path

path

Path to the client’s TLS certificate file.

If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file cert.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.

client_key

aliases: tls_client_key, key_path

path

Path to the client’s TLS key file.

If the value is not specified in the task and the environment variable DOCKER_CERT_PATH is set, the file key.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.

data_path_addr

string

added in community.docker 2.5.0

Address or interface to use for data path traffic.

This can either be an address in the form 192.168.1.1, or an interface, like eth0.

Only used when swarm is initialised or joined. Because of this it is not considered for idempotency checking.

Requires API version >= 1.30.

data_path_port

integer

added in community.docker 3.1.0

Port to use for data path traffic.

This needs to be a port number like 9789.

Only used when swarm is initialised. Because of this it is not considered for idempotency checking.

Requires API version >= 1.40.

debug

boolean

Debug mode.

Choices:

  • false ← (default)

  • true

default_addr_pool

list / elements=string

Default address pool in CIDR format.

Only used when swarm is initialised. Because of this it is not considered for idempotency checking.

Requires API version >= 1.39.

dispatcher_heartbeat_period

integer

The delay (in nanoseconds) for an agent to send a heartbeat to the dispatcher.

Docker default value is 5 seconds, which corresponds to a value of 5000000000.

docker_host

aliases: docker_url

string

The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the TCP connection string. For example, tcp://192.0.2.23:2376. If TLS is used to encrypt the connection, the module will automatically replace tcp in the connection URL with https.

If the value is not specified in the task, the value of environment variable DOCKER_HOST will be used instead. If the environment variable is not set, the default value will be used.

Default: "unix:///var/run/docker.sock"

election_tick

integer

Amount of ticks (in seconds) needed without a leader to trigger a new election.

Docker default value is 10 seconds.

force

boolean

Use with state present to force creating a new Swarm, even if already part of one.

Use with state absent to Leave the swarm even if this node is a manager.

Choices:

  • false ← (default)

  • true

heartbeat_tick

integer

Amount of ticks (in seconds) between each heartbeat.

Docker default value is 1 seconds.

join_token

string

Swarm token used to join a swarm cluster.

Used with state=join.

If this value is specified, the corresponding value in the return values will be censored by Ansible. This is a side-effect of this value not being logged.

keep_old_snapshots

integer

Number of snapshots to keep beyond the current snapshot.

Docker default value is 0.

labels

dictionary

User-defined key/value metadata.

Label operations in this module apply to the docker swarm cluster. Use community.docker.docker_node module to add/modify/remove swarm node labels.

Requires API version >= 1.32.

listen_addr

string

Listen address used for inter-manager communication.

This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567.

If the port number is omitted, the default swarm listening port is used.

Only used when swarm is initialised or joined. Because of this it is not considered for idempotency checking.

Default: "0.0.0.0:2377"

log_entries_for_slow_followers

integer

Number of log entries to keep around to sync up slow followers after a snapshot is created.

name

string

The name of the swarm.

node_cert_expiry

integer

Automatic expiry for nodes certificates, given in nanoseconds.

Docker default value is 90 days, which corresponds to a value of 7776000000000000.

node_id

string

Swarm id of the node to remove.

Used with state=remove.

remote_addrs

list / elements=string

Remote address of one or more manager nodes of an existing Swarm to connect to.

Used with state=join.

rotate_manager_token

boolean

Rotate the manager join token.

Choices:

  • false ← (default)

  • true

rotate_worker_token

boolean

Rotate the worker join token.

Choices:

  • false ← (default)

  • true

signing_ca_cert

string

The desired signing CA certificate for all swarm node TLS leaf certificates, in PEM format.

This must not be a path to a certificate, but the contents of the certificate.

Requires API version >= 1.30.

signing_ca_key

string

The desired signing CA key for all swarm node TLS leaf certificates, in PEM format.

This must not be a path to a key, but the contents of the key.

Requires API version >= 1.30.

snapshot_interval

integer

Number of logs entries between snapshot.

Docker default value is 10000.

state

string

Set to present, to create/update a new cluster.

Set to join, to join an existing cluster.

Set to absent, to leave an existing cluster.

Set to remove, to remove an absent node from the cluster. Note that removing requires Docker SDK for Python >= 2.4.0.

community.docker.docker_node can be used to demote a manager before removal.

Choices:

  • "present" ← (default)

  • "join"

  • "absent"

  • "remove"

subnet_size

integer

Default address pool subnet mask length.

Only used when swarm is initialised. Because of this it is not considered for idempotency checking.

Requires API version >= 1.39.

task_history_retention_limit

integer

Maximum number of tasks history stored.

Docker default value is 5.

timeout

integer

The maximum amount of time in seconds to wait on a response from the API.

If the value is not specified in the task, the value of environment variable DOCKER_TIMEOUT will be used instead. If the environment variable is not set, the default value will be used.

Default: 60

tls

boolean

Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server. Note that if validate_certs is set to true as well, it will take precedence.

If the value is not specified in the task, the value of environment variable DOCKER_TLS will be used instead. If the environment variable is not set, the default value will be used.

Choices:

  • false ← (default)

  • true

tls_hostname

string

When verifying the authenticity of the Docker Host server, provide the expected name of the server.

If the value is not specified in the task, the value of environment variable DOCKER_TLS_HOSTNAME will be used instead. If the environment variable is not set, the default value will be used.

Note that this option had a default value localhost in older versions. It was removed in community.docker 3.0.0.

Note: this option is no longer supported for Docker SDK for Python 7.0.0+. Specifying it with Docker SDK for Python 7.0.0 or newer will lead to an error.

use_ssh_client

boolean

added in community.docker 1.5.0

For SSH transports, use the ssh CLI tool instead of paramiko.

Requires Docker SDK for Python 4.4.0 or newer.

Choices:

  • false ← (default)

  • true

validate_certs

aliases: tls_verify

boolean

Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server.

If the value is not specified in the task, the value of environment variable DOCKER_TLS_VERIFY will be used instead. If the environment variable is not set, the default value will be used.

Choices:

  • false ← (default)

  • true

Attributes

Attribute

Support

Description

action_group

Action groups: community.docker.docker, docker

Use group/docker or group/community.docker.docker in module_defaults to set defaults for this module.

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: full

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

idempotent

Support: full

When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.

This assumes that the system controlled/queried by the module has not changed in a relevant way.

Notes

Note

  • Connect to the Docker daemon by providing parameters with each task or by defining environment variables. You can define DOCKER_HOST, DOCKER_TLS_HOSTNAME, DOCKER_API_VERSION, DOCKER_CERT_PATH, DOCKER_TLS, DOCKER_TLS_VERIFY and DOCKER_TIMEOUT. If you are using docker machine, run the script shipped with the product that sets up the environment. It will set these variables for you. See https://docs.docker.com/machine/reference/env/ for more details.

  • When connecting to Docker daemon with TLS, you might need to install additional Python packages. For the Docker SDK for Python, version 2.4 or newer, this can be done by installing docker[tls] with ansible.builtin.pip.

  • Note that the Docker SDK for Python only allows to specify the path to the Docker configuration for very few functions. In general, it will use $HOME/.docker/config.json if the DOCKER_CONFIG environment variable is not specified, and use $DOCKER_CONFIG/config.json otherwise.

  • This module uses the Docker SDK for Python to communicate with the Docker daemon.

Examples

---
- name: Init a new swarm with default parameters
  community.docker.docker_swarm:
    state: present

- name: Update swarm configuration
  community.docker.docker_swarm:
    state: present
    election_tick: 5

- name: Add nodes
  community.docker.docker_swarm:
    state: join
    advertise_addr: 192.168.1.2
    join_token: SWMTKN-1--xxxxx
    remote_addrs: ['192.168.1.1:2377']

- name: Leave swarm for a node
  community.docker.docker_swarm:
    state: absent

- name: Remove a swarm manager
  community.docker.docker_swarm:
    state: absent
    force: true

- name: Remove node from swarm
  community.docker.docker_swarm:
    state: remove
    node_id: mynode

- name: Init a new swarm with different data path interface
  community.docker.docker_swarm:
    state: present
    advertise_addr: eth0
    data_path_addr: ens10

- name: Init a new swarm with a different data path port
  community.docker.docker_swarm:
    state: present
    data_path_port: 9789

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

actions

list / elements=string

Provides the actions done on the swarm.

Returned: when action failed.

Sample: ["This cluster is already a swarm cluster"]

swarm_facts

dictionary

Information about swarm.

Returned: success

JoinTokens

dictionary

Tokens to connect to the Swarm.

Returned: success

Manager

string

Token to join the cluster as a new *manager* node.

Note: if this value has been specified as join_token, the value here will not be the token, but VALUE_SPECIFIED_IN_NO_LOG_PARAMETER. If you pass join_token, make sure your playbook/role does not depend on this return value!

Returned: success

Sample: "SWMTKN-1--xxxxx"

Worker

string

Token to join the cluster as a new *worker* node.

Note: if this value has been specified as join_token, the value here will not be the token, but VALUE_SPECIFIED_IN_NO_LOG_PARAMETER. If you pass join_token, make sure your playbook/role does not depend on this return value!

Returned: success

Sample: "SWMTKN-1--xxxxx"

UnlockKey

string

The swarm unlock-key if autolock_managers=true.

Returned: on success if autolock_managers=true and swarm is initialised, or if autolock_managers has changed.

Sample: "SWMKEY-1-xxx"

Authors

  • Thierry Bouvet (@tbouvet)

  • Piotr Wojciechowski (@WojciechowskiPiotr)