azure.azcollection.azure_rm_containerinstance module – Manage an Azure Container Instance
Note
This module is part of the azure.azcollection collection (version 3.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install azure.azcollection
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_containerinstance
.
New in azure.azcollection 0.1.2
Synopsis
Create, update and delete an Azure Container Instance.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter |
Comments |
---|---|
The Identity to use for access to the registry server. |
|
Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
|
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
|
Selects an API profile to use when communicating with Azure services. Default value of Default: |
|
Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object’s metadata. Choices:
|
|
Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
|
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
|
Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). Can also be set via the |
|
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
|
List of containers. Required when creation. |
|
List of commands to execute within the container instance in exec form. When updating existing container all existing commands will be replaced by new ones. |
|
The required number of CPU cores of the containers. Default: |
|
List of container environment variables. When updating existing container all existing variables will be replaced by new ones. |
|
Is variable secure. Choices:
|
|
Environment variable name. |
|
Environment variable value. |
|
The container image name. |
|
The required memory of the containers in GB. Default: |
|
The name of the container instance. |
|
List of ports exposed within the container group. |
|
The volume mounts for the container instance |
|
The path within the container where the volume should be mounted |
|
The name of the volume mount |
|
The flag indicating whether the volume mount is read-only Choices:
|
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to **True**, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. Set via credential file profile or the Choices:
|
|
The Dns name label for the IP. |
|
Force update of existing container instance. Any update will result in deletion and recreation of existing containers. Choices:
|
|
Identity for the Server. |
|
Type of the managed identity Choices:
Default: |
|
User Assigned Managed Identities and its options Default: |
|
List of the user assigned identities IDs associated to the VM Default: |
|
The IP address type of the container group. Default is Choices:
|
|
Valid azure location. Defaults to location of the resource group. |
|
Parent argument. |
|
Parent argument. |
|
The name of the container group. |
|
The OS type of containers. Choices:
|
|
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
|
List of ports exposed within the container group. This option is deprecated, using ports under containers“. Default: |
|
Security profile found in ~/.azure/credentials file. |
|
The container image registry login server. |
|
The password to log in container image registry server. |
|
The username to log in container image registry server. |
|
Name of resource group. |
|
Restart policy for all containers within the container group. Choices:
|
|
Azure client secret. Use when authenticating with a Service Principal. |
|
Assert the state of the container instance. Use Choices:
|
|
The subnet resource IDs for a container group. Multiple subnets are not yet supported. Only 1 subnet can be used. |
|
Your Azure subscription Id. |
|
Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false. Currently, Azure DNS zones and Traffic Manager services also don’t allow the use of spaces in the tag. Azure Front Door doesn’t support the use of Azure Automation and Azure CDN only support 15 tags on resources. |
|
Azure tenant ID. Use when authenticating with a Service Principal. |
|
The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
|
List of Volumes that can be mounted by containers in this container group. |
|
The Azure File volume |
|
The flag indicating whether the Azure File shared mounted as a volume is read-only Choices:
|
|
The name of the Azure File share to be mounted as a volume |
|
The storage account access key used to access the Azure File share |
|
The name of the storage account that contains the Azure File share |
|
The empty directory volume |
|
The git repo volume |
|
Target directory name |
|
Repository URL |
|
Commit hash for the specified revision |
|
The name of the Volume |
|
The secret volume |
|
Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples
- name: Create sample container group
azure_rm_containerinstance:
resource_group: myResourceGroup
name: myContainerInstanceGroup
os_type: linux
ip_address: public
containers:
- name: myContainer1
image: httpd
memory: 1.5
ports:
- 80
- 81
- name: Create sample container group with azure file share volume
azure_rm_containerinstance:
resource_group: myResourceGroup
name: myContainerInstanceGroupz
os_type: linux
ip_address: public
containers:
- name: mycontainer1
image: httpd
memory: 1
volume_mounts:
- name: filesharevolume
mount_path: "/data/files"
ports:
- 80
- 81
volumes:
- name: filesharevolume
azure_file:
storage_account_name: mystorageaccount
share_name: acishare
storage_account_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- name: Create sample container group with git repo volume
azure_rm_containerinstance:
resource_group: myResourceGroup
name: myContainerInstanceGroup
os_type: linux
ip_address: public
containers:
- name: mycontainer1
image: httpd
memory: 1
volume_mounts:
- name: myvolume1
mount_path: "/mnt/test"
ports:
- 80
- 81
volumes:
- name: myvolume1
git_repo:
repository: "https://github.com/Azure-Samples/aci-helloworld.git"
- name: Create sample container instance with subnet
azure_rm_containerinstance:
resource_group: myResourceGroup
name: myContainerInstanceGroup
os_type: linux
ip_address: private
location: eastus
subnet_ids:
- "{{ subnet_id }}"
ports:
- 80
containers:
- name: mycontainer1
image: httpd
memory: 1.5
ports:
- 80
- 81
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The containers within the container group. Returned: always Sample: |
|
Resource ID. Returned: always Sample: |
|
Public IP Address of created container group. Returned: if address is public Sample: |
|
Provisioning state of the container. Returned: always Sample: |
|
The list of volumes that mounted by containers in container group Returned: if volumes specified |
|
Azure file share volume details Returned: If Azure file share type of volume requested Sample: |
|
Empty directory volume details Returned: If Empty directory type of volume requested Sample: |
|
Git Repo volume details Returned: If Git repo type of volume requested Sample: |
|
The name of the Volume Returned: always Sample: |
|
Secret volume details Returned: If Secret type of volume requested Sample: |