docker_network – Manage Docker networks¶
Synopsis¶
- Create/remove Docker networks and connect containers to them.
- Performs largely the same function as the “docker network” CLI subcommand.
Requirements¶
The below requirements are needed on the host that executes this module.
- Docker SDK for Python: Please note that the docker-py Python module has been superseded by docker (see here for details). For Python 2.6, docker-pymust be used. Otherwise, it is recommended to install thedockerPython module. Note that both modules should not be installed at the same time. Also note that when both modules are installed and one of them is uninstalled, the other might no longer function and a reinstall of it is required.
- Docker SDK for Python >= 1.10.0 (use docker-py for Python 2.6)
- The docker server >= 1.10.0
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| api_version 
                    string
                                                                 | Default: "auto" | The version of the Docker API running on the Docker Host. Defaults to the latest version of the API supported by Docker SDK for Python and the docker daemon. If the value is not specified in the task, the value of environment variable  DOCKER_API_VERSIONwill be used instead. If the environment variable is not set, the default value will be used.aliases: docker_api_version | |
| appends 
                    boolean
                                                                 | 
 | By default the connected list is canonical, meaning containers not on the list are removed from the network. Use appends to leave existing containers connected. aliases: incremental | |
| attachable 
                    boolean
                                                                 added in 2.8 | 
 | If enabled, and the network is in the global scope, non-service containers on worker nodes will be able to connect to the network. | |
| ca_cert 
                    path
                                                                 | Use a CA certificate when performing server verification by providing the path to a CA certificate file. If the value is not specified in the task and the environment variable  DOCKER_CERT_PATHis set, the fileca.pemfrom the directory specified in the environment variableDOCKER_CERT_PATHwill be used.aliases: tls_ca_cert, cacert_path | ||
| client_cert 
                    path
                                                                 | Path to the client's TLS certificate file. If the value is not specified in the task and the environment variable  DOCKER_CERT_PATHis set, the filecert.pemfrom the directory specified in the environment variableDOCKER_CERT_PATHwill be used.aliases: tls_client_cert, cert_path | ||
| client_key 
                    path
                                                                 | Path to the client's TLS key file. If the value is not specified in the task and the environment variable  DOCKER_CERT_PATHis set, the filekey.pemfrom the directory specified in the environment variableDOCKER_CERT_PATHwill be used.aliases: tls_client_key, key_path | ||
| connected 
                    list
                     / elements=string                                             | List of container names or container IDs to connect to a network. Please note that the module only makes sure that these containers are connected to the network, but does not care about connection options. If you rely on specific IP addresses etc., use the docker_container module to ensure your containers are correctly connected to this network. aliases: containers | ||
| debug 
                    boolean
                                                                 | 
 | Debug mode | |
| docker_host 
                    string
                                                                 | Default: "unix://var/run/docker.sock" | The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the TCP connection string. For example,  tcp://192.0.2.23:2376. If TLS is used to encrypt the connection, the module will automatically replacetcpin the connection URL withhttps.If the value is not specified in the task, the value of environment variable  DOCKER_HOSTwill be used instead. If the environment variable is not set, the default value will be used.aliases: docker_url | |
| driver 
                    string
                                                                 | Default: "bridge" | Specify the type of network. Docker provides bridge and overlay drivers, but 3rd party drivers can also be used. | |
| driver_options 
                    dictionary
                                                                 | Dictionary of network settings. Consult docker docs for valid options and values. | ||
| enable_ipv6 
                    boolean
                                                                 added in 2.8 | 
 | Enable IPv6 networking. | |
| force 
                    boolean
                                                                 | 
 | With state  absentforces disconnecting all containers from the network prior to deleting the network. With statepresentwill disconnect all containers, delete the network and re-create the network.This option is required if you have changed the IPAM or driver options and want an existing network to be updated to use the new options. | |
| internal 
                    boolean
                                                                 added in 2.8 | 
 | Restrict external access to the network. | |
| ipam_config 
                    list
                     / elements=dictionary                                             added in 2.8 | List of IPAM config blocks. Consult Docker docs for valid options and values. Note that iprange is spelled differently here (we use the notation from the Docker SDK for Python). | ||
| aux_addresses 
                    dictionary
                                                                 | Auxiliary IP addresses used by Network driver, as a mapping from hostname to IP. | ||
| gateway 
                    string
                                                                 | IP gateway address. | ||
| iprange 
                    string
                                                                 | IP address range in CIDR notation. | ||
| subnet 
                    string
                                                                 | IP subset in CIDR notation. | ||
| ipam_driver 
                    string
                                                                 | Specify an IPAM driver. | ||
| ipam_driver_options 
                    dictionary
                                                                 added in 2.8 | Dictionary of IPAM driver options. | ||
| ipam_options 
                    dictionary
                                                                 | Dictionary of IPAM options. Deprecated in 2.8, will be removed in 2.12. Use parameter ipam_config instead. In Docker 1.10.0, IPAM options were introduced (see here). This module parameter addresses the IPAM config not the newly introduced IPAM options. For the IPAM options, see the ipam_driver_options parameter. | ||
| aux_addresses 
                    dictionary
                                                                 | Auxiliary IP addresses used by Network driver, as a mapping from hostname to IP. | ||
| gateway 
                    string
                                                                 | IP gateway address. | ||
| iprange 
                    string
                                                                 | IP address range in CIDR notation. | ||
| subnet 
                    string
                                                                 | IP subset in CIDR notation. | ||
| labels 
                    dictionary
                                                                 added in 2.8 | Dictionary of labels. | ||
| name 
                    string
                                             / required                     | Name of the network to operate on. aliases: network_name | ||
| scope 
                    string
                                                                 added in 2.8 | 
 | Specify the network's scope. | |
| ssl_version 
                    string
                                                                 | Provide a valid SSL version number. Default value determined by ssl.py module. If the value is not specified in the task, the value of environment variable  DOCKER_SSL_VERSIONwill be used instead. | ||
| state 
                    string
                                                                 | 
 | absentdeletes the network. If a network has connected containers, it cannot be deleted. Use the force option to disconnect all containers and delete the network.presentcreates the network, if it does not already exist with the specified parameters, and connects the list of containers provided via the connected parameter. Containers not on the list will be disconnected. An empty list will leave no containers connected to the network. Use the appends option to leave existing containers connected. Use the force options to force re-creation of the network. | |
| timeout 
                    integer
                                                                 | Default: 60 | The maximum amount of time in seconds to wait on a response from the API. If the value is not specified in the task, the value of environment variable  DOCKER_TIMEOUTwill be used instead. If the environment variable is not set, the default value will be used. | |
| tls 
                    boolean
                                                                 | 
 | Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server. Note that if validate_certs is set to  yesas well, it will take precedence.If the value is not specified in the task, the value of environment variable  DOCKER_TLSwill be used instead. If the environment variable is not set, the default value will be used. | |
| tls_hostname 
                    string
                                                                 | Default: "localhost" | When verifying the authenticity of the Docker Host server, provide the expected name of the server. If the value is not specified in the task, the value of environment variable  DOCKER_TLS_HOSTNAMEwill be used instead. If the environment variable is not set, the default value will be used. | |
| validate_certs 
                    boolean
                                                                 | 
 | Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server. If the value is not specified in the task, the value of environment variable  DOCKER_TLS_VERIFYwill be used instead. If the environment variable is not set, the default value will be used.aliases: tls_verify | |
Notes¶
Note
- When network options are changed, the module disconnects all containers from the network, deletes the network, and re-creates the network. It does not try to reconnect containers, except the ones listed in (connected, and even for these, it does not consider specific connection options like fixed IP addresses or MAC addresses. If you need more control over how the containers are connected to the network, loop the docker_container module to loop over your containers to make sure they are connected properly.
- The module does not support Docker Swarm, i.e. it will not try to disconnect or reconnect services. If services are connected to the network, deleting the network will fail. When network options are changed, the network has to be deleted and recreated, so this will fail as well.
- Connect to the Docker daemon by providing parameters with each task or by defining environment variables. You can define DOCKER_HOST,DOCKER_TLS_HOSTNAME,DOCKER_API_VERSION,DOCKER_CERT_PATH,DOCKER_SSL_VERSION,DOCKER_TLS,DOCKER_TLS_VERIFYandDOCKER_TIMEOUT. If you are using docker machine, run the script shipped with the product that sets up the environment. It will set these variables for you. See https://docs.docker.com/machine/reference/env/ for more details.
- When connecting to Docker daemon with TLS, you might need to install additional Python packages. For the Docker SDK for Python, version 2.4 or newer, this can be done by installing docker[tls]with pip.
- Note that the Docker SDK for Python only allows to specify the path to the Docker configuration for very few functions. In general, it will use $HOME/.docker/config.jsonif theDOCKER_CONFIGenvironment variable is not specified, and use$DOCKER_CONFIG/config.jsonotherwise.
Examples¶
- name: Create a network
  docker_network:
    name: network_one
- name: Remove all but selected list of containers
  docker_network:
    name: network_one
    connected:
      - container_a
      - container_b
      - container_c
- name: Remove a single container
  docker_network:
    name: network_one
    connected: "{{ fulllist|difference(['container_a']) }}"
- name: Add a container to a network, leaving existing containers connected
  docker_network:
    name: network_one
    connected:
      - container_a
    appends: yes
- name: Create a network with driver options
  docker_network:
    name: network_two
    driver_options:
      com.docker.network.bridge.name: net2
- name: Create a network with custom IPAM config
  docker_network:
    name: network_three
    ipam_config:
      - subnet: 172.3.27.0/24
        gateway: 172.3.27.2
        iprange: 172.3.27.0/26
        aux_addresses:
          host1: 172.3.27.3
          host2: 172.3.27.4
- name: Create a network with labels
  docker_network:
    name: network_four
    labels:
      key1: value1
      key2: value2
- name: Create a network with IPv6 IPAM config
  docker_network:
    name: network_ipv6_one
    enable_ipv6: yes
    ipam_config:
      - subnet: fdd1:ac8c:0557:7ce1::/64
- name: Create a network with IPv6 and custom IPv4 IPAM config
  docker_network:
    name: network_ipv6_two
    enable_ipv6: yes
    ipam_config:
      - subnet: 172.4.27.0/24
      - subnet: fdd1:ac8c:0557:7ce2::/64
- name: Delete a network, disconnecting all containers
  docker_network:
    name: network_one
    state: absent
    force: yes
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Ben Keith (@keitwb)
- Chris Houseknecht (@chouseknecht)
- Dave Bendit (@DBendit)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
