1Docker Guide
2============
3
4The `community.docker collection <https://galaxy.ansible.com/community/docker>`_ offers several modules and plugins for orchestrating Docker containers and Docker Swarm.
5
6.. contents::
7   :local:
8   :depth: 1
9
10
11Requirements
12------------
13
14Most of the modules and plugins in community.docker require the `Docker SDK for Python <https://docker-py.readthedocs.io/en/stable/>`_. The SDK needs to be installed on the machines where the modules and plugins are executed, and for the Python version(s) with which the modules and plugins are executed. You can use the :ref:`community.general.python_requirements_info module <ansible_collections.community.general.python_requirements_info_module>` to make sure that the Docker SDK for Python is installed on the correct machine and for the Python version used by Ansible.
15
16Note that plugins (inventory plugins and connection plugins) are always executed in the context of Ansible itself. If you use a plugin that requires the Docker SDK for Python, you need to install it on the machine running ``ansible`` or ``ansible-playbook`` and for the same Python interpreter used by Ansible. To see which Python is used, run ``ansible --version``.
17
18You can install the Docker SDK for Python for Python 2.7 or Python 3 as follows:
19
20.. code-block:: bash
21
22    $ pip install docker
23
24For Python 2.6, you need a version before 2.0. For these versions, the SDK was called ``docker-py``, so you need to install it as follows:
25
26.. code-block:: bash
27
28    $ pip install 'docker-py>=1.10.0'
29
30Please install only one of ``docker`` or ``docker-py``. Installing both will result in a broken installation. If this happens, Ansible will detect it and inform you about it. If that happens, you must uninstall both and reinstall the correct version.
31
32If in doubt, always install ``docker`` and never ``docker-py``.
33
34
35Connecting to the Docker API
36----------------------------
37
38You can connect to a local or remote API using parameters passed to each task or by setting environment variables. The order of precedence is command line parameters and then environment variables. If neither a command line option nor an environment variable is found, Ansible uses the default value  provided under `Parameters`_.
39
40
41Parameters
42..........
43
44Most plugins and modules can be configured by the following parameters:
45
46    docker_host
47        The URL or Unix socket path used to connect to the Docker API. Defaults to ``unix://var/run/docker.sock``. To connect to a remote host, provide the TCP connection string (for example: ``tcp://192.0.2.23:2376``). If TLS is used to encrypt the connection to the API, then the module will automatically replace 'tcp' in the connection URL with 'https'.
48
49    api_version
50        The version of the Docker API running on the Docker Host. Defaults to the latest version of the API supported by the Docker SDK for Python installed.
51
52    timeout
53        The maximum amount of time in seconds to wait on a response from the API. Defaults to 60 seconds.
54
55    tls
56        Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server. Defaults to ``false``.
57
58    validate_certs
59        Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server. Default is ``false``.
60
61    cacert_path
62        Use a CA certificate when performing server verification by providing the path to a CA certificate file.
63
64    cert_path
65        Path to the client's TLS certificate file.
66
67    key_path
68        Path to the client's TLS key file.
69
70    tls_hostname
71        When verifying the authenticity of the Docker Host server, provide the expected name of the server. Defaults to ``localhost``.
72
73    ssl_version
74        Provide a valid SSL version number. The default value is determined by the Docker SDK for Python.
75
76
77Environment variables
78.....................
79
80You can also control how the plugins and modules connect to the Docker API by setting the following environment variables.
81
82For plugins, they have to be set for the environment Ansible itself runs in. For modules, they have to be set for the environment the modules are executed in. For modules running on remote machines, the environment variables have to be set on that machine for the user used to execute the modules with.
83
84    DOCKER_HOST
85        The URL or Unix socket path used to connect to the Docker API.
86
87    DOCKER_API_VERSION
88        The version of the Docker API running on the Docker Host. Defaults to the latest version of the API supported
89        by docker-py.
90
91    DOCKER_TIMEOUT
92        The maximum amount of time in seconds to wait on a response from the API.
93
94    DOCKER_CERT_PATH
95        Path to the directory containing the client certificate, client key and CA certificate.
96
97    DOCKER_SSL_VERSION
98        Provide a valid SSL version number.
99
100    DOCKER_TLS
101        Secure the connection to the API by using TLS without verifying the authenticity of the Docker Host.
102
103    DOCKER_TLS_VERIFY
104        Secure the connection to the API by using TLS and verify the authenticity of the Docker Host.
105
106
107Plain Docker daemon: images, networks, volumes, and containers
108--------------------------------------------------------------
109
110For working with a plain Docker daemon, that is without Swarm, there are connection plugins, an inventory plugin, and several modules available:
111
112    docker connection plugin
113        The :ref:`community.docker.docker connection plugin <ansible_collections.community.docker.docker_connection>` uses the Docker CLI utility to connect to Docker containers and execute modules in them. It essentially wraps ``docker exec`` and ``docker cp``. This connection plugin is supported by the :ref:`ansible.posix.synchronize module <ansible_collections.ansible.posix.synchronize_module>`.
114
115    docker_api connection plugin
116        The :ref:`community.docker.docker_api connection plugin <ansible_collections.community.docker.docker_api_connection>` talks directly to the Docker daemon to connect to Docker containers and execute modules in them.
117
118    docker_containers inventory plugin
119        The :ref:`community.docker.docker_containers inventory plugin <ansible_collections.community.docker.docker_containers_inventory>` allows you to dynamically add Docker containers from a Docker Daemon to your Ansible inventory. See :ref:`dynamic_inventory` for details on dynamic inventories.
120
121        The `docker inventory script <https://github.com/ansible-community/contrib-scripts/blob/main/inventory/docker.py>`_ is deprecated. Please use the inventory plugin instead. The inventory plugin has several compatibility options. If you need to collect Docker containers from multiple Docker daemons, you need to add every Docker daemon as an individual inventory source.
122
123    docker_host_info module
124        The :ref:`community.docker.docker_host_info module <ansible_collections.community.docker.docker_host_info_module>` allows you to retrieve information on a Docker daemon, such as all containers, images, volumes, networks and so on.
125
126    docker_login module
127        The :ref:`community.docker.docker_login module <ansible_collections.community.docker.docker_login_module>` allows you to log in and out of a remote registry, such as Docker Hub or a private registry. It provides similar functionality to the ``docker login`` and ``docker logout`` CLI commands.
128
129    docker_prune module
130        The :ref:`community.docker.docker_prune module <ansible_collections.community.docker.docker_prune_module>` allows  you to prune no longer needed containers, images, volumes and so on. It provides similar functionality to the ``docker prune`` CLI command.
131
132    docker_image module
133        The :ref:`community.docker.docker_image module <ansible_collections.community.docker.docker_image_module>` provides full control over images, including: build, pull, push, tag and remove.
134
135    docker_image_info module
136        The :ref:`community.docker.docker_image_info module <ansible_collections.community.docker.docker_image_info_module>` allows you to list and inspect images.
137
138    docker_network module
139        The :ref:`community.docker.docker_network module <ansible_collections.community.docker.docker_network_module>` provides full control over Docker networks.
140
141    docker_network_info module
142        The :ref:`community.docker.docker_network_info module <ansible_collections.community.docker.docker_network_info_module>` allows you to inspect Docker networks.
143
144    docker_volume_info module
145        The :ref:`community.docker.docker_volume_info module <ansible_collections.community.docker.docker_volume_info_module>` provides full control over Docker volumes.
146
147    docker_volume module
148        The :ref:`community.docker.docker_volume module <ansible_collections.community.docker.docker_volume_module>` allows you to inspect Docker volumes.
149
150    docker_container module
151        The :ref:`community.docker.docker_container module <ansible_collections.community.docker.docker_container_module>` manages the container lifecycle by providing the ability to create, update, stop, start and destroy a Docker container.
152
153    docker_container_info module
154        The :ref:`community.docker.docker_container_info module <ansible_collections.community.docker.docker_container_info_module>` allows you to inspect a Docker container.
155
156
157Docker Compose
158--------------
159
160The :ref:`community.docker.docker_compose module <ansible_collections.community.docker.docker_compose_module>`
161allows you to use your existing Docker compose files to orchestrate containers on a single Docker daemon or on Swarm.
162Supports compose versions 1 and 2.
163
164Next to Docker SDK for Python, you need to install `docker-compose <https://github.com/docker/compose>`_ on the remote machines to use the module.
165
166
167Docker Machine
168--------------
169
170The :ref:`community.docker.docker_machine inventory plugin <ansible_collections.community.docker.docker_machine_inventory>` allows you to dynamically add Docker Machine hosts to your Ansible inventory.
171
172
173Docker stack
174------------
175
176The :ref:`community.docker.docker_stack module <ansible_collections.community.docker.docker_stack_module>` module allows you to control Docker stacks. Information on stacks can be retrieved by the :ref:`community.docker.docker_stack_info module <ansible_collections.community.docker.docker_stack_info_module>`, and information on stack tasks can be retrieved by the :ref:`community.docker.docker_stack_task_info module <ansible_collections.community.docker.docker_stack_task_info_module>`.
177
178
179Docker Swarm
180------------
181
182The community.docker collection provides multiple plugins and modules for managing Docker Swarms.
183
184Swarm management
185................
186
187One inventory plugin and several modules are provided to manage Docker Swarms:
188
189    docker_swarm inventory plugin
190        The :ref:`community.docker.docker_swarm inventory plugin <ansible_collections.community.docker.docker_swarm_inventory>` allows  you to dynamically add all Docker Swarm nodes to your Ansible inventory.
191
192    docker_swarm module
193        The :ref:`community.docker.docker_swarm module <ansible_collections.community.docker.docker_swarm_module>` allows you to globally configure Docker Swarm manager nodes to join and leave swarms, and to change the Docker Swarm configuration.
194
195    docker_swarm_info module
196        The :ref:`community.docker.docker_swarm_info module <ansible_collections.community.docker.docker_swarm_info_module>` allows  you to retrieve information on Docker Swarm.
197
198    docker_node module
199        The :ref:`community.docker.docker_node module <ansible_collections.community.docker.docker_node_module>` allows you to manage Docker Swarm nodes.
200
201    docker_node_info module
202        The :ref:`community.docker.docker_node_info module <ansible_collections.community.docker.docker_node_info_module>` allows you to retrieve information on Docker Swarm nodes.
203
204Configuration management
205........................
206
207The community.docker collection offers modules to manage Docker Swarm configurations and secrets:
208
209    docker_config module
210        The :ref:`community.docker.docker_config module <ansible_collections.community.docker.docker_config_module>` allows you to create and modify Docker Swarm configs.
211
212    docker_secret module
213        The :ref:`community.docker.docker_secret module <ansible_collections.community.docker.docker_secret_module>` allows you to create and modify Docker Swarm secrets.
214
215
216Swarm services
217..............
218
219Docker Swarm services can be created and updated with the :ref:`community.docker.docker_swarm_service module <ansible_collections.community.docker.docker_swarm_service_module>`, and information on them can be queried by the :ref:`community.docker.docker_swarm_service_info module <ansible_collections.community.docker.docker_swarm_service_info_module>`.
220
221
222Helpful links
223-------------
224
225Still using Dockerfile to build images? Check out `ansible-bender <https://github.com/ansible-community/ansible-bender>`_, and start building images from your Ansible playbooks.
226
227Use `Ansible Operator <https://learn.openshift.com/ansibleop/ansible-operator-overview/>`_ to launch your docker-compose file on `OpenShift <https://www.okd.io/>`_. Go from an app on your laptop to a fully scalable app in the cloud with Kubernetes in just a few moments.
228