docker module how to get --cap-add=NET_ADMIN

[Steve Kieu]

Hi team,

I am sorry if it has been answered somewhere but my google search does not show yet. How can I get something like --cap-add=NET_ADMIN when using docker module to start a docker container

my exmaple like below (not run and tested yet)

- name: jenkins master - ubuntu
  docker:
    name: test-jenkinsmaster-ubuntu
    command: '/scripts/run.sh "192.168.2.41/24"'
    image: 10.10.4.229:5000/jumbo:base_ubuntu14
    state: present
    dns: 192.168.2.1
    insecure_registry: yes
    env: SHELL="/usr/sbin/sshd -D" GATEWAY="192.168.2.1" DNS_SERVER="192.168.2.1"

as inside the docker image the start command /scripts/run.sh will take first arg and set IP (that is a simple way I get static IP) for now. However it needs --cap-add=NET_ADMIN and I do not want to give it all right using privileged: yes.

Also the --add-host options as well.

Thanks a lot in advance.

[Steve Kieu]

Having a look at the source code and looks like it is not supported yet. However docker-py support it so it is trivial to add it in - I guess in

 def create_containers(self, count=1):
        params = {'image':        self.module.params.get('image'),
                  'command':      self.module.params.get('command'),
                  'ports':        self.exposed_ports,
                  'volumes':      self.volumes,
                  'mem_limit':    _human_to_bytes(self.module.params.get('memory_limit')),
                  'environment':  self.env,
                  'hostname':     self.module.params.get('hostname'),
                  'detach':       self.module.params.get('detach'),
                  'name':         self.module.params.get('name'),
                  'stdin_open':   self.module.params.get('stdin_open'),
                  'tty':          self.module.params.get('tty'),
                  }

add it in the params and it would be good.

Is the any demand for that feature?

Thanks

[Steve Kieu]

Here is the patch and I tested it - patch against docker.py - ansible version 1.8.4

 --- docker.py    2015-02-20 04:02:51.000000000 +1000
+++ docker1.py    2015-04-17 13:05:00.000000000 +1000
@@ -204,7 +204,12 @@
     default: ''
     aliases: []
     version_added: "1.8"
-
+  cap-add:
+    description:
+      - Add capability
+    required: false
+    default: ''
+    version_added: "1.8"
 author: Cove Schneider, Joshua Conner, Pavel Antonov
 requirements: [ "docker-py >= 0.3.0", "docker >= 0.10.0" ]
 '''
@@ -408,7 +413,7 @@
                 if len(parts) == 2:
                     self.volumes[parts[1]] = {}
                     self.binds[parts[0]] = parts[1]
-                # with bind mode
+                # with bind mode
                 elif len(parts) == 3:
                     if parts[2] not in ['ro', 'rw']:
                         self.module.fail_json(msg='bind mode needs to either be "ro" or "rw"')
@@ -654,6 +659,7 @@
             'privileged':   self.module.params.get('privileged'),
             'links': self.links,
             'network_mode': self.module.params.get('net'),
+            'cap_add': self.module.params.get('cap_add'),
         }
         if docker.utils.compare_version('1.10', self.client.version()['ApiVersion']) >= 0 and hasattr(docker, '__version__') and docker.__version__ > '0.3.0':
             params['dns'] = self.module.params.get('dns')
@@ -742,7 +748,8 @@
             tty             = dict(default=False, type='bool'),
             lxc_conf        = dict(default=None, type='list'),
             name            = dict(default=None),
-            net             = dict(default=None)
+            net             = dict(default=None),
+            cap_add         = dict(required=False, default=None, type='list'),
         )
     )