From d9255cd361c8a45ccb2b42023dc4b93fb0b1b4fb Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Thu, 8 Apr 2021 17:35:46 +0200 Subject: [PATCH 01/11] ecs_taskdefinition: Add depends_on feature Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 30 +++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index ed2825d0942..74ae0523f80 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -99,6 +99,24 @@ - If using the Fargate launch type, this field is required and is limited by the CPU. required: false type: str + depends_on: + version_added: 1.5.0 + description: + - The dependencies defined for container startup and shutdown. + - When a dependency is defined for container startup, for container shutdown it is reversed. + required: false + type: list + elements: dict + suboptions: + container_name: + description: The name of a container. + type: str + required: true + condition: + description: The dependency condition of the container. + type: str + required: true + choices: ["start", "complete", "success", "healthy"] extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 @@ -233,7 +251,7 @@ def describe_task(self, task_name): except botocore.exceptions.ClientError: return None - def register_task(self, family, task_role_arn, execution_role_arn, network_mode, container_definitions, volumes, launch_type, cpu, memory): + def register_task(self, family, task_role_arn, execution_role_arn, network_mode, container_definitions, volumes, launch_type, cpu, memory, depends_on): validated_containers = [] # Ensures the number parameters are int as required by boto @@ -258,7 +276,7 @@ def register_task(self, family, task_role_arn, execution_role_arn, network_mode, family=family, taskRoleArn=task_role_arn, containerDefinitions=container_definitions, - volumes=volumes + volumes=volumes, ) if network_mode != 'default': params['networkMode'] = network_mode @@ -270,6 +288,8 @@ def register_task(self, family, task_role_arn, execution_role_arn, network_mode, params['requiresCompatibilities'] = [launch_type] if execution_role_arn: params['executionRoleArn'] = execution_role_arn + if depends_on: + pass['dependsOn'] = depends_on try: response = self.ecs.register_task_definition(**params) @@ -329,7 +349,8 @@ def main(): volumes=dict(required=False, type='list', elements='dict'), launch_type=dict(required=False, choices=['EC2', 'FARGATE']), cpu=dict(), - memory=dict(required=False, type='str') + memory=dict(required=False, type='str'), + depends_on=dict(required=False, type='list', elements='dict'), ) module = AnsibleAWSModule(argument_spec=argument_spec, @@ -483,7 +504,8 @@ def _task_definition_matches(requested_volumes, requested_containers, requested_ volumes, module.params['launch_type'], module.params['cpu'], - module.params['memory']) + module.params['memory'], + module.params['depends_on']) results['changed'] = True elif module.params['state'] == 'absent': From 9b427c7a74bf6fd8e12967b9b99f19b65e83b37d Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Tue, 13 Apr 2021 21:48:49 +0200 Subject: [PATCH 02/11] * Fix documentation and imports Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 74ae0523f80..a51926f1f3a 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -113,14 +113,13 @@ type: str required: true condition: - description: The dependency condition of the container. + description: The dependency condition of the container. type: str required: true choices: ["start", "complete", "success", "healthy"] extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 - ''' EXAMPLES = r''' @@ -350,7 +349,7 @@ def main(): launch_type=dict(required=False, choices=['EC2', 'FARGATE']), cpu=dict(), memory=dict(required=False, type='str'), - depends_on=dict(required=False, type='list', elements='dict'), + depends_on=dict(required=False, type='list', elements='dict'), ) module = AnsibleAWSModule(argument_spec=argument_spec, From d01ecbf0699fd0124dc1dacdb37536e679a467a0 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Fri, 16 Apr 2021 15:33:28 +0200 Subject: [PATCH 03/11] * Fix syntax errors Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 30 ++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index a51926f1f3a..4e06688e7b3 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -108,7 +108,7 @@ type: list elements: dict suboptions: - container_name: + containerName: description: The name of a container. type: str required: true @@ -194,6 +194,25 @@ state: present network_mode: awsvpc +- name: Create task definition + community.aws.ecs_taskdefinition: + family: nginx + containers: + - name: nginx + essential: true + image: "nginx" + portMappings: + - containerPort: 8080 + hostPort: 8080 + launch_type: FARGATE + cpu: 512 + memory: 1024 + state: present + network_mode: awsvpc + depends_on: + - containerName: "simple-container" + condition: "start" + # Create Task Definition with Environment Variables and Secrets - name: Create task definition community.aws.ecs_taskdefinition: @@ -288,7 +307,7 @@ def register_task(self, family, task_role_arn, execution_role_arn, network_mode, if execution_role_arn: params['executionRoleArn'] = execution_role_arn if depends_on: - pass['dependsOn'] = depends_on + params['dependsOn'] = depends_on try: response = self.ecs.register_task_definition(**params) @@ -386,6 +405,11 @@ def main(): if launch_type == 'FARGATE' and network_mode != 'awsvpc': module.fail_json(msg="To use FARGATE launch type, network_mode must be awsvpc") + depends_on = module.params['depends_on'] + if launch_type == 'FARGATE' and depends_on: + if not module.botocore_at_least('1.3.0'): + module.fail_json(msg='botocore needs to be version 1.3.0 or higher to use depends_on on Fargate launch_type') + family = module.params['family'] existing_definitions_in_family = task_mgr.describe_task_definitions(module.params['family']) @@ -504,7 +528,7 @@ def _task_definition_matches(requested_volumes, requested_containers, requested_ module.params['launch_type'], module.params['cpu'], module.params['memory'], - module.params['depends_on']) + depends_on) results['changed'] = True elif module.params['state'] == 'absent': From 4d3b7c10c9dc0f5f2f96882bd10c261230e45295 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Fri, 16 Apr 2021 16:52:19 +0200 Subject: [PATCH 04/11] * Add integration tests Signed-off-by: Alina Buzachis --- .../fragments/534-ecs_taskdefinition-depends_on-feature.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml diff --git a/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml b/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml new file mode 100644 index 00000000000..39741c837f5 --- /dev/null +++ b/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml @@ -0,0 +1,2 @@ +minor_changes: +- ecs_taskdefinition - Add ``depends_on`` feature (https://github.com/ansible-collections/community.aws/issues/520) \ No newline at end of file From d615670c33c14a5beb79321808963ef59dc4c075 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Tue, 20 Apr 2021 14:55:33 +0200 Subject: [PATCH 05/11] * Update documentation Signed-off-by: Alina Buzachis --- ...ecs_taskdefinition-depends_on-feature.yaml | 2 +- plugins/modules/ecs_taskdefinition.py | 235 +++++++++++++++--- 2 files changed, 198 insertions(+), 39 deletions(-) diff --git a/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml b/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml index 39741c837f5..feaf5f537da 100644 --- a/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml +++ b/changelogs/fragments/534-ecs_taskdefinition-depends_on-feature.yaml @@ -1,2 +1,2 @@ minor_changes: -- ecs_taskdefinition - Add ``depends_on`` feature (https://github.com/ansible-collections/community.aws/issues/520) \ No newline at end of file +- ecs_taskdefinition - Documentation improvement (https://github.com/ansible-collections/community.aws/issues/520) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 4e06688e7b3..54142392d5b 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -46,9 +46,187 @@ containers: description: - A list of containers definitions. + - See U(https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ecs.html) for a complete list of parameters. required: False type: list elements: dict + contains: + name: + description: The name of a container. + required: false + type: str + image: + description: The image used to start a container. + required: false + type: str + repositoryCredentials: + description: The private repository authentication credentials to use. + required: false + type: dict + cpu: + description: The number of cpu units reserved for the container. + required: false + type: int + memory: + description: The amount (in MiB) of memory to present to the container. + required: false + type: int + memoryReservation: + description: The soft limit (in MiB) of memory to reserve for the container. + required: false + type: int + links: + description: + - Allows containers to communicate with each other without the need for port mappings. + - This parameter is only supported if the network mode of a task definition is bridge. + required: false + type: list + portMappings: + description: The list of port mappings for the container. + required: false + type: list + elements: dict + contains: + containerPort: + description: The port number on the container that is bound to the user-specified or automatically assigned host port. + required: false + type: int + hostPort: + description: The port number on the container instance to reserve for your container. + required: false + type: int + protocol: + description: The protocol used for the port mapping. Valid values are tcp and udp. + required: false + type: str + essential: + description: + - If essential is true, and the fails or stops for any reason, all other containers that are part of the task are stopped. + required: false + type: bool + entryPoint: + description: The entry point that is passed to the container. + required: false + type: str + command: + description: The command that is passed to the container. + required: false + type: list + environment: + description: The environment variables to pass to a container. + required: false + type: list + elements: dict + contains: + name: + description: The name of the key-value pair. + required: false + type: str + value: + description: The value of the key-value pair. + required: false + type: str + environmentFiles: + description: A list of files containing the environment variables to pass to a container. + required: false + type: list + elements: dict + contains: + value: + description: The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file. + required: false + type: str + type: + description: The file type to use. The only supported value is s3. + required: false + type: str + volumesFrom: + description: Data volumes to mount from another container. + required: false + type: list + linuxParameters: + description: Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. + required: false + type: list + devices: + description: Any host devices to expose to the container. + required: false + type: list + initProcessEnabled: + description: Run an init process inside the container that forwards signals and reaps processes. + required: false + type: bool + sharedMemorySize: + description: The value for the size (in MiB) of the /dev/shm volume. + required: false + type: int + tmpfs: + description: The container path, mount options, and size (in MiB) of the tmpfs mount. + required: false + type: list + maxSwap: + description: The total amount of swap memory (in MiB) a container can use. + required: false + type: int + swappiness: + description: + - This allows you to tune a container's memory swappiness behavior. + - Accepted values are whole numbers between 0 and 100. + required: false + type: int + secrets: + description: The secrets to pass to the container. + required: false + type: list + dependsOn: + description: + - The dependencies defined for container startup and shutdown. + - When a dependency is defined for container startup, for container shutdown it is reversed. + required: false + type: list + elements: dict + suboptions: + containerName: + description: The name of a container. + type: str + required: true + condition: + description: The dependency condition of the container. + type: str + required: true + choices: ["start", "complete", "success", "healthy"] + startTimeout: + description: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. + required: false + type: int + stopTimeout: + description: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. + required: false + type: int + hostname: + description: The hostname to use for your container. + required: false + type: str + user: + description: The user to use inside the container. + required: false + type: str + workingDirectory: + description: The working directory in which to run commands inside the container. + required: false + type: str + disableNetworking: + description: When this parameter is true, networking is disabled within the container. + required: false + type: bool + privileged: + description: When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). + required: false + type: bool + readonlyRootFilesystem: + description: When this parameter is true, the container is given read-only access to its root file system. + required: false + type: bool network_mode: description: - The Docker networking mode to use for the containers in the task. @@ -99,24 +277,6 @@ - If using the Fargate launch type, this field is required and is limited by the CPU. required: false type: str - depends_on: - version_added: 1.5.0 - description: - - The dependencies defined for container startup and shutdown. - - When a dependency is defined for container startup, for container shutdown it is reversed. - required: false - type: list - elements: dict - suboptions: - containerName: - description: The name of a container. - type: str - required: true - condition: - description: The dependency condition of the container. - type: str - required: true - choices: ["start", "complete", "success", "healthy"] extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 @@ -204,14 +364,11 @@ portMappings: - containerPort: 8080 hostPort: 8080 - launch_type: FARGATE - cpu: 512 - memory: 1024 - state: present - network_mode: awsvpc - depends_on: - - containerName: "simple-container" - condition: "start" + cpu: 512 + memory: 1024 + depends_on: + - containerName: "simple-app" + condition: "start" # Create Task Definition with Environment Variables and Secrets - name: Create task definition @@ -269,7 +426,7 @@ def describe_task(self, task_name): except botocore.exceptions.ClientError: return None - def register_task(self, family, task_role_arn, execution_role_arn, network_mode, container_definitions, volumes, launch_type, cpu, memory, depends_on): + def register_task(self, family, task_role_arn, execution_role_arn, network_mode, container_definitions, volumes, launch_type, cpu, memory): validated_containers = [] # Ensures the number parameters are int as required by boto @@ -294,7 +451,7 @@ def register_task(self, family, task_role_arn, execution_role_arn, network_mode, family=family, taskRoleArn=task_role_arn, containerDefinitions=container_definitions, - volumes=volumes, + volumes=volumes ) if network_mode != 'default': params['networkMode'] = network_mode @@ -306,8 +463,6 @@ def register_task(self, family, task_role_arn, execution_role_arn, network_mode, params['requiresCompatibilities'] = [launch_type] if execution_role_arn: params['executionRoleArn'] = execution_role_arn - if depends_on: - params['dependsOn'] = depends_on try: response = self.ecs.register_task_definition(**params) @@ -367,8 +522,7 @@ def main(): volumes=dict(required=False, type='list', elements='dict'), launch_type=dict(required=False, choices=['EC2', 'FARGATE']), cpu=dict(), - memory=dict(required=False, type='str'), - depends_on=dict(required=False, type='list', elements='dict'), + memory=dict(required=False, type='str') ) module = AnsibleAWSModule(argument_spec=argument_spec, @@ -405,10 +559,16 @@ def main(): if launch_type == 'FARGATE' and network_mode != 'awsvpc': module.fail_json(msg="To use FARGATE launch type, network_mode must be awsvpc") - depends_on = module.params['depends_on'] - if launch_type == 'FARGATE' and depends_on: - if not module.botocore_at_least('1.3.0'): - module.fail_json(msg='botocore needs to be version 1.3.0 or higher to use depends_on on Fargate launch_type') + for container in module.params['containers']: + if container.get('links') and network_mode != 'bridge': + module.fail_json(msg='links parameter is only supported if the network mode of a task definition is bridge.') + + if container.get('swappiness') and (container.get('swappiness') < 0 or container.get('swappiness') > 100): + module.fail_json(msg='Accepted values are whole numbers between 0 and 100.') + + if container.get('dependsOn') and launch_type == 'FARGATE': + if not module.botocore_at_least('1.3.0'): + module.fail_json(msg='botocore needs to be version 1.3.0 or higher to use depends_on on Fargate launch_type') family = module.params['family'] existing_definitions_in_family = task_mgr.describe_task_definitions(module.params['family']) @@ -527,8 +687,7 @@ def _task_definition_matches(requested_volumes, requested_containers, requested_ volumes, module.params['launch_type'], module.params['cpu'], - module.params['memory'], - depends_on) + module.params['memory']) results['changed'] = True elif module.params['state'] == 'absent': From be5c039e48f93be16901b76a035ea809c2dc78af Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 21 Apr 2021 17:21:01 +0200 Subject: [PATCH 06/11] * Doc fix Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 288 ++++++++++++++++++++++++-- 1 file changed, 268 insertions(+), 20 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 54142392d5b..6d858b24c91 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -50,7 +50,7 @@ required: False type: list elements: dict - contains: + suboptions: name: description: The name of a container. required: false @@ -63,6 +63,11 @@ description: The private repository authentication credentials to use. required: false type: dict + suboptions: + description: + - The Amazon Resource Name (ARN) of the secret containing the private repository credentials. + required: if C(repositoryCredentials) specified + type: str cpu: description: The number of cpu units reserved for the container. required: false @@ -78,7 +83,7 @@ links: description: - Allows containers to communicate with each other without the need for port mappings. - - This parameter is only supported if the network mode of a task definition is bridge. + - This parameter is only supported if I(network_mode=bridge). required: false type: list portMappings: @@ -86,7 +91,7 @@ required: false type: list elements: dict - contains: + suboptions: containerPort: description: The port number on the container that is bound to the user-specified or automatically assigned host port. required: false @@ -99,6 +104,8 @@ description: The protocol used for the port mapping. Valid values are tcp and udp. required: false type: str + default: tcp + choices: ['tcp', 'udp'] essential: description: - If essential is true, and the fails or stops for any reason, all other containers that are part of the task are stopped. @@ -117,7 +124,7 @@ required: false type: list elements: dict - contains: + suboptions: name: description: The name of the key-value pair. required: false @@ -131,7 +138,7 @@ required: false type: list elements: dict - contains: + suboptions: value: description: The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file. required: false @@ -140,44 +147,159 @@ description: The file type to use. The only supported value is s3. required: false type: str + mountPoints: + description: The mount points for data volumes in your container. + required: false + type: list + elements: dict + suboptions: + sourceVolume: + description: The name of the volume to mount. + required: false + type: str + containerPath: + description: The path on the container to mount the host volume at. + required: false + type: str + readOnly: + description: + - If this value is true, the container has read-only access to the volume. + - If this value is false, then the container can write to the volume. + - The default value is false. + required: false + default: false + type: bool volumesFrom: description: Data volumes to mount from another container. required: false type: list + elements: dict + suboptions: + sourceContainer: + description: + - The name of another container within the same task definition from which to mount volumes. + required: false + type: str + readOnly: + description: + - If this value is true, the container has read-only access to the volume. + - If this value is false, then the container can write to the volume. + - The default value is false. + required: false + default: false + type: bool linuxParameters: description: Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. required: false type: list - devices: - description: Any host devices to expose to the container. - required: false - type: list + suboptions: + capabilities: + description: + - The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. + required: false + type: dict + suboptions: + add: + description: + - The Linux capabilities for the container that have been added to the default configuration provided by Docker. + - If I(launch_type=FARGATE), this parameter is not supported. + required: false + type: list + choices: ["ALL", "AUDIT_CONTROL", "AUDIT_WRITE", "BLOCK_SUSPEND", "CHOWN", "DAC_OVERRIDE", "DAC_READ_SEARCH", "FOWNER", + "FSETID", "IPC_LOCK", "IPC_OWNER", "KILL", "LEASE", "LINUX_IMMUTABLE", "MAC_ADMIN", "MAC_OVERRIDE", "MKNOD", + "NET_ADMIN", "NET_BIND_SERVICE", "NET_BROADCAST", "NET_RAW", "SETFCAP", "SETGID", "SETPCAP", "SETUID", + "SYS_ADMIN", "SYS_BOOT", "SYS_CHROOT", "SYS_MODULE", "SYS_NICE", "SYS_PACCT", "SYS_PTRACE", "SYS_RAWIO", + "SYS_RESOURCE", "SYS_TIME", "SYS_TTY_CONFIG", "SYSLOG", "WAKE_ALARM"] + drop: + description: + - The Linux capabilities for the container that have been removed from the default configuration provided by Docker. + required: false + type: list + choices: ["ALL", "AUDIT_CONTROL", "AUDIT_WRITE", "BLOCK_SUSPEND", "CHOWN", "DAC_OVERRIDE", "DAC_READ_SEARCH", "FOWNER", + "FSETID", "IPC_LOCK", "IPC_OWNER", "KILL", "LEASE", "LINUX_IMMUTABLE", "MAC_ADMIN", "MAC_OVERRIDE", "MKNOD", + "NET_ADMIN", "NET_BIND_SERVICE", "NET_BROADCAST", "NET_RAW", "SETFCAP", "SETGID", "SETPCAP", "SETUID", + "SYS_ADMIN", "SYS_BOOT", "SYS_CHROOT", "SYS_MODULE", "SYS_NICE", "SYS_PACCT", "SYS_PTRACE", "SYS_RAWIO", + "SYS_RESOURCE", "SYS_TIME", "SYS_TTY_CONFIG", "SYSLOG", "WAKE_ALARM"] + devices: + description: + - Any host devices to expose to the container. + - If I(launch_type=FARGATE), this parameter is not supported. + required: false + type: list + elements: dict + suboptions: + hostPath: + description: The path for the device on the host container instance. + required: if C(devices) specified + type: str + containerPath: + description: The path inside the container at which to expose the host device. + required: false + type: str + permissions: + description: The explicit permissions to provide to the container for the device. + required: false + type: list initProcessEnabled: description: Run an init process inside the container that forwards signals and reaps processes. required: false type: bool sharedMemorySize: - description: The value for the size (in MiB) of the /dev/shm volume. + description: + - The value for the size (in MiB) of the /dev/shm volume. + - If I(launch_type=FARGATE), this parameter is not supported. required: false type: int tmpfs: - description: The container path, mount options, and size (in MiB) of the tmpfs mount. + description: + - The container path, mount options, and size (in MiB) of the tmpfs mount. + - If Fargate launch type is used, this parameter is not supported. required: false type: list + elements: dict + suboptions: + containerPath: + description: The absolute file path where the tmpfs volume is to be mounted. + required: if C(tmpfs) specified + type: str + size: + description: The size (in MiB) of the tmpfs volume. + required: if C(tmpfs) specified + type: int + mountOptions: + description: The list of tmpfs volume mount options. + required: false + type: list + choices: ["defaults", "ro", "rw", "suid", "nosuid", "dev", "nodev", "exec", "noexec", "sync", "async", "dirsync", + "remount", "mand", "nomand", "atime", "noatime", "diratime", "nodiratime", "bind", "rbind", "unbindable", + "runbindable", "private", "rprivate", "shared", "rshared", "slave", "rslave", "relatime", "norelatime", + "strictatime", "nostrictatime", "mode", "uid", "gid", "nr_inodes", "nr_blocks", "mpol"] maxSwap: - description: The total amount of swap memory (in MiB) a container can use. + description: + - The total amount of swap memory (in MiB) a container can use. + - If Fargate launch type is used, this parameter is not supported. required: false type: int swappiness: description: - This allows you to tune a container's memory swappiness behavior. - - Accepted values are whole numbers between 0 and 100. + - If Fargate launch type is used, this parameter is not supported. required: false type: int secrets: description: The secrets to pass to the container. required: false type: list + elements: dict + subpotions: + name: + description: The value to set as the environment variable on the container. + required: if C(secrets) specified + type: str + size: + description: The secret to expose to the container. + required: if C(secrets) specified + type: str dependsOn: description: - The dependencies defined for container startup and shutdown. @@ -204,11 +326,15 @@ required: false type: int hostname: - description: The hostname to use for your container. + description: + - The hostname to use for your container. + - This parameter is not supported if I(network_mode=awsvpc). required: false type: str user: - description: The user to use inside the container. + description: + - The user to use inside the container. + - This parameter is not supported for Windows containers. required: false type: str workingDirectory: @@ -227,6 +353,116 @@ description: When this parameter is true, the container is given read-only access to its root file system. required: false type: bool + dnsServers: + description: + - A list of DNS servers that are presented to the container. + - This parameter is not supported for Windows containers. + required: false + type: list + dnsSearchDomains: + description: + - A list of DNS search domains that are presented to the container. + - This parameter is not supported for Windows containers. + required: false + type: list + extraHosts: + description: + - A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. + - This parameter is not supported for Windows containers or tasks that use I(network_mode=awsvpc). + required: false + type: list + elements: dict + suboptions: + hostname: + description: The hostname to use in the /etc/hosts entry. + type: str + required: false + ipAddress: + description: The IP address to use in the /etc/hosts entry. + type: str + required: false + dockerSecurityOptions: + description: + - A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. + - This parameter is not supported for Windows containers. + required: false + type: list + interactive: + description: + - When it is true, it allows to deploy containerized applications that require stdin or a tty to be allocated. + required: false + type: bool + pseudoTerminal: + description: When this parameter is true, a TTY is allocated. + required: false + type: bool + dockerLabels: + description: A key/value map of labels to add to the container. + required: false + type: dict + ulimits: + description: + - A list of ulimits to set in the container. + - This parameter is not supported for Windows containers. + required: false + type: list + elements: dict + suboptions: + name: + description: The type of the ulimit . + type: str + required: false + softLimit: + description: The soft limit for the ulimit type. + type: int + required: false + hardLimit: + description: The hard limit for the ulimit type. + type: int + required: false + logConfiguration: + description: The log configuration specification for the container. + required: false + type: dict + suboptions: + logDriver: + description: + - The log driver to use for the container. + - For tasks on AWS Fargate, the supported log drivers are awslogs, splunk, and awsfirelens. + - For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, logentries, syslog, splunk, and awsfirelens. + type: str + required: false + options: + description: The configuration options to send to the log driver. + required: false + type: str + secretOptions: + description: The secrets to pass to the log configuration. + required: false + type: list + elements: dict + suboptions: + name: + description: The name of the secret. + type: str + required: false + valueFrom: + description: The secret to expose to the container. + type: str + required: false + healthCheck: + description: The health check command and associated configuration parameters for the container. + required: false + type: dict + systemControls: + description: A list of namespaced kernel parameters to set in the container. + required: false + type: list + resourceRequirements: + description: + - The type and amount of a resource to assign to a container. The only supported resource is a GPU. + required: false + type: list network_mode: description: - The Docker networking mode to use for the containers in the task. @@ -333,7 +569,7 @@ image: "nginx" portMappings: - containerPort: 8080 - hostPort: 8080 + hostPort: 8080 cpu: 512 memory: 1024 state: present @@ -347,7 +583,7 @@ image: "nginx" portMappings: - containerPort: 8080 - hostPort: 8080 + hostPort: 8080 launch_type: FARGATE cpu: 512 memory: 1024 @@ -363,10 +599,10 @@ image: "nginx" portMappings: - containerPort: 8080 - hostPort: 8080 + hostPort: 8080 cpu: 512 memory: 1024 - depends_on: + dependsOn: - containerName: "simple-app" condition: "start" @@ -568,7 +804,19 @@ def main(): if container.get('dependsOn') and launch_type == 'FARGATE': if not module.botocore_at_least('1.3.0'): - module.fail_json(msg='botocore needs to be version 1.3.0 or higher to use depends_on on Fargate launch_type') + module.fail_json(msg='botocore needs to be version 1.3.0 or higher to use depends_on on Fargate launch type') + + if container.get('sharedMemorySize') and launch_type == 'FARGATE': + module.fail_json(msg='sharedMemorySize parameter is only supported withFargate launch type.') + + if container.get('tmpfs') and launch_type == 'FARGATE': + module.fail_json(msg='tmpfs parameter is only supported with Fargate launch type.') + + if container.get('hostname') and network_mode == 'awsvpc': + module.fail_json(msg='hostname parameter is only supported with awsvpc network mode.') + + if container.get('extraHosts') and network_mode == 'awsvpc': + module.fail_json(msg='extraHosts parameter is only supported with awsvpc network mode.') family = module.params['family'] existing_definitions_in_family = task_mgr.describe_task_definitions(module.params['family']) From 43101128a2a17e477b6f8124f4a67969c19e187b Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Thu, 22 Apr 2021 12:19:31 +0200 Subject: [PATCH 07/11] * Doc fix Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 191 +++++++++++++------------- 1 file changed, 96 insertions(+), 95 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 6d858b24c91..8ea97a2f21e 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -53,157 +53,157 @@ suboptions: name: description: The name of a container. - required: false + required: False type: str image: description: The image used to start a container. - required: false + required: False type: str repositoryCredentials: description: The private repository authentication credentials to use. - required: false + required: False type: dict suboptions: description: - The Amazon Resource Name (ARN) of the secret containing the private repository credentials. - required: if C(repositoryCredentials) specified + required: True type: str cpu: description: The number of cpu units reserved for the container. - required: false + required: False type: int memory: description: The amount (in MiB) of memory to present to the container. - required: false + required: False type: int memoryReservation: description: The soft limit (in MiB) of memory to reserve for the container. - required: false + required: False type: int links: description: - Allows containers to communicate with each other without the need for port mappings. - This parameter is only supported if I(network_mode=bridge). - required: false + required: False type: list portMappings: description: The list of port mappings for the container. - required: false + required: False type: list elements: dict suboptions: containerPort: description: The port number on the container that is bound to the user-specified or automatically assigned host port. - required: false + required: False type: int hostPort: description: The port number on the container instance to reserve for your container. - required: false + required: False type: int protocol: description: The protocol used for the port mapping. Valid values are tcp and udp. - required: false + required: False type: str default: tcp choices: ['tcp', 'udp'] essential: description: - - If essential is true, and the fails or stops for any reason, all other containers that are part of the task are stopped. - required: false + - If C(essential) is True, and the fails or stops for any reason, all other containers that are part of the task are stopped. + required: False type: bool entryPoint: description: The entry point that is passed to the container. - required: false + required: False type: str command: description: The command that is passed to the container. - required: false + required: False type: list environment: description: The environment variables to pass to a container. - required: false + required: False type: list elements: dict suboptions: name: description: The name of the key-value pair. - required: false + required: False type: str value: description: The value of the key-value pair. - required: false + required: False type: str environmentFiles: description: A list of files containing the environment variables to pass to a container. - required: false + required: False type: list elements: dict suboptions: value: description: The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file. - required: false + required: False type: str type: description: The file type to use. The only supported value is s3. - required: false + required: False type: str mountPoints: description: The mount points for data volumes in your container. - required: false + required: False type: list elements: dict suboptions: sourceVolume: description: The name of the volume to mount. - required: false + required: False type: str containerPath: description: The path on the container to mount the host volume at. - required: false + required: False type: str readOnly: description: - - If this value is true, the container has read-only access to the volume. - - If this value is false, then the container can write to the volume. - - The default value is false. - required: false - default: false + - If this value is True, the container has read-only access to the volume. + - If this value is False, then the container can write to the volume. + - The default value is False. + required: False + default: False type: bool volumesFrom: description: Data volumes to mount from another container. - required: false + required: False type: list elements: dict suboptions: sourceContainer: description: - The name of another container within the same task definition from which to mount volumes. - required: false + required: False type: str readOnly: description: - - If this value is true, the container has read-only access to the volume. - - If this value is false, then the container can write to the volume. - - The default value is false. - required: false - default: false + - If this value is True, the container has read-only access to the volume. + - If this value is False, then the container can write to the volume. + - The default value is False. + required: False + default: False type: bool linuxParameters: description: Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. - required: false + required: False type: list suboptions: capabilities: description: - The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. - required: false + required: False type: dict suboptions: add: description: - The Linux capabilities for the container that have been added to the default configuration provided by Docker. - If I(launch_type=FARGATE), this parameter is not supported. - required: false + required: False type: list choices: ["ALL", "AUDIT_CONTROL", "AUDIT_WRITE", "BLOCK_SUSPEND", "CHOWN", "DAC_OVERRIDE", "DAC_READ_SEARCH", "FOWNER", "FSETID", "IPC_LOCK", "IPC_OWNER", "KILL", "LEASE", "LINUX_IMMUTABLE", "MAC_ADMIN", "MAC_OVERRIDE", "MKNOD", @@ -213,7 +213,7 @@ drop: description: - The Linux capabilities for the container that have been removed from the default configuration provided by Docker. - required: false + required: False type: list choices: ["ALL", "AUDIT_CONTROL", "AUDIT_WRITE", "BLOCK_SUSPEND", "CHOWN", "DAC_OVERRIDE", "DAC_READ_SEARCH", "FOWNER", "FSETID", "IPC_LOCK", "IPC_OWNER", "KILL", "LEASE", "LINUX_IMMUTABLE", "MAC_ADMIN", "MAC_OVERRIDE", "MKNOD", @@ -224,51 +224,51 @@ description: - Any host devices to expose to the container. - If I(launch_type=FARGATE), this parameter is not supported. - required: false + required: False type: list elements: dict suboptions: hostPath: description: The path for the device on the host container instance. - required: if C(devices) specified + required: True type: str containerPath: description: The path inside the container at which to expose the host device. - required: false + required: False type: str permissions: description: The explicit permissions to provide to the container for the device. - required: false + required: False type: list initProcessEnabled: description: Run an init process inside the container that forwards signals and reaps processes. - required: false + required: False type: bool sharedMemorySize: description: - The value for the size (in MiB) of the /dev/shm volume. - If I(launch_type=FARGATE), this parameter is not supported. - required: false + required: False type: int tmpfs: description: - The container path, mount options, and size (in MiB) of the tmpfs mount. - If Fargate launch type is used, this parameter is not supported. - required: false + required: False type: list elements: dict suboptions: containerPath: description: The absolute file path where the tmpfs volume is to be mounted. - required: if C(tmpfs) specified + required: True type: str size: description: The size (in MiB) of the tmpfs volume. - required: if C(tmpfs) specified + required: True type: int mountOptions: description: The list of tmpfs volume mount options. - required: false + required: False type: list choices: ["defaults", "ro", "rw", "suid", "nosuid", "dev", "nodev", "exec", "noexec", "sync", "async", "dirsync", "remount", "mand", "nomand", "atime", "noatime", "diratime", "nodiratime", "bind", "rbind", "unbindable", @@ -278,190 +278,191 @@ description: - The total amount of swap memory (in MiB) a container can use. - If Fargate launch type is used, this parameter is not supported. - required: false + required: False type: int swappiness: description: - This allows you to tune a container's memory swappiness behavior. - If Fargate launch type is used, this parameter is not supported. - required: false + required: False type: int secrets: description: The secrets to pass to the container. - required: false + required: False type: list elements: dict subpotions: name: description: The value to set as the environment variable on the container. - required: if C(secrets) specified + required: True type: str size: description: The secret to expose to the container. - required: if C(secrets) specified + required: True type: str dependsOn: description: - The dependencies defined for container startup and shutdown. - When a dependency is defined for container startup, for container shutdown it is reversed. - required: false + required: False type: list elements: dict suboptions: containerName: description: The name of a container. type: str - required: true + required: True condition: description: The dependency condition of the container. type: str - required: true + required: True choices: ["start", "complete", "success", "healthy"] startTimeout: description: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. - required: false + required: False type: int stopTimeout: description: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. - required: false + required: False type: int hostname: description: - The hostname to use for your container. - This parameter is not supported if I(network_mode=awsvpc). - required: false + required: False type: str user: description: - The user to use inside the container. - This parameter is not supported for Windows containers. - required: false + required: False type: str workingDirectory: description: The working directory in which to run commands inside the container. - required: false + required: False type: str disableNetworking: - description: When this parameter is true, networking is disabled within the container. - required: false + description: When this parameter is True, networking is disabled within the container. + required: False type: bool privileged: - description: When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). - required: false + description: When this parameter is True, the container is given elevated privileges on the host container instance (similar to the root user). + required: False type: bool readonlyRootFilesystem: - description: When this parameter is true, the container is given read-only access to its root file system. + description: When this parameter is True, the container is given read-only access to its root file system. required: false type: bool dnsServers: description: - A list of DNS servers that are presented to the container. - This parameter is not supported for Windows containers. - required: false + required: False type: list dnsSearchDomains: description: - A list of DNS search domains that are presented to the container. - This parameter is not supported for Windows containers. - required: false + required: False type: list extraHosts: description: - A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. - This parameter is not supported for Windows containers or tasks that use I(network_mode=awsvpc). - required: false + required: False type: list elements: dict suboptions: hostname: description: The hostname to use in the /etc/hosts entry. type: str - required: false + required: False ipAddress: description: The IP address to use in the /etc/hosts entry. type: str - required: false + required: False dockerSecurityOptions: description: - A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. - This parameter is not supported for Windows containers. - required: false + required: False type: list interactive: description: - When it is true, it allows to deploy containerized applications that require stdin or a tty to be allocated. - required: false + required: False type: bool pseudoTerminal: - description: When this parameter is true, a TTY is allocated. - required: false + description: When this parameter is True, a TTY is allocated. + required: False type: bool dockerLabels: description: A key/value map of labels to add to the container. - required: false + required: False type: dict ulimits: description: - A list of ulimits to set in the container. - This parameter is not supported for Windows containers. - required: false + required: False type: list elements: dict suboptions: name: description: The type of the ulimit . type: str - required: false + required: False softLimit: description: The soft limit for the ulimit type. type: int - required: false + required: False hardLimit: description: The hard limit for the ulimit type. type: int - required: false + required: False logConfiguration: description: The log configuration specification for the container. - required: false + required: False type: dict suboptions: logDriver: description: - The log driver to use for the container. - For tasks on AWS Fargate, the supported log drivers are awslogs, splunk, and awsfirelens. - - For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald, logentries, syslog, splunk, and awsfirelens. + - For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, + gelf, json-file, journald, logentries, syslog, splunk, and awsfirelens. type: str - required: false + required: False options: - description: The configuration options to send to the log driver. - required: false + description: The configuration options to send to the log driver. + required: False type: str secretOptions: description: The secrets to pass to the log configuration. - required: false + required: False type: list elements: dict suboptions: name: description: The name of the secret. type: str - required: false + required: False valueFrom: description: The secret to expose to the container. type: str - required: false + required: False healthCheck: description: The health check command and associated configuration parameters for the container. - required: false + required: False type: dict systemControls: description: A list of namespaced kernel parameters to set in the container. - required: false + required: False type: list resourceRequirements: description: - The type and amount of a resource to assign to a container. The only supported resource is a GPU. - required: false + required: False type: list network_mode: description: @@ -475,7 +476,7 @@ type: str task_role_arn: description: - - The Amazon Resource Name (ARN) of the IAM role that containers in this task can assume. All containers in this task are granted + - The Amazon Resource Name (ARN) of the IAM role that containers in this task can assume.All containers in this task are granted the permissions that are specified in this role. required: false type: str From 20d06916de014ce1e7fdc8b8ba9bd7a3b0bb8ddc Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Fri, 23 Apr 2021 13:18:43 +0200 Subject: [PATCH 08/11] * Documentation fix: add missing key Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 36 +++++++++++++++------------ 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 8ea97a2f21e..4341d656018 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -47,7 +47,7 @@ description: - A list of containers definitions. - See U(https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ecs.html) for a complete list of parameters. - required: False + required: True type: list elements: dict suboptions: @@ -64,10 +64,11 @@ required: False type: dict suboptions: - description: - - The Amazon Resource Name (ARN) of the secret containing the private repository credentials. - required: True - type: str + credentialsParameter: + description: + - The Amazon Resource Name (ARN) of the secret containing the private repository credentials. + required: True + type: str cpu: description: The number of cpu units reserved for the container. required: False @@ -291,7 +292,7 @@ required: False type: list elements: dict - subpotions: + suboptions: name: description: The value to set as the environment variable on the container. required: True @@ -752,7 +753,7 @@ def main(): family=dict(required=False, type='str'), revision=dict(required=False, type='int'), force_create=dict(required=False, default=False, type='bool'), - containers=dict(required=False, type='list', elements='dict'), + containers=dict(required=True, type='list', elements='dict'), network_mode=dict(required=False, default='bridge', choices=['default', 'bridge', 'host', 'none', 'awsvpc'], type='str'), task_role_arn=dict(required=False, default='', type='str'), execution_role_arn=dict(required=False, default='', type='str'), @@ -779,11 +780,6 @@ def main(): if not module.botocore_at_least('1.10.44'): module.fail_json(msg='botocore needs to be version 1.10.44 or higher to use execution_role_arn') - if module.params['containers']: - for container in module.params['containers']: - for environment in container.get('environment', []): - environment['value'] = to_text(environment['value']) - if module.params['state'] == 'present': if 'containers' not in module.params or not module.params['containers']: module.fail_json(msg="To use task definitions, a list of containers must be specified") @@ -800,13 +796,21 @@ def main(): if container.get('links') and network_mode != 'bridge': module.fail_json(msg='links parameter is only supported if the network mode of a task definition is bridge.') + for environment in container.get('environment', []): + environment['value'] = to_text(environment['value']) + + for environment_file in container.get('environmentFiles', []): + if environment_file['value'] != 's3': + module.fail_json(msg='The only supported value for the file type is s3.') + + if container.get('maxSwap') and launch_type == 'FARGATE': + module.fail_json(msg='maxSwap parameter is only supported withFargate launch type.') + elif container.get('maxSwap') < 0: + module.fail_json(msg='Accepted values are 0 or any positive integer.') + if container.get('swappiness') and (container.get('swappiness') < 0 or container.get('swappiness') > 100): module.fail_json(msg='Accepted values are whole numbers between 0 and 100.') - if container.get('dependsOn') and launch_type == 'FARGATE': - if not module.botocore_at_least('1.3.0'): - module.fail_json(msg='botocore needs to be version 1.3.0 or higher to use depends_on on Fargate launch type') - if container.get('sharedMemorySize') and launch_type == 'FARGATE': module.fail_json(msg='sharedMemorySize parameter is only supported withFargate launch type.') From 6adaa890da5f433d88c13a3965ff372077f8d3dd Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Fri, 23 Apr 2021 15:46:13 +0200 Subject: [PATCH 09/11] * Fix sanity Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 4341d656018..1703550c431 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -798,16 +798,16 @@ def main(): for environment in container.get('environment', []): environment['value'] = to_text(environment['value']) - + for environment_file in container.get('environmentFiles', []): if environment_file['value'] != 's3': module.fail_json(msg='The only supported value for the file type is s3.') - + if container.get('maxSwap') and launch_type == 'FARGATE': module.fail_json(msg='maxSwap parameter is only supported withFargate launch type.') elif container.get('maxSwap') < 0: module.fail_json(msg='Accepted values are 0 or any positive integer.') - + if container.get('swappiness') and (container.get('swappiness') < 0 or container.get('swappiness') > 100): module.fail_json(msg='Accepted values are whole numbers between 0 and 100.') From 73d490bb285094b067c538f51f8d159efd67b950 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Mon, 26 Apr 2021 11:44:58 +0200 Subject: [PATCH 10/11] * Address reviewer's comments Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 155 +++++++++++++------------- 1 file changed, 79 insertions(+), 76 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index 1703550c431..d47c50fb8c3 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -102,14 +102,14 @@ required: False type: int protocol: - description: The protocol used for the port mapping. Valid values are tcp and udp. + description: The protocol used for the port mapping. required: False type: str default: tcp choices: ['tcp', 'udp'] essential: description: - - If C(essential) is True, and the fails or stops for any reason, all other containers that are part of the task are stopped. + - If I(essential=True), and the container fails or stops for any reason, all other containers that are part of the task are stopped. required: False type: bool entryPoint: @@ -145,7 +145,7 @@ required: False type: str type: - description: The file type to use. The only supported value is s3. + description: The file type to use. The only supported value is C(s3). required: False type: str mountPoints: @@ -164,9 +164,8 @@ type: str readOnly: description: - - If this value is True, the container has read-only access to the volume. - - If this value is False, then the container can write to the volume. - - The default value is False. + - If this value is C(True), the container has read-only access to the volume. + - If this value is C(False), then the container can write to the volume. required: False default: False type: bool @@ -183,9 +182,8 @@ type: str readOnly: description: - - If this value is True, the container has read-only access to the volume. - - If this value is False, then the container can write to the volume. - - The default value is False. + - If this value is C(True), the container has read-only access to the volume. + - If this value is C(False), then the container can write to the volume. required: False default: False type: bool @@ -241,52 +239,52 @@ description: The explicit permissions to provide to the container for the device. required: False type: list - initProcessEnabled: - description: Run an init process inside the container that forwards signals and reaps processes. - required: False - type: bool - sharedMemorySize: - description: - - The value for the size (in MiB) of the /dev/shm volume. - - If I(launch_type=FARGATE), this parameter is not supported. - required: False - type: int - tmpfs: - description: - - The container path, mount options, and size (in MiB) of the tmpfs mount. - - If Fargate launch type is used, this parameter is not supported. - required: False - type: list - elements: dict - suboptions: - containerPath: - description: The absolute file path where the tmpfs volume is to be mounted. - required: True - type: str - size: - description: The size (in MiB) of the tmpfs volume. - required: True + initProcessEnabled: + description: Run an init process inside the container that forwards signals and reaps processes. + required: False + type: bool + sharedMemorySize: + description: + - The value for the size (in MiB) of the /dev/shm volume. + - If I(launch_type=FARGATE), this parameter is not supported. + required: False type: int - mountOptions: - description: The list of tmpfs volume mount options. + tmpfs: + description: + - The container path, mount options, and size (in MiB) of the tmpfs mount. + - If I(launch_type=FARGATE), this parameter is not supported. required: False type: list - choices: ["defaults", "ro", "rw", "suid", "nosuid", "dev", "nodev", "exec", "noexec", "sync", "async", "dirsync", - "remount", "mand", "nomand", "atime", "noatime", "diratime", "nodiratime", "bind", "rbind", "unbindable", - "runbindable", "private", "rprivate", "shared", "rshared", "slave", "rslave", "relatime", "norelatime", - "strictatime", "nostrictatime", "mode", "uid", "gid", "nr_inodes", "nr_blocks", "mpol"] - maxSwap: - description: - - The total amount of swap memory (in MiB) a container can use. - - If Fargate launch type is used, this parameter is not supported. - required: False - type: int - swappiness: - description: - - This allows you to tune a container's memory swappiness behavior. - - If Fargate launch type is used, this parameter is not supported. - required: False - type: int + elements: dict + suboptions: + containerPath: + description: The absolute file path where the tmpfs volume is to be mounted. + required: True + type: str + size: + description: The size (in MiB) of the tmpfs volume. + required: True + type: int + mountOptions: + description: The list of tmpfs volume mount options. + required: False + type: list + choices: ["defaults", "ro", "rw", "suid", "nosuid", "dev", "nodev", "exec", "noexec", "sync", "async", "dirsync", + "remount", "mand", "nomand", "atime", "noatime", "diratime", "nodiratime", "bind", "rbind", "unbindable", + "runbindable", "private", "rprivate", "shared", "rshared", "slave", "rslave", "relatime", "norelatime", + "strictatime", "nostrictatime", "mode", "uid", "gid", "nr_inodes", "nr_blocks", "mpol"] + maxSwap: + description: + - The total amount of swap memory (in MiB) a container can use. + - If I(launch_type=FARGATE), this parameter is not supported. + required: False + type: int + swappiness: + description: + - This allows you to tune a container's memory swappiness behavior. + - If I(launch_type=FARGATE), this parameter is not supported. + required: False + type: int secrets: description: The secrets to pass to the container. required: False @@ -343,15 +341,15 @@ required: False type: str disableNetworking: - description: When this parameter is True, networking is disabled within the container. + description: When this parameter is C(True), networking is disabled within the container. required: False type: bool privileged: - description: When this parameter is True, the container is given elevated privileges on the host container instance (similar to the root user). + description: When this parameter is C(True), the container is given elevated privileges on the host container instance. required: False type: bool readonlyRootFilesystem: - description: When this parameter is True, the container is given read-only access to its root file system. + description: When this parameter is C(True), the container is given read-only access to its root file system. required: false type: bool dnsServers: @@ -390,11 +388,11 @@ type: list interactive: description: - - When it is true, it allows to deploy containerized applications that require stdin or a tty to be allocated. + - When I(interactive=True), it allows to deploy containerized applications that require stdin or a tty to be allocated. required: False type: bool pseudoTerminal: - description: When this parameter is True, a TTY is allocated. + description: When this parameter is C(True), a TTY is allocated. required: False type: bool dockerLabels: @@ -410,7 +408,7 @@ elements: dict suboptions: name: - description: The type of the ulimit . + description: The type of the ulimit. type: str required: False softLimit: @@ -429,9 +427,9 @@ logDriver: description: - The log driver to use for the container. - - For tasks on AWS Fargate, the supported log drivers are awslogs, splunk, and awsfirelens. - - For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, - gelf, json-file, journald, logentries, syslog, splunk, and awsfirelens. + - For tasks on AWS Fargate, the supported log drivers are C(awslogs), C(splunk), and C(awsfirelens). + - For tasks hosted on Amazon EC2 instances, the supported log drivers are C(awslogs), C(fluentd), + C(gelf), C(json-file), C(journald), C(logentries), C(syslog), C(splunk), and C(awsfirelens). type: str required: False options: @@ -462,7 +460,8 @@ type: list resourceRequirements: description: - - The type and amount of a resource to assign to a container. The only supported resource is a GPU. + - The type and amount of a resource to assign to a container. + - The only supported resource is a C(GPU). required: False type: list network_mode: @@ -793,8 +792,8 @@ def main(): module.fail_json(msg="To use FARGATE launch type, network_mode must be awsvpc") for container in module.params['containers']: - if container.get('links') and network_mode != 'bridge': - module.fail_json(msg='links parameter is only supported if the network mode of a task definition is bridge.') + if container.get('links') and network_mode == 'awsvpc': + module.fail_json(msg='links parameter is not supported if network mode is awsvpc.') for environment in container.get('environment', []): environment['value'] = to_text(environment['value']) @@ -803,25 +802,29 @@ def main(): if environment_file['value'] != 's3': module.fail_json(msg='The only supported value for the file type is s3.') - if container.get('maxSwap') and launch_type == 'FARGATE': - module.fail_json(msg='maxSwap parameter is only supported withFargate launch type.') - elif container.get('maxSwap') < 0: - module.fail_json(msg='Accepted values are 0 or any positive integer.') + for linux_param in container.get('linuxParameters', {}): + if linux_param.get('devices') and launch_type == 'FARGATE': + module.fail_json(msg='devices parameter is not supported with the FARGATE launch type.') + + if linux_param.get('maxSwap') and launch_type == 'FARGATE': + module.fail_json(msg='maxSwap parameter is not supported with the FARGATE launch type.') + elif linux_param.get('maxSwap') and linux_param['maxSwap'] < 0: + module.fail_json(msg='Accepted values are 0 or any positive integer.') - if container.get('swappiness') and (container.get('swappiness') < 0 or container.get('swappiness') > 100): - module.fail_json(msg='Accepted values are whole numbers between 0 and 100.') + if linux_param.get('swappiness') and (linux_param['swappiness'] < 0 or linux_param['swappiness'] > 100): + module.fail_json(msg='Accepted values are whole numbers between 0 and 100.') - if container.get('sharedMemorySize') and launch_type == 'FARGATE': - module.fail_json(msg='sharedMemorySize parameter is only supported withFargate launch type.') + if linux_param.get('sharedMemorySize') and launch_type == 'FARGATE': + module.fail_json(msg='sharedMemorySize parameter is not supported with the FARGATE launch type.') - if container.get('tmpfs') and launch_type == 'FARGATE': - module.fail_json(msg='tmpfs parameter is only supported with Fargate launch type.') + if linux_param.get('tmpfs') and launch_type == 'FARGATE': + module.fail_json(msg='tmpfs parameter is not supported with the FARGATE launch type.') if container.get('hostname') and network_mode == 'awsvpc': - module.fail_json(msg='hostname parameter is only supported with awsvpc network mode.') + module.fail_json(msg='hostname parameter is not supported when the awsvpc network mode is used.') if container.get('extraHosts') and network_mode == 'awsvpc': - module.fail_json(msg='extraHosts parameter is only supported with awsvpc network mode.') + module.fail_json(msg='extraHosts parameter is not supported when the awsvpc network mode is used.') family = module.params['family'] existing_definitions_in_family = task_mgr.describe_task_definitions(module.params['family']) From 9850095062dbc11f825739f24b525d12bd88fb33 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Mon, 26 Apr 2021 15:43:37 +0200 Subject: [PATCH 11/11] * Doc fixing Signed-off-by: Alina Buzachis --- plugins/modules/ecs_taskdefinition.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/plugins/modules/ecs_taskdefinition.py b/plugins/modules/ecs_taskdefinition.py index d47c50fb8c3..7803b117891 100644 --- a/plugins/modules/ecs_taskdefinition.py +++ b/plugins/modules/ecs_taskdefinition.py @@ -469,14 +469,14 @@ - The Docker networking mode to use for the containers in the task. - C(awsvpc) mode was added in Ansible 2.5 - Windows containers must use I(network_mode=default), which will utilize docker NAT networking. - - Setting I(network_mode=default) for a Linux container will use bridge mode. + - Setting I(network_mode=default) for a Linux container will use C(bridge) mode. required: false default: bridge choices: [ 'default', 'bridge', 'host', 'none', 'awsvpc' ] type: str task_role_arn: description: - - The Amazon Resource Name (ARN) of the IAM role that containers in this task can assume.All containers in this task are granted + - The Amazon Resource Name (ARN) of the IAM role that containers in this task can assume. All containers in this task are granted the permissions that are specified in this role. required: false type: str @@ -504,14 +504,14 @@ choices: ["EC2", "FARGATE"] cpu: description: - - The number of cpu units used by the task. If using the EC2 launch type, this field is optional and any value can be used. - - If using the Fargate launch type, this field is required and you must use one of C(256), C(512), C(1024), C(2048), C(4096). + - The number of cpu units used by the task. If I(launch_type=EC2), this field is optional and any value can be used. + - If I(launch_type=FARGATE), this field is required and you must use one of C(256), C(512), C(1024), C(2048), C(4096). required: false type: str memory: description: - - The amount (in MiB) of memory used by the task. If using the EC2 launch type, this field is optional and any value can be used. - - If using the Fargate launch type, this field is required and is limited by the CPU. + - The amount (in MiB) of memory used by the task. If I(launch_type=EC2), this field is optional and any value can be used. + - If I(launch_type=FARGATE), this field is required and is limited by the CPU. required: false type: str extends_documentation_fragment: @@ -800,7 +800,7 @@ def main(): for environment_file in container.get('environmentFiles', []): if environment_file['value'] != 's3': - module.fail_json(msg='The only supported value for the file type is s3.') + module.fail_json(msg='The only supported value for environmentFiles is s3.') for linux_param in container.get('linuxParameters', {}): if linux_param.get('devices') and launch_type == 'FARGATE': @@ -809,10 +809,10 @@ def main(): if linux_param.get('maxSwap') and launch_type == 'FARGATE': module.fail_json(msg='maxSwap parameter is not supported with the FARGATE launch type.') elif linux_param.get('maxSwap') and linux_param['maxSwap'] < 0: - module.fail_json(msg='Accepted values are 0 or any positive integer.') + module.fail_json(msg='Accepted values for maxSwap are 0 or any positive integer.') if linux_param.get('swappiness') and (linux_param['swappiness'] < 0 or linux_param['swappiness'] > 100): - module.fail_json(msg='Accepted values are whole numbers between 0 and 100.') + module.fail_json(msg='Accepted values for swappiness are whole numbers between 0 and 100.') if linux_param.get('sharedMemorySize') and launch_type == 'FARGATE': module.fail_json(msg='sharedMemorySize parameter is not supported with the FARGATE launch type.')