Skip to content

Latest commit

 

History

History
867 lines (579 loc) · 53.1 KB

CHANGELOG.rst

File metadata and controls

867 lines (579 loc) · 53.1 KB

Docker Community Collection Release Notes

Topics

Regular bugfix and feature release.

  • docker_container_copy_into - Copy a file into a Docker container

Bugfix release.

Bugfix release.

Feature and bugfix release.

  • current_container_facts - make work with current Docker version, also support Podman (ansible-collections#510).
  • docker_image - when using archive_path, detect whether changes are necessary based on the image ID (hash). If the existing tar archive matches the source, do nothing. Previously, each task execution re-created the archive (ansible-collections#500).

Bugfix release.

Maintenance release with improved documentation.

Feature and deprecation release.

  • docker_container - added image_name_mismatch option which allows to control the behavior if the container uses the image specified, but the container's configuration uses a different name for the image than the one provided to the module (ansible-collections#485, ansible-collections#488).
  • docker_container - the ignore_image option is deprecated and will be removed in community.docker 4.0.0. Use image: ignore in comparisons instead (ansible-collections#487).
  • docker_container - the purge_networks option is deprecated and will be removed in community.docker 4.0.0. Use networks: strict in comparisons instead, and make sure to provide networks, with value [] if all networks should be removed (ansible-collections#487).

Feature release.

Bugfix release.

Bugfix release.

The 3.0.0 release features a rewrite of the docker_container module, and many modules and plugins no longer depend on the Docker SDK for Python.

  • The collection now contains vendored code from the Docker SDK for Python to talk to the Docker daemon. Modules and plugins using this code no longer need the Docker SDK for Python installed on the machine the module or plugin is running on (ansible-collections#398).
  • docker_api connection plugin - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#414).
  • docker_container - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#422).
  • docker_container - the module was completely rewritten from scratch (ansible-collections#422).
  • docker_container_exec - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#401).
  • docker_container_info - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#402).
  • docker_containers inventory plugin - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#413).
  • docker_host_info - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#403).
  • docker_image - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#404).
  • docker_image_info - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#405).
  • docker_image_load - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#406).
  • docker_login - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#407).
  • docker_network - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#408).
  • docker_network_info - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#409).
  • docker_plugin - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#429).
  • docker_prune - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#410).
  • docker_volume - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#411).
  • docker_volume_info - no longer uses the Docker SDK for Python. It requires requests to be installed, and depending on the features used has some more requirements. If the Docker SDK for Python is installed, these requirements are likely met (ansible-collections#412).
  • All software licenses are now in the LICENSES/ directory of the collection root. Moreover, SPDX-License-Identifier: is used to declare the applicable license for every file that is not automatically generated (ansible-collections#430).
  • Remove vendored copy of distutils.version in favor of vendored copy included with ansible-core 2.12+. For ansible-core 2.11, uses distutils.version for Python < 3.12. There is no support for ansible-core 2.11 with Python 3.12+ (ansible-collections#271).
  • docker_container - add a new parameter image_comparison to control the behavior for which image will be used for idempotency checks (ansible-collections#421, ansible-collections#428).
  • docker_container - add support for cgroupns_mode (ansible-collections#338, ansible-collections#427).
  • docker_container - allow to specify platform (ansible-collections#123, ansible-collections#426).
  • modules and plugins communicating directly with the Docker daemon - improve default TLS version selection for Python 3.6 and newer. This is only a change relative to older community.docker 3.0.0 pre-releases or with respect to Docker SDK for Python < 6.0.0. Docker SDK for Python 6.0.0 will also include this change (ansible-collections#434).
  • modules and plugins communicating directly with the Docker daemon - simplify use of helper function that was removed in Docker SDK for Python to find executables (ansible-collections#438).
  • socker_handler and socket_helper module utils - improve Python forward compatibilty, create helper functions for file blocking/unblocking (ansible-collections#415).
  • This collection does not work with ansible-core 2.11 on Python 3.12+. Please either upgrade to ansible-core 2.12+, or use Python 3.11 or earlier (ansible-collections#271).
  • docker_container - exposed_ports is no longer ignored in comparisons. Before, its value was assumed to be identical with the value of published_ports (ansible-collections#422).
  • docker_container - log_options can no longer be specified when log_driver is not specified (ansible-collections#422).
  • docker_container - publish_all_ports is no longer ignored in comparisons (ansible-collections#422).
  • docker_container - restart_retries can no longer be specified when restart_policy is not specified (ansible-collections#422).
  • docker_container - stop_timeout is no longer ignored for idempotency if told to be not ignored in comparisons. So far it defaulted to ignore there, and setting it to strict had no effect (ansible-collections#422).
  • modules and plugins communicating directly with the Docker daemon - when connecting by SSH and not using use_ssh_client=true, reject unknown host keys instead of accepting them. This is only a breaking change relative to older community.docker 3.0.0 pre-releases or with respect to Docker SDK for Python < 6.0.0. Docker SDK for Python 6.0.0 will also include this change (ansible-collections#434).
  • Execution Environments built with community.docker no longer include docker-compose < 2.0.0. If you need to use it with the docker_compose module, please install that requirement manually (ansible-collections#400).
  • Support for Ansible 2.9 and ansible-base 2.10 has been removed. If you need support for Ansible 2.9 or ansible-base 2.10, please use community.docker 2.x.y (ansible-collections#400).
  • Support for Docker API versions 1.20 to 1.24 has been removed. If you need support for these API versions, please use community.docker 2.x.y (ansible-collections#400).
  • Support for Python 2.6 has been removed. If you need support for Python 2.6, please use community.docker 2.x.y (ansible-collections#400).
  • Various modules - the default of tls_hostname (localhost) has been removed. If you want to continue using localhost, you need to specify it explicitly (ansible-collections#363).
  • docker_container - the all value is no longer allowed in published_ports. Use publish_all_ports=true instead (ansible-collections#399).
  • docker_container - the default of command_handling was changed from compatibility to correct. Older versions were warning for every invocation of the module when this would result in a change of behavior (ansible-collections#399).
  • docker_stack - the return values out and err have been removed. Use stdout and stderr instead (ansible-collections#363).
  • modules and plugins communicating directly with the Docker daemon - when connecting by SSH and not using use_ssh_client=true, reject unknown host keys instead of accepting them. This is only a change relative to older community.docker 3.0.0 pre-releases or with respect to Docker SDK for Python < 6.0.0. Docker SDK for Python 6.0.0 will also include this change (ansible-collections#434).
  • docker_image - when composing the build context, trim trailing whitespace from .dockerignore entries. This is only a change relative to older community.docker 3.0.0 pre-releases or with respect to Docker SDK for Python < 6.0.0. Docker SDK for Python 6.0.0 will also include this change (ansible-collections#434).
  • docker_plugin - fix crash when handling plugin options (ansible-collections#446, ansible-collections#447).
  • docker_stack - fix broken string formatting when reporting error in case compose was containing invalid values (ansible-collections#448).
  • modules and plugins communicating directly with the Docker daemon - do not create a subshell for SSH connections when using use_ssh_client=true. This is only a change relative to older community.docker 3.0.0 pre-releases or with respect to Docker SDK for Python < 6.0.0. Docker SDK for Python 6.0.0 will also include this change (ansible-collections#434).
  • modules and plugins communicating directly with the Docker daemon - fix ProxyCommand handling for SSH connections when not using use_ssh_client=true. This is only a change relative to older community.docker 3.0.0 pre-releases or with respect to Docker SDK for Python < 6.0.0. Docker SDK for Python 6.0.0 will also include this change (ansible-collections#434).
  • modules and plugins communicating directly with the Docker daemon - fix parsing of IPv6 addresses with a port in docker_host. This is only a change relative to older community.docker 3.0.0 pre-releases or with respect to Docker SDK for Python < 6.0.0. Docker SDK for Python 6.0.0 will also include this change (ansible-collections#434).
  • modules and plugins communicating directly with the Docker daemon - prevent crash when TLS is used (ansible-collections#432).

Bugfix and deprecation release. The next 2.x.y releases will only be bugfix releases, the next expect minor/major release will be 3.0.0 with some major changes.

  • Move common utility functions from the common module_util to a new module_util called util. This should not have any user-visible effect (ansible-collections#390).
  • Support for Docker API version 1.20 to 1.24 has been deprecated and will be removed in community.docker 3.0.0. The first Docker version supporting API version 1.25 was Docker 1.13, released in January 2017. This affects the modules docker_container, docker_container_exec, docker_container_info, docker_compose, docker_login, docker_image, docker_image_info, docker_image_load, docker_host_info, docker_network, docker_network_info, docker_node_info, docker_swarm_info, docker_swarm_service, docker_swarm_service_info, docker_volume_info, and docker_volume, whose minimally supported API version is between 1.20 and 1.24 (ansible-collections#396).
  • Support for Python 2.6 is deprecated and will be removed in the next major release (community.docker 3.0.0). Some modules might still work with Python 2.6, but we will no longer try to ensure compatibility (ansible-collections#388).
  • Docker SDK for Python based modules and plugins - if the API version is specified as an option, use that one to validate API version requirements of module/plugin options instead of the latest API version supported by the Docker daemon. This also avoids one unnecessary API call per module/plugin (ansible-collections#389).

Bugfix and feature release.

  • Support for Ansible 2.9 and ansible-base 2.10 is deprecated, and will be removed in the next major release (community.docker 3.0.0). Some modules might still work with these versions afterwards, but we will no longer keep compatibility code that was needed to support them (ansible-collections#361).
  • The dependency on docker-compose for Execution Environments is deprecated and will be removed in community.docker 3.0.0. The Python docker-compose library is unmaintained and can cause dependency issues. You can manually still install it in an Execution Environment when needed (ansible-collections#373).
  • Various modules - the default of tls_hostname that was supposed to be removed in community.docker 2.0.0 will now be removed in version 3.0.0 (ansible-collections#362).
  • docker_stack - the return values out and err that were supposed to be removed in community.docker 2.0.0 will now be removed in version 3.0.0 (ansible-collections#362).

Maintenance release.

  • Include PSF-license.txt file for plugins/module_utils/_version.py.

Regular feature release.

Regular feature and bugfix release.

  • Prepare collection for inclusion in an Execution Environment by declaring its dependencies. The docker_stack* modules are not supported (ansible-collections#336).
  • current_container_facts - add detection for GitHub Actions (ansible-collections#336).
  • docker_container - support returning Docker container log output when using Docker's local logging driver, an optimized local logging driver introduced in Docker 18.09 (ansible-collections#337).
  • docker connection plugin - make sure that docker_extra_args is used for querying the Docker version. Also ensures that the Docker version is only queried when needed. This is currently the case if a remote user is specified (ansible-collections#325, ansible-collections#327).

Regular feature and bugfix release.

  • docker connection plugin - implement connection reset by clearing internal container user cache (ansible-collections#312).
  • docker connection plugin - simplify actual_user handling code (ansible-collections#311).
  • docker connection plugin - the plugin supports new ways to define the timeout. These are the ANSIBLE_DOCKER_TIMEOUT environment variable, the timeout setting in the docker_connection section of ansible.cfg, and the ansible_docker_timeout variable (ansible-collections#297).
  • docker_api connection plugin - implement connection reset by clearing internal container user/group ID cache (ansible-collections#312).
  • docker_api connection plugin - the plugin supports new ways to define the timeout. These are the ANSIBLE_DOCKER_TIMEOUT environment variable, the timeout setting in the docker_connection section of ansible.cfg, and the ansible_docker_timeout variable (ansible-collections#308).

Regular bugfix release.

  • docker_compose - fix Python 3 type error when extracting warnings or errors from docker-compose's output (ansible-collections#305).

Regular feature and bugfix release.

  • docker_container, docker_image - adjust image finding code to pecularities of podman-docker's API emulation when Docker short names like redis are used (ansible-collections#292).

Emergency release to amend breaking change in previous release.

Feature and bugfix release.

  • Various modules and plugins - use vendored version of distutils.version included in ansible-core 2.12 if available. This avoids breakage when distutils is removed from the standard library of Python 3.12. Note that ansible-core 2.11, ansible-base 2.10 and Ansible 2.9 are right now not compatible with Python 3.12, hence this fix does not target these ansible-core/-base/2.9 versions (ansible-collections#258).
  • docker connection plugin - replace deprecated distutils.spawn.find_executable with Ansible's get_bin_path to find the docker executable (ansible-collections#257).
  • docker_container_exec - disallow using the chdir option for Docker API before 1.35 (ansible-collections#253).

Bugfix release.

  • docker_api connection plugin - avoid passing an unnecessary argument to a Docker SDK for Python call that is only supported by version 3.0.0 or later (ansible-collections#243).
  • docker_container_exec - chdir is only supported since Docker SDK for Python 3.0.0. Make sure that this option can only use when 3.0.0 or later is installed, and prevent passing this parameter on when chdir is not provided to this module (ansible-collections#243, ansible-collections#242).
  • nsenter connection plugin - ensure the nsenter_pid option is retrieved in _connect instead of __init__ to prevent a crasher due to bad initialization order (ansible-collections#249).
  • nsenter connection plugin - replace the use of --all-namespaces with specific namespaces to support compatibility with Busybox nsenter (used on, for example, Alpine containers) (ansible-collections#249).

Maintenance release with some documentation fixes.

New major release with some deprecations removed and a breaking change in the docker_compose module regarding the timeout parameter.

  • docker_compose - fixed timeout defaulting behavior so that stop_grace_period, if defined in the compose file, will be used if timeout` is not specified (ansible-collections#163).
  • docker_container - using the special value all in published_ports has been deprecated. Use publish_all_ports=true instead (ansible-collections#210).
  • docker_container - the default value of container_default_behavior changed to no_defaults (ansible-collections#210).
  • docker_container - the default value of network_mode is now the name of the first network specified in networks if such are specified and networks_cli_compatible=true (ansible-collections#210).
  • docker_container - the special value all can no longer be used in published_ports next to other values. Please use publish_all_ports=true instead (ansible-collections#210).
  • docker_login - removed the email option (ansible-collections#210).

Regular feature and bugfix release.

Regular bugfix release.

  • docker_compose - fixed incorrect changed status for services with profiles defined, but none enabled (ansible-collections#192).

New bugfixes and features release.

  • docker_* modules - include ImportError traceback when reporting that Docker SDK for Python could not be found (ansible-collections#188).
  • docker_compose - added env_file option for specifying custom environment files (ansible-collections#174).
  • docker_container - added publish_all_ports option to publish all exposed ports to random ports except those explicitly bound with published_ports (this was already added in community.docker 1.8.0) (ansible-collections#162).
  • docker_container - added new command_handling option with current deprecated default value compatibility which allows to control how the module handles shell quoting when interpreting lists, and how the module handles empty lists/strings. The default will switch to correct in community.docker 3.0.0 (ansible-collections#186).
  • docker_container - lifted restriction preventing the creation of anonymous volumes with the mounts option (ansible-collections#181).
  • docker_container - the new command_handling's default value, compatibility, is deprecated and will change to correct in community.docker 3.0.0. A deprecation warning is emitted by the module in cases where the behavior will change. Please note that ansible-core will output a deprecation warning only once, so if it is shown for an earlier task, there could be more tasks with this warning where it is not shown (ansible-collections#186).
  • nsenter - execute on host running controller container

Regular bugfix and feature release.

  • Avoid internal ansible-core module_utils in favor of equivalent public API available since at least Ansible 2.9 (ansible-collections#164).
  • docker_compose - added profiles option to specify service profiles when starting services (ansible-collections#167).
  • docker_containers inventory plugin - when connection_type=docker-api, now pass Docker daemon connection options from inventory plugin to connection plugin. This can be disabled by setting configure_docker_daemon=false (ansible-collections#157).
  • docker_host_info - allow values for keys in containers_filters, images_filters, networks_filters, and volumes_filters to be passed as YAML lists (ansible-collections#160).
  • docker_plugin - added alias option to specify local names for docker plugins (ansible-collections#161).

Small feature and bugfix release.

Bugfix release to reduce deprecation warning spam.

  • docker_* modules and plugins, except docker_swarm connection plugin and docker_compose and docker_stack*` modules - only emit ``tls_hostname deprecation message if TLS is actually used (ansible-collections#143).

Regular bugfix and feature release.

  • common module utils - correct error messages for guiding to install proper Docker SDK for Python module (ansible-collections#125).
  • docker_container - allow memory_swap: -1 to set memory swap limit to unlimited. This is useful when the user cannot set memory swap limits due to cgroup limitations or other reasons, as by default Docker will try to set swap usage to two times the value of memory (ansible-collections#138).
  • docker_* modules and plugins, except docker_swarm connection plugin and docker_compose and docker_stack*` modules - the current default ``localhost for tls_hostname is deprecated. In community.docker 2.0.0 it will be computed from docker_host instead (ansible-collections#134).

Regular feature release.

  • docker_container_exec - Execute command in a docker container

Security release to address another potential secret leak. Also includes regular bugfixes and features.

  • docker_swarm_service - change publish.published_port option from mandatory to optional. Docker will assign random high port if not specified (ansible-collections#99).
  • docker_swarm - if join_token is specified, a returned join token with the same value will be replaced by VALUE_SPECIFIED_IN_NO_LOG_PARAMETER. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with join_token specified! This breaking change appears in a minor release since it is necessary to fix a security issue (ansible-collections#103).
  • docker_swarm - the join_token option is now marked as no_log so it is no longer written into logs (ansible-collections#103).

Regular feature and bugfix release.

  • docker_container - fix healthcheck disabling idempotency issue with strict comparison (ansible-collections#85).
  • docker_image - prevent module failure when removing image that is removed between inspection and removal (ansible-collections#87).
  • docker_image - prevent module failure when removing non-existant image by ID (ansible-collections#87).
  • docker_image_info - prevent module failure when image vanishes between listing and inspection (ansible-collections#87).
  • docker_image_info - prevent module failure when querying non-existant image by ID (ansible-collections#87).
  • docker_image_load - Load docker image(s) from archives
  • docker_plugin - Manage Docker plugins

Security bugfix release to address CVE-2021-20191.

  • docker_swarm - enabled no_log for the option signing_ca_key to prevent accidental disclosure (CVE-2021-20191, ansible-collections#80).

Bugfix release.

  • docker connection plugin - fix Docker version parsing, as some docker versions have a leading v in the output of the command docker version --format "{{.Server.Version}}" (ansible-collections#76).

Feature release with one new feature and two bugfixes.

  • docker_container - added default_host_ip option which allows to explicitly set the default IP string for published ports without explicitly specified IPs. When using IPv6 binds with Docker 20.10.2 or newer, this needs to be set to an empty string ("") (ansible-collections#70, ansible-collections#71).

Feature release with three new plugins and modules.

  • docker_container - currently published_ports can contain port mappings next to the special value all, in which case the port mappings are ignored. This behavior is deprecated for community.docker 2.0.0, at which point it will either be forbidden, or this behavior will be properly implemented similar to how the Docker CLI tool handles this (ansible-collections#8, ansible-collections#60).
  • docker_api - Run tasks in docker containers
  • docker_containers - Ansible dynamic inventory plugin for Docker containers.
  • current_container_facts - Return facts about whether the module runs in a Docker container

Maintenance release with a bugfix for docker_container.

This is the first production (non-prerelease) release of community.docker.

The community.docker continues the work on the Ansible docker modules and plugins from their state in community.general 1.2.0. The changes listed here are thus relative to the modules and plugins community.general.docker*.

All deprecation removals planned for community.general 2.0.0 have been applied. All deprecation removals scheduled for community.general 3.0.0 have been re-scheduled for community.docker 2.0.0.

  • docker_container - no longer returns ansible_facts (ansible-collections#1).
  • docker_container - the default of networks_cli_compatible changed to true (ansible-collections#1).
  • docker_container - the unused option trust_image_content has been removed (ansible-collections#1).
  • docker_image - state=build has been removed. Use present instead (ansible-collections#1).
  • docker_image - the container_limits, dockerfile, http_timeout, nocache, rm, path, buildargs, pull have been removed. Use the corresponding suboptions of build instead (ansible-collections#1).
  • docker_image - the force option has been removed. Use the more specific force_* options instead (ansible-collections#1).
  • docker_image - the source option is now mandatory (ansible-collections#1).
  • docker_image - the use_tls option has been removed. Use tls and validate_certs instead (ansible-collections#1).
  • docker_image - the default of the build.pull option changed to false (ansible-collections#1).
  • docker_image_facts - this alias is on longer availabe, use docker_image_info instead (ansible-collections#1).
  • docker_network - no longer returns ansible_facts (ansible-collections#1).
  • docker_network - the ipam_options option has been removed. Use ipam_config instead (ansible-collections#1).
  • docker_service - no longer returns ansible_facts (ansible-collections#1).
  • docker_swarm - state=inspect has been removed. Use docker_swarm_info instead (ansible-collections#1).
  • docker_swarm_service - the constraints option has been removed. Use placement.constraints instead (ansible-collections#1).
  • docker_swarm_service - the limit_cpu and limit_memory options has been removed. Use the corresponding suboptions in limits instead (ansible-collections#1).
  • docker_swarm_service - the log_driver and log_driver_options options has been removed. Use the corresponding suboptions in logging instead (ansible-collections#1).
  • docker_swarm_service - the reserve_cpu and reserve_memory options has been removed. Use the corresponding suboptions in reservations instead (ansible-collections#1).
  • docker_swarm_service - the restart_policy, restart_policy_attempts, restart_policy_delay and restart_policy_window options has been removed. Use the corresponding suboptions in restart_config instead (ansible-collections#1).
  • docker_swarm_service - the update_delay, update_parallelism, update_failure_action, update_monitor, update_max_failure_ratio and update_order options has been removed. Use the corresponding suboptions in update_config instead (ansible-collections#1).
  • docker_volume - no longer returns ansible_facts (ansible-collections#1).
  • docker_volume - the force option has been removed. Use recreate instead (ansible-collections#1).