atosatto / ansible-dockerswarm Goto Github PK

The version_compare filter was removed in v2.9 after being deprecated in version 2.5.
Please update the role as specified here, #48

Quick solution,

sudo add-apt-repository ppa:ansible/ansible-2.8
sudo add-apt-repository --remove ppa:ansible/ansible
sudo apt update
sudo apt remove ansible
sudo apt install ansible
ansible --version

Is this repository still maintained? The current state of the repos isn't working, there are a few important PRs open?

Hi its not really an issue here but are there any plans to have docker overlay network?

At the moment I noticed you have network bridging in the code.

It would be good to have an option to either choose bridging or overlay.

Thanks
Chung

suggest to add an example:

docker_package_version: "5:19.03.12~3-0~ubuntu-focal"

user@ubuntu2004:$ apt-cache madison docker-ce
 docker-ce | 5:20.10.5~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:20.10.4~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:20.10.3~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:20.10.2~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:20.10.1~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:20.10.0~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:19.03.15~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:19.03.14~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:19.03.13~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:19.03.12~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:19.03.11~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:19.03.10~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages
 docker-ce | 5:19.03.9~3-0~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable amd64 Packages

Receives the following errors when creating a swarm on a clean Ubuntu 18.04 server

fatal: [hostname]: FAILED! => {"changed": false, "module_stderr": "Shared connection to hostname closed.\r
", "module_stdout": "Traceback (most recent call last):\r
  File \"/home/benyanke/.ansible/tmp/ansible-tmp-1541531946.58-234265249723950/AnsiballZ_apt_repository.py\", line 113, in <module>\r
    _ansiballz_main()\r
  File \"/home/benyanke/.ansible/tmp/ansible-tmp-1541531946.58-234265249723950/AnsiballZ_apt_repository.py\", line 105, in _ansiballz_main\r
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r
  File \"/home/benyanke/.ansible/tmp/ansible-tmp-1541531946.58-234265249723950/AnsiballZ_apt_repository.py\", line 48, in invoke_module\r
    imp.load_module('__main__', mod, module, MOD_DESC)\r
  File \"/tmp/ansible_apt_repository_payload_1RV081/__main__.py\", line 550, in <module>\r
  File \"/tmp/ansible_apt_repository_payload_1RV081/__main__.py\", line 542, in main\r
  File \"/usr/lib/python2.7/dist-packages/apt/cache.py\", line 546, in update\r
    raise FetchFailedException(e)\r
apt.cache.FetchFailedException: E:Failed to fetch https://apt.dockerproject.org/repo/dists/ubuntu-bionic/InRelease  403  Forbidden [IP: 52.84.67.161 443], E:The repository 'https://apt.dockerproject.org/repo ubuntu-bionic InRelease' is not signed.\r
", "msg": "MODULE FAILURE
See stdout/stderr for the exact error", "rc": 1}

The name in galaxy is atosatto.docker-swarm, on your README it is a different value in your example playbook.

Looking for support for Ubuntu 20.04 LTS as we have moved to this platform for docker swarm. Current project does not support it, can downgrade if needed though we would rather utilize this version.

Hey, first of all, thanks for making this great role! I've got it mostly working but my playbook gets to the verify last step:

TASK [atosatto.docker-swarm : Extract the name of the latest docker-compose release tag.] ******************************
fatal: [swarm-proto-3]: FAILED! => {"msg": "You need to install \"jmespath\" prior to running json_query filter"}
fatal: [swarm-proto-2]: FAILED! => {"msg": "You need to install \"jmespath\" prior to running json_query filter"}
fatal: [swarm-proto-1]: FAILED! => {"msg": "You need to install \"jmespath\" prior to running json_query filter"}

I've tried the following:

1. running pip install -r requirements.txt after copying your requirements.txt over on my workstation (where I'm launching playbooks from), running straight pip install jmespath==0.9.3
2. creating a role with a single task of:

- name: install jmespath==0.9.3 for other role
  pip:
    name: jmespath==0.9.3

and having it run on the hosts before the dockerswarm role
3. running playbook multiple times

I apologize I'm very new to ansible/python, is there something I'm doing wrong? something I should be launching?

dev.yaml (inventory)

docker_swarm_manager:
    hosts:
      swarm-proto-1:
        ansible_ssh_host: 10.x.x.x
        swarm_labels: zone1
      swarm-proto-2:
        ansible_ssh_host: 10.x.x.x
        swarm_labels: zone2
      swarm-proto-3:
        ansible_ssh_host: 10.x.x.x
        swarm_labels: zone3

docker-swarm.yml (playbook)

- hosts: docker_swarm_manager
  become: true
  become_user: root
  roles:
    - '../roles/pip-dependencies'
    - atosatto.docker-swarm

and cli that I'm launching as:

ansible-playbook playbooks/docker-swarm.yml -i inventory/dev.yaml  --become-user root --ask-become-pass

I'm able to ssh into the host and can see the other nodes by doing a sudo docker node ls so thanks for making an awesome role :D would just love to figure out what I'm doing wrong on this last step.

Thanks again,
Paul

I am using your role currently like so:

1. I use it it to setup the "base" system (docker, docker-py, etc.)
2. I install docker plugins with another role
3. I am using your role again to re-configure docker's daemon.json

This is a bit of a maybe oddity, but I found no other way to insure that first Docker gets installed, so I can use docker plugin install and only then do I reconfigure daemon.json to include the plugin. If I try to configure daemon.json right away, the initial start of dockerd fails and therefor also the plugin install. Anyhow, I am a bit stumped.

The problem:
It seems no matter what I do, it the role skips certain parts and looks like the variables from the second "invocation" of your role are set. In this case, I am relying on docker-py to be installed so I can use it in my docker plugin role. In the second run, I am trying to save some time by disabling (almost) everything but the configuration of daemon.json.

Here is an example playbook (or prepare.yml) with Molecule:

  tasks:
    - import_role:
        name: atosatto.docker-swarm
      vars:
        docker_daemon_config:
          storage-driver: vfs
        docker_py_package_version: 4.4.4
        docker_service_override: |
          [Service]
          ExecStart=
          ExecStart=/usr/bin/dockerd -H unix://
        skip_docker_compose: True
        skip_group: True
    - import_role:
        name: ansible-docker-plugin-loki
      vars:
        docker_loki_version: v1.2.0
    - import_role:
        name: atosatto.docker-swarm
      vars:
        docker_daemon_config:
          storage-driver: vfs
          log-driver: loki
        skip_cli: True
        skip_containerd: True
        skip_docker_compose: True
        skip_docker_py: True
        skip_group: True
        skip_swarm: True

During the first run, skip_docker_py is already true:

    TASK [atosatto.docker-swarm : Show env] ****************************************
    task path: /root/.cache/molecule/ansible-docker-plugin-loki/upgrade/roles/atosatto.docker-swarm/tasks/setup-python-pip.yml:2
    ok: [instance] => {
        "msg": "Show Variables:\nskip_docker_py: True, skip_docker_compose: True\n\nTest if #1\nFalse - False\n\nTest if #2\nFalse\n\nTest if #3\nTrue\n"
    }

I dumped it on a local branch: till@f8b42b6

I am not sure if this is a regression in Ansible as I haven't noticed this before and my test started failing only "recently". But here is my environment:

    ansible-playbook 2.9.7
      config file = /root/.cache/molecule/ansible-docker-plugin-loki/upgrade/ansible.cfg
      configured module search path = ['/usr/lib/python3.8/site-packages/molecule/provisioner/ansible/plugins/modules', '/root/.cache/molecule/ansible-docker-plugin-loki/upgrade/library', '/tmp/ansible-docker-plugin-loki/library', '/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python3.8/site-packages/ansible
      executable location = /usr/bin/ansible-playbook
      python version = 3.8.2 (default, Apr 13 2020, 10:20:46) [GCC 9.3.0]
    Using /root/.cache/molecule/ansible-docker-plugin-loki/upgrade/ansible.cfg as config file
    host_list declined parsing /root/.cache/molecule/ansible-docker-plugin-loki/upgrade/inventory/ansible_inventory.yml as it did not pass its verify_file() method
    script declined parsing /root/.cache/molecule/ansible-docker-plugin-loki/upgrade/inventory/ansible_inventory.yml as it did not pass its verify_file() method
    Parsed /root/.cache/molecule/ansible-docker-plugin-loki/upgrade/inventory/ansible_inventory.yml inventory source with yaml plugin
    1 plays in /tmp/ansible-docker-plugin-loki/molecule/upgrade/converge.yml

I tried adding allow_duplicates: True to my import_role statements. But to no avail. Anyhow, any thoughts? Maybe this is the wrong repository for this bug report. 🤷🏼 Any input appreciated.

Role fails on "Get list of labels" task if target hosts hostname is FQDN with 'no such object ' error

I tried to install this setup with only 1 node and 1 manager (since i didn't have my nr3 server) and now it fails on this:

TASK [atosatto.docker-swarm : Join the Swarm nodes.] ***************************
fatal: [xxxxxxx]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'dict object' has no attribute 'stdout'\n\nThe error appears to have been in '/Users/riemers/roles/atosatto.docker-swarm/tasks/swarm_cluster.yml': line 28, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Join the Swarm nodes.\n  ^ here\n"}

Tried removing docker on the nodes and doing it again, but same issue. I have another group of 3 servers which ran the playbook just fine, except for this group. Is there anything i am overlooking? Some kind of fact cache that needs to clear or some settings on the server?

Summary
containerd installation fails on CENTOS8 with the message Failed to validate GPG signature for containerd.io-1.2.6-3.3.el7.x86_64 . Changing the repository URL to containerd of CentOS7 to CentOS8 (https://github.com/atosatto/ansible-dockerswarm/blob/master/tasks/setup-containerd.yml#L26) is not successful, but yields another error

 Problem: problem with installed package podman-1.6.4-10.module_el8.2.0+305+5e198a41.x86_64
  - package podman-1.6.4-10.module_el8.2.0+305+5e198a41.x86_64 requires runc >= 1.0.0-57, but none of the providers can be installed
  - package containerd.io-1.3.7-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64
  - package containerd.io-1.3.7-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64
  - conflicting requests
  - package runc-1.0.0-64.rc10.module_el8.2.0+304+65a3c2ac.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.10-3.2.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.13-3.1.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.13-3.2.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.2-3.3.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.2-3.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.4-3.1.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.5-3.1.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.2.6-3.3.el7.x86_64 is filtered out by modular filtering
  - package containerd.io-1.3.7-3.1.el7.x86_64 is filtered out by modular filtering

Is there any specific reason, containerd is not installed via dnf/yum?

Issue Type

• Bug Report

OS / Environment

• CentOS Linux 8 (Core)
• Kernel: 4.18.0-193.28.1.el8_2.x86_64

Steps to reproduce

# playbook.yml
---
- hosts: all
  roles:
    - role: atosatto.docker-swarm

ansible-playbook ./playbook.yml

Expected result
Installation of docker swarm succeeds.

Actual Result
Installation fails while installing containerd.

Hi,

When docker labels are added to nodes of an already provisioned cluster with this role without using the swarm_labels variable in the inventory file, but by for example, adding them manually, the role will fail with the following error:

TASK [atosatto.docker-swarm : Remove labels from swarm node.] ******************
fatal: [swarm_manager_preprod_1]: FAILED! => {"msg": "The conditional check 'item not in swarm_labels' failed. The error was: error while evaluating conditional (item not in swarm_labels): 'swarm_labels' is undefined\n\nThe error appears to be in '/builds/karisma.org.co/pub/ansible/roles/atosatto.docker-swarm/tasks/setup-swarm-labels.yml': line 15, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Remove labels from swarm node.\n  ^ here\n"}

The issue arises because the item variable will be not empty containing the manually added labels, but swarm_labels variable will be empty, as any label has not been configured using that variable, so the when: condition of that task will fail.

This is fixed by also checking that swarm_labels is also defined on that task.

Hi,

When deploying to ec2-instances the {{ ansible_hostname }} that is returned by Ansible is a shortened version, which makes the following tasks fail.

• name: Get list of labels
  ...
• name: Remove labels from swarm node
  ...
• name: Asign labels to swarm nodes | if any
  ...

Example:
returned value by ansible in var {{ ansible_hostname }} = ip-10-210-154-89

value required by swarm
ip-10-210-154-89.us-west-1.compute.internal

Ansible provides the fqdn in a var called {{ ansible_fqdn }}

I updated the above tasks to use {{ ansible_fqdn }} and this worked.
Thanks,
Chris

When using this and reapplying, even if the labels haven't changed they get removed and readded. Meaning any docker instances targeted with the labels get removed and readded for a loss of service.

A small change would make them idempotent. This code here it will remove labels no longer in the list, and add any that aren't already set.

- name: Remove labels from swarm node
  command: docker node update --label-rm {{ item }} {{ inventory_hostname }}
  with_items: "{{ docker_swarm_labels.stdout_lines }}"
  when: item not in swarm_labels
  delegate_to: "{{ groups['docker_swarm_manager'][0] }}"
  delegate_facts: True
  tags:
    - skip_ansible_lint
    - swarm_labels

- name: Asign labels to swarm nodes | if any
  command: docker node update --label-add {{ item }}=true {{ inventory_hostname }}
  when: item not in docker_swarm_labels.stdout_lines
  with_items:
    - "{{ swarm_labels  | default([]) }}"
  delegate_to: "{{ groups['docker_swarm_manager'][0] }}"
  delegate_facts: True
  tags:
    - skip_ansible_lint
    - swarm_labels

Hi, I am trying to figure out how to have this role configure the docker daemon to bind a to a TCP port for remote access.

I think that maybe once #23 has been merged in, that will allow for the functionality?

Please let me know! I'm happy to help add documentation or contribute any other way I can.

Thanks for refactoring the code - your doing a great job here!

I'm using your role on a pi3, so I have a few modifications, I would ask you to add?

1. Could you please add armv7l: "arm64" to docker_architechture in vars/main.yml ?

2. Could you add the following to the bottom of tasks/setup-docker-compose.yml ?

  when: ansible_userspace_architecture is defined 
- block:
  - name: Pip install Docker Compose.
    pip:
      name: docker-compose
      extra_args: --user
      executable: pip3

  when: ansible_userspace_architecture is undefined

This enables docker compose to be installed via pip on my type device. :)

Thank you!!

It would be awesome to have an option to set managers as drained, which many admins use to stop any containers from running on their managers, reducing the risk of their masters experiencing issues.

docker node update --availability drain [node name]

Would be awesome to add a variable like manager_availability which can have this role set managers to draining or available.

Hi,

I've been doing some work and I'm wondering if would be possible to add support for arch linux. I know it could add more layers to maintain but could be useful for many out there too.

Hi,

I'm using ansible dynamic inventories with AWS. As the ec2.py inventory script creates a group for example for the labels added to an ec2 instance, how can I add swarm labels to that dynamic group ? it seems there is no way to target a host directy when using dynamic inventory.

This role installs the latest 'docker' packages (17.05), but starting from 17.06 they shift to 'docker-ce' and now the role is still installing 17.05.

I tried to fix it myself and making a PR but I'm not able right now

I have difficulties applying the latest playbook from latest master. I always get a ERROR! Cannot reset connection error message. I am not able to figure out what exactly is wrong with it.

First there are this warning messages, which are not directly related to the problem I think.

TASK [ansible-dockerswarm : Kill the ansible_user active SSH connections] ********************************************************
 [WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: ansible_user is
defined and ansible_user in docker_admin_users and ansible_user in "{{ addtogroup.results | selectattr('changed') |
map(attribute='item') | list }}" and ansible_version.major <= 2 and ansible_version.minor <3

 [WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: ansible_user is
defined and ansible_user in docker_admin_users and ansible_user in "{{ addtogroup.results | selectattr('changed') |
map(attribute='item') | list }}" and ansible_version.major <= 2 and ansible_version.minor <3

skipping: [cluser-node-1]
skipping: [cluser-node-2]
 [WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: ansible_user is
defined and ansible_user in docker_admin_users and ansible_user in "{{ addtogroup.results | selectattr('changed') |
map(attribute='item') | list }}" and ansible_version.major <= 2 and ansible_version.minor <3

skipping: [cluser-node-3]
ERROR! Cannot reset connection:
Control socket connect(/Users/v/.ansible/cp/none): No such file or directory

I'm wondering if you'd consider splitting off the Docker Engine tasks into its own role? I have some hosts that just need to be set up as engines, without swarm mode.

Your tasks for Docker Engine are nicely written with multi-OS support. It'd be useful if it existed as a distinct role that the docker-swarm role depended on rather than being bundled within the docker-swarm role.

As an user of docker swarm in a productive environment I want to be able to select that Docker Version that should be installed. Right now only 17.05 is installed which is not maintained by Docker anymore.

• Add a skip_dockerpy flag
• Install python-pip only if it's really needed

Maybe this could be helpful for someone.

Add this at the top of swarm_cluster.yml to set group_names as swarm labels for each swarm_node.

---
- name: "Set SWARM LABELS"
  set_fact: swarm_labels="{{ group_names }}"
  tags:
    - skip_ansible_lint
    - swarm_labels

Hi, I'm having this error while running my playbook:
TASK [atosatto.docker-swarm : Install python-pip.] ***********************************************************************************************************************************************************
task path: /Users/dev01/.ansible/roles/atosatto.docker-swarm/tasks/main.yml:15
fatal: [worker01]: FAILED! => {
"msg": "The conditional check '(not skip_docker_py) or (ansible_os_family == 'Debian' and ansible_python_version | version_compare('2.6.0', '>=') and ansible_python_version | version_compare('2.7.9', '<'))' failed. The error was: template error while templating string: no filter named 'version_compare'. String: {% if (not skip_docker_py) or (ansible_os_family == 'Debian' and ansible_python_version | version_compare('2.6.0', '>=') and ansible_python_version | version_compare('2.7.9', '<')) %} True {% else %} False {% endif %}\n\nThe error appears to be in '/Users/fabianochagas/.ansible/roles/atosatto.docker-swarm/tasks/main.yml': line 15, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n# https://github.com/ansible/ansible-modules-core/issues/1178\n- name: Install python-pip.\n ^ here\n"
}

I'm using:
Ansible: 2.9.3
Python: 3.8.1
Role's version: v1.3.2

Thanks cheers!

I found a bit of a race-condition when I configure docker on first-run.

But let me explain this a bit:

• in order to docker plugin install foo/bar docker needs to be running
• when i supply config to docker (for daemon.json) and the plugin is not installed, it will not start when the role completes

What I think needs to happen:

1. Install docker
2. force-start it immediately (flush_handlers)
3. then:
   1. configure daemon.json
   2. potentially docker plugin install ...
   3. notify: restart docker in the end

So, for that, I think there are a few things missing. E.g., the order of execution, and also some kind of mechanism to supply plugins.

docker_plugins:
  - name: foo/bar
     state: present

Any thoughts? Or any alternatives how to handle this?

First off - i'm new to ansible. I've tried running ansible-playbook that set-up K8's and was able to make it work just fine.
I wanted to try SWARM and saw this playbook.

When I try to run the playbook:
ansible-playbook -i inventory playbook.yml
I'm getting the following error:

ERROR! the role 'ansible-dockerswarm' was not found in /home/master/Projects/ansible-dockerswarm/roles:/home/master/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/home/master/Projects/ansible-dockerswarm

The error appears to have been in '/home/master/Projects/ansible-dockerswarm/playbook.yml': line 6, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

roles:
- { role: ansible-dockerswarm }
^ here

Inventory file:

SWARM01 ansible_ssh_host=172.16.0.171
SWARM02 ansible_ssh_host=172.16.0.172
SWARM03 ansible_ssh_host=172.16.0.173

[docker_engine]
SWARM01
SWARM02
SWARM03

[docker_swarm_manager]
SWARM01
SWARM02
SWARM03

[docker_swarm_worker]
SWARM01
SWARM02
SWARM03

Ansible version: 2.6.4

Not sure how to use the roles (?). ive downloaded the role from Ansible galaxy. but still the same.

Maybe a newbie guide on how to use this?

Thank you!

while running playbook, it fails at https://github.com/atosatto/ansible-dockerswarm/blob/master/tasks/main.yml#L9 as the cache was not updated.

On Ubuntu 14.04.5 LTS, I got the error below when running task "Install the Python SNI python-pip dependencies."

Downloading/unpacking pyopenssl
  Downloading pyOpenSSL-17.5.0-py2.py3-none-any.whl (53kB): 53kB downloaded
Requirement already satisfied (use --upgrade to upgrade): six>=1.5.2 in /usr/lib/python2.7/dist-packages (from pyopenssl)
Downloading/unpacking cryptography>=2.1.4 (from pyopenssl)
  Downloading cryptography-2.1.4.tar.gz (441kB): 441kB downloaded
  Running setup.py (path:/tmp/pip_build_root/cryptography/setup.py) egg_info for package cryptography
    error in cryptography setup command: Invalid environment marker: python_version < '3'
    Complete output from command python setup.py egg_info:
    error in cryptography setup command: Invalid environment marker: python_version < '3'

----------------------------------------
Cleaning up...
Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_root/cryptography
Storing debug log for failure in /home/vagrant/.pip/pip.log

after further testing I see there's reasons python-pip was used instead of python3-pip used but I still get this error on Ubuntu 18.04, ansible version 2.8.5
TASK [swarm : Install docker-py.] ***************
fatal: [192.168.0.11]: FAILED! => {"changed": false, "msg": "Unable to find any of pip3 to use. pip needs to be installed."}

This commit 3bb8a49 breaks the swarm nodes label functionnality, as the docker inspect command used to get the labels actually doesn't find anything and breaks.
Reverting to v2.2.0 solves the issue.

The pip package docker-py has been renamed to docker
See this page for more info docker/docker-py#1310

This will allow for using the docker_config_module.
https://docs.ansible.com/ansible/latest/modules/docker_config_module.html

Please note that it is not allowed to have both docker-py and docker installed at the same time.

Hi there!
The role installs the gpg module on debian-like machines, but it seems that for the ubuntu 16 it is the gnupg .

TASK [atosatto.docker-swarm : Install apt-transport-https and gpg if necessary.] ***********************
fatal: [worker01]: FAILED! => {"changed": false, "msg": "No package matching 'gpg' is available"}

While trying to run the test suite under Ubuntu 16.04 I receive the above error executing the task that should enable and start the Docker daemon.

Diving in the container created by molecule I found out that the Docker daemon doesn't start because it tries to use the devicemapper backend while no loopback device is available. Starting the Docker daemon in the container with the vfs backend fixes the issue.

Centos 7 is not affected because it seamlessly falls back to using the vfs driver after trying to use (and failing) the devicemapper backend.

Is it just me? Why under the Ubuntu container the fallback does not work?

Please let me know if I can install this behind a proxy.

Using the role on two centOS virtual machines, I receive the following error:
TASK [atosatto.docker-swarm : Init "Swarm Mode" on the first manager.] ************************************************************************************fatal: [app1.myapp.dev]: FAILED! => {"msg": "The conditional check 'docker_info.stdout.find('Swarm: active') == -1 and inventory_hostname == groups['docker_swarm_manager'][0]' failed. The error was: error while evaluating conditional (docker_info.stdout.find('Swarm: active') == -1 and inventory_hostname == groups['docker_swarm_manager'][0]): 'dict object' has no attribute 'docker_swarm_manager'\n\nThe error appears to be in '/home/salvo/.ansible/roles/atosatto.docker-swarm/tasks/setup-swarm-cluster.yml': line 22, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Init \"Swarm Mode\" on the first manager.\n ^ here\n"} fatal: [app2.myapp.dev]: FAILED! => {"msg": "The conditional check 'docker_info.stdout.find('Swarm: active') == -1 and inventory_hostname == groups['docker_swarm_manager'][0]' failed. The error was: error while evaluating conditional (docker_info.stdout.find('Swarm: active') == -1 and inventory_hostname == groups['docker_swarm_manager'][0]): 'dict object' has no attribute 'docker_swarm_manager'\n\nThe error appears to be in '/home/salvo/.ansible/roles/atosatto.docker-swarm/tasks/setup-swarm-cluster.yml': line 22, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Init \"Swarm Mode\" on the first manager.\n ^ here\n"}

The task Get list of labels. is failing after updated with ansible_fqdn on 3bb8a49

The node hostname(staging-manager-03) on docker node ls is different from the fqdn string given on following error:

TASK [atosatto.docker-swarm : Get list of labels.] ********************************************************************************************************************************************
fatal: [165.22.48.107 -> 165.22.48.105]: FAILED! => {"changed": false, "cmd": ["docker", "inspect", "--format", "{{ range $key, $value := .Spec.Labels }}{{ printf \"%s\\n\" $key }}{{ end }}", "staging-manager-03.sgp1"], "delta": "0:00:00.412684", "end": "2020-05-14 13:10:42.573599", "msg": "non-zero return code", "rc": 1, "start": "2020-05-14 13:10:42.160915", "stderr": "Error: No such object: staging-manager-03.sgp1", "stderr_lines": ["Error: No such object: staging-manager-03.sgp1"], "stdout": "", "stdout_lines": []}

For now I am using v2.2.0 which gives no error.

while running this role on Ubuntu 20, it raises an error python-pip package not found, instead it should be python3-pip

Whenever I install this role, I have manually to update this package name before running my playbook

The role does not work anymore with Ansible 2.5+ as is, because the ipaddr filter has been moved to ansible.utils.

There seems to be a way to kind of "import" collections, but it seems that this is only possible from within roles, not from external as would be required for using the role in an otherwise Ansible 2.5+ project.

Fixing this is simple, but that would make the role imcompatible with earlier versions.

Any ideas or suggestions how to make this backwards compatible?

Trying to produce a working Vagrant setup, but it consistently fails on:
./roles/atosatto.docker-swarm/tasks/swarm_cluster.yml#37
with message:
the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'dict object' has no attribute 'docker_manager_address

I'm not an Ansible expert, but I think the set_fact task called Distribute the fact containing address of the first Swarm manager. is properly run only with a proper facts inventory (afaik able to build such an inventory on cloud providers, but not via Vagrant, where setup is run sequencially).

https://github.com/djalexd/ansible-dockerswarm-vagrant-runtime

Any tips would be great!

If you use root as user for ansible then it will be killed in tasks/docker_group.yml as results of: pkill -u root sshd

Simple workaround is to add " && service sshd restart" to shell command

On Ubuntu 14.04 machines, when I run 'ansible-playbook playbook.yml', I receive the following error:

fatal: [xxx.yyy.zzz.aaa]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for sks-keyservers.net:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the urllib3, pyopenssl, ndg-httpsclient, and pyasn1 python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}

Given the list of hosts below, if mgr1 dies, or is removed from the swarm, the current behavior is the creation of a new swarm, despite a swarm quorum still existing with three workers and a quorum of two managers.

However, if mgr2 dies and is replaced with a fresh node, it is properly added to the existing cluster of manager1 and manager3, as expected.

Ideally, the tool should check to see if there is already a quorum among the existing masters before trying to create a new one.

$ cat inventory
[targets]
work[1:3].swarm.domain.com
mgr[1:3].swarm.domain.com


[docker_engine]
work[1:3].swarm.domain.com
mgr[1:3].swarm.domain.com

[docker_swarm_manager]
mgr[1:3].swarm.domain.com swarm_labels='["node_is_master"]'

[docker_swarm_worker]
work[1:3].swarm.domain.com swarm_labels='["node_is_worker"]'

Referencing this task https://github.com/atosatto/ansible-dockerswarm/blob/master/tasks/docker_engine.yml#L21-L25

The linux-image-extra-virtual package is only needed if you use AUFS storage driver and fails to install on some debian flavors. I'm running on raspberry pi and the package isn't available.

Just a suggestion to make the playbook more flexible.

Version in ansible galaxy is missing the swarm_labels stuff. Mind updating it please?