Management of Docker containers
New in version 2017.7.0.
depends: | docker Python module |
---|
Note
Older releases of the Python bindings for Docker were called docker-py in
PyPI. All releases of docker, and releases of docker-py >= 1.6.0 are
supported. These python bindings can easily be installed using
pip.install
:
salt myminion pip.install docker
To upgrade from docker-py to docker, you must first uninstall docker-py, and then install docker:
salt myminion pip.uninstall docker-py
salt myminion pip.install docker
These states were moved from the docker
state
module (formerly called dockerng) in the 2017.7.0 release. When running the
docker_container.running
state for the first time after upgrading to 2017.7.0, your container(s) may be
replaced. The changes may show diffs for certain parameters which say that the
old value was an empty string, and the new value is None
. This is due to
the fact that in prior releases Salt was passing empty strings for these values
when creating the container if they were undefined in the SLS file, where now
Salt simply does not pass any arguments not explicitly defined in the SLS file.
Subsequent runs of the state should not replace the container if the
configuration remains unchanged.
Note
To pull from a Docker registry, authentication must be configured. See here for more information on how to configure access to docker registries in Pillar data.
salt.states.docker_container.
absent
(name, force=False)¶Ensure that a container is absent
True
to remove the container even if it is runningUsage Examples:
mycontainer:
docker_container.absent
multiple_containers:
docker_container.absent:
- names:
- foo
- bar
- baz
salt.states.docker_container.
mod_watch
(name, sfun=None, **kwargs)¶The docker_container watcher, called to invoke the watch command.
Note
This state exists to support special handling of the watch
requisite. It should not be called directly.
Parameters for this function should be set by the state being triggered.
salt.states.docker_container.
running
(name, image=None, skip_translate=None, ignore_collisions=False, validate_ip_addrs=True, force=False, watch_action='force', start=True, shutdown_timeout=10, client_timeout=60, **kwargs)¶Ensure that a container with a specific configuration is present and running
Image to use for the container. Image names can be specified either
using repo:tag
notation, or just the repo name (in which case a tag
of latest
is assumed).
Note
This state will pull the image if it is not present. However, if
the image needs to be built from a Dockerfile or loaded from a
saved image, or if you would like to use requisites to trigger a
replacement of the container when the image is updated, then the
docker_image.present
state should be used to
manage the image.
This function translates Salt CLI or SLS input into the format which docker-py expects. However, in the event that Salt's translation logic fails (due to potential changes in the Docker Remote API, or to bugs in the translation code), this argument can be used to exert granular control over which arguments are translated and which are not.
Pass this argument as a comma-separated list (or Python list) of
arguments, and translation for each passed argument name will be
skipped. Alternatively, pass True
and all translation will be
skipped.
Skipping tranlsation allows for arguments to be formatted directly in the format which docker-py expects. This allows for API changes and other issues to be more easily worked around. An example of using this option to skip translation would be:
For example, imagine that there is an issue with processing the
port_bindings
argument, and the following configuration no longer
works as expected:
mycontainer:
docker_container.running:
- image: 7.3.1611
- port_bindings:
- 10.2.9.10:8080:80
By using skip_translate
, you can forego the input translation and
configure the port binding in the format docker-py needs:
mycontainer:
docker_container.running:
- image: 7.3.1611
- skip_translate: port_bindings
- port_bindings: {8080: [('10.2.9.10', 80)], '4193/udp', 9314}
See the following links for more information:
env
and environment
) are used, an error
will be raised. Set this argument to True
to suppress these errors
and keep the docker-py version of the argument.False
True
to force Salt to re-create the container
irrespective of whether or not it is configured as desired.Control what type of action is taken when this state watches another state that has changes. The default action
is force
, which runs the state with force
set to True
,
triggering a rebuild of the container.
If any other value is passed, it will be assumed to be a kill signal.
If the container matches the specified configuration, and is running,
then the action will be to send that signal to the container. Kill
signals can be either strings or numbers, and are defined in the
Standard Signals section of the signal(7)
manpage. Run man 7
signal
on a Linux host to browse this manpage. For example:
mycontainer:
docker_container.running:
- image: busybox
- watch_action: SIGHUP
- watch:
- file: some_file
Note
If the container differs from the specified configuration, or is not running, then instead of sending a signal to the container, the container will be re-created/started and no signal will be sent.
False
to suppress starting of the container if it exists,
matches the desired configuration, but is not running. This is useful
for data-only containers, or for non-daemonized container processes,
such as the Django migrate
and collectstatic
commands. In
instances such as this, the container only needs to be started the
first time.If the container needs to be replaced, the container will be stopped
using docker.stop
. The value
of this parameter will be passed to docker.stop
as the timeout
value, telling Docker
how long to wait for a graceful shutdown before killing the container.
Changed in version 2017.7.0: This option was renamed from stop_timeout
to
shutdown_timeout
to accommodate the stop_timeout
container
configuration setting.
Timeout in seconds for the Docker client. This is not a timeout for this function, but for receiving a response from the API.
Note
This is only used if Salt needs to pull the requested image.
CONTAINER CONFIGURATION PARAMETERS
Enable auto-removal of the container on daemon side when the
container’s process exits (analogous to running a docker container with
--rm
on the CLI).
foo:
docker_container.running:
- image: bar/baz:latest
- auto_remove: True
Files/directories to bind mount. Each bind mount should be passed in one of the following formats:
<host_path>:<container_path>
- host_path
is mounted within
the container as container_path
with read-write access.<host_path>:<container_path>:<selinux_context>
- host_path
is
mounted within the container as container_path
with read-write
access. Additionally, the specified selinux context will be set
within the container.<host_path>:<container_path>:<read_only>
- host_path
is
mounted within the container as container_path
, with the
read-only or read-write setting explicitly defined.<host_path>:<container_path>:<read_only>,<selinux_context>
-
host_path
is mounted within the container as container_path
,
with the read-only or read-write setting explicitly defined.
Additionally, the specified selinux context will be set within the
container.<read_only>
can be either ro
for read-write access, or ro
for read-only access. When omitted, it is assumed to be read-write.
<selinux_context>
can be z
if the volume is shared between
multiple containers, or Z
if the volume should be private.
Note
When both <read_only>
and <selinux_context>
are specified,
there must be a comma before <selinux_context>
.
Binds can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- binds: /srv/www:/var/www:ro,/etc/foo.conf:/usr/local/etc/foo.conf:rw
foo:
docker_container.running:
- image: bar/baz:latest
- binds:
- /srv/www:/var/www:ro
- /home/myuser/conf/foo.conf:/etc/foo.conf:rw
However, in cases where both ro/rw and an selinux context are combined, the only option is to use a YAML list, like so:
foo:
docker_container.running:
- image: bar/baz:latest
- binds:
- /srv/www:/var/www:ro,Z
- /home/myuser/conf/foo.conf:/etc/foo.conf:rw,Z
Since the second bind in the previous example is mounted read-write,
the rw
and comma can be dropped. For example:
foo:
docker_container.running:
- image: bar/baz:latest
- binds:
- /srv/www:/var/www:ro,Z
- /home/myuser/conf/foo.conf:/etc/foo.conf:Z
Block IO weight (relative weight), accepts a weight value between 10 and 1000.
foo:
docker_container.running:
- image: bar/baz:latest
- blkio_weight: 100
Block IO weight (relative device weight), specified as a list of
expressions in the format PATH:RATE
foo:
docker_container.running:
- image: bar/baz:latest
- blkio_weight_device: /dev/sda:100
List of capabilities to add within the container. Can be expressed as a comma-separated list or a Python list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- cap_add: SYS_ADMIN,MKNOD
foo:
docker_container.running:
- image: bar/baz:latest
- cap_add:
- SYS_ADMIN
- MKNOD
Note
This option requires Docker 1.2.0 or newer.
List of capabilities to drop within the container. Can be expressed as a comma-separated list or a Python list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- cap_drop: SYS_ADMIN,MKNOD
foo:
docker_container.running:
- image: bar/baz:latest
- cap_drop:
- SYS_ADMIN
- MKNOD
Note
This option requires Docker 1.2.0 or newer.
Command to run in the container
foo:
docker_container.running:
- image: bar/baz:latest
- command: bash
CPUs on which which to allow execution, specified as a string
containing a range (e.g. 0-3
) or a comma-separated list of CPUs
(e.g. 0,1
).
foo:
docker_container.running:
- image: bar/baz:latest
- cpuset_cpus: "0,1"
Memory nodes on which which to allow execution, specified as a string
containing a range (e.g. 0-3
) or a comma-separated list of MEMs
(e.g. 0,1
). Only effective on NUMA systems.
foo:
docker_container.running:
- image: bar/baz:latest
- cpuset_mems: "0,1"
The length of a CPU period in microseconds
foo:
docker_container.running:
- image: bar/baz:latest
- cpu_group: 100000
Microseconds of CPU time that the container can get in a CPU period
foo:
docker_container.running:
- image: bar/baz:latest
- cpu_period: 50000
CPU shares (relative weight), specified as an integer between 2 and 1024.
foo:
docker_container.running:
- image: bar/baz:latest
- cpu_shares: 512
If True
, run the container's command in the background (daemon
mode)
foo:
docker_container.running:
- image: bar/baz:latest
- detach: True
List of host devices to expose within the container. Can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- devices: /dev/net/tun,/dev/xvda1:/dev/xvda1,/dev/xvdb1:/dev/xvdb1:r
foo:
docker_container.running:
- image: bar/baz:latest
- devices:
- /dev/net/tun
- /dev/xvda1:/dev/xvda1
- /dev/xvdb1:/dev/xvdb1:r
Limit read rate (bytes per second) from a device, specified as a list
of expressions in the format PATH:RATE
, where RATE
is either an
integer number of bytes, or a string ending in kb
, mb
, or
gb
. Can be expressed as a comma-separated list or a YAML list. The
below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- devices_read_bps: /dev/sda:1mb,/dev/sdb:5mb
foo:
docker_container.running:
- image: bar/baz:latest
- devices_read_bps:
- /dev/sda:1mb
- /dev/sdb:5mb
Limit read rate (I/O per second) from a device, specified as a list
of expressions in the format PATH:RATE
, where RATE
is a number
of I/O operations. Can be expressed as a comma-separated list or a YAML
list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- devices_read_iops: /dev/sda:1000,/dev/sdb:500
foo:
docker_container.running:
- image: bar/baz:latest
- devices_read_iops:
- /dev/sda:1000
- /dev/sdb:500
Limit write rate (bytes per second) from a device, specified as a list
of expressions in the format PATH:RATE
, where RATE
is either an
integer number of bytes, or a string ending in kb
, mb
, or
gb
. Can be expressed as a comma-separated list or a YAML list. The
below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- devices_write_bps: /dev/sda:1mb,/dev/sdb:5mb
foo:
docker_container.running:
- image: bar/baz:latest
- devices_write_bps:
- /dev/sda:1mb
- /dev/sdb:5mb
Limit write rate (I/O per second) from a device, specified as a list
of expressions in the format PATH:RATE
, where RATE
is a number
of I/O operations. Can be expressed as a comma-separated list or a
YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- devices_read_iops: /dev/sda:1000,/dev/sdb:500
foo:
docker_container.running:
- image: bar/baz:latest
- devices_read_iops:
- /dev/sda:1000
- /dev/sdb:500
List of DNS nameservers. Can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- dns: 8.8.8.8,8.8.4.4
foo:
docker_container.running:
- image: bar/baz:latest
- dns:
- 8.8.8.8
- 8.8.4.4
Note
To skip IP address validation, use validate_ip_addrs=False
Additional options to be added to the container’s resolv.conf
file.
Can be expressed as a comma-separated list or a YAML list. The below
two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- dns_opt: ndots:9
foo:
docker_container.running:
- image: bar/baz:latest
- dns_opt:
- ndots:9
List of DNS search domains. Can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- dns_search: foo1.domain.tld,foo2.domain.tld
foo:
docker_container.running:
- image: bar/baz:latest
- dns_search:
- foo1.domain.tld
- foo2.domain.tld
The domain name to use for the container
foo:
docker_container.running:
- image: bar/baz:latest
- dommainname: domain.tld
Entrypoint for the container
foo:
docker_container.running:
- image: bar/baz:latest
- entrypoint: "mycmd --arg1 --arg2"
This argument can also be specified as a list:
foo:
docker_container.running:
- image: bar/baz:latest
- entrypoint:
- mycmd
- --arg1
- --arg2
Either a list of variable/value mappings, or a list of strings in the
format VARNAME=value
. The below three examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- environment:
- VAR1: value
- VAR2: value
foo:
docker_container.running:
- image: bar/baz:latest
- environment: 'VAR1=value,VAR2=value'
foo:
docker_container.running:
- image: bar/baz:latest
- environment:
- VAR1=value
- VAR2=value
Additional hosts to add to the container's /etc/hosts file. Can be expressed as a comma-separated list or a Python list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- extra_hosts: web1:10.9.8.7,web2:10.9.8.8
foo:
docker_container.running:
- image: bar/baz:latest
- extra_hosts:
- web1:10.9.8.7
- web2:10.9.8.8
Note
To skip IP address validation, use validate_ip_addrs=False
Note
This option requires Docker 1.3.0 or newer.
List of additional group names and/or IDs that the container process will run as. Can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- group_add: web,network
foo:
docker_container.running:
- image: bar/baz:latest
- group_add:
- web
- network
Hostname of the container. If not provided, the value passed as the container's``name`` will be used for the hostname.
foo:
docker_container.running:
- image: bar/baz:latest
- hostname: web1
Warning
hostname
cannot be set if network_mode
is set to host
.
The below example will result in an error:
foo:
docker_container.running:
- image: bar/baz:latest
- hostname: web1
- network_mode: host
Leave stdin open, even if not attached
foo:
docker_container.running:
- image: bar/baz:latest
- interactive: True
Set the IPC mode for the container. The default behavior is to create a private IPC namespace for the container, but this option can be used to change that behavior:
container:<container_name_or_id>
reuses another container shared
memory, semaphores and message queueshost
: use the host's shared memory, semaphores and message queuesfoo:
docker_container.running:
- image: bar/baz:latest
- ipc_mode: container:foo
foo:
docker_container.running:
- image: bar/baz:latest
- ipc_mode: host
Warning
Using host
gives the container full access to local shared
memory and is therefore considered insecure.
Specifies the type of isolation technology used by containers
foo:
docker_container.running:
- image: bar/baz:latest
- isolation: hyperv
Note
The default value on Windows server is process
, while the
default value on Windows client is hyperv
. On Linux, only
default
is supported.
Add metadata to the container. Labels can be set both with and without values:
WITH VALUES
The below three examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- labels: label1=value1,label2=value2
foo:
docker_container.running:
- image: bar/baz:latest
- labels:
- label1=value1
- label2=value2
foo:
docker_container.running:
- image: bar/baz:latest
- labels:
- label1: value1
- label2: value2
The labels can also simply be passed as a dictionary, though this can be error-prone due to some idiosyncrasies with how PyYAML loads nested data structures:
foo:
docker_container.running:
- image: bar/baz:latest
- labels:
label1: value1
label2: value2
WITHOUT VALUES
The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- labels: label1,label2
foo:
docker_container.running:
- image: bar/baz:latest
- labels:
- label1
- label2
Link this container to another. Links can be specified as a list of
mappings or a comma-separated or Python list of expressions in the
format <container_name_or_id>:<link_alias>
. The below three
examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- links:
- web1: link1
- web2: link2
foo:
docker_container.running:
- image: bar/baz:latest
- links: web1:link1,web2:link2
foo:
docker_container.running:
- image: bar/baz:latest
- links:
- web1:link1
- web2:link2
Set container's logging driver and options to configure that driver. Requires Docker 1.6 or newer.
foo:
docker_container.running:
- image: bar/baz:latest
- log_driver: syslog
- log_opt:
- syslog-address: tcp://192.168.0.42
- syslog-facility: daemon
The log_opt
can also be expressed as a comma-separated or YAML list
of key=value
pairs. The below two examples are equivalent to the
above one:
foo:
docker_container.running:
- image: bar/baz:latest
- log_driver: syslog
- log_opt: "syslog-address=tcp://192.168.0.42,syslog-facility=daemon"
foo:
docker_container.running:
- image: bar/baz:latest
- log_driver: syslog
- log_opt:
- syslog-address=tcp://192.168.0.42
- syslog-facility=daemon
Note
The logging driver feature was improved in Docker 1.13 introducing option name changes. Please see Docker's Configure logging drivers documentation for more information.
Additional LXC configuration parameters to set before starting the
container. Either a list of variable/value mappings, or a list of
strings in the format VARNAME=value
. The below three examples are
equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- lxc_conf:
- lxc.utsname: docker
- lxc.arch: x86_64
foo:
docker_container.running:
- image: bar/baz:latest
- lxc_conf: lxc.utsname=docker,lxc.arch=x86_64
foo:
docker_container.running:
- image: bar/baz:latest
- lxc_conf:
- lxc.utsname=docker
- lxc.arch=x86_64
Note
These LXC configuration parameters will only have the desired effect if the container is using the LXC execution driver, which has been deprecated for some time.
MAC address to use for the container. If not specified, a random MAC address will be used.
foo:
docker_container.running:
- image: bar/baz:latest
- mac_address: 01:23:45:67:89:0a
Memory limit. Can be specified in bytes or using single-letter units
(i.e. 512M
, 2G
, etc.). A value of 0
(the default) means no
memory limit.
foo:
docker_container.running:
- image: bar/baz:latest
- mem_limit: 512M
Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
foo:
docker_container.running:
- image: bar/baz:latest
- mem_swappiness: 60
Total memory limit (memory plus swap). Set to -1
to disable swap. A
value of 0
means no swap limit.
foo:
docker_container.running:
- image: bar/baz:latest
- memswap_limit: 1G
If True
, networking will be disabled within the container
foo:
docker_container.running:
- image: bar/baz:latest
- network_disabled: True
One of the following:
bridge
- Creates a new network stack for the container on the
docker bridge
none
- No networking (equivalent of the Docker CLI argument
--net=none
). Not to be confused with Python's None
.
container:<name_or_id>
- Reuses another container's network stack
host
- Use the host's network stack inside the container
Any name that identifies an existing network that might be created
with docker.network_present
.
Warning
Using host
mode gives the container full access to the
hosts system's services (such as D-bus), and is therefore
considered insecure.
foo:
docker_container.running:
- image: bar/baz:latest
- network_mode: "none"
foo:
docker_container.running:
- image: bar/baz:latest
- network_mode: container:web1
Whether to disable OOM killer
foo:
docker_container.running:
- image: bar/baz:latest
- oom_kill_disable: False
An integer value containing the score given to the container in order to tune OOM killer preferences
foo:
docker_container.running:
- image: bar/baz:latest
- oom_score_adj: 500
Set to host
to use the host container's PID namespace within the
container. Requires Docker 1.5.0 or newer.
foo:
docker_container.running:
- image: bar/baz:latest
- pid_mode: host
Note
This option requires Docker 1.5.0 or newer.
Set the container's PID limit. Set to -1
for unlimited.
foo:
docker_container.running:
- image: bar/baz:latest
- pids_limit: 2000
Bind exposed ports. Port bindings should be passed in the same way as
the --publish
argument to the docker run
CLI command:
ip:hostPort:containerPort
- Bind a specific IP and port on the
host to a specific port within the container.ip::containerPort
- Bind a specific IP and an ephemeral port to a
specific port within the container.hostPort:containerPort
- Bind a specific port on all of the
host's interfaces to a specific port within the container.containerPort
- Bind an ephemeral port on all of the host's
interfaces to a specific port within the container.Multiple bindings can be separated by commas, or expressed as a YAML list, and port ranges can be defined using dashes. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- port_bindings: "4505-4506:14505-14506,2123:2123/udp,8080"
foo:
docker_container.running:
- image: bar/baz:latest
- port_bindings:
- 4505-4506:14505-14506
- 2123:2123/udp
- 8080
Note
When specifying a protocol, it must be passed in the
containerPort
value, as seen in the examples above.
A list of ports to expose on the container. Can either be a comma-separated list or a YAML list. If the protocol is omitted, the port will be assumed to be a TCP port. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- ports: 1111,2222/udp
foo:
docker_container.running:
- image: bar/baz:latest
- ports:
- 1111
- 2222/udp
If True
, runs the exec process with extended privileges
foo:
docker_container.running:
- image: bar/baz:latest
- privileged: True
Publish all ports to the host
foo:
docker_container.running:
- image: bar/baz:latest
- ports: 8080
- publish_all_ports: True
If True
, mount the container’s root filesystem as read only
foo:
docker_container.running:
- image: bar/baz:latest
- read_only: True
Set a restart policy for the container. Must be passed as a string in
the format policy[:retry_count]
where policy
is one of
always
, unless-stopped
, or on-failure
, and retry_count
is an optional limit to the number of retries. The retry count is ignored
when using the always
or unless-stopped
restart policy.
foo:
docker_container.running:
- image: bar/baz:latest
- restart_policy: on-failure:5
bar:
docker_container.running:
- image: bar/baz:latest
- restart_policy: always
Security configuration for MLS systems such as SELinux and AppArmor. Can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- security_opt: apparmor:unconfined
foo:
docker_container.running:
- image: bar/baz:latest
- security_opt:
- apparmor:unconfined
Important
Some security options can contain commas. In these cases, this argument must be passed as a Python list, as splitting by comma will result in an invalid configuration.
Note
See the documentation for security_opt at https://docs.docker.com/engine/reference/run/#security-configuration
Size of /dev/shm
foo:
docker_container.running:
- image: bar/baz:latest
- shm_size: 128M
Specify the signal docker will send to the container when stopping. Useful when running systemd as PID 1 inside the container.
foo:
docker_container.running:
- image: bar/baz:latest
- stop_signal: SIGRTMIN+3
Note
This option requires Docker 1.9.0 or newer and docker-py 1.7.0 or newer.
New in version 2016.11.0.
Timeout to stop the container, in seconds
foo:
docker_container.running:
- image: bar/baz:latest
- stop_timeout: 5
Note
In releases prior to 2017.7.0, this option was not set in the
container configuration, but rather this timeout was enforced only
when shutting down an existing container to replace it. To remove
the ambiguity, and to allow for the container to have a stop
timeout set for it, the old stop_timeout
argument has been
renamed to shutdown_timeout
, while stop_timeout
now refer's
to the container's configured stop timeout.
Storage driver options for the container. Can be either a list of
strings in the format option=value
, or a list of mappings between
option and value. The below three examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- storage_opt:
- dm.basesize: 40G
foo:
docker_container.running:
- image: bar/baz:latest
- storage_opt: dm.basesize=40G
foo:
docker_container.running:
- image: bar/baz:latest
- storage_opt:
- dm.basesize=40G
Set sysctl options for the container. Can be either a list of strings
in the format option=value
, or a list of mappings between option
and value. The below three examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- sysctls:
- fs.nr_open: 1048576
- kernel.pid_max: 32768
foo:
docker_container.running:
- image: bar/baz:latest
- sysctls: fs.nr_open=1048576,kernel.pid_max=32768
foo:
docker_container.running:
- image: bar/baz:latest
- sysctls:
- fs.nr_open=1048576
- kernel.pid_max=32768
A map of container directories which should be replaced by tmpfs mounts and their corresponding mount options.
foo:
docker_container.running:
- image: bar/baz:latest
- tmpfs:
- /run: rw,noexec,nosuid,size=65536k
Attach TTYs
foo:
docker_container.running:
- image: bar/baz:latest
- tty: True
List of ulimits. These limits should be passed in the format
<ulimit_name>:<soft_limit>:<hard_limit>
, with the hard limit being
optional. Can be expressed as a comma-separated list or a YAML list.
The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- ulimits: nofile=1024:1024,nproc=60
foo:
docker_container.running:
- image: bar/baz:latest
- ulimits:
- nofile=1024:1024
- nproc=60
User under which to run exec process
foo:
docker_container.running:
- image: bar/baz:latest
- user: foo
Sets the user namsepace mode, when the user namespace remapping option is enabled
foo:
docker_container.running:
- image: bar/baz:latest
- userns_mode: host
List of directories to expose as volumes. Can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- volumes: /mnt/vol1,/mnt/vol2
foo:
docker_container.running:
- image: bar/baz:latest
- volumes:
- /mnt/vol1
- /mnt/vol2
Container names or IDs from which the container will get volumes. Can be expressed as a comma-separated list or a YAML list. The below two examples are equivalent:
foo:
docker_container.running:
- image: bar/baz:latest
- volumes_from: foo
foo:
docker_container.running:
- image: bar/baz:latest
- volumes_from:
- foo
sets the container's volume driver
foo:
docker_container.running:
- image: bar/baz:latest
- volume_driver: foobar
Working directory inside the container
foo:
docker_container.running:
- image: bar/baz:latest
- working_dir: /var/log/nginx
salt.states.docker_container.
stopped
(name=None, containers=None, shutdown_timeout=10, unpause=False, error_on_absent=True)¶Ensure that a container (or containers) is stopped
Run this state on more than one container at a time. The following two examples accomplish the same thing:
stopped_containers:
docker_container.stopped:
- names:
- foo
- bar
- baz
stopped_containers:
docker_container.stopped:
- containers:
- foo
- bar
- baz
However, the second example will be a bit quicker since Salt will stop all specified containers in a single run, rather than executing the state separately on each image (as it would in the first example).
True
to unpause any paused containers before stopping. If
unset, then an error will be raised for any container that was paused.False
to suppress that error.