docker_swarm: Return UnlockKey (#54490)

* Return UnlockKey * Add changelog fragment * Add method to check if a parameter exists in diffs * Add method to get swarm unlock key * Add option unlock_key * Only return unlock key when created or changed * Rename difference check * Extend unlock key example * Assert that unlock_key is a string * Fix docker_swarm_info authors * Don’t silence APIErrors * Test unlock_key on unlocked swarm * Catch APIError when retrieving unlock key * Better return value description * Lint * Fix UnlockKey return value documentation Co-Authored-By: hannseman <hannes@5monkeys.se> * Get unlock key safely Co-Authored-By: hannseman <hannes@5monkeys.se> * Return None on empty UnlockKey * Assert swarm_unlock_key is undefined if unqueried * Add documentation about swarm_info unlock_key * Add change log fragment for unlock_key option * Revert "Add change log fragment for unlock_key option" This reverts commit e3cb2325b552e5d14cc3f42b33a86bf3ee84d3b9. * Use generator expression instead * Restart docker more decisively * Use systemctl kill Co-Authored-By: hannseman <hannes@5monkeys.se> * Try to restart docker daemon
2025-04-26 12:21:26 -07:00 · 2019-04-01 13:19:18 +02:00 · 2019-04-01 13:19:18 +02:00 · e58f23b73e
commit e58f23b73e
parent 21c8650180
8 changed files with 146 additions and 4 deletions
--- a/lib/ansible/modules/cloud/docker/docker_swarm.py
+++ b/lib/ansible/modules/cloud/docker/docker_swarm.py
@ -171,6 +171,7 @@ options:
    description:
      - If set, generate a key and use it to lock data stored on the managers.
      - Docker default value is C(no).
+      - M(docker_swarm_info) can be used to retrieve the unlock key.
    type: bool
  rotate_worker_token:
    description: Rotate the worker join token.
@ -250,6 +251,13 @@ swarm_facts:
                  returned: success
                  type: str
                  example: SWMTKN-1--xxxxx
+      UnlockKey:
+          description: The swarm unlock-key if I(autolock_managers) is C(true).
+          returned: on success if I(autolock_managers) is C(true)
+            and swarm is initialised, or if I(autolock_managers) has changed.
+          type: str
+          example: SWMKEY-1-xxx
+
 actions:
  description: Provides the actions done on the swarm.
  returned: when action failed.
@ -269,6 +277,7 @@ except ImportError:
 from ansible.module_utils.docker.common import (
    DockerBaseClass,
    DifferenceTracker,
+    LooseVersion,
 )

 from ansible.module_utils.docker.swarm import AnsibleDockerSwarmClient
@ -424,6 +433,8 @@ class SwarmManager(DockerBaseClass):
        self.differences = DifferenceTracker()
        self.parameters = TaskParameters.from_ansible_params(client)

+        self.created = False
+
    def __call__(self):
        choice_map = {
            "present": self.init_swarm,
@ -450,11 +461,29 @@ class SwarmManager(DockerBaseClass):
            data = self.client.inspect_swarm()
            json_str = json.dumps(data, ensure_ascii=False)
            self.swarm_info = json.loads(json_str)
+
            self.results['changed'] = False
            self.results['swarm_facts'] = self.swarm_info
+
+            unlock_key = self.get_unlock_key()
+            self.swarm_info.update(unlock_key)
        except APIError:
            return

+    def get_unlock_key(self):
+        default = {'UnlockKey': None}
+        if not self.has_swarm_lock_changed():
+            return default
+        try:
+            return self.client.get_unlock_key() or default
+        except APIError:
+            return default
+
+    def has_swarm_lock_changed(self):
+        return self.parameters.autolock_managers and (
+            self.created or self.differences.has_difference_for('autolock_managers')
+        )
+
    def init_swarm(self):
        if not self.force and self.client.check_if_swarm_manager():
            self.__update_swarm()
@ -479,11 +508,16 @@ class SwarmManager(DockerBaseClass):
        if not self.client.check_if_swarm_manager():
            if not self.check_mode:
                self.client.fail("Swarm not created or other error!")
+
+        self.created = True
        self.inspect_swarm()
        self.results['actions'].append("New Swarm cluster created: %s" % (self.swarm_info.get('ID')))
        self.differences.add('state', parameter='present', active='absent')
        self.results['changed'] = True
-        self.results['swarm_facts'] = {u'JoinTokens': self.swarm_info.get('JoinTokens')}
+        self.results['swarm_facts'] = {
+            'JoinTokens': self.swarm_info.get('JoinTokens'),
+            'UnlockKey': self.swarm_info.get('UnlockKey')
+        }

    def __update_swarm(self):
        try: