oracle.oci.oci_container_instances_container_instance – Manage a ContainerInstance resource in Oracle Cloud Infrastructure¶
Note
This plugin is part of the oracle.oci collection (version 4.14.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install oracle.oci
.
To use it in a playbook, specify: oracle.oci.oci_container_instances_container_instance
.
New in version 2.9.0: of oracle.oci
Synopsis¶
This module allows the user to create, update and delete a ContainerInstance resource in Oracle Cloud Infrastructure
For state=present, creates a new ContainerInstance.
This resource has the following action operations in the oracle.oci.oci_container_instances_container_instance_actions module: change_compartment, restart, start, stop.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 3.6
Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
api_user
string
|
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location ). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
||||
api_user_fingerprint
string
|
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location ). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
||||
api_user_key_file
string
|
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location ). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
||||
api_user_key_pass_phrase
string
|
Passphrase used by the key referenced in
api_user_key_file , if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location ). |
||||
auth_purpose
string
|
|
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
|
|||
auth_type
string
|
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
|||
availability_domain
string
|
Availability Domain where the ContainerInstance should be created.
Required for create using state=present.
|
||||
cert_bundle
string
|
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
|
||||
compartment_id
string
|
Compartment Identifier
Required for create using state=present.
Required for update when environment variable
OCI_USE_NAME_AS_IDENTIFIER is set.Required for delete when environment variable
OCI_USE_NAME_AS_IDENTIFIER is set. |
||||
config_file_location
string
|
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
||||
config_profile_name
string
|
The profile to load from the config file referenced by
config_file_location . If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location . |
||||
container_instance_id
string
|
The system-generated unique identifier for the ContainerInstance.
Required for update using state=present when environment variable
OCI_USE_NAME_AS_IDENTIFIER is not set.Required for delete using state=absent when environment variable
OCI_USE_NAME_AS_IDENTIFIER is not set.aliases: id |
||||
container_restart_policy
string
|
Container restart policy
|
||||
containers
list
/ elements=dictionary
|
The Containers to create on this Instance.
Required for create using state=present.
|
||||
additional_capabilities
list
/ elements=string
|
|
A list of additional capabilities for the container.
|
|||
arguments
list
/ elements=string
|
A list of string arguments for a container's entrypoint process.
Many containers use an entrypoint process pointing to a shell, for example /bin/bash. For such containers, this argument list can also be used to specify the main command in the container process.
All arguments together must be 64KB or smaller.
|
||||
command
list
/ elements=string
|
This command will override the container's entrypoint process. If not specified, the existing entrypoint process defined in the image will be used.
|
||||
defined_tags
dictionary
|
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: `{"foo-namespace": {"bar-key": "value"}}`
|
||||
display_name
string
|
Display name for the Container. There are no guarantees of uniqueness for this name. If none is provided, it will be calculated automatically.
aliases: name |
||||
environment_variables
dictionary
|
A map of additional environment variables to set in the environment of the container's entrypoint process. These variables are in addition to any variables already defined in the container's image.
All environment variables together, name and values, must be 64KB or smaller.
|
||||
freeform_tags
dictionary
|
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{"bar-key": "value"}`
|
||||
health_checks
list
/ elements=dictionary
|
list of container health checks to check container status and take appropriate action if container status is failed. There are three types of health checks that we currently support HTTP, TCP, and Command.
|
||||
command
list
/ elements=string
|
The list of strings which will be concatenated to a single command for checking container's status.
Required when health_check_type is 'COMMAND'
|
||||
failure_action
string
|
|
The action will be triggered when the container health check fails. There are two types of action: KILL or NONE. The default action is KILL. If failure action is KILL, the container will be subject to the container restart policy.
|
|||
failure_threshold
integer
|
Number of consecutive failures at which we consider the check failed.
|
||||
headers
list
/ elements=dictionary
|
Container health check Http's headers.
Applicable when health_check_type is 'HTTP'
|
||||
name
string
/ required
|
Container Http header Key.
Required when health_check_type is 'HTTP'
|
||||
value
string
/ required
|
Container Http header value.
Required when health_check_type is 'HTTP'
|
||||
health_check_type
string
/ required
|
|
Container health check type.
|
|||
initial_delay_in_seconds
integer
|
The initial delay in seconds before start checking container health status.
|
||||
interval_in_seconds
integer
|
Number of seconds between two consecutive runs for checking container health.
|
||||
name
string
|
Health check name.
|
||||
path
string
|
Container health check Http's path.
Required when health_check_type is 'HTTP'
|
||||
port
integer
|
Container health check port.
Required when health_check_type is one of ['TCP', 'HTTP']
|
||||
success_threshold
integer
|
Number of consecutive successes at which we consider the check succeeded again after it was in failure state.
|
||||
timeout_in_seconds
integer
|
Length of waiting time in seconds before marking health check failed.
|
||||
image_url
string
/ required
|
The container image information. Currently only support public docker registry. Can be either image name, e.g `containerImage`, image name with version, e.g `containerImage:v1` or complete docker image Url e.g `docker.io/library/containerImage:latest`. If no registry is provided, will default the registry to public docker hub `docker.io/library`. The registry used for container image must be reachable over the Container Instance's VNIC.
|
||||
is_resource_principal_disabled
boolean
|
|
Determines if the Container will have access to the Container Instance Resource Principal. This method utilizes resource principal version 2.2. Please refer to https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm#sdk_authentication_methods_resource_principal for detailed explanation of how to leverage the exposed resource principal elements.
|
|||
resource_config
dictionary
|
|||||
memory_limit_in_gbs
float
|
The maximum amount of memory which may be consumed by the Container's process. If no value is provided, then the process may use all available memory on the Instance.
|
||||
vcpus_limit
float
|
The maximum amount of CPU utilization which may be consumed by the Container's process. If no value is provided, then the process may consume all CPU resources on the Instance. CPU usage is defined in terms of logical CPUs. This means that the maximum possible value on an E3 ContainerInstance with 1 OCPU is 2.0. A Container with that vcpusLimit could consume up to 100% of the CPU resources available on the Instance. Values may be fractional. A value of "1.5" means that the Container may consume at most the equivalent of 1 and a half logical CPUs worth of CPU capacity
|
||||
volume_mounts
list
/ elements=dictionary
|
List of the volume mounts.
|
||||
is_read_only
boolean
|
|
Whether the volume was mounted in read-only mode. Defaults to false if not specified.
|
|||
mount_path
string
/ required
|
mountPath describes the volume access path.
|
||||
partition
integer
|
If there is more than 1 partitions in the volume, this is the number of partition which be referenced. Here is a example: Number Start End Size File system Name Flags 1 1049kB 106MB 105MB fat16 EFI System Partition boot, esp 2 106MB 1180MB 1074MB xfs 3 1180MB 50.0GB 48.8GB lvm
|
||||
sub_path
string
|
specifies a sub-path inside the referenced volume instead of its root
|
||||
volume_name
string
/ required
|
The name of the volume.
|
||||
working_directory
string
|
The working directory within the Container's filesystem for the Container process. If none is set, the Container will run in the working directory set by the container image.
|
||||
defined_tags
dictionary
|
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: `{"foo-namespace": {"bar-key": "value"}}`
This parameter is updatable.
|
||||
display_name
string
|
Human-readable name for the ContainerInstance. If none is provided, OCI will select one for you.
Required for create, update, delete when environment variable
OCI_USE_NAME_AS_IDENTIFIER is set.This parameter is updatable when
OCI_USE_NAME_AS_IDENTIFIER is not set.aliases: name |
||||
dns_config
dictionary
|
|||||
nameservers
list
/ elements=string
|
IP address of a name server that the resolver should query, either an IPv4 address (in dot notation), or an IPv6 address in colon (and possibly dot) notation. If null, we will use nameservers from subnet dhcpDnsOptions.
|
||||
options
list
/ elements=string
|
Options allows certain internal resolver variables to be modified. Options are a list of objects in https://man7.org/linux/man-pages/man5/resolv.conf.5.html. Examples: ["ndots:n", "edns0"]
|
||||
searches
list
/ elements=string
|
Search list for host-name lookup. If null, we will use searches from subnet dhcpDnsOptios.
|
||||
fault_domain
string
|
Fault Domain where the ContainerInstance should run.
|
||||
force_create
boolean
|
|
Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with key_by.
|
|||
freeform_tags
dictionary
|
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{"bar-key": "value"}`
This parameter is updatable.
|
||||
graceful_shutdown_timeout_in_seconds
integer
|
Duration in seconds processes within a Container have to gracefully terminate. This applies whenever a Container must be halted, such as when the Container Instance is deleted. Processes will first be sent a termination signal. After this timeout is reached, the processes will be sent a termination signal.
|
||||
image_pull_secrets
list
/ elements=dictionary
|
The image pull secrets for accessing private registry to pull images for containers
|
||||
password
string
|
The password which should be used with the registry for authentication. The value is expected in base64 format.
Required when secret_type is 'BASIC'
|
||||
registry_endpoint
string
/ required
|
The registry endpoint of the container image.
|
||||
secret_id
string
|
The OCID of the secret for registry credentials.
Required when secret_type is 'VAULT'
|
||||
secret_type
string
/ required
|
|
The type of ImagePullSecret.
|
|||
username
string
|
The username which should be used with the registry for authentication. The value is expected in base64 format.
Required when secret_type is 'BASIC'
|
||||
key_by
list
/ elements=string
|
The list of attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource are used to uniquely identify a resource.
|
||||
region
string
|
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location ). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
||||
shape
string
|
The shape of the Container Instance. The shape determines the resources available to the Container Instance.
Required for create using state=present.
|
||||
shape_config
dictionary
|
Required for create using state=present.
|
||||
memory_in_gbs
float
|
The total amount of memory available to the instance, in gigabytes.
|
||||
ocpus
float
/ required
|
The total number of OCPUs available to the instance.
|
||||
state
string
|
|
The state of the ContainerInstance.
Use state=present to create or update a ContainerInstance.
Use state=absent to delete a ContainerInstance.
|
|||
tenancy
string
|
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location ). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
||||
vnics
list
/ elements=dictionary
|
The networks to make available to containers on this Instance.
Required for create using state=present.
|
||||
defined_tags
dictionary
|
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: `{"foo-namespace": {"bar-key": "value"}}`
|
||||
display_name
string
|
A user-friendly name for the VNIC. Does not have to be unique. Avoid entering confidential information.
aliases: name |
||||
freeform_tags
dictionary
|
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{"bar-key": "value"}`
|
||||
hostname_label
string
|
The hostname for the VNIC's primary private IP.
|
||||
is_public_ip_assigned
boolean
|
|
Whether the VNIC should be assigned a public IP address.
|
|||
nsg_ids
list
/ elements=string
|
A list of the OCIDs of the network security groups (NSGs) to add the VNIC to.
|
||||
private_ip
string
|
A private IP address of your choice to assign to the VNIC. Must be an available IP address within the subnet's CIDR.
|
||||
skip_source_dest_check
boolean
|
|
Whether the source/destination check is disabled on the VNIC.
|
|||
subnet_id
string
/ required
|
The OCID of the subnet to create the VNIC in.
|
||||
volumes
list
/ elements=dictionary
|
A Volume represents a directory with data that is accessible across multiple containers in a ContainerInstance. Up to 32 volumes can be attached to single container instance.
|
||||
backing_store
string
|
Volume type that we are using for empty dir where it could be either File Storage or Memory
Applicable when volume_type is 'EMPTYDIR'
|
||||
configs
list
/ elements=dictionary
|
Contains key value pairs which can be mounted as individual files inside the container. The value needs to be base64 encoded. It is decoded to plain text before the mount.
Applicable when volume_type is 'CONFIGFILE'
|
||||
data
string
/ required
|
The base64 encoded contents of the file. The contents are decoded to plain text before mounted as a file to a container inside container instance.
Required when volume_type is 'CONFIGFILE'
|
||||
file_name
string
/ required
|
The name of the file. The fileName should be unique across the volume.
Required when volume_type is 'CONFIGFILE'
|
||||
path
string
|
(Optional) Relative path for this file inside the volume mount directory. By default, the file is presented at the root of the volume mount path.
Applicable when volume_type is 'CONFIGFILE'
|
||||
name
string
/ required
|
The name of the volume. This has be unique cross single ContainerInstance.
|
||||
volume_type
string
/ required
|
"null"
|
The type of volume.
|
|||
wait
boolean
|
|
Whether to wait for create or delete operation to complete.
|
|||
wait_timeout
integer
|
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.
|
Notes¶
Note
For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: Create container_instance
oci_container_instances_container_instance:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
availability_domain: Uocm:PHX-AD-1
shape: shape_example
shape_config:
# required
ocpus: 3.4
# optional
memory_in_gbs: 3.4
containers:
- # required
image_url: image_url_example
# optional
display_name: display_name_example
command: [ "command_example" ]
arguments: [ "arguments_example" ]
additional_capabilities: [ "CAP_NET_ADMIN" ]
working_directory: working_directory_example
environment_variables: null
volume_mounts:
- # required
mount_path: mount_path_example
volume_name: volume_name_example
# optional
sub_path: sub_path_example
is_read_only: true
partition: 56
is_resource_principal_disabled: true
resource_config:
# optional
vcpus_limit: 3.4
memory_limit_in_gbs: 3.4
health_checks:
- # required
port: 56
health_check_type: TCP
# optional
name: name_example
initial_delay_in_seconds: 56
interval_in_seconds: 56
failure_threshold: 56
success_threshold: 56
timeout_in_seconds: 56
failure_action: KILL
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
vnics:
- # required
subnet_id: "ocid1.subnet.oc1..xxxxxxEXAMPLExxxxxx"
# optional
display_name: display_name_example
hostname_label: hostname_label_example
is_public_ip_assigned: true
skip_source_dest_check: true
nsg_ids: [ "nsg_ids_example" ]
private_ip: private_ip_example
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
# optional
fault_domain: FAULT-DOMAIN-1
volumes:
- # required
name: name_example
volume_type: CONFIGFILE
# optional
configs:
- # required
file_name: file_name_example
data: data_example
# optional
path: path_example
dns_config:
# optional
nameservers: [ "nameservers_example" ]
searches: [ "searches_example" ]
options: [ "options_example" ]
graceful_shutdown_timeout_in_seconds: 56
image_pull_secrets:
- # required
secret_id: "ocid1.secret.oc1..xxxxxxEXAMPLExxxxxx"
secret_type: VAULT
registry_endpoint: registry_endpoint_example
container_restart_policy: container_restart_policy_example
display_name: display_name_example
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Update container_instance
oci_container_instances_container_instance:
# required
container_instance_id: "ocid1.containerinstance.oc1..xxxxxxEXAMPLExxxxxx"
# optional
display_name: display_name_example
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Update container_instance using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set)
oci_container_instances_container_instance:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
display_name: display_name_example
# optional
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Delete container_instance
oci_container_instances_container_instance:
# required
container_instance_id: "ocid1.containerinstance.oc1..xxxxxxEXAMPLExxxxxx"
state: absent
- name: Delete container_instance using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set)
oci_container_instances_container_instance:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
display_name: display_name_example
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Authors¶
Oracle (@oracle)