%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/states/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/states/docker_container.pyo

�
���^c
@@sxdZddlmZmZmZddlZddlZddlZddlm	Z	ddl
ZddlZddl
ZddlmZeje�ZdZdfZd�Zd	�Zd
�Zd�Zd�Zeeeeed
eeejjjed�
Z eeeeeeeeeeeejjjd�Z!eeeeed�Z"ed�Z#d�Z$ed�Z%dS(u
Management of Docker containers

.. versionadded:: 2017.7.0

:depends: docker_ Python module

.. note::
    Older releases of the Python bindings for Docker were called docker-py_ in
    PyPI. All releases of docker_, and releases of docker-py_ >= 1.6.0 are
    supported. These python bindings can easily be installed using
    :py:func:`pip.install <salt.modules.pip.install>`:

    .. code-block:: bash

        salt myminion pip.install docker

    To upgrade from docker-py_ to docker_, you must first uninstall docker-py_,
    and then install docker_:

    .. code-block:: bash

        salt myminion pip.uninstall docker-py
        salt myminion pip.install docker

.. _docker: https://pypi.python.org/pypi/docker
.. _docker-py: https://pypi.python.org/pypi/docker-py

These states were moved from the :mod:`docker <salt.states.docker>` state
module (formerly called **dockerng**) in the 2017.7.0 release. When running the
:py:func:`docker_container.running <salt.states.docker_container.running>`
state for the first time after upgrading to 2017.7.0, your container(s) may be
replaced. The changes may show diffs for certain parameters which say that the
old value was an empty string, and the new value is ``None``. This is due to
the fact that in prior releases Salt was passing empty strings for these values
when creating the container if they were undefined in the SLS file, where now
Salt simply does not pass any arguments not explicitly defined in the SLS file.
Subsequent runs of the state should not replace the container if the
configuration remains unchanged.


.. note::
    To pull from a Docker registry, authentication must be configured. See
    :ref:`here <docker-authentication>` for more information on how to
    configure access to docker registries in :ref:`Pillar <pillar>` data.
i(tabsolute_importtprint_functiontunicode_literalsN(tCommandExecutionError(tsixudocker_containerumoby_containercC@s#dtkrtSttjd�fS(u?
    Only load if the docker execution module is available
    udocker.version(t__salt__t__virtualname__tFalsetmissing_fun_string(((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt__virtual__FscC@s[t|tj�r||d<n8dj|�|d<t|�dkrW|dcd7<n|S(u�
    DRY code for joining comments together and conditionally adding a period at
    the end, and adding this comment string to the state return dict.
    ucommentu. iu.(t
isinstanceRtstring_typestjointlen(trettcomments((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt_format_commentsOs
cC@s�x�|D]�}|dkrqnx�||D]u}|||ddkr*|||d}|dkrjtSytd�|D��r�tSWq�tk
r�q�Xq*q*WqWtS(u�
    Check the diff for signs of incorrect argument handling in previous
    releases, as discovered here:

    https://github.com/saltstack/salt/pull/39996#issuecomment-288025200
    uNetworksunewuolducs@s|]}|dkVqdS(uN((t.0tx((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pys	<genexpr>nsN(tNonetTruetallt	TypeErrorR(tchangest	conf_dicttitemtold((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt_check_diff]s

c
C@sotjjj|pg�}|s*i}n�tjjj|�}|sTtd��nx�tj|�D]�\}}|d
kr�i||<qdtjjj|�||<||s�tdj
|���nxNdD]F}y)tjjj|||�|||<Wq�tk
rq�q�Xq�WqdWg}xttj|�D]c\}}|d
k	r/xHtj|�D]4\}}|d
krW|jdj
||��qWqWWq/q/W|r�tdd|��n|rky4gt
d�D]}d	|kr�|d	^q�}Wn(tk
r}td
j
|���qkXgt|�D]}||kr#|^q#}	|	rktdj
dj|	����qkn|S(u/
    Common logic for parsing the networks
    u1Invalid network configuration (see documentation)u;Invalid configuration for network '{0}' (see documentation)ulinksualiasesu8Config option '{0}' for network '{1}' is missing a valueuInvalid network configurationtinfoudocker.networksuNameu-Failed to get list of existing networks: {0}.u+The following networks are not present: {0}u, N(ulinksualiases(tsalttutilstargstsplit_inputtdatatrepack_dictlistRRt	iteritemsRtformattKeyErrortappendRtsortedR(
tnetworkstnet_nametnet_conftkeyterrorstvalRtall_networkstexctmissing_networks((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt_parse_networksvsZ	



 +cC@s�td|�}|tkr�tds�ytd|d|�}Wn+tk
rm}tdj||���q�X||dd<td|�}|tkr�tdj|���q�q�n|S(	u>
    Resolve the image ID and pull the image if necessary
    udocker.resolve_image_idutestudocker.pulltclient_timeoutuFailed to pull {0}: {1}uchangesuimageu?Image '{0}' not present despite a docker pull raising no errors(RRt__opts__t	ExceptionRR$(RtimageR2timage_idtpull_resultR/((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt_resolve_image�s"

uforcec,@s�i�d6id6td6dd6�|tkrIt�d<d�d<�Sn%t|tj�rntj|�}ny;|
}t|
�}
|
r�|
|d<nt�||	�}
WnSt	k
r�}t�d<|j
tk	r�t�|j
�Sn|j��d<�SnXg�|j
dt�}ytd	��d
}WnTt	k
rHt}n>tk
r�t�d<�jdj���t���SnX|tk	}|r�td��nt}|p�|p�||
k}|o�td
rYt�d<|r�t�dd<n+||
kr#i|d6|
d6�dd<n�jdj�|r?dnd��t���SnyLtd|d|rv�ntd|d|d|d|	|�}|d�Wn�tk
r�}t�d<�jdj|��t���Sn�tk
rf}t�d<|j�}t|t	�o9t|j
t�o9d|j
krI|d7}n�j|�t���SnX����fd�}�fd �}|}z�td	|r��n��}xutj|
�D]d\}}ytd!�||�Wn=t	k
r'}t�d<�j|j��t���SnXq�Wtd	��}|tk	r�t|jd"i�jd#i��t|
�}|r�x|D]}td$�|�q�Wtd	��}nntd%||�}|r�td&��d'd(�} | r�t| �r.�jd)g�jd*jtd
r!d+nd��n�djd,i�}!|!j| �td
r�t�d<�jdj�|r�dnd��nNt}|���r�t�d<t���Sn|d-�djd.i�d/<n
|r�td
r�jd0j|��nytd1�d2|�Wn@t	k
rb}t�d<�jd3j|��t���Sn%X|�dd4<�jd5j|��nb| r��r�tjd6���jd7j�td
r�d8nd��nn�jd9j���n|rH	|�djd,i�d#<td
r3t�d<�jd:�n|rE	t}"x�t|�D]�}g}#t}$}%y4�td;|�kr�td$�|�t}$nWn&t	k
r�}|#j|j��nX||
kruy"td!�||
|�t}%Wn�t	k
rq}|#j|j��|$rnxPt||�D]>}&|||&dtkrU|||&=nt|||&d<q)WnnXn|#r��j|#�t}"n||�djd,i�jd#i�|<|$o�|%r��jd<j|��n>|$r��jd=j|��n|%r	�jd>j|��nqLW|"rB	t�d<t���SnnnWd?|r\	|�nX|r�	|r�	�jd@j���n*|�|�r�	t�d<t���Sn|d-�djd.i�d/<n|o�	|p�	|o�	|p�	|o�	|o�	|dAkr�
td
r1
t�d<�jdB�t���SnbytdC��dDd}'WnCtk
r�
}t�d<�jdEj�|��t���SnXntd��}'td
o�
|'dAkr�dFj �dGf����fdH�}(td%jdIg�})x�tj�djd,i�jd#i��D]�\}}dJ|koO|dJddIkr�xr|)D]j}*|(�j|i�j|*�}+|+r�itd6|+d6||*<y|j
dJ�Wntk
r�nXnqYWnq&Wt!j
�t�n||'kr4i|d6|'d6�ddD<|tk	r1�jdKj||'��nn|oC||
krr�jdL�i|d6|
d6�dd<n|'dAko�|r�t�d<�jdM�nt���S(Nu�
    Ensure that a container with a specific configuration is present and
    running

    name
        Name of the container

    image
        Image to use for the container

        .. note::
            This state will pull the image if it is not present. However, if
            the image needs to be built from a Dockerfile or loaded from a
            saved image, or if you would like to use requisites to trigger a
            replacement of the container when the image is updated, then the
            :py:func:`docker_image.present
            <salt.states.dockermod.image_present>` state should be used to
            manage the image.

        .. versionchanged:: 2018.3.0
            If no tag is specified in the image name, and nothing matching the
            specified image is pulled on the minion, the ``docker pull`` that
            retrieves the image will pull *all tags* for the image. A tag of
            ``latest`` is no longer implicit for the pull. For this reason, it
            is recommended to specify the image in ``repo:tag`` notation.

    .. _docker-container-running-skip-translate:

    skip_translate
        This function translates Salt CLI or SLS input into the format which
        docker-py_ expects. However, in the event that Salt's translation logic
        fails (due to potential changes in the Docker Remote API, or to bugs in
        the translation code), this argument can be used to exert granular
        control over which arguments are translated and which are not.

        Pass this argument as a comma-separated list (or Python list) of
        arguments, and translation for each passed argument name will be
        skipped. Alternatively, pass ``True`` and *all* translation will be
        skipped.

        Skipping tranlsation allows for arguments to be formatted directly in
        the format which docker-py_ expects. This allows for API changes and
        other issues to be more easily worked around. An example of using this
        option to skip translation would be:

        For example, imagine that there is an issue with processing the
        ``port_bindings`` argument, and the following configuration no longer
        works as expected:

        .. code-block:: yaml

            mycontainer:
              docker_container.running:
                - image: 7.3.1611
                - port_bindings:
                  - 10.2.9.10:8080:80

        By using ``skip_translate``, you can forego the input translation and
        configure the port binding in the format docker-py_ needs:

        .. code-block:: yaml

            mycontainer:
              docker_container.running:
                - image: 7.3.1611
                - skip_translate: port_bindings
                - port_bindings: {8080: [('10.2.9.10', 80)], '4193/udp': 9314}

        See the following links for more information:

        - `docker-py Low-level API`_
        - `Docker Engine API`_

    .. _docker-py: https://pypi.python.org/pypi/docker-py
    .. _`docker-py Low-level API`: http://docker-py.readthedocs.io/en/stable/api.html#docker.api.container.ContainerApiMixin.create_container
    .. _`Docker Engine API`: https://docs.docker.com/engine/api/v1.33/#operation/ContainerCreate

    ignore_collisions : False
        Since many of docker-py_'s arguments differ in name from their CLI
        counterparts (with which most Docker users are more familiar), Salt
        detects usage of these and aliases them to the docker-py_ version of
        that argument so that both CLI and API versions of a given argument are
        supported. However, if both the alias and the docker-py_ version of the
        same argument (e.g. ``env`` and ``environment``) are used, an error
        will be raised. Set this argument to ``True`` to suppress these errors
        and keep the docker-py_ version of the argument.

    validate_ip_addrs : True
        For parameters which accept IP addresses as input, IP address
        validation will be performed. To disable, set this to ``False``

    force : False
        Set this parameter to ``True`` to force Salt to re-create the container
        irrespective of whether or not it is configured as desired.

    watch_action : force
        Control what type of action is taken when this state :ref:`watches
        <requisites-watch>` another state that has changes. The default action
        is ``force``, which runs the state with ``force`` set to ``True``,
        triggering a rebuild of the container.

        If any other value is passed, it will be assumed to be a kill signal.
        If the container matches the specified configuration, and is running,
        then the action will be to send that signal to the container. Kill
        signals can be either strings or numbers, and are defined in the
        **Standard Signals** section of the ``signal(7)`` manpage. Run ``man 7
        signal`` on a Linux host to browse this manpage. For example:

        .. code-block:: yaml

            mycontainer:
              docker_container.running:
                - image: busybox
                - watch_action: SIGHUP
                - watch:
                  - file: some_file

        .. note::

            If the container differs from the specified configuration, or is
            not running, then instead of sending a signal to the container, the
            container will be re-created/started and no signal will be sent.

    start : True
        Set to ``False`` to suppress starting of the container if it exists,
        matches the desired configuration, but is not running. This is useful
        for data-only containers, or for non-daemonized container processes,
        such as the Django ``migrate`` and ``collectstatic`` commands. In
        instances such as this, the container only needs to be started the
        first time.

    shutdown_timeout
        If the container needs to be replaced, the container will be stopped
        using :py:func:`docker.stop <salt.modules.dockermod.stop>`. If a
        ``shutdown_timout`` is not set, and the container was created using
        ``stop_timeout``, that timeout will be used. If neither of these values
        were set, then a timeout of 10 seconds will be used.

        .. versionchanged:: 2017.7.0
            This option was renamed from ``stop_timeout`` to
            ``shutdown_timeout`` to accommodate the ``stop_timeout`` container
            configuration setting.

    client_timeout : 60
        Timeout in seconds for the Docker client. This is not a timeout for
        this function, but for receiving a response from the API.

        .. note::
            This is only used if Salt needs to pull the requested image.

    .. _salt-states-docker-container-network-management:

    **NETWORK MANAGEMENT**

    .. versionadded:: 2018.3.0
    .. versionchanged:: 2019.2.0
        If the ``networks`` option is used, any networks (including the default
        ``bridge`` network) which are not specified will be disconnected.

    The ``networks`` argument can be used to ensure that a container is
    attached to one or more networks. Optionally, arguments can be passed to
    the networks. In the example below, ``net1`` is being configured with
    arguments, while ``net2`` and ``bridge`` are being configured *without*
    arguments:

    .. code-block:: yaml

        foo:
          docker_container.running:
            - image: myuser/myimage:foo
            - networks:
              - net1:
                - aliases:
                  - bar
                  - baz
                - ipv4_address: 10.0.20.50
              - net2
              - bridge
            - require:
              - docker_network: net1
              - docker_network: net2

    The supported arguments are the ones from the docker-py's
    `connect_container_to_network`_ function (other than ``container`` and
    ``net_id``).

    .. important::
        Unlike with the arguments described in the **CONTAINER CONFIGURATION
        PARAMETERS** section below, these network configuration parameters are
        not translated at all.  Consult the `connect_container_to_network`_
        documentation for the correct type/format of data to pass.

    .. _`connect_container_to_network`: https://docker-py.readthedocs.io/en/stable/api.html#docker.api.network.NetworkApiMixin.connect_container_to_network

    To start a container with no network connectivity (only possible in
    2019.2.0 and later) pass this option as an empty list. For example:

    .. code-block:: yaml

        foo:
          docker_container.running:
            - image: myuser/myimage:foo
            - networks: []


    **CONTAINER CONFIGURATION PARAMETERS**

    auto_remove (or *rm*) : False
        Enable auto-removal of the container on daemon side when the
        container’s process exits (analogous to running a docker container with
        ``--rm`` on the CLI).

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - auto_remove: True

    binds
        Files/directories to bind mount. Each bind mount should be passed in
        one of the following formats:

        - ``<host_path>:<container_path>`` - ``host_path`` is mounted within
          the container as ``container_path`` with read-write access.
        - ``<host_path>:<container_path>:<selinux_context>`` - ``host_path`` is
          mounted within the container as ``container_path`` with read-write
          access. Additionally, the specified selinux context will be set
          within the container.
        - ``<host_path>:<container_path>:<read_only>`` - ``host_path`` is
          mounted within the container as ``container_path``, with the
          read-only or read-write setting explicitly defined.
        - ``<host_path>:<container_path>:<read_only>,<selinux_context>`` -
          ``host_path`` is mounted within the container as ``container_path``,
          with the read-only or read-write setting explicitly defined.
          Additionally, the specified selinux context will be set within the
          container.

        ``<read_only>`` can be either ``rw`` for read-write access, or ``ro``
        for read-only access. When omitted, it is assumed to be read-write.

        ``<selinux_context>`` can be ``z`` if the volume is shared between
        multiple containers, or ``Z`` if the volume should be private.

        .. note::
            When both ``<read_only>`` and ``<selinux_context>`` are specified,
            there must be a comma before ``<selinux_context>``.

        Binds can be expressed as a comma-separated list or a YAML list. The
        below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - binds: /srv/www:/var/www:ro,/etc/foo.conf:/usr/local/etc/foo.conf:rw

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - binds:
                  - /srv/www:/var/www:ro
                  - /home/myuser/conf/foo.conf:/etc/foo.conf:rw

        However, in cases where both ro/rw and an selinux context are combined,
        the only option is to use a YAML list, like so:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - binds:
                  - /srv/www:/var/www:ro,Z
                  - /home/myuser/conf/foo.conf:/etc/foo.conf:rw,Z

        Since the second bind in the previous example is mounted read-write,
        the ``rw`` and comma can be dropped. For example:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - binds:
                  - /srv/www:/var/www:ro,Z
                  - /home/myuser/conf/foo.conf:/etc/foo.conf:Z

    blkio_weight
        Block IO weight (relative weight), accepts a weight value between 10
        and 1000.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - blkio_weight: 100

    blkio_weight_device
        Block IO weight (relative device weight), specified as a list of
        expressions in the format ``PATH:RATE``

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - blkio_weight_device: /dev/sda:100

    cap_add
        List of capabilities to add within the container. Can be expressed as a
        comma-separated list or a Python list. The below two examples are
        equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cap_add: SYS_ADMIN,MKNOD

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cap_add:
                  - SYS_ADMIN
                  - MKNOD

        .. note::

            This option requires Docker 1.2.0 or newer.

    cap_drop
        List of capabilities to drop within the container. Can be expressed as
        a comma-separated list or a Python list. The below two examples are
        equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cap_drop: SYS_ADMIN,MKNOD

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cap_drop:
                  - SYS_ADMIN
                  - MKNOD

        .. note::
            This option requires Docker 1.2.0 or newer.

    command (or *cmd*)
        Command to run in the container

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - command: bash

    cpuset_cpus (or *cpuset*)
        CPUs on which which to allow execution, specified as a string
        containing a range (e.g. ``0-3``) or a comma-separated list of CPUs
        (e.g. ``0,1``).

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cpuset_cpus: "0,1"

    cpuset_mems
        Memory nodes on which which to allow execution, specified as a string
        containing a range (e.g. ``0-3``) or a comma-separated list of MEMs
        (e.g. ``0,1``). Only effective on NUMA systems.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cpuset_mems: "0,1"

    cpu_group
        The length of a CPU period in microseconds

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cpu_group: 100000

    cpu_period
        Microseconds of CPU time that the container can get in a CPU period

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cpu_period: 50000

    cpu_shares
        CPU shares (relative weight), specified as an integer between 2 and 1024.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - cpu_shares: 512

    detach : False
        If ``True``, run the container's command in the background (daemon
        mode)

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - detach: True

    devices
        List of host devices to expose within the container. Can be expressed
        as a comma-separated list or a YAML list. The below two examples are
        equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices: /dev/net/tun,/dev/xvda1:/dev/xvda1,/dev/xvdb1:/dev/xvdb1:r

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices:
                  - /dev/net/tun
                  - /dev/xvda1:/dev/xvda1
                  - /dev/xvdb1:/dev/xvdb1:r

    device_read_bps
        Limit read rate (bytes per second) from a device, specified as a list
        of expressions in the format ``PATH:RATE``, where ``RATE`` is either an
        integer number of bytes, or a string ending in ``kb``, ``mb``, or
        ``gb``. Can be expressed as a comma-separated list or a YAML list. The
        below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_read_bps: /dev/sda:1mb,/dev/sdb:5mb

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_read_bps:
                  - /dev/sda:1mb
                  - /dev/sdb:5mb

    device_read_iops
        Limit read rate (I/O per second) from a device, specified as a list
        of expressions in the format ``PATH:RATE``, where ``RATE`` is a number
        of I/O operations. Can be expressed as a comma-separated list or a YAML
        list. The below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_read_iops: /dev/sda:1000,/dev/sdb:500

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_read_iops:
                  - /dev/sda:1000
                  - /dev/sdb:500

    device_write_bps
        Limit write rate (bytes per second) from a device, specified as a list
        of expressions in the format ``PATH:RATE``, where ``RATE`` is either an
        integer number of bytes, or a string ending in ``kb``, ``mb``, or
        ``gb``. Can be expressed as a comma-separated list or a YAML list. The
        below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_write_bps: /dev/sda:1mb,/dev/sdb:5mb

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_write_bps:
                  - /dev/sda:1mb
                  - /dev/sdb:5mb


    device_read_iops
        Limit write rate (I/O per second) from a device, specified as a list
        of expressions in the format ``PATH:RATE``, where ``RATE`` is a number
        of I/O operations. Can be expressed as a comma-separated list or a
        YAML list. The below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_read_iops: /dev/sda:1000,/dev/sdb:500

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - devices_read_iops:
                  - /dev/sda:1000
                  - /dev/sdb:500

    dns
        List of DNS nameservers. Can be expressed as a comma-separated list or
        a YAML list. The below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - dns: 8.8.8.8,8.8.4.4

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - dns:
                  - 8.8.8.8
                  - 8.8.4.4

        .. note::

            To skip IP address validation, use ``validate_ip_addrs=False``

    dns_opt
        Additional options to be added to the container’s ``resolv.conf`` file.
        Can be expressed as a comma-separated list or a YAML list. The below
        two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - dns_opt: ndots:9

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - dns_opt:
                  - ndots:9

    dns_search
        List of DNS search domains. Can be expressed as a comma-separated list
        or a YAML list. The below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - dns_search: foo1.domain.tld,foo2.domain.tld

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - dns_search:
                  - foo1.domain.tld
                  - foo2.domain.tld

    domainname
        The domain name to use for the container

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - dommainname: domain.tld

    entrypoint
        Entrypoint for the container

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - entrypoint: "mycmd --arg1 --arg2"

        This argument can also be specified as a list:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - entrypoint:
                  - mycmd
                  - --arg1
                  - --arg2

    environment
        Either a list of variable/value mappings, or a list of strings in the
        format ``VARNAME=value``. The below three examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - environment:
                  - VAR1: value
                  - VAR2: value

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - environment: 'VAR1=value,VAR2=value'

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - environment:
                  - VAR1=value
                  - VAR2=value

    extra_hosts
        Additional hosts to add to the container's /etc/hosts file. Can be
        expressed as a comma-separated list or a Python list. The below two
        examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - extra_hosts: web1:10.9.8.7,web2:10.9.8.8

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - extra_hosts:
                  - web1:10.9.8.7
                  - web2:10.9.8.8

        .. note::

            To skip IP address validation, use ``validate_ip_addrs=False``

        .. note::

            This option requires Docker 1.3.0 or newer.

    group_add
        List of additional group names and/or IDs that the container process
        will run as. Can be expressed as a comma-separated list or a YAML list.
        The below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - group_add: web,network

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - group_add:
                  - web
                  - network

    hostname
        Hostname of the container. If not provided, the value passed as the
        container's``name`` will be used for the hostname.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - hostname: web1

        .. warning::

            ``hostname`` cannot be set if ``network_mode`` is set to ``host``.
            The below example will result in an error:

            .. code-block:: yaml

                foo:
                  docker_container.running:
                    - image: bar/baz:latest
                    - hostname: web1
                    - network_mode: host

    interactive (or *stdin_open*) : False
        Leave stdin open, even if not attached

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - interactive: True

    ipc_mode (or *ipc*)
        Set the IPC mode for the container. The default behavior is to create a
        private IPC namespace for the container, but this option can be
        used to change that behavior:

        - ``container:<container_name_or_id>`` reuses another container shared
          memory, semaphores and message queues
        - ``host``: use the host's shared memory, semaphores and message queues

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - ipc_mode: container:foo

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - ipc_mode: host

        .. warning::
            Using ``host`` gives the container full access to local shared
            memory and is therefore considered insecure.

    isolation
        Specifies the type of isolation technology used by containers

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - isolation: hyperv

        .. note::
            The default value on Windows server is ``process``, while the
            default value on Windows client is ``hyperv``. On Linux, only
            ``default`` is supported.

    labels
        Add metadata to the container. Labels can be set both with and without
        values, and labels with values can be passed either as ``key=value`` or
        ``key: value`` pairs. For example, while the below would be very
        confusing to read, it is technically valid, and demonstrates the
        different ways in which labels can be passed:

        .. code-block:: yaml

            mynet:
              docker_network.present:
                - labels:
                  - foo
                  - bar=baz
                  - hello: world

        The labels can also simply be passed as a YAML dictionary, though this
        can be error-prone due to some :ref:`idiosyncrasies
        <yaml-idiosyncrasies>` with how PyYAML loads nested data structures:

        .. code-block:: yaml

            foo:
              docker_network.present:
                - labels:
                    foo: ''
                    bar: baz
                    hello: world

        .. versionchanged:: 2018.3.0
            Methods for specifying labels can now be mixed. Earlier releases
            required either labels with or without values.

    links
        Link this container to another. Links can be specified as a list of
        mappings or a comma-separated or Python list of expressions in the
        format ``<container_name_or_id>:<link_alias>``. The below three
        examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - links:
                  - web1: link1
                  - web2: link2

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - links: web1:link1,web2:link2

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - links:
                  - web1:link1
                  - web2:link2

    log_driver and log_opt
        Set container's logging driver and options to configure that driver.
        Requires Docker 1.6 or newer.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - log_driver: syslog
                - log_opt:
                  - syslog-address: tcp://192.168.0.42
                  - syslog-facility: daemon

        The ``log_opt`` can also be expressed as a comma-separated or YAML list
        of ``key=value`` pairs. The below two examples are equivalent to the
        above one:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - log_driver: syslog
                - log_opt: "syslog-address=tcp://192.168.0.42,syslog-facility=daemon"

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - log_driver: syslog
                - log_opt:
                  - syslog-address=tcp://192.168.0.42
                  - syslog-facility=daemon

        .. note::
            The logging driver feature was improved in Docker 1.13 introducing
            option name changes. Please see Docker's
            `Configure logging drivers`_ documentation for more information.

        .. _`Configure logging drivers`: https://docs.docker.com/engine/admin/logging/overview/

    lxc_conf
        Additional LXC configuration parameters to set before starting the
        container. Either a list of variable/value mappings, or a list of
        strings in the format ``VARNAME=value``. The below three examples are
        equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - lxc_conf:
                  - lxc.utsname: docker
                  - lxc.arch: x86_64

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - lxc_conf: lxc.utsname=docker,lxc.arch=x86_64

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - lxc_conf:
                  - lxc.utsname=docker
                  - lxc.arch=x86_64

        .. note::
            These LXC configuration parameters will only have the desired
            effect if the container is using the LXC execution driver, which
            has been deprecated for some time.

    mac_address
        MAC address to use for the container. If not specified, a random MAC
        address will be used.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - mac_address: 01:23:45:67:89:0a

    mem_limit (or *memory*) : 0
        Memory limit. Can be specified in bytes or using single-letter units
        (i.e. ``512M``, ``2G``, etc.). A value of ``0`` (the default) means no
        memory limit.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - mem_limit: 512M

    mem_swappiness
        Tune a container's memory swappiness behavior. Accepts an integer
        between 0 and 100.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - mem_swappiness: 60

    memswap_limit (or *memory_swap*) : -1
        Total memory limit (memory plus swap). Set to ``-1`` to disable swap. A
        value of ``0`` means no swap limit.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - memswap_limit: 1G

    network_disabled : False
        If ``True``, networking will be disabled within the container

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - network_disabled: True

    network_mode : bridge
        One of the following:

        - ``bridge`` - Creates a new network stack for the container on the
          docker bridge
        - ``none`` - No networking (equivalent of the Docker CLI argument
          ``--net=none``). Not to be confused with Python's ``None``.
        - ``container:<name_or_id>`` - Reuses another container's network stack
        - ``host`` - Use the host's network stack inside the container
        - Any name that identifies an existing network that might be created
          with ``docker.network_present``.

          .. warning::

                Using ``host`` mode gives the container full access to the
                hosts system's services (such as D-bus), and is therefore
                considered insecure.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - network_mode: "none"

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - network_mode: container:web1

    oom_kill_disable
        Whether to disable OOM killer

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - oom_kill_disable: False

    oom_score_adj
        An integer value containing the score given to the container in order
        to tune OOM killer preferences

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - oom_score_adj: 500

    pid_mode
        Set to ``host`` to use the host container's PID namespace within the
        container. Requires Docker 1.5.0 or newer.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - pid_mode: host

        .. note::
            This option requires Docker 1.5.0 or newer.

    pids_limit
        Set the container's PID limit. Set to ``-1`` for unlimited.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - pids_limit: 2000

    port_bindings (or *publish*)
        Bind exposed ports. Port bindings should be passed in the same way as
        the ``--publish`` argument to the ``docker run`` CLI command:

        - ``ip:hostPort:containerPort`` - Bind a specific IP and port on the
          host to a specific port within the container.
        - ``ip::containerPort`` - Bind a specific IP and an ephemeral port to a
          specific port within the container.
        - ``hostPort:containerPort`` - Bind a specific port on all of the
          host's interfaces to a specific port within the container.
        - ``containerPort`` - Bind an ephemeral port on all of the host's
          interfaces to a specific port within the container.

        Multiple bindings can be separated by commas, or expressed as a YAML
        list, and port ranges can be defined using dashes. The below two
        examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - port_bindings: "4505-4506:14505-14506,2123:2123/udp,8080"

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - port_bindings:
                  - 4505-4506:14505-14506
                  - 2123:2123/udp
                  - 8080

        .. note::
            When specifying a protocol, it must be passed in the
            ``containerPort`` value, as seen in the examples above.

    ports
        A list of ports to expose on the container. Can either be a
        comma-separated list or a YAML list. If the protocol is omitted, the
        port will be assumed to be a TCP port. The below two examples are
        equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - ports: 1111,2222/udp

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - ports:
                  - 1111
                  - 2222/udp

    privileged : False
        If ``True``, runs the exec process with extended privileges

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - privileged: True

    publish_all_ports (or *publish_all*) : False
        Publish all ports to the host

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - ports: 8080
                - publish_all_ports: True

    read_only : False
        If ``True``, mount the container’s root filesystem as read only

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - read_only: True

    restart_policy (or *restart*)
        Set a restart policy for the container. Must be passed as a string in
        the format ``policy[:retry_count]`` where ``policy`` is one of
        ``always``, ``unless-stopped``, or ``on-failure``, and ``retry_count``
        is an optional limit to the number of retries. The retry count is ignored
        when using the ``always`` or ``unless-stopped`` restart policy.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - restart_policy: on-failure:5

            bar:
              docker_container.running:
                - image: bar/baz:latest
                - restart_policy: always

    security_opt (or *security_opts*):
        Security configuration for MLS systems such as SELinux and AppArmor.
        Can be expressed as a comma-separated list or a YAML list. The below
        two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - security_opt: apparmor:unconfined

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - security_opt:
                  - apparmor:unconfined

        .. important::
            Some security options can contain commas. In these cases, this
            argument *must* be passed as a Python list, as splitting by comma
            will result in an invalid configuration.

        .. note::
            See the documentation for security_opt at
            https://docs.docker.com/engine/reference/run/#security-configuration

    shm_size
        Size of /dev/shm

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - shm_size: 128M

    stop_signal
        Specify the signal docker will send to the container when stopping.
        Useful when running systemd as PID 1 inside the container.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - stop_signal: SIGRTMIN+3

        .. note::

            This option requires Docker 1.9.0 or newer and docker-py 1.7.0 or
            newer.

        .. versionadded:: 2016.11.0

    stop_timeout
        Timeout to stop the container, in seconds

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - stop_timeout: 5

        .. note::
            In releases prior to 2017.7.0, this option was not set in the
            container configuration, but rather this timeout was enforced only
            when shutting down an existing container to replace it. To remove
            the ambiguity, and to allow for the container to have a stop
            timeout set for it, the old ``stop_timeout`` argument has been
            renamed to ``shutdown_timeout``, while ``stop_timeout`` now refer's
            to the container's configured stop timeout.

    storage_opt
        Storage driver options for the container. Can be either a list of
        strings in the format ``option=value``, or a list of mappings between
        option and value. The below three examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - storage_opt:
                  - dm.basesize: 40G

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - storage_opt: dm.basesize=40G

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - storage_opt:
                  - dm.basesize=40G

    sysctls (or *sysctl*)
        Set sysctl options for the container. Can be either a list of strings
        in the format ``option=value``, or a list of mappings between option
        and value. The below three examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - sysctls:
                  - fs.nr_open: 1048576
                  - kernel.pid_max: 32768

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - sysctls: fs.nr_open=1048576,kernel.pid_max=32768

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - sysctls:
                  - fs.nr_open=1048576
                  - kernel.pid_max=32768

    tmpfs
        A map of container directories which should be replaced by tmpfs mounts
        and their corresponding mount options.

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - tmpfs:
                  - /run: rw,noexec,nosuid,size=65536k

    tty : False
        Attach TTYs

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - tty: True

    ulimits
        List of ulimits. These limits should be passed in the format
        ``<ulimit_name>:<soft_limit>:<hard_limit>``, with the hard limit being
        optional. Can be expressed as a comma-separated list or a YAML list.
        The below two examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - ulimits: nofile=1024:1024,nproc=60

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - ulimits:
                  - nofile=1024:1024
                  - nproc=60

    user
        User under which to run exec process

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - user: foo

    userns_mode (or *user_ns_mode*)
        Sets the user namsepace mode, when the user namespace remapping option
        is enabled

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - userns_mode: host

    volumes (or *volume*)
        List of directories to expose as volumes. Can be expressed as a
        comma-separated list or a YAML list. The below two examples are
        equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - volumes: /mnt/vol1,/mnt/vol2

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - volumes:
                  - /mnt/vol1
                  - /mnt/vol2

    volumes_from
        Container names or IDs from which the container will get volumes. Can
        be expressed as a comma-separated list or a YAML list. The below two
        examples are equivalent:

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - volumes_from: foo

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - volumes_from:
                  - foo

    volume_driver
        sets the container's volume driver

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - volume_driver: foobar

    working_dir (or *workdir*)
        Working directory inside the container

        .. code-block:: yaml

            foo:
              docker_container.running:
                - image: bar/baz:latest
                - working_dir: /var/log/nginx
    unameuchangesuresultuucommentu The 'image' argument is requiredunetworksusend_signaludocker.inspect_containeruImageudUnable to detect current image for container '{0}'. This might be due to a change in the Docker API.udocker.stateutestu
forced_updateuoldunewuimageuContainer '{0}' would be {1}ucreatedureplacedu
docker.createtnametskip_translatetignore_collisionstvalidate_ip_addrsR2uNameu�Key '{0}' missing from API response, this may be due to a change in the Docker Remote API. Please report this on the SaltStack issue tracker if it has not already been reported.uinvalidu�

If you feel this information is incorrect, the skip_translate argument can be used to skip input translation for the argument(s) identified as invalid. See the documentation for details.c@s�itd6}�dk	r&�|d<ntd�|��djdi�d<ytd||�}Wn/tk
r�}t}�jdj|��nX|r��jd	j|��n
�jd
�|S(Nustoputimeoutu	docker.rmuchangesucontainer_iduremovedu
docker.renameu$Failed to rename temp container: {0}uReplaced container '{0}'u!Failed to replace container '{0}'(RRRt
setdefaultRRR&R$(torigtnewt	rm_kwargstresultR/(RR9Rtshutdown_timeout(s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt_replace�s

'
c@s"tjd��td��dS(NuRemoving temp container '%s'u	docker.rm(tlogtdebugR((ttemp_container_name(s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt_delete_temp_containersu#docker.connect_container_to_networkuNetworkSettingsuNetworksu(docker.disconnect_container_from_networku!docker.compare_container_networksudocker.compare_containerstignoreuHostnameuwarningsu�The detected changes may be due to incorrect handling of arguments in earlier Salt releases. If this warning persists after running the state again{0}, and no changes were made to the SLS file, then please report this.u without test=Trueu	containeruIducontainer_iduaddedu%Signal {0} would be sent to containeru
docker.signaltsignaluFailed to signal container: {0}usignaluSent signal {0} to containeruXdocker_container.running: detected changes without a specific comment for container '%s'uContainer '{0}'{1} updated.u	 would beu2Container '{0}' is already configured as specifiedu&Network configuration would be updatedudocker.connectedu7Reconnected to network '{0}' with updated configurationuDisconnected from network '{0}'uConnected to network '{0}'NuCreated container '{0}'urunninguContainer would be startedudocker.startustateu&Failed to start container '{0}': '{1}'u.udocker_container.runningc@sI�tkrAtd��}|jdi�jdi�t�<nt�S(Nudocker.inspect_containeruNetworkSettingsuNetworks(t__context__Rtget(tnew_container_info(t
contextkeyR9(s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt	_get_nets
s
u	automaticuIPConfigurationu!State changed from '{0}' to '{1}'uContainer has a new imageuContainer is not running("RRRR
RRt	text_typeR1R8RRRt__str__tpopRR%R&R$R3R4tdictR#tsetRKRR=tupdateRDtwarningR'tlisttextendRRJ(,R9R5R:R;R<tforcetwatch_actiontstartRBR2R(tkwargstconfigured_networksR6R/tsend_signaltcurrent_image_idtexistst	pre_statetskip_comparisonttemp_containertmsgRCRGtcleanup_temptpre_net_connectR)R*tpost_net_connectt
extra_netst	extra_nettnet_changestcontainer_changestchanges_ptrtnetwork_failureR,tdisconnectedt	connectedRt
post_stateRNtautoip_keysR+R-((RRMR9RRBRFs@/usr/lib/python2.7/site-packages/salt/states/docker_container.pytrunning�s������






	



	


!


	

	



!


 





 
	*



!



	/



c
K@si|d6id6td6dd6}tjjj|
�}
x;d&D]3}||
kr>t|d<d
j|�|d<|Sq>W|d'kr�t|d<d|d<|St|t	j
�s�t	j|�}nt|||�}t|t
�r�|j|�|SyGd|
kr%|
dd'k	r%t|
d�|
d<nt|||�WnPtk
r�}t|d<|jd'k	rqt||j�S|j�|d<|SnXt|||�}t|t
�r�|j|�|Std
r�d'|d<dj|r�dnd�|d<|S|rt}n�d'}xqd(D]i}y|
j|�}Wntk
r=qnX|d'k	rk|
swt|d<d|d<|Sqt|�}qW|d'k	r�t|
d<nt}yKtd|d|d|	d|
d|d|d|d|d||
�|d<Wn=tk
r$}tjd�t|d<dj|�|d<noX|r8d|d<n[y|dd}Wntk
r]n6X|rv|d krvtnt|d<d!j|�|d<|r|jdi�jd"�}|rytd#|dd"�Wqtk
r}|jd$g�jd%j|��qXqn|S()u�

    .. versionadded:: 2018.3.0

    .. note::
        If no tag is specified in the image name, and nothing matching the
        specified image is pulled on the minion, the ``docker pull`` that
        retrieves the image will pull *all tags* for the image. A tag of
        ``latest`` is not implicit for the pull. For this reason, it is
        recommended to specify the image in ``repo:tag`` notation.

    Like the :py:func:`cmd.run <salt.states.cmd.run>` state, only for Docker.
    Does the equivalent of a ``docker run`` and returns information about the
    container that was created, as well as its output.

    This state accepts the same arguments as :py:func:`docker_container.running
    <salt.states.docker_container.running>`, with the exception of
    ``watch_action``, ``start``, and ``shutdown_timeout`` (though the ``force``
    argument has a different meaning in this state).

    In addition, this state accepts the arguments from :py:func:`docker.logs
    <salt.modules.dockermod.logs>`, with the exception of ``follow``, to
    control how logs are returned.

    Additionally, the following arguments are supported:

    onlyif
        A command or list of commands to run as a check. The container will
        only run if any of the specified commands returns a zero exit status.

    unless
        A command or list of commands to run as a check. The container will
        only run if any of the specified commands returns a non-zero exit
        status.

    creates
        A path or list of paths. Only run if one or more of the specified paths
        do not exist on the minion.

    bg : False
        If ``True``, run container in background and do not await or deliver
        its results.

        .. note::
            This may not be useful in cases where other states depend on the
            results of this state. Also, the logs will be inaccessible once the
            container exits if ``auto_remove`` is set to ``True``, so keep this
            in mind.

    failhard : True
        If ``True``, the state will return a ``False`` result if the exit code
        of the container is non-zero. When this argument is set to ``False``,
        the state will return a ``True`` result regardless of the container's
        exit code.

        .. note::
            This has no effect if ``bg`` is set to ``True``.

    replace : False
        If ``True``, and if the named container already exists, this will
        remove the existing container. The default behavior is to return a
        ``False`` result when the container already exists.

    force : False
        If ``True``, and the named container already exists, *and* ``replace``
        is also set to ``True``, then the container will be forcibly removed.
        Otherwise, the state will not proceed and will return a ``False``
        result.

    CLI Examples:

    .. code-block:: bash

        salt myminion docker.run_container myuser/myimage command=/usr/local/bin/myscript.sh

    **USAGE EXAMPLE**

    .. code-block:: jinja

        {% set pkg_version = salt.pillar.get('pkg_version', '1.0-1') %}
        build_package:
          docker_container.run:
            - image: myuser/builder:latest
            - binds: /home/myuser/builds:/build_dir
            - command: /scripts/build.sh {{ pkg_version }}
            - creates: /home/myuser/builds/myapp-{{ pkg_version }}.noarch.rpm
            - replace: True
            - networks:
              - mynet
            - require:
              - docker_network: mynet
    unameuchangesuresultuucommentuwatch_actionustartushutdown_timeoutufollowu#The '{0}' argument is not supportedu The 'image' argument is requiredunetworksutestuContainer would be run{0}u in the backgrounduauto_removeurmu<'rm' is an alias for 'auto_remove', they cannot both be usedudocker.run_containerR9R:R;R<R2tbgtreplaceRXu#Encountered error running containeru(Encountered error running container: {0}u#Container was run in the backgrounduExitCodeiu2Container ran and exited with a return code of {0}uIdu	docker.rmuwarningsu$Failed to auto_remove container: {0}(uwatch_actionustartushutdown_timeoutufollowN(uauto_removeurm( RRRRtclean_kwargsRR$RR
RRROt
mod_run_checkRRRTR1R8RRRRPR3RQR%tboolRR4RDt	exceptionRKR=R&(R9R5tonlyiftunlesstcreatesRrtfailhardRsRXR:R;R<R2R[RtunsupportedtcretR/tremoveRR-tretcodetid_((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pytrun4s�i











	









"
cK@s�i|d6id6td6dd6}|r>|r>d|d<|S|dk	r�t|t�sgd|d<|Sg}x{|D]7}t|tj�s�tj|�}n|j|�qtWn9|r�t|tj�s�tj|�g}q�|g}ni}xh|D]`}ytd|�}	Wn*t	k
r>|j
d	g�j|�q�X|j
|	g�j|�q�Wg}
|r�d	|kr�|
jd
jdj|d	���n|r�d|kr�t|d<|
jd
jdj|d���n|
rt|d<dj|
�|d<|S|j
dg�|j
dg�}|s�t|d<t|�dkrbdj|d�|d<n
d|d<d	|kr�|dcd7<n|dcd7<|Stdr�d|d<djdj|��|d<|Sg}x�|D]�}i|d6}
|r||
d<ntd||
�}|dtkr:||d|<q�d|krZ|j|d�q�|jdj|��q�W|r�dj|�|d<|St|d<djdj|��|d<|S(u@
    Ensure that a container (or containers) is stopped

    name
        Name or ID of the container

    containers
        Run this state on more than one container at a time. The following two
        examples accomplish the same thing:

        .. code-block:: yaml

            stopped_containers:
              docker_container.stopped:
                - names:
                  - foo
                  - bar
                  - baz

        .. code-block:: yaml

            stopped_containers:
              docker_container.stopped:
                - containers:
                  - foo
                  - bar
                  - baz

        However, the second example will be a bit quicker since Salt will stop
        all specified containers in a single run, rather than executing the
        state separately on each image (as it would in the first example).

    shutdown_timeout
        Timeout for graceful shutdown of the container. If this timeout is
        exceeded, the container will be killed. If this value is not passed,
        then the container's configured ``stop_timeout`` will be observed. If
        ``stop_timeout`` was also unset on the container, then a timeout of 10
        seconds will be used.

    unpause : False
        Set to ``True`` to unpause any paused containers before stopping. If
        unset, then an error will be raised for any container that was paused.

    error_on_absent : True
        By default, this state will return an error if any of the specified
        containers are absent. Set this to ``False`` to suppress that error.
    unameuchangesuresultuucommentu/One of 'name' and 'containers' must be provideducontainers must be a listudocker.stateuabsentu*The following container(s) are absent: {0}u, upausedu*The following container(s) are paused: {0}u. urunningiuContainer '{0}' is iuAll specified containers are u
absent or unot runningutestu/The following container(s) will be stopped: {0}uunpauseutimeoutudocker.stopuFailed to stop container '{0}'u; u,The following container(s) were stopped: {0}N(RRR
RVRRROR&RRR=R$RRKRR
R3(R9t
containersRBtunpauseterror_on_absentR[Rttargetsttargettc_stateR,tto_stoptstop_errorststop_kwargsR((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pytstopped	s�5








"







cC@s{i|d6id6td6dd6}|tddt�kr\t|d<dj|�|d<|Std	|�}|d
kr�|r�d|d<|Stdr�d|d<d
j|�|d<|Sy"td|d|�|dd<Wn*tk
r}dj||�|d<|SX|tddt�kr6dj|�|d<nA|rQ|d
krQd}nd}dj||�|d<t|d<|S(u�
    Ensure that a container is absent

    name
        Name of the container

    force : False
        Set to ``True`` to remove the container even if it is running

    Usage Examples:

    .. code-block:: yaml

        mycontainer:
          docker_container.absent

        multiple_containers:
          docker_container.absent:
            - names:
              - foo
              - bar
              - baz
    unameuchangesuresultuucommentudocker.list_containersRuContainer '{0}' does not existudocker.stateustoppedu=Container is running, set force to True to forcibly remove itutestuContainer '{0}' will be removedu	docker.rmRXuremovedu%Failed to remove container '{0}': {1}u Failed to remove container '{0}'uForciblyuSuccessfullyu{0} removed container '{1}'N(RRRR$R3RR4(R9RXRR`R/tmethod((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pytabsent�	s<





"	
c	C@sCitd6td6}|dk	r�t|tj�r>|g}nt|t�setd�|D��r~idd6td6td6Sx^|D]S}td|d	td
t�}|dkr�idj	||�d6td6td6Sq�Wn|dk	r�t|tj�r	|g}nt|t�s0td
�|D��rIidd6td6td6Sx^|D]S}td|d	td
t�}|dkrPidj	||�d6td6td6SqPWn|dk	r?t|tj�r�|g}nt|t�s�td�|D��ridd6td6td6Std�|D��r?idd6td6SntS(u~
    Execute the onlyif/unless/creates logic. Returns a result dict if any of
    the checks fail, otherwise returns True
    uuse_vtubgcs@s!|]}t|tj�VqdS(N(R
RR(RR((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pys	<genexpr>
su)onlyif is not a string or list of stringsucommentu
skip_watchuresultucmd.retcodetignore_retcodetpython_shelliu,onlyif command {0} returned exit code of {1}cs@s!|]}t|tj�VqdS(N(R
RR(RR((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pys	<genexpr>
su)unless is not a string or list of stringsu,unless command {0} returned exit code of {1}cs@s!|]}t|tj�VqdS(N(R
RR(RR((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pys	<genexpr>-
su*creates is not a string or list of stringscs@s!|]}tjj|�VqdS(N(tostpathR_(RR((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pys	<genexpr>1
su/All specified paths in 'creates' argument existN(
RRR
RRRVRRRR$(RxRyRzt
cmd_kwargstentryR((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyRu�	sf

	


	


cK@s�|dkratj|�}|jdd�dkr@t|d<nt|d<t|d<t||�S|dkr�t|tjj	j
|��S|dkr�t|tjj	j
|��Si|d6id6td	6d
j|�d6S(u<
    The docker_container watcher, called to invoke the watch command.

    .. note::
        This state exists to support special handling of the ``watch``
        :ref:`requisite <requisites>`. It should not be called directly.

        Parameters for this function should be set by the state being triggered.
    urunninguwatch_actionuforceusend_signalustoppedurununameuchangesuresultu*watch requisite is not implemented for {0}ucomment(
tcopytdeepcopyRKRRRqR�RRRRtR�R$(R9tsfunR[twatch_kwargs((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt	mod_watch:
s 





(&t__doc__t
__future__RRRR�tloggingR�tsalt.exceptionsRtsalt.utils.argsRtsalt.utils.datatsalt.utils.dockertsalt.extRt	getLoggert__name__RDRt__virtual_aliases__R	RRR1R8RRRRtdockertCLIENT_TIMEOUTRqR�R�R�RuR�(((s@/usr/lib/python2.7/site-packages/salt/states/docker_container.pyt<module>/sl						G	 �������V��@	B

Zerion Mini Shell 1.0