Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Docker - pre-created network removed in create.yml

See original GitHub issue

Issue Type

Bug report

Molecule and Ansible details

See below

Molecule installation method (one of):

Ansible installation method (one of):

Detail any linters or test runners used:

Behavior

EDIT: Further testing has shown that this seems to be a bug introduced with Molecule 3.0.4. I ran the test again after installing Molecule 3.0.2.1 from pip3. I can’t test if it also happens with Molecule 3.0.4 and Python2, as it is not available.

After converting my Ansible dev environment (where I normally make roles) to python3 only, something broke in the docker networking.

Given the following molecule.yml (a seperate dependency.yml is in place to create the network mentioned):

---
dependency:
  name: 'shell'
  command: ansible-playbook ${MOLECULE_PROJECT_DIRECTORY}/molecule/default/dependency.yml -i localhost,
driver:
  name: 'docker'
lint: |
  set -e
  yamllint -c molecule/default/yamllint.yml .
  ansible-lint molecule/default/converge.yml
platforms:
  - name: "acme-ssl-client"
    image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian10}-ansible:latest"
    command: '/lib/systemd/systemd'
    pre_build_image: true
    volumes:
      - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
    privileged: true
    networks:
      - name: "acmenet"
        ipv4_address: '10.30.50.12'
  - name: "acme-ssl-helper"
    image: "geerlingguy/docker-debian10-ansible:latest"
    command: '/lib/systemd/systemd'
    pre_build_image: true
    volumes:
      - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
    privileged: true
    networks:
      - name: "acmenet"
        ipv4_address: '10.30.50.11'
  - name: 'pebble'
    image: 'letsencrypt/pebble'
    command: 'pebble --dnsserver 10.30.50.11:53'
    pre_build_image: true
    networks:
      - name: "acmenet"
        ipv4_address: '10.30.50.10'
provisioner:
  name: 'ansible'

For this environment to work, I need to be able to assign static IPs to each of the docker containers. This used to work, but after converting to python3 only, I received the following error message from Docker: 400 Client Error: Bad Request ("user specified IP address is supported only when connecting to networks with user configured subnets")

Python 3

When running molecule create with python3, I can observe the following actions on the Docker daemon for networks. I have commented for clarity:

2020-05-08T13:05:03.393276006+02:00 network destroy a5941947a10d00e5d6c31113c4e79ab5a5072e4701639d65d5e065dbdda03082 (name=acmenet, type=bridge) # Precreation destroy
2020-05-08T13:05:18.444261785+02:00 network create eb0f4bc5ff8b0185d874df2712bec7fd72f432ec58c01446e18382e04c677c9e (name=acmenet, type=bridge) # Created by dependency.yml
2020-05-08T13:05:24.939964452+02:00 network destroy eb0f4bc5ff8b0185d874df2712bec7fd72f432ec58c01446e18382e04c677c9e (name=acmenet, type=bridge) # Destroyed for some reason
2020-05-08T13:05:24.986557118+02:00 network create e779303608cf568594d3868eeb4f5de063c2badd29cf3aaf63db89de682a59cf (name=acmenet, type=bridge) # Created by create.yml, broken as it does not accept user-set IP addresses for containers

Molecule task output:

    TASK [Create docker network(s)] ************************************************
    changed: [localhost] => (item=acmenet)
    ok: [localhost] => (item=acmenet)
    ok: [localhost] => (item=acmenet)

Molecule --version

molecule 3.0.4
   ansible==2.9.7 python==3.7

Python 2

Running the same config with python2, gives the following output on the Docker daemon:

2020-05-08T14:26:54.063793066+02:00 network create 3e7457009acb86e1c5f29ebfa3379a9a51f16ed5147077dedd2c616d327fc673 (name=acmenet, type=bridge)

Molecule task output:

TASK [Create docker network(s)] ************************************************
    ok: [localhost] => (item=acmenet)
    ok: [localhost] => (item=acmenet)
    ok: [localhost] => (item=acmenet)

molecule --version

molecule 3.0.2.1
   ansible==2.9.7 python==2.7

Issue Analytics

State:
Created 3 years ago
Comments:11 (5 by maintainers)

Top GitHub Comments

1reaction

btravouilloncommented, May 10, 2020

Hi @Thulium-Drake, I hit the same issue. This was introduced with molecule 3.0.3 by 4ef8cfb1. molecule now set an owner label on the network:

https://github.com/ssbarnea/molecule/blob/4ef8cfb173e7128570b16a28726dd73aa1a6eb40/molecule/provisioner/ansible/playbooks/docker/create.yml#L93-L106

When the task runs, docker_network detects a change and recreate the network. (Module doc: When network options are changed, the module disconnects all containers from the network, deletes the network, and re-creates the network.). Because we cannot define the subnet in the molecule configuration, the network is created with a random subnet. Check docker network inspect acmenet.

You can update your dependency.yml to add the label {owner: 'molecule'}:

    - name: "Create docker network(s)"
      docker_network:
        name: "net1"
        ipam_config:
          - subnet: "192.168.0.0/24"
            gateway: "192.168.0.254"
        state: present
        labels:
          owner: molecule

By the way, I like the dependency.yml to configure the docker network, I will use it. Thanks!

0reactions

Thulium-Drakecommented, Jun 29, 2020

Hi @actatux,

Makes sense, well, the PR fixes this problem, so I’ll close the issue 😃

Thanks for the good work!