First of all, I am quite a beginner, and I am trying to work my way through a config that I received.
I have a promtail swarm config
- name: Deploy Promtail as a Swarm service
when: docker.swarm.manager
community.docker.docker_swarm_service:
name: promtail
image: grafana/promtail:{{ promtail.promtail_version }}
user: "{{ promtail.uid }}:{{ promtail.dockergroup }}"
mounts:
- source: "{{ promtail.dir }}/promtail-config.yaml"
target: /etc/promtail/promtail.yaml
type: bind
- source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
- source: "{{ promtail.dir }}/promtail"
target: /tmp/promtail
type: bind
args:
- "-config.file=/etc/promtail/promtail.yaml"
mode: global
restart_config:
condition: any
As far as I understood, depending on the host_var, promtail.dockergroup should change.
My situation is the following:
host3's promtail just does not work, and can't access something that only the docker group can't access.
If I inspect host3's promtail container, I find that it's running under GID=1000 instead of 1010.
What did I do wrong ?
It seems that the main issue was tied to the fact it tried you use a community.docker.docker_swarm_service instead of a community.docker.docker_container. As the swarm service is deployed from the manager only (when: docker.swarm.manager) and on global: mode, it would use the host_var of the manager, and not the other nodes.
This means I simply had to translate the config for containers :)
- name: Deploy Promtail as a container
community.docker.docker_container:
name: promtail
image: grafana/promtail:{{ promtail.promtail_version }}
user: "{{ promtail.uid }}:{{ promtail.dockergroup }}"
mounts:
- source: "{{ promtail.dir }}/promtail-config.yaml"
target: /etc/promtail/promtail.yaml
type: bind
- source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
- source: "{{ promtail.dir }}/promtail"
target: /tmp/promtail
type: bind
command: "-config.file=/etc/promtail/promtail.yaml"
restart_policy: always
networks:
- name: "the-network-we-have"