My playbook is not downloading the updated images with same tag name

Question

I have been using jenkins to build docker images and push to docker hub with the tag latest in everytime. I have written a ansible playbook which will deploy the docker images by pulling the latest image from docker hub.Now issue is new latest images has not been pulled by ansible once it deployed its previous version with same tag.Can you please check the playbook and let me know which part should i update to get the desired work.

Playbook:

---
- hosts: flask04
  tasks:
  - name: Pull Flask app  image
    docker_image:
      name: taybur/flaskapp_27032019
      tag: latest
      state: present 

  - name: remove flask app container
    docker_container:
     name: first_flaskapp
     image: taybur/flaskapp_27032019
     state: absent

  - name: Create flask app container
    docker_container:
     name: first_flaskapp
     image: taybur/flaskapp_27032019
     ports:
       - "5001:5001"
     state: started

Answer 1

The docker_image module will not automatically pull the image if it is already present. You have to use the force_source: yes parameter (with source: pull) to force pulling on every run.

Note: until ansible 2.8, the parameter was force: yes. It has been deprecated in 2.9 and removed in 2.12. Mentioning source: pull is also mandatory since that release

Moreover, docker_container can pull the image for you if it is not present. And you can tell it to attempt to pull on every run (pull: true) and restart the container if needed. So you can reduce your set of tasks to a single one in this case:

  - name: Create/Update the flask app container if needed
    docker_container:
     name: first_flaskapp
     image: taybur/flaskapp_27032019
     pull: true
     ports:
       - "5001:5001"
     state: started

See the module documentation for docker_container and docker_image

To go further:

1. As is, your container will not restart if you reboot the server running your docker daemon. You need to use restart_policy: always if you need this feature.
2. Although this example does the job, it is not idempotent: a change of the image will induce a change between two playbook runs although nothing has been modified in your playbook or variables. One way to handle this is to make the pull parameter dynamic with a variable you will use as an extra var on the command line:

  - name: Create/Update the flask app container if needed
    docker_container:
     name: first_flaskapp
     image: taybur/flaskapp_27032019
     pull: "{{ upgrade_flaskapp | default(false) | bool }}"
     restart_policy: always
     ports:
       - "5001:5001"
     state: started

Now if you run the playbook normally, it will:

• pull the image if not present and create the container if not already running
• do nothing and report ok if the container is already running

If you run with ansible-playbook -i <inventory> playbook.yml -e upgrade_flaskapp=true it will:

• Pull the latest image and create a container if it does not exist.
• Get the new version of image if one is available and restart the container with new image if needed.
• Do nothing (report ok) if container is present and no new image is available.

Answer 2

Ideally, we should have our tasks/roles idempotent(skip duplicate work if ran repeatedly). So, I think it is cleaner to tag your builds with version numbers and use the version number in your deployment instead of latest.