Execute ansible directly to the docker container

Note

まだ試作段階ということをご承知おきください。ツッコミ大歓迎です。

To build a docker image, build it using Dockerfile. However, since Dockerfile is almost a simple shell script, it is hard to write variously. Therefore, means to construct an image using packer is taken. However, since the ansible provisioner of packer executes ansible-pull internally, it is necessary to put the ansible execution environment and git in the image.

Also, in order to execute the command against the activated container, you need to enter it with ssh. This means that you need to include sshd and expose the port of ssh, and you need to keep track of the docker's outer ssh port, which changes dynamically.

In order to solve these problems, ansible has created a plug-in that interacts directly with the docker container. (Note : Ansible is can also be used other than ssh, further that part I can be optionally added has become a plug-in structure)

Access to docker with lxc

Since docker 0.9.0, a library named libcontainer is entered and docker no longer depends on LXC. However, at the moment docker normally thinks that LXC is used. Therefore, this plugin will be accessed using LXC.

Premise

  • Docker 0.9.1
  • Put in lxc
  • Linux 3.8 or higher
  • Image contains python 2 (ansible does not correspond to python 3. Unfortunately)
  • Make sure / usr / bin / tee is in image (/ bin / tee not)

Preparation

1. You have launched on lxc driver docker -e lxc 2. You have to start the container in Run 3. Docker このgist from Get two files and place them

10021756/raw/010011595e2c21015357f60b9c1d4439b5594f46/docker_connec tion.py>`_ in the area of the inventory file. chmod ugo + x to keep with the execution authority - docker_inventory.py is put under the directory called connection_plugins

As a result, this is the configuration.

|- docker_inventory.py
|- connection_plugins
|  |
|  +- docker_connection.py
+- なにか.yml

Execution

The only difference from normal ansible execution is that you specify docker_inventory.py in inventory.

% ansible-playbook -i docker_inventory.py  なにか.yml

This will execute the specified playbook for the group named docker. Since you are calling sudo on the host side, it may be necessary to execute sudo and cache it before execution.

By the way, because it is not via ssh, execution is quite early.

Internal details

The ansible libvirtを使ったlxcアクセスのプラグイン it has been built already However, in the environment at hand, I use lx - attach because I do not need to use docker 's LXC from virsh and libvirt if it is LXC decisions. Or, I use this libvirt_lxc.py almost as it is.

Linux 3.8 or higher is required to execute arbitrary commands with lxc - attach.

container ID of the docker is docker ps --no-trunc can get in, you can access to the container in a LXC using this container ID.

Actually, I tried to group iamge names as groups, not docker, but since I could only get the ID of image, I left it behind.

Summary

Although it is a prototype, I created a plugin that can run ansible directly against the active docker container. I think that you can create an image by committing after running ansible-playbook.

Also, because it is fast to generate and execute, I think that it can be used for trial and error when creating ansible playbook.

In addition, dockerモジュール by combining it with, you may be more complex operation.

Finally, 助言 thanks to mopemope who got the.