Using Ansible Docker Connection Plugin
It was to write this article in April 2014 of more than a year ago docker containerに対して直接ansibleを実行する Since then, in Ansible 2.0 there is a standard Docker Connection Plugin. (Although it's not my implementation, though)
What is Docker Connection Plugin
First of all, Connection Plugin explains. Ansible usually connects to the target host using SSH. However, you can switch the connection method by using Connection Plugin.
Typical is local connection is. If written as follows, it will be executed as is in localhost instead of ssh. The difference from ssh's localhost is that ssh is not used at all and it is executed as is by the user as it is. It is convenient for development.
- hosts: all
connection: local
tasks:
- file: path=/tmp/this_is_local state=directory
In addition, the following connection plugin is prepared. I think that there are also many people who used paramiko and winrm.
- Accelerate
- Accelaret mode (it is a past heritage so you do not need to memorize it)
- Chroot
- Chroot
- Funcd
- Func : via Fedora Unified Network Controller
- Zone
- Solaris Zone
- Jail
- FreeBSD's Jail
- Libvirt_lxc
- Virt's LXC
- Paramiko
- Ssh python implementation
- Winrm
- Windows
One of these is the docker connection plugin.
Benefits of Docker connection plugin
By using the Docker Connection Plugin, you can execute Ansible directly to the Docker container. Specifically docker exec the run command, a copy of the file docker cp run the. You do not need to build sshd inside the Docker container.
It is certain that the Build by Dockerfile is the simplest. But,
- In order not to increase the Layer \ there is a case in which also will increase many lines in
- Because there is no template, it is troublesome to make and create multiple types of images
- Even though others manage it with Ansible, management becomes divided when it becomes Dockerfile here only
For reasons such as you may want to use Ansible, it is useful in that case.
In addition, I think that it is better if I can do it with Dockerfile. You do not have to bother to use Ansible. However, as it becomes complicated, it seems that Ansible is more convenient in some cases, so I will introduce it here.
Using the Docker connection plugin
Let's have a note for this, and let's use it immediately. Because I think that most people are using the Ansible 2.0RC1, but is not a new installation it is necessary, people who are using the emergency 1.9.4 is こちら _ from `docker.py download, connection_plugins Let's put into it to create a directory called. It has the following configuration.
.
|-- connection_plugins
| `-- docker.py
|-- hosts
`-- site.yml
In addition, in the Pip docker-py let's install. (It is not necessary in ansible v 2.0.)
I will write playbook as follows.
- name: Dockerコンテナを起動
hosts: localhost
connection: local
vars:
base_image: ubuntu:latest
docker_hostname: test
tasks:
- name: Dockerコンテナを起動
local_action: docker image={{ base_image }} name={{ docker_hostname }} detach=yes tty=yes command=bash
- name: ホストを追加
add_host: name={{ docker_hostname }}
- name: Dockerコンテナ内を構成
hosts: test
connection: docker # ここで docker connectionを指定
tasks: # 好きなように書きます
- file: path=/tmp/docker state=directory
- file: path=/tmp/ansible state=directory
- group: name=admin state=present
- user: name=johnd comment="John Doe" uid=1040 group=admin
- copy: src=site.yml dest=/tmp/ansible/
post_tasks:
- local_action: shell /usr/local/bin/docker commit {{ inventory_hostname }} ubuntu:ansible
The playbook in this example consists of the following two.
- Launch Docker Container
- Configuration management inside the launched Docker container
For 1, start using the docker module. This is normally a local connection. 2 is using the Docker connection.
What is important is, connection: docker only line that is different from, the other is that the normal Playbook no different.
Finally, dokcer commit by running, you have to save as an image. Because it is it up to the point of being carried out by including all docker exec, not saved, layer in the end as a whole docker commit will be the only one that can be when you run. By doing this, you do not have to do a lot of lines with Dockerfile.
Automate commit
In the previous example post_tasks として、 docker commit を実行しています。しかし、 Ansible を使って Docker コンテナーをプロビジョニングする in the article that is, callback plugin This example shows how to commit every task execution every time using.
As with the method by Dockerfile, this method will have many layers. Instead, it is cached, so there is also the advantage of being faster next time.
Use Remote's Docker host
The Docker host can be remote, not just at hand.
export DOCKER_HOST=tcp://192.168.0.10:4243
When the DOCKER_HOST be set in the environment variable, to access the Docker container via the host. I have not tried it, but I think Swarm and others will work properly.
with this,
- Use of cloud services such as instance startup
- Construction of the docker host itself
- Building a docker container / image
- Functions required for deployment such as attaching and removing of ELB
All of it is possible with Ansible.
Summary
In this article, I introduced Docker Connection Plugin which directly touches the Docker container from Ansible. Just putting one python file allows you to do the same thing as a normal ssh host for the Docker container. Also, the Docker host can be used not only locally but also remotely.
Finally.
As I mentioned earlier, it would be better if you could do it with a Dockerfile. You can also understand why you want to do with Ansible, but there is no reason to use Ansible. Let's think about it again so as not to suffer unnecessary trouble at the right place.
And, first of all, I think that the interior of the Docker container is incorrect at a complicated time. golangをDockerでデプロイする as shown in the, if golang, in order to move if you put only 1 binary, " Provisioning "no longer exists. Ian, who change jobs to Google is still (より)小さいDockerイメージを作ろう and wrote an article called, the minimum necessary It is ideal to put only the limit file.
Before automation, let's think about "Is it really necessary in the first place?"