ansible / ansible-docker-base Goto Github PK

Ansible base Images for easy Ansible-Playbook-based Docker builds

ansible-docker-base's Introduction

THESE IMAGES HAVE BEEN DEPRECATED

Ansible no longer maintains images in Dockerhub directly. There are several Ansible images on Dockerhub that are maintained by members of the Ansible community, which you can find with the following search

Ansible-Docker-Base

These are base docker images that include Ansible.

Ansible, Inc maintains these images so that people can easily build docker images from ansible playbooks.

While Ansible modules can help you deploy container images (and also prepare host dependencies to be able to run containers), this document is about how to use ansible to efficiently describe and build them as well.

Obtaining these Images from DockerHub

Ansible, Inc content on DockerHub lives at https://registry.hub.docker.com/u/ansible/

There are base images available currently for CentOS 7 and Ubuntu 14.04 LTS, using both the latest stable version of Ansible as well as development branch snapshots.

Building Your Own Container Based on an Ansible Image

By specifying a Dockerfile, it is easy to describe a container image primarily defined by an ansible-playbook, using a very minimal Dockerfile.

Take a look at this Dockerfile for a sample of what one looks like.

To build this image, simply cd into the directory that contains the Dockerfile and run:

docker build -t webserver_simple .

This will produce an image tagged "webserver_simple" based on the Ansible playbook run. Here's the playbook that defines the configuration.

Your own content will probably be kept in it's own git repos. You may wish to connect your repositories containing Ansible+Docker playbooks to DockerHub, to trigger automatic rebuilds of your container images when your underlying ansible playbooks, or the applications they might embed, change.

Selecting Versions of Ansible

The DockerFile shown above selected the latest CentOS tag of Ansible's Docker images. The first line of the DockerFile can be changed to select another base operating system or Ansible version should you wish to use a different OS or different Ansible version.

The following options are available:

FROM ansible/centos7-ansible:stable
FROM ansible/centos7-ansible:devel
FROM ansible/ubuntu14.04-ansible:stable
FROM ansible/ubuntu14.04-ansible:devel

Ansible images on DockerHub will be updated periodically.

Jumping Docker Content with Ansible Galaxy

While Ansible provides 240+ modules for managing various aspects of IT components and is a great starting point for describing your applications, Ansible Galaxy provides complete automation for deploying a very large number of popular apps and takes this to the next level.

To use existing ansible-role content within Docker, simply switch into a playbook directory and download the roles. For example, to configure the ELK stack:

mkdir roles/
cd roles/
ansible-galaxy install bakhti.elk

And then leverage the role content in the playbook:

- hosts: localhost
  roles:
    - bakhti.elk

So, a 3 line playbook then brings up an entire ELK stack in a container image :)

Deploying Your Ansible-Built Docker Containers with Ansible

Once available on a registry, images can be deployed using the Ansible Docker Module. This can be a lightweight way to specify what containers should run on which hosts.

Here's a minimal example of running a Tomcat container on all of your hosts:

- hosts: web
  sudo: yes
  tasks:
    - name: run tomcat servers
      docker: image=my-tomcat command="service tomcat6 start" ports=8080

Replace the "image" parameter with the name of the image above in your registry.

For more information, consult the Ansible Docker module documentation

As your needs grow more detailed and you wish to specify different containers for different hosts, you might have a list called "run_containers" defined per Ansible host group, saying which containers to run on each host. This can allow ansible to be used as a lightweight cloud, all without any additional moving parts.

Rebuilding Automatically when the Ansible Image Updates

If you are using a Docker Hub automated build to build your images you can set your image to rebuild whenever the base ansible image (hosted by Ansible, Inc) is updated:

Go to the docker hub page for your repository.
In the sidebar labeled "Settings", find the entry marked "Repository Links"
On the "Repository Links" page, enter the Ansible repository you are layering your image on top of. For instance, if you are using the ubuntu14.04-ansible repository, enter ansible/ubuntu14.04-ansible into the "Repository Name" box and click "Add".
Docker hub will now automatically rebuild your image whenever that ansible repository has a new build.

Questions?

If you'd like to talk about Ansible+Docker, stop by the ansible-project mailing list or #ansible on irc.freenode.net for IRC.

ansible-docker-base's People

Contributors

Stargazers

Watchers

Forkers

gavioto justinasjaronis overdrive3000 langri-sha miguelramosfdz kuramatsur littleairmada ruo91 lu-chi dochang netfluence ipv1337 lilithmooncohen cloudxtreme sleitch devopsify miselmipoivre huygn timani onsails my76128 sivagnanamciena davidtacheny iamsyt alex-docker jorgebonilla corbanr rsoucy rgrsoucy th3architect cafeitduong priteshpatil01 ashmanpan isholgueras mba811 cdops venkateshdaram434 szypekwsp devopschina maxsom tianshangjun changyaoh andrew-j-price eniuz cotsog sgunnala optionalg zigzig66 asadexpert amyfang brennv chandra-techpassionate mzcaptainyang codemedic guoyu07 rmacduff bluemutedwisdom sekharroyal sicheng20 katzefudder luokeychen shainesdu adhanowa saurabh240991 engrasif ip-2014 rajasekhargithub thammaratchok dmglab wwinnicki 54b3r jackgassett samaws1 qianzy96 1181254 devopsbyday ulihorn thephoenixriseth rvbharadwaj avisheka93 nixon89 himagiri2696 hurzelpurzel itbj 2020t420 jmccar mitsiek ssojha neosuresh06devops ctmcisco lasar vanwoes goolte-lab anjilinux krishnamurtyp juangarcia4ks rohscx

ansible-docker-base's Issues

Error in /etc/ansible/hosts

While trying to make a simple example, the default version of /etc/ansible/hosts within the docker image contains unwanted characaters..

docker build -t webserver_simple .                                                 
Sending build context to Docker daemon   5.12kB
Step 1/6 : FROM ansible/centos7-ansible:stable
 ---> 688353a31fde
Step 2/6 : ADD ansible /srv/example/
 ---> Using cache
 ---> 10813cca8ede
Step 3/6 : WORKDIR /srv/example
 ---> Using cache
 ---> d8acf9b2b95a
Step 4/6 : RUN ansible-playbook site.yml -c local
 ---> Running in 6a86a40063ae
ERROR! Attempted to read "/etc/ansible/hosts" as YAML: Syntax Error while loading YAML.


The error appears to have been in '/etc/ansible/hosts': line 1, column 8, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


[local]\nlocalhost\n
       ^ here

Attempted to read "/etc/ansible/hosts" as ini file: host range must be begin:end or begin:end:step 
The command '/bin/sh -c ansible-playbook site.yml -c local' returned a non-zero code: 1

It seems to be related to the RUN echo statement not correctly putting entry into the /etc/ansible/hosts

Incorrect link in /README.md

Ansible Galaxy link should be https://galaxy.ansible.com/

Docker API Error: client is too old, minimum supported API version is 1.12

When I deploy a container by using ansible. I get an error puzzled me a lot:

Docker API Error: client is too old, minimum supported API version is 1.12

please upgrade your client to a newer version

My docker 👍

Client:
Version: 1.8.3
API version: 1.20
Go version: go1.4.2
Git commit: f4bf5c7
Built: Mon Oct 12 05:37:18 UTC 2015
OS/Arch: linux/amd64

Server:
Version: 1.8.3
API version: 1.20
Go version: go1.4.2
Git commit: f4bf5c7
Built: Mon Oct 12 05:37:18 UTC 2015
OS/Arch: linux/amd64

docker-py

Name: docker-py
Version: 1.5.0

I have try docker-py 1.1.0/1.2.3/1.5.0 and get same error

what can i do?

hosts file has literal \n

For centos7, at least, the ansible hosts file contains literal \n, instead of newlines:

[cmosher@dtcmosher ~]$ sudo docker run -ti ansible/centos7-ansible:latest bash
[root@77a6cafe5903 ansible]# cat /etc/ansible/hosts 
[local]\nlocalhost\n

In the Dockerfile
RUN echo '[local]\nlocalhost\n' > /etc/ansible/hosts
should be
RUN echo -e '[local]\nlocalhost' > /etc/ansible/hosts

redis with docker. Example from documentation

I have a playbook:

- name: Configure development machine
  hosts: all
  sudo: True
  tasks:
    - name: set locale
      lineinfile: dest=/etc/default/locale line="LC_ALL=C"

    - name: install curl
      apt: name={{ item }} update_cache=yes
      with_items:
        - git
        - curl
        - libpq-dev
        - python-dev
        - python-psycopg2
        - docker

    - name: install pip
      shell: curl https://bootstrap.pypa.io/get-pip.py | python -

    - pip: name=virtualenv

    - name: Install docker-py
      pip: name=docker-py version=1.1.0

    - pip: requirements=/project/requirements.pip virtualenv=/ENV

    - name: redis container
      docker:
        name: myredis
        image: redis
        command: redis-server --appendonly yes
        state: started
        expose:
            - 6379

I'm using Vagrant with Ubuntu 14.04 with 'ubuntu/trusty64'. My vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "ubuntu/trusty64"
  config.vm.synced_folder "./project/", "/project/"
  config.vm.network "forwarded_port", guest: 8000, host: 8000
  #config.vm.network :public_network, bridge: 'eth0'
  #config.vm.provider :virtualbox do |vb|
  #  vb.gui = true
  #end

  # config.ssh.forward_agent = true

  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "playbook.yml"
  end
end

When I run ansible playbook I receive an error:

TASK: [redis container] *******************************************************
failed: [default] => {"changed": false, "failed": true}
msg: ConnectionError(ProtocolError('Connection aborted.', error(2, 'No such file or directory')),)

webserver won't start, shows Apache usage

I followed the instructions using an Ubuntu machine, but when I try to create a container, it fails.

vagrant@vagrant-ubuntu-trusty-64:$ docker run webserver_simple bash
Usage: /usr/sbin/apache2 [-D name] [-d directory] [-f file]
[-C "directive"] [-c "directive"]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
Options:
-D name : define a name for use in directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C "directive" : process directive before reading config files
-c "directive" : process directive after reading config files
-e level : show startup errors of level (see LogLevel)
-E file : log startup errors to file
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled in modules
-L : list available configuration directives
-t -D DUMP_VHOSTS : show parsed vhost settings
-t -D DUMP_RUN_CFG : show parsed run settings
-S : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
-t -D DUMP_MODULES : show all loaded modules
-M : a synonym for -t -D DUMP_MODULES
-t : run syntax check for config files
-T : start without DocumentRoot(s) check
-X : debug mode (only one worker, do not detach)
Action '-DFOREGROUND bash' failed.
The Apache error log may have more information.
vagrant@vagrant-ubuntu-trusty-64:$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
46c21b7dac63 webserver_simple:latest "/usr/local/bin/apac About a minute ago Exited (1) About a minute ago backstabbing_yalow

Any ideas how to get around this?

ansible-playbook output is displayed only after the command finishes

Running ansible-playbook (when building the docker image) display output only after the command finishes. This makes it less convenient to debug for larger playbooks.

Is there a way to display the output as the playbook executes, not after?

Update to 1.9?

Shouldn't stable be 1.9.0 now? It would be nice for the 1.7 and 1.8 docker tags to also point to proper 1.7 and 1.8 versions.

Specific version of docker-py is required for ansible-docker on centos 7

When using ansible with docker module on centos 7, it requires specific docker-py v1.2.3. Other versions don't work. The error message is:

TASK: [test_redis] ************************************************************

failed: [localhost] => {"changed": false, "failed": true}

msg: Docker API Error: client is newer than server (client API version: 1.21, server API version: 1.20)

FATAL: all hosts have already failed -- aborting

playbook fails to complete on OSX & boot2docker

docker file (same as the one in the repo):


FROM ansible/centos7-ansible:stable
# or, for example, FROM ansible/ubuntu14.04-ansible:stable

# Add playbooks to the Docker image
ADD ansible /srv/example/
WORKDIR /srv/example

# Run Ansible on configure the Docker image
RUN ansible-playbook site.yml -c local

# Other Dockerfile directives are still valid
EXPOSE 22 3000 80
ENTRYPOINT ["/usr/local/bin/apachectl", "-DFOREGROUND"]

docker build output

docker build .
Sending build context to Docker daemon 5.632 kB
Sending build context to Docker daemon
Step 0 : FROM ansible/centos7-ansible:stable
 ---> e4fe55cc2541
Step 1 : ADD ansible /srv/example/
 ---> Using cache
 ---> 30fdb2f4ba08
Step 2 : WORKDIR /srv/example
 ---> Using cache
 ---> 9af14870bb9f
Step 3 : RUN ansible-playbook site.yml -c local
 ---> Running in 4e5364abda05

PLAY [localhost] **************************************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [yum pkg=httpd state=present] *******************************************
failed: [localhost] => {"changed": true, "rc": 1, "results": ["Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirror.atlanticmetro.net\n * epel: archive.linux.duke.edu\n * extras: ftp.osuosl.org\n * updates: mirror.es.its.nyu.edu\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-18.el7.centos will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-18.el7.centos for package: httpd-2.4.6-18.el7.centos.x86_64\n--> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-18.el7.centos.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-18.el7.centos.x86_64\n--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-18.el7.centos.x86_64\n--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-18.el7.centos.x86_64\n--> Running transaction check\n---> Package apr.x86_64 0:1.4.8-3.el7 will be installed\n---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed\n---> Package centos-logos.noarch 0:70.0.6-1.el7.centos will be installed\n---> Package httpd-tools.x86_64 0:2.4.6-18.el7.centos will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package            Arch         Version                    Repository     Size\n================================================================================\nInstalling:\n httpd              x86_64       2.4.6-18.el7.centos        updates       2.7 M\nInstalling for dependencies:\n apr                x86_64       1.4.8-3.el7                base          103 k\n apr-util           x86_64       1.5.2-6.el7                base           92 k\n centos-logos       noarch       70.0.6-1.el7.centos        base           21 M\n httpd-tools        x86_64       2.4.6-18.el7.centos        updates        77 k\n mailcap            noarch       2.1.41-2.el7               base           31 k\n\nTransaction Summary\n================================================================================\nInstall  1 Package (+5 Dependent packages)\n\nTotal download size: 24 M\nInstalled size: 32 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal                                              384 kB/s |  24 MB  01:04     \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  Installing : apr-1.4.8-3.el7.x86_64                                       1/6 \n  Installing : apr-util-1.5.2-6.el7.x86_64                                  2/6 \n  Installing : httpd-tools-2.4.6-18.el7.centos.x86_64                       3/6 \n  Installing : centos-logos-70.0.6-1.el7.centos.noarch                      4/6 \n  Installing : mailcap-2.1.41-2.el7.noarch                                  5/6 \n  Installing : httpd-2.4.6-18.el7.centos.x86_64                             6/6 \nerror: unpacking of archive failed on file /usr/sbin/suexec: cpio: cap_set_file\nerror: httpd-2.4.6-18.el7.centos.x86_64: install failed\n  Verifying  : apr-1.4.8-3.el7.x86_64                                       1/6 \n  Verifying  : mailcap-2.1.41-2.el7.noarch                                  2/6 \n  Verifying  : apr-util-1.5.2-6.el7.x86_64                                  3/6 \n  Verifying  : httpd-tools-2.4.6-18.el7.centos.x86_64                       4/6 \n  Verifying  : centos-logos-70.0.6-1.el7.centos.noarch                      5/6 \n  Verifying  : httpd-2.4.6-18.el7.centos.x86_64                             6/6 \n\nDependency Installed:\n  apr.x86_64 0:1.4.8-3.el7                                                      \n  apr-util.x86_64 0:1.5.2-6.el7                                                 \n  centos-logos.noarch 0:70.0.6-1.el7.centos                                     \n  httpd-tools.x86_64 0:2.4.6-18.el7.centos                                      \n  mailcap.noarch 0:2.1.41-2.el7                                                 \n\nFailed:\n  httpd.x86_64 0:2.4.6-18.el7.centos                                            \n\nComplete!\n"]}
msg: Error unpacking rpm package httpd-2.4.6-18.el7.centos.x86_64


FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
           to retry, use: --limit @/root/site.retry

localhost                  : ok=1    changed=0    unreachable=0    failed=1

Found some similar bug here:

https://bugzilla.redhat.com/show_bug.cgi?id=1012952

[ppa] current stable version has https://github.com/ansible/ansible/issues/10550 bug

The current docker base stable version is not useful since Bug: ansible/ansible#10550 prevent using sudo at some place.

the ppa stable debian package needs to be published.

How to reach the simple web server?

when running docker build -t webserver_simple ., it failed at Error unpacking rpm package httpd-2.4.6-19.el7.centos.x86_64 No reason mentioned

screwed permissions in the image

i am using this base image to install freeradius server with simple playbook

hosts: localhost

tasks:
- name: Run "apt-get update"
  apt: update_cache=yes
- name: Update all packages to the latest version
  apt: upgrade=dist
- name: install freeradius packages
  apt: name={{ item }} state=present
  with_items:
  - freeradius
  - freeradius-mysql
    ~
    playbook successfully executed

root@defb89e31769:/opt/ansible# ansible-playbook site.yml -c local

PLAY [localhost] **************************************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [Run "apt-get update"] **************************************************
ok: [localhost]

TASK: [Update all packages to the latest version] *****************************
changed: [localhost]

TASK: [install freeradius packages] *******************************************
changed: [localhost] => (item=freeradius,freeradius-mysql)

PLAY RECAP ********************************************************************
localhost : ok=4 changed=2 unreachable=0 failed=0

after this i am strting freeradius -X
which is stops with error
rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading private key file /etc/freeradius/certs/server.key
rlm_eap: Failed to initialize type tls
/etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
/etc/freeradius/sites-enabled/default[310]: Failed to load module "eap".
/etc/freeradius/sites-enabled/default[252]: Errors parsing authenticate section.

meanwhile manual installtion in original ubuntu image works ok, no issue with permissions for root

here is complete dockerfile to reproduce issue
FROM ansible/ubuntu14.04-ansible:latest
ADD ansible /opt/ansible
WORKDIR /opt/ansible
RUN ansible-playbook site.yml -c local
EXPOSE 1812/udp 1813/udp
ENTRYPOINT ["/usr/sbin/freeradius", "-X"]

it seems to me 1.7 and 1.8 image tags actually contain latest version

I think it would make sense to maintain older version. In my case this is breaking lots of stuff

Debian based image?

What are your thoughts about an Debian based image?