Comments (9)
@magnusvikstrom v2.1.0 should have fixed the permission issue so that one task you have in between can be removed.
I'm still torn on adding the reset_connection
task directly to this role. Ansible is already slow and adding this would slow it down more for a majority of folks who wouldn't need this to be set.
But I will keep this issue open to see where it goes.
from ansible-docker.
Hi,
What type of use case is this for?
Typically the way I've used this role is to install Docker and Docker Compose on a server, and then when I deploy my apps, I SSH in as a specific user that was added to docker__users
, but this process is after I ran this role in a separate SSH connection, so it's already "reset".
Instead of a manual SSH deployment this could also be done with a git hook or through a CI server -- basically whatever you happen to use to trigger a deploy. In all cases these are separate connections to your server after this role gets run.
from ansible-docker.
My current playbook runs the role, copies over docker-compose and other configuration files then runs docker-compose up.
Not sure how common it is, perhaps just a mention in the documentation that when using docker__users you need to reset the connection before running docker commands or split up the initializing of the server from the rest of deployment is enough?
I've started noticing the issue when testing my ansible deployment on a vagrant machine that I'm destroying and recreating frequently.
from ansible-docker.
When you set a user as being part of the Docker group, this requires making a new connection to make it take effect with or without this role. This is just how it works at the Linux level.
Splitting up the server provisioning and deployment is enough on its own, but as you discovered, there are many ways to do app deployment.
Personally I never found Ansible to be suitable for handling the deploys themselves since it only responds after the entire work has been done, where as app deployment is very reactive. I want to see the output as it goes, so I choose to use git hooks and other non-Ansible methods for deployment.
But with that said, you could do the reset in your custom docker compose role as 1 option for now. That would be enough to get things working with your set up. Perhaps it is a documentation problem too, it wouldn't hurt to remind folks that you need to make a new connection in this Docker role.
from ansible-docker.
I recently started using ansible so not sure yet how the final deployment setup will work. Thanks for the suggestions though and for this role.
I did get it to work just by adding the reset ssh connection at the start of my tasks so its no showstopper. It took me some time to figure out though what was causing the issue and that's why I was thinking of mentioning it in the docs. I did look through the project issue list and was expecting to see others mentioning this issue, but didn't so guess its not that frequently occurring.
Anyway if you would like to add something to the README it could go into the "Working with Ansible's docker_* modules" section and look something like this:
When using docker_* modules in your own roles or playbook in combination with the docker__users variable (section https://github.com/nickjj/ansible-docker#configuring-users-to-run-docker-without-root) you need to reset the ansible connection after the ansible_docker role has run. You will otherwise get docker permission errors.
This can be done by using the meta module reset_connection task as follows (note that this requires at least ansible version 2.5.8):
- name: Reset ssh connection to allow user added to docker group in the docker role to take effect.
meta: reset_connection
from ansible-docker.
No problem.
I think a natural spot for this would be to write something after the code example at https://github.com/nickjj/ansible-docker#configuring-users-to-run-docker-without-root.
Something like:
If you plan to run your own custom Docker related roles which depend on executing Docker commands as a user that was defined in docker__users
then you must reset your SSH connection in 1 of 2 ways.
The first way (recommended) would be to decouple server creation and app deployment, in which case the SSH connection will be reset automatically since you would be SSH'ing into your server after Ansible has run its course to provision the server.
The second way would be to add a task to your custom Docker role to reset the SSH connection mid-Ansible run. You only need to do this if you plan to run Docker commands as the same user defined in docker__users
during the same playbook run.
You can do that like so:
- name: Reset SSH connection so the Docker user can run Docker commands
meta: "reset_connection"
This overall behavior isn't a limitation of this role. It's just how Linux permissions work.
from ansible-docker.
Well put, now its quite clear. Also good idea to have it in the section you most likely read before getting into this situation.
from ansible-docker.
I hit exactly the same problem and I am wondering whether the reset_connection shouldn't be done in this role. The thing is we install docker via this role and afterwards in the playbook we start some Docker containers. These containers are started via some roles and adding a reset_connection between roles is not possible (at least not without introducing an intermediate role).
from ansible-docker.
I ended up with a role that includes this role:
<omitted some initial tasks, making sure universe is enabled and updating apt cache>
- name: Include docker role
include_role:
name: "nickjj.docker"
apply:
tags: ["docker"]
become: yes
# Prevent the docker_login task in the role from printing sensitive data
no_log: true
# The docker role runs as root resulting in the docker config directory (specified in docker_config var) and file (specified in docker_config_path = item.config_path) produced when it runs docker login belonging to root
# Changing ownership to ansible user so that docker-compose can access the file
- name: Set docker config directory ownership to ansible user
file:
path: "{{ item.config_path | dirname }}"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
recurse: yes
become: yes
loop: "{{ docker__registries }}"
- name: Reset ssh connection to allow user added to docker group in the docker role to take effect.
meta: reset_connection
` ` `
from ansible-docker.
Related Issues (20)
- Support for docker.io package (in addition to ce and ee) HOT 4
- Failed : Install Docker's dependencies HOT 9
- Package dependency error for Docker installation on clean Ubuntu 18.04 HOT 11
- Ubuntu 20.04 ImportError: No module named pkg_resources HOT 10
- Avoid docker login issue with X11 HOT 11
- Expected behavior for DockerHub private repositories login options? HOT 19
- Failed to import the required Python library HOT 10
- Update apt cache before installing packages HOT 1
- Add way to add additional packages to install HOT 3
- Versioning pinning not working HOT 5
- Install Python packages: Could not get output from /usr/local/bin/virtualenv --help HOT 16
- Hi; Please consider suppressing credentials output in: Manage Docker registry login credentials HOT 8
- Upgrade edge case HOT 9
- I'm thinking about no longer setting up a virtualenv, pip installing docker / docker compose and switching the docker_login module to a shell script HOT 2
- docker not installed into /usr/local/bin HOT 4
- Unable to find pip in the virtualenv HOT 8
- Error in new v2.2.0 version when using ansible 2.9.14 HOT 3
- Docker Compose V1 causes the Install Python packages step to crash HOT 3
- Error with pip on basic usage HOT 2
- Task exception at: Install Python packages HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-docker.