philm / ansible_playbook Goto Github PK

Docker Image for running Ansible Playbook commands

Dockerfile 100.00%

ansible_playbook's Introduction

Ansible Playbook Docker Image

Executes ansible-playbook command against an externally mounted set of Ansible playbooks

docker run --rm -it -v PATH_TO_LOCAL_PLAYBOOKS_DIR:/ansible/playbooks philm/ansible_playbook PLAYBOOK_FILE

For example, assuming your project's structure follows best practices, the command to run ansible-playbook from the top-level directory would look like:

docker run --rm -it -v $(pwd):/ansible/playbooks philm/ansible_playbook site.yml

Ansible playbook variables can simply be added after the playbook name.

SSH Keys

If Ansible is interacting with external machines, you'll need to mount an SSH key pair for the duration of the play:

docker run --rm -it \
    -v ~/.ssh/id_rsa:/root/.ssh/id_rsa \
    -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \
    -v $(pwd):/ansible/playbooks \
    philm/ansible_playbook site.yml

Ansible Vault

If you've encrypted any data using Ansible Vault, you can decrypt during a play by either passing --ask-vault-pass after the playbook name, or pointing to a password file. For the latter, you can mount an external file:

docker run --rm -it -v $(pwd):/ansible/playbooks \
    -v ~/.vault_pass.txt:/root/.vault_pass.txt \
    philm/ansible_playbook site.yml --vault-password-file /root/.vault_pass.txt

Note: the Ansible Vault executable is embedded in this image. To use it, specify a different entrypoint:

docker run --rm -it -v $(pwd):/ansible/playbooks --entrypoint ansible-vault philm/ansible_playbook encrypt FILENAME

Testing Playbooks - Ansible Target Container

The Ansible Target Docker image is an SSH container optimized for testing Ansible playbooks.

First, define your inventory file.

[test]
ansible_target

Be sure your testing playbooks include the correct host and remote user:

- hosts: test
  remote_user: ubuntu

  tasks:
  ... tasks go here ...

When testing the playbook, you'll need to link the two containers:

docker run --rm -it \
    --link ansible_target \
    -v ~/.ssh/id_rsa:/root/.ssh/id_rsa \
    -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \
    -v $(pwd):/ansible/playbooks \
    philm/ansible_playbook tests.yml -i inventory

Note: the SSH key used above should match the one used to run Ansible Target.

Docker Compose

An sample docker-compose.yml file is in this repo's test directory.

Example:

docker-compose run --rm test remote.yml -i inventory

And if you'd like the ansible_target container to be recreated each time, do:

docker rm -v -f ansible_target

(Eventually Compose will be able to automatically remove services after each run, see docker/compose#2774)

Privileged Operations

Notice the privileged: true option in the compose file. This enables us to better mimic a VM environment and perform operations such as installing the Docker Engine during a playbook run see Docker Reference.

ansible_playbook's People

Contributors

Stargazers

Watchers

Forkers

semanticbeeng cordoval eljenso jdeer0618 jjediny nguoianphu twista cheesesashimi ccimpoi tomrijntjes strelka-institute mrtndwrd seiti innamurivinod mwaaas kraihn timesking matzew pdmurray jessecollier oakensoul nagireddyguduru liyibin kakerukaeru callumgill satyadevops imranansari vitor-caetano oronb aavileli mcoakley nalabelle sveba jonobattle mail4andrey jondkelley vivait aetherical vitornovaes surajb08 anusorn malonso-stratio ulihorn litui saldi alekskar weinix anshprat dhanuka84 xlyk mooboxer 0x4a5e1e4baab rbgithuub prakasha4devops drewster727 kvemulap01 elgamala indika-dev jorgeghm airkj carav008 mkipcak prelipceang jfoxtech talentinc devopstoday11 scantineau brandonmcclure rbramwell

ansible_playbook's Issues

Add WinRM to the image?

This honestly may just be a me problem but once I finally figured everything out and got the inventory file I get an error saying that winrm is not installed.

connectivity problems with ansible_target image

I sorted out most problems now but this is blocking:

docker-compose up -d
Creating ansible_target
Creating drugimport_playbooks_1
Creating ansible_player
docker-compose run player download_files_from_ftp.yml -i inventory

PLAY ***************************************************************************

TASK [setup] *******************************************************************
fatal: [ansible_target]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh", "unreachable": true}

PLAY RECAP *********************************************************************
ansible_target             : ok=0    changed=0    unreachable=1    failed=0

make: *** [import] Error 3

Update: trying this ansible/ansible#13401

[Errno 2] No such file or directory", "rc": 2

i got this output after running this command
docker run -it --rm --name temporary-anisble-executer -v "$PWD":/var/lib/jenkins/ansible -w /usr/src/app philm/ansible_playbook /var/lib/jenkins/ansible/playbook.yml --user=jenkins --extra-vars ImageName=majdmn/node-back --extra-vars imageTag=9ed05ec --extra-vars Namespace=test

--link ansible_target or ansible_test?

im a bit confused over the example. the test target container is called ansible_test but you link it as ansible_target. is this a simple typo or is it correct? where is ansible target defined?

permission denied when using docker for windows

trying to mount in the private key
but get the following error

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @\r\n@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0555 for \'/root/.ssh/id_rsa\' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis p
rivate key will be ignored.\r\nLoad key "/root/.ssh/id_rsa": bad permissions\r\nPermission denied (publickey).\r\n

docker-compose is using:

volumes:
      - '.:/ansible/playbooks'
      - "./id_rsa:/root/.ssh/id_rsa"

docker for windows

Running local tasks

Hi! It's unclear from README if this image will allow to run local tasks, not remote. E.g. I have doubts that from container it would be possible to create local users, folders, etc. Please clarify this. I suggest adding to README some comments on this as well.
Thanks!

running into this error

~ docker-compose run --rm test remote.yml -i inventory                                     MacBook-Pro [17:04:02]
ERROR! the playbook: remote.yml could not be found

Consider updating, 2.2.2 is quite old :P

SSH error

im trying to use this for the first time. with a simple playbook. im not getting a sensible output and I would be very grateful for any advice you can offer.

here is my playbook.yml

---
- hosts: ansible_target
  tasks:
      - name: Create file hello
        file:
            path: /tmp/hallo
            state: touch

      - name: Create file world
        file:
            path: /tmp/world
            state: touch

im running the target, followed by the playbook container.

target:
docker run -d -p 2222:22 --name ansible_target -v ~/.ssh/id_rsa.pub:/home/ubuntu/.ssh/authorized_keys philm/ansible_target

playbook

docker run --link ansible_target --rm -it -v ~/.ssh/id_rsa:/root/.ssh/id_rsa -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub -v $(pwd):/ansible/playbooks philm/ansible_playbook -v playbook.yml

output:

PLAY [test] ********************************************************************

TASK [setup] *******************************************************************
fatal: [ansible_target]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh", "unreachable": true}

PLAY RECAP *********************************************************************
ansible_target             : ok=0    changed=0    unreachable=1    failed=0

any advice much appreciated

many thanks