To setup and run docker containers, there’s the ansible docker module. What would you guys recommend for configuring running containers (installing packages inside the container, etc.)?
There are the two options (running sshd and ) mentioned in this thread: https://groups.google.com/forum/#!searchin/ansible-project/Docker/ansible-project/115fiaS4lsQ/VZsOIh8zAUgJ
but the thread is two years old and I wonder if there’s something else that is not mentioned there. Please let me know.
Thanks!
Yassen
There’s this pull request: https://github.com/ansible/ansible/pull/7971
Which may suit your needs temporarily by giving you an nsenter connection plugin to connect to containers running on the machine you are running ansible on.
However mscherer and I talked about it during the sprints at pycon and there’s been changes to upstream docker and other container technologies that make us think there may need to be some changes to the container connection plugins. So you can use that for now but we will likely end up merging something slightly different at a later time.
(For instance, a plugin that relies solely on docker cli tools being installed and doesn’t use nsenter at all.)
-Toshio
Toshio, thanks for your advice! Please see my comments/questions below.
There’s this pull request: https://github.com/ansible/ansible/pull/7971
Which may suit your needs temporarily by giving you an nsenter connection plugin to connect to containers running on the machine you are running ansible on.
Not sure what you mean by “containers running on the machine you are running ansible on” … I would like to orchestrate containers living on a node, which is itself managed by ansible remotely. Do we mean the same thing?
However mscherer and I talked about it during the sprints at pycon and there’s been changes to upstream docker and other container technologies that make us think there may need to be some changes to the container connection plugins. So you can use that for now but we will likely end up merging something slightly different at a later time.
(For instance, a plugin that relies solely on docker cli tools being installed and doesn’t use nsenter at all.)
Being yet quite ignorant towards ansible, I would think that “docker exec opts” being “prepended” to what otherwise ansible would execute via ssh on that remote node, would provide the solution I am looking for, and having a special kind of a transport (e.g. “ssh_local_docker”) that knows the container id would allow us to target containers within a remote node … but I guess it’s not that simple, is it?
Your input much appreciated.
Yassen
Toshio, thanks for your advice! Please see my comments/questions below.
There’s this pull request: https://github.com/ansible/ansible/pull/7971
Which may suit your needs temporarily by giving you an nsenter connection plugin to connect to containers running on the machine you are running ansible on.
Not sure what you mean by “containers running on the machine you are running ansible on” … I would like to orchestrate containers living on a node, which is itself managed by ansible remotely. Do we mean the same thing?
I’m afraid not 
ansible’s connection plugins allow the machine you run ansible on to talk to a remote node. In the ssh case you run ansible on host1, ansible ssh’s to node1 and then executes the task from the playbook there.
With the nsenter plugin, the model is the same with each running container being a node. So you’d run ansible on host1. It would use the nsenter connection plugin to connect to the container named node1 in host1’s docker server. Then it would execute the task from the playbook there.
However mscherer and I talked about it during the sprints at pycon and there’s been changes to upstream docker and other container technologies that make us think there may need to be some changes to the container connection plugins. So you can use that for now but we will likely end up merging something slightly different at a later time.
(For instance, a plugin that relies solely on docker cli tools being installed and doesn’t use nsenter at all.)
Being yet quite ignorant towards ansible, I would think that “docker exec opts” being “prepended” to what otherwise ansible would execute via ssh on that remote node, would provide the solution I am looking for, and having a special kind of a transport (e.g. “ssh_local_docker”) that knows the container id would allow us to target containers within a remote node … but I guess it’s not that simple, is it?
Yeah, I am wondering how we’d specify the combination of host that docker is running on and container within the host that we want to execute on. There’s also behavior questions around when to switch users with sudo as we’d be talking to both the node that’s running docker and the container within that node. If these hurdles can be solved a connection plugin for this probably could be written. But answers aren’t immediately coming to mind.
-Toshio
Now I get it: currently one needs ansible installed on the containers’ host in order to use the docker connexion plugin. (Something like a series of tasks that install ansible and transfer needed playbooks there.)
And, also, my “ssh_local_docker” assumptions are not entirely wrong, but there’s yet a lot to think of 
Thanks much for your help!
Yassen