use same roles regardless of container, VM, bare metal, swarm, or other cloud provider
easily add/remove nodes (containers)
use existing docker-compose files
I can’t seem to find an example of docker_service which has ansible provisioning after container is up. e.g. I want to keep the containers very basic (bare centos), and use ansible to install all packages/configure. I’m assuming this happens first by defining the containers and then connecting to those containers from host machine (in my case a unix VM). Let me know if this makes sense or if more info is needed…
If you are trying to use containers this way ( ansible provisioning inside running container) you are pushing against the philosophy behind containers. My suggestion is to use ansible to construct the files used to create containers. That way you get the control / power of ansible without trying to shoehorn it into the docker world.
For example I have a Dockerfile.j2 template that I pump a list of packages I want to install into it using ansible. Then I just run docker build.
Thanks for that info. I do see what you mean. I’d like to reuse existing ansible roles if possible. Assuming I’m only doing basic things like setting up a yum repo and installing packages on groups of nodes. Here is the lifecycle of what I’m thinking:
start up a configurable set of base containers (base os only).
run ansible to setup repos/ install yum packages
commit changes to snapshot the “configured images”
all the above is for initial setup - subsequent calls would call another play book to simply start the set of containers.
sample of testing this use case:
name: Create a network
docker_network:
name: dev
name: test out docker service
docker_container:
image: centos:7
name: “node{{ item }}”
state: started
interactive: yes
networks:
If you want to run containers, but not necessarily docker - have a look at lxd/lxc. I currently use it exactly the way you mentioned - reusing roles and configs and simply pointing to different environments.
You are describing system containers, while docker does represent
application containers. Docker containers only contain the one
application that you want them to run. System containers are full
systems running with init and sshd and whatnot.
You might want to checkout lxc and the lxc_container module of ansible...
Each container will probably be running a single application or a few services. the dependencies to run said application need to be installed and configured. this is the part I’d like to provision via ansible. I am leaning towards a templatized dockerfile (not ansible, but still close). I didn’t know about lxc_containers - i will check those out as well. although I believe what I’d like to do with containers is within docker’s ability.
LXC containers that I use have cloud-init build in, so that the main way of configuring them.
All example below use LXD as the ‘hypervisor’. I spin up a container with one basic profile (‘bootstrap’) (bound to a network that has full internet access), configure the container (i.e. apply all my roles) and then reconfigure it to the target profile (which usually means different network/IP) and restart.
Tasks to create a container profile:
name: create a service profile
lxd_profile:
name: service
description: “used for services containers”
state: present
devices:
eth0:
name: eth0
nictype: bridged
parent: vlan3
type: nic
name: create a bootstrap profile
lxd_profile:
name: bootstrap
description: “used for bootstrapping of containers”
state: present
config: { “user.user-data”: “#cloud-config\nssh_authorized_keys:\n - ssh-rsa AAAAB3xxxxx\npackages:\n - openssh-server”}
devices:
eth0:
name: eth0
nictype: bridged
parent: vlan2
type: nic
Playbook to spin up a container and configure it. I pass the final role as a parameter. “gather facts” is off since the container images don’t have python by default and I install it manually using role “common”.
Thanks Pshem - lots of details. I think after thinking over this with a colleague, I plan to go with docker mainly because of future usage (compose / swarm / existing container projects within company).
Curious on how to best utilize a docker jinji template in ansible workflow of starting containers. any ideas welcome.