Docker connection plugin

Archives Ansible Developer
1

Hi all,

I was looking for a way to configure Docker containers through Ansible (so effectively treating them as hosts), and I ran into this project by Lorin Hochstein:

https://github.com/lorin/ansible-docker-connection

It’s an Ansible connection plugin, which allows us to execute Ansible playbooks on Docker containers (without using SSH). It turned out that this plugin’s code wasn’t entirely compatible with the new Ansible v2 structure, so I fixed that, reworked the code a bit, and integrated it with the rest of Ansible here:

https://github.com/objectified/ansible/blob/feature-docker-connection/lib/ansible/plugins/connections/docker.py

About its potential uses:

  • leverage the power of Ansible to configure containers instead of doing everything from plain (limited) Dockerfiles combined with non-idempotent shell scripts
  • setting up and tearing down one-off containers such as CI build slaves to run isolated clean build jobs on (I’m planning to use it for this)
  • provisioning Docker containers during CI build jobs to push them to a remote registry
  • setting up development environments declaratively using Ansible

About the implementation:

  • it’s a fairly simple, thin connection plugin that uses docker exec to execute its commands (so no ssh daemon needed)
  • as long as you make sure the target container has Python on board, you’re good to go
  • the implementation currently uses the Docker CLI through subprocesses, instead of the docker-py module; I’m not sure if that’s the preferred way (I’m guessing it’s not), but from my experience with a few other projects that use docker-py, it’s moving quite fast but breaks integration fairly often; it might make sense to use it at a later phase, but then again - I’ll leave that for you to decide
  • to allow for copying files, cat is used on local files and sent to the stdin of the container’s exec; this is due to docker cp only being able to copy from the container to the host. This will apparently be fixed in Docker, see https://github.com/docker/docker/pull/13171 ); in the meantime, this trick seems to work fine
  • it can be integrated non-intrusively, as it doesn’t affect anything else

I would love to see this make it into upstream, and would gladly receive and process any feedback/input.

Thanks.

Regards,
Leendert