Unable to create docker container with docker module

Hi all,

I’ve been trying the docker module and I’m facing permission issues.
My use case is the following:

• I installed ansible (ubuntu package 1.7.1), python pip (ubuntu package), docker-py (pip package)
• I created a playbook with a simple task based on the docker module. I want to create my container with ansible and provision it with ansible. I don’t want any ansible code to run inside my container.

I get this error:
msg: ConnectionError(MaxRetryError(“UnixHTTPConnectionPool(host=‘localhost’, port=None): Max retries exceeded with url: /run/docker.sock/v1.12/containers/json?all=1&limit=-1&trunc_cmd=1&size=0 (Caused by <class ‘socket.error’>: [Errno 13] Permission denied)”,),)

Intent : **create one container on localhost via ansible, (**maybe the playbook does not understand it the same way)
Pre-requisites: docker server is already up and running on localhost

I would be very grateful if anyone could explain me what I’m doing wrong because I must be doing somthing wrong as my script is so trivial.

Thank you for your help.

Regards,

Louis

Below various additional information (console outputs + playbook)

python version

$ python --version
Python 2.7.6

docker version

$ docker --version
Docker version 1.2.0, build fa7b24f

pip list

$ pip list
ansible (1.7.1)
apt-xapian-index (0.45)
argparse (1.2.1)
backports.ssl-match-hostname (3.4.0.2)
chardet (2.0.1)
colorama (0.2.5)
command-not-found (0.3)
debtagshw (0.1)
defer (1.0.6)
dirspec (13.10)
docker-py (0.5.0)
dopy (0.2.3)
html5lib (0.999)
httplib2 (0.8)
Jinja2 (2.7.2)
lxml (3.3.3)
MarkupSafe (0.18)
oauthlib (0.6.1)
oneconf (0.3.7)
PAM (0.4.2)
paramiko (1.10.1)
pexpect (3.1)
Pillow (2.3.0)
pip (1.5.4)
piston-mini-client (0.7.5)
psutil (1.2.1)
pycrypto (2.6.1)
pycups (1.9.66)
pycurl (7.19.3)
pygobject (3.12.0)
pyOpenSSL (0.13)
pyserial (2.6)
pysmbc (1.0.14.1)
python-apt (0.9.3.5)
python-debian (0.1.21-nmu2ubuntu2)
pyxdg (0.25)
PyYAML (3.10)
reportlab (3.0)
requests (2.3.0)
sessioninstaller (0.0.0)
setuptools (3.3)
six (1.5.2)
software-center-aptd-plugins (0.0.0)
Twisted-Core (13.2.0)
Twisted-Web (13.2.0)
urllib3 (1.7.1)
websocket-client (0.18.0)
wsgiref (0.1.2)
zope.interface (4.0.5)

playbook

Hi Louis, it looks like you’re running your playbook from a user account that does not have access to the docker socket file. You should run the playbook using the sudo: or su: options to switch to a user that does have permission, or configure docker to allow your current user to connect using the file socket shown in the error.

Hi James,

Thank you for your insight.
Actually I could not use any ansible property/directive in the playbook to run it successfully.
I had to run the whole ansible command with sudo… Which is not the best option I guess.

In addition 2 strange things occur when I run this playbook:

• the wait_for directive hangs indefinitely so I had to comment it.
• I was expecting a running container so in order to check the container status I listed containers (sudo docker ps -a): my container is there, created but not running. (No wonder why the wait_for directive hangs)

My next question to the community (if you don’t mind helping me) is how do I make sure my container is created and listening to port 22?
I tried “state=present” and “state=running” my container is still down off.

Thank you for your help.

Hi James,

Thank you for your insight.
Actually I could not use any ansible property/directive in the playbook to
run it successfully.
I had to run the whole ansible command with sudo... Which is not the best
option I guess.

ansible is typically used for system management. So if you are doing
something that needs more privileges you'll need to use it with an account
that has sufficient privileges to perform those actions[1]. For docker,
you can configure your docker server such that a normal user account can
connect to it or you can configure it so that only an account with specific
privileges (such as root) can do so. Ansible does not allow you to get
around your operating systems system of privileges, it simply makes it
easier to do things that you already have permission to do.

[1]: One note here, ansible has facilities that allow you to run it as a
normal user and switch to another user from inside ansible itself (using
sudo or su). This isn't much different than running ansible as root when
you're only talking to localhost but it can make a big difference when
you're using ansible to manage many remote machines.

In addition 2 strange things occur when I run this playbook:

- the wait_for directive hangs indefinitely so I had to comment it.
- I was expecting a running container so in order to check the container
status I listed containers (sudo docker ps -a): my container is there,
created but not running. (No wonder why the wait_for directive hangs)

My next question to the community (if you don't mind helping me) is how do
I make sure my container is created and listening to port 22?
I tried "state=present" and "state=running" my container is still down off.

This is actually a docker question. Many docker containers including the
ubuntu ones from docker hub aren't configured like a virtual machine that
you start up and it then runs constantly waiting for you to login and give
it commands. Instead, they're designed for you to give it a single command
which it then executes in the containers environment and then the container
exits after . That command could be a one-off that runs briefly, does one
thing and then exits or it could be a long running process that you can
interact with as you would a service running on a normal machine. If you
want a container that acts like a virtual machine running sshd that you can
connect to you likely need to either build a container that starts up sshd
as its command or look for a different container on docker hub that is
already built for that purpose.

-Toshio

Hi Toshio,

I’m so grateful that you took the time provide such a clear explanation.
On top of that I now have a better understanding of docker.

Thank you so much.

Regards,

Louis