I like the chroot idea a little better on principle. What do you mean by "+ CHROOT: cannot save the state of the container in between runs of Ansible."
On Mon, Nov 25, 2013 at 11:31 AM, Nicolas Dudebout < [email protected]> wrote: > There are two approaches to configuring a Docker container with Ansible: > + CHROOT: configure a rootfs with the chroot connection plugin and import > it in Docker > + SSH: launch an ssh server in the container and use Ansible with the > default SSH connection plugin > > Each approach presents a drawback: > + CHROOT: cannot save the state of the container in between runs of > Ansible. > This prevents Docker from sharing rootfs layers and therefore prevents > caching. > + SSH: requires an SSH server running in the container. > This SSH server is not necessarily a desired service in the container. > Furthermore, paying the SSH setup and encryption costs for a local > container seems silly. > > Wouldn't it be nice to harvest the power of Docker rootfs sharing/caching > with the following Dockerfile: > ``` > PLUGIN ansible > FROM ubuntu > RUN apt-get install python apt-python > ANSIBLE install-things.yaml > ANSIBLE setup-things.yaml > ANSIBLE run-things.yaml > ``` > > If I understand Docker builds correctly, a `RUN <command>` directive work > as follows: > + Start the Docker container with rootfs available after the last line, > and the command `<command>`. > + Once `<command>` ends, the container stops and the rootfs is saved. > > Implementing an Ansible directive seems to be doable, using the accelerate > connection plugin without an SSH setup phase as follows: > + Start the Docker container with the command `python -c "<ansible > accelerate daemon code>"`. > + Use `ansible-playbook` with the accelerate-no-ssh connection plugin (to > be implemented) to configure the container. > + Once `ansible-playbook` is done, the daemon stops which stops the > container, and the rootfs can be saved. > > I have started a discussion regarding the Docker side of things at: > https://github.com/dotcloud/docker/issues/2841. It also includes a little > bit more of motivation of why I think Ansible and Docker are a good match. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- Michael DeHaan <[email protected]> CTO, AnsibleWorks, Inc. http://www.ansibleworks.com/ -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
