Hey, I know a lot of people, including me, using Ansible for 'fine tuning' Docker containers. First you build a universal base image, then run the container with Ansible and furthermore providing project specific configuration to the container with Ansible. Latter could be ssh key files, project specific plugins or configurations.
However you would do all that stuff on remote hosts like you have worked here so far with ssh connections from the Ansible control machine to remote servers. With Ansible 1.9.x people used wired workarounds to deploy things right into remote Docker containers. An approach was to add python and a proper authorized_keys file to the image, creating the container with Ansible on the remote host, dynamically adding the remote container to ansibles inventory and deploying further stuff into the container. How complex this could be in reallity I described in my article The Marriage of Ansible with Docker <https://bildung.xarif.de/xwiki/bin/Articles/The+Marriage+of+Ansible+and+Docker>, also mentioned on the Ansible Blog. With Ansible 2.x there came a hughe relief, the Docker connector. He makes it possible to deploy things right into Docker containers, without the hassle of preparing the base images for speaking with Ansible. But despite the fact that the Ansible docker module will control containers on remote hosts, the Docker connector will just work with containers on the Ansible control machine itself. Nevertheless the docker connector is using the local Docker client and Docker is designed from ground as a client-server tool. As such the Docker client is able to speak to a remote Docker daemon. As far as I know the Docker connector does not allow to specify the parameters for using a remote Docker daemon. That would be the CA cert of the daemon, the cert and key to use for the client as well as the remote address of the daemon itself. However three months ago I created a pull request as proposal how (easy it could be) to make the required parameters configurable: - PR: Introduce ansible_docker_host parameter for connection=docker #13294 <https://github.com/ansible/ansible/issues/13294> - Issue: Allow setup of docker remote connections #13425 <https://github.com/ansible/ansible/pull/13425> I am using the remote settings successfully since the PR and not just me but also colleagues and friends. But it is difficult to me to keep the PR up to date with the official Ansible develop branch as sometimes changes to the latter will result in conflicts with my PR. Also my PR is just a proposal of how to allow the setup of remote Docke daemons. I would like to see such a possibility in the official Ansible repos as it would make things easier to me and hopefully many others. In alignment with the remote Docker daemon configuration there is a second feature I would like to see in the Docker connector, that you would be able to set the user connected to the container: - PR: set user for docker connection #13388 <https://github.com/ansible/ansible/issues/13388> - Issue: use remote_user or become_user in docker connection#13424 <https://github.com/ansible/ansible/pull/13424> Some images, also official ones, where shipped with a non-root user as default user. So if you want to do some root tasks for instance in the official jenkins container, you couldn't do that with the Ansible Docker connector, as it does not allow to change the user for connecting to the container. So my question to the community: Is there a need for deploying to Docker containers on remote hosts? Is there somebody creating a better PR than mine, hopefully accepted to be merged? Greetings - ThomasS -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f4f61857-9b57-430f-a18b-2d587c29084a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
