Hi Thomas, Agree. Recently I started to work on a plateform allowing me to test ansible playbook from scratch using docker image. I was a little disapointed that I cannot use remote docker machine. As a workaround, I use DOCKER_HOST but it would be far better to use a ansible variable to handle this kind of things :)
Yannig Le samedi 27 février 2016 14:18:25 UTC+1, Thomas Steinbach a écrit : > > Hey, > > I know a lot of people, including me, using Ansible for 'fine tuning' > Docker containers. First you build a universal base image, then run the > container with Ansible and furthermore providing project specific > configuration to the container with Ansible. Latter could be ssh key files, > project specific plugins or configurations. > > However you would do all that stuff on remote hosts like you have worked > here so far with ssh connections from the Ansible control machine to remote > servers. With Ansible 1.9.x people used wired workarounds to deploy things > right into remote Docker containers. An approach was to add python and a > proper authorized_keys file to the image, creating the container with > Ansible on the remote host, dynamically adding the remote container to > ansibles inventory and deploying further stuff into the container. How > complex this could be in reallity I described in my article The Marriage > of Ansible with Docker > <https://bildung.xarif.de/xwiki/bin/Articles/The+Marriage+of+Ansible+and+Docker>, > > also mentioned on the Ansible Blog. > > With Ansible 2.x there came a hughe relief, the Docker connector. He makes > it possible to deploy things right into Docker containers, without the > hassle of preparing the base images for speaking with Ansible. But despite > the fact that the Ansible docker module will control containers on remote > hosts, the Docker connector will just work with containers on the Ansible > control machine itself. Nevertheless the docker connector is using the > local Docker client and Docker is designed from ground as a client-server > tool. As such the Docker client is able to speak to a remote Docker daemon. > > As far as I know the Docker connector does not allow to specify the > parameters for using a remote Docker daemon. That would be the CA cert of > the daemon, the cert and key to use for the client as well as the remote > address of the daemon itself. > > However three months ago I created a pull request as proposal how (easy it > could be) to make the required parameters configurable: > > - PR: Introduce ansible_docker_host parameter for connection=docker > #13294 <https://github.com/ansible/ansible/issues/13294> > - Issue: Allow setup of docker remote connections #13425 > <https://github.com/ansible/ansible/pull/13425> > > I am using the remote settings successfully since the PR and not just me > but also colleagues and friends. But it is difficult to me to keep the PR > up to date with the official Ansible develop branch as sometimes changes to > the latter will result in conflicts with my PR. > > Also my PR is just a proposal of how to allow the setup of remote Docke > daemons. I would like to see such a possibility in the official Ansible > repos as it would make things easier to me and hopefully many others. > > In alignment with the remote Docker daemon configuration there is a second > feature I would like to see in the Docker connector, that you would be able > to set the user connected to the container: > > - PR: set user for docker connection #13388 > <https://github.com/ansible/ansible/issues/13388> > - Issue: use remote_user or become_user in docker connection#13424 > <https://github.com/ansible/ansible/pull/13424> > > Some images, also official ones, where shipped with a non-root user as > default user. So if you want to do some root tasks for instance in the > official jenkins container, you couldn't do that with the Ansible Docker > connector, as it does not allow to change the user for connecting to the > container. > > So my question to the community: Is there a need for deploying to Docker > containers on remote hosts? Is there somebody creating a better PR than > mine, hopefully accepted to be merged? > > Greetings - ThomasS > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/44b8d22b-6969-4292-b9ed-33358cbb7b6a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
