Ansible offers the following modules for orchestrating Docker containers:
Ansible 2.1.0 includes major updates to the Docker modules, marking the start of a project to create a complete and integrated set of tools for orchestrating containers. In addition to the above modules, we are also working on the following:
Still using Dockerfile to build images? Check out ansible-container, and start building images from your Ansible playbooks.
Use the shipit command in ansible-container to launch your docker-compose file on OpenShift. Go from an app on your laptop to a fully scalable app in the cloud in just a few moments.
There’s more planned. See the latest ideas and thinking at the Ansible proposal repo.
Using the docker modules requires having docker-py installed on the host running Ansible. You will need to have >= 1.7.0 installed.
$ pip install 'docker-py>=1.7.0'
The docker_service module also requires docker-compose
$ pip install 'docker-compose>=1.7.0'
You can connect to a local or remote API using parameters passed to each task or by setting environment variables. The order of precedence is command line parameters and then environment variables. If neither a command line option or an environment variable is found, a default value will be used. The default values are provided under Parameters
Control how modules connect to the Docker API by passing the following parameters:
unix://var/run/docker.sock
. To connect to a remote host, provide the TCP connection string. For example: tcp://192.0.2.23:2376
. If TLS is used to encrypt the connection to the API, then the module will automatically replace ‘tcp’ in the connection URL with ‘https’.Control how the modules connect to the Docker API by setting the following variables in the environment of the host running Ansible:
The inventory script generates dynamic inventory by making API requests to one or more Docker APIs. It’s dynamic because the inventory is generated at run-time rather than being read from a static file. The script generates the inventory by connecting to one or many Docker APIs and inspecting the containers it finds at each API. Which APIs the script contacts can be defined using environment variables or a configuration file.
The script will create the following host groups:
You can run the script interactively from the command line or pass it as the inventory to a playbook. Here are few examples to get you started:
# Connect to the Docker API on localhost port 4243 and format the JSON output DOCKER_HOST=tcp://localhost:4243 ./docker.py --pretty # Any container's ssh port exposed on 0.0.0.0 will be mapped to # another IP address (where Ansible will attempt to connect via SSH) DOCKER_DEFAULT_IP=192.0.2.5 ./docker.py --pretty # Run as input to a playbook: ansible-playbook -i ~/projects/ansible/contrib/inventory/docker.py docker_inventory_test.yml # Simple playbook to invoke with the above example: - name: Test docker_inventory hosts: all connection: local gather_facts: no tasks: - debug: msg="Container - {{ inventory_hostname }}"
You can control the behavior of the inventory script by defining environment variables, or creating a docker.yml file (sample provided in ansible/contrib/inventory). The order of precedence is the docker.yml file and then environment variables.
To connect to a single Docker API the following variables can be defined in the environment to control the connection options. These are the same environment variables used by the Docker modules.
In addition to the connection variables there are a couple variables used to control the execution and output of the script:
Using a configuration file provides a means for defining a set of Docker APIs from which to build an inventory.
The default name of the file is derived from the name of the inventory script. By default the script will look for basename of the script (i.e. docker) with an extension of ‘.yml’.
You can also override the default name of the script by defining DOCKER_CONFIG_FILE in the environment.
Here’s what you can define in docker_inventory.yml:
For the default host and each host in the hosts list define the following attributes:
host: description: The URL or Unix socket path used to connect to the Docker API. required: yes tls: description: Connect using TLS without verifying the authenticity of the Docker host server. default: false required: false tls_verify: description: Connect using TLS without verifying the authenticity of the Docker host server. default: false required: false cert_path: description: Path to the client's TLS certificate file. default: null required: false cacert_path: description: Use a CA certificate when performing server verification by providing the path to a CA certificate file. default: null required: false key_path: description: Path to the client's TLS key file. default: null required: false version: description: The Docker API version. required: false default: will be supplied by the docker-py module. timeout: description: The amount of time in seconds to wait on an API response. required: false default: 60 default_ip: description: The IP address to assign to ansible_host when the container's SSH port is mapped to interface '0.0.0.0'. required: false default: 127.0.0.1 private_ssh_port: description: The port containers use for SSH required: false default: 22
© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/guide_docker.html