Creating file via ansible directly in container - docker

I want to create a file, directly in a container directory.
I created a directory before:
- name: create private in container
ansible.builtin.file:
path: playcontainer:/etc/ssl/private/
state: directory
mode: 0755
But it doesn´t let me create a file in that directory
- name: openssl key
openssl_privatekey:
path: playcontainer:/etc/ssl/private/playkey.key
size: "{{ key_size }}"
type: "{{ key_type }}"`
What am I missing?

From scratch full example to interact with a container from ansible.
Please note that this is not always what you want to do. In this specific case, unless if testing an ansible role for example, the key should be written inside the image at build time when running your Dockerfile, or bind mounted from host at container start. You should not mess with the container filesystem once started on production.
First we create a container for our test:
docker run -d --rm --name so_example python:latest sleep infinity
Now we need an inventory to target that container (inventories/default/main.yml)
---
all:
vars:
ansible_connection: docker
hosts:
so_example:
Finally a test playbook.yml to achieve your goal:
---
- hosts: all
gather_facts: false
vars:
key_path: /etc/ssl/private
key_size: 4096
key_type: RSA
tasks:
- name: Make sure package requirements are met
apt:
name: python3-pip
state: present
- name: Make sure python requirements are met
pip:
name: cryptography
state: present
- name: Create private directory
file:
path: "{{ key_path }}"
state: directory
owner: root
group: root
mode: 0750
- name: Create a key
openssl_privatekey:
path: "{{ key_path }}/playkey.key"
size: "{{ key_size }}"
type: "{{ key_type }}"
Running the playbook gives:
$ ansible-playbook -i inventories/default/ playbook.yml
PLAY [all] *****************************************************************************************************************************************************************************************
TASK [Make sure package requirements are met] ******************************************************************************************************************************************************
changed: [so_example]
TASK [Make sure python requirements are met] *******************************************************************************************************************************************************
changed: [so_example]
TASK [Create private directory] ********************************************************************************************************************************************************************
changed: [so_example]
TASK [Create a key] ********************************************************************************************************************************************************************************
changed: [so_example]
PLAY RECAP *****************************************************************************************************************************************************************************************
so_example : ok=4 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
We can now check that the file is there
$ docker exec so_example ls -l /etc/ssl/private
total 5
-rw------- 1 root root 3243 Sep 15 13:28 playkey.key
$ docker exec so_example head -2 /etc/ssl/private/playkey.key
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA6xrz5kQuXbd59Bq0fqnwJ+dhkcHWCMh4sZO6UNCfodve7JP0
Clean-up:
docker stop so_example

Related

Ansible copy file to remote instance error

I have a Ansible playbook that run by Jenkins on server A, all it does is to copy a file folder from server A to a remote server B:
The code looks like this:
- hosts: "{{ lookup('env', 'REMOTE_HOST') }}"
any_errors_fatal: true # fail all hosts if any host fails
become: true
become_method: sudo
become_user: root
gather_facts: yes
vars:
date_time: "{{ lookup('env', 'DATE_TIME') }}"
version_main: 10.7
sql_dir: "~/code/data/sql/sql_data/{{ version_main }}"
remote_files_directory: "~/deploy/{{ version_main }}/{{ date_time }}/files"
tasks:
- name: "Copy SQL files from {{ sql_dir }} to {{ remote_files_directory }} on the remote host"
become: yes
become_user: user_a
ansible.builtin.copy:
src: "{{ sql_dir }}"
dest: "{{ remote_files_directory }}"
remote_src: true
All the SQL files are on server A, under user_a's home directory: ~/code/data/sql/sql_data/{{ version_main }}, and I want to copy them to server B(REMOTE_HOST) under the same user_a's home: ~/deploy/{{ version_main }}/{{ date_time }}/files
Variables REMOTE_HOST, DATE_TIME are from Jenkins.
The error I am getting with remote_src: true is:
[0;31 fatal: [server_B]: FAILED! => {"changed": false, "msg": "Source /home/user_a/code/data/sql/sql_data/10.7/ not found"}
If I set remote_src: false, I get this error:
[0;31 fatal: [server_B]: FAILED! => {"changed": false, "msg": "Could not find or access '~/code/data/sql/sql_data/10.7' on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option"}
I even added the delegate_to: "{{ lookup('env', 'DEPLOY_DATAMONTH_HOST') }}" and it does not make any differences.
Somehow it can not figure out the source file folder on server A which is where the Ansible and Jenkins run.
This is the Ansible version I have on server A.
ansible --version
ansible [core 2.13.7]
Usser jenkins can not access /home/user_a/code/data/sql/sql_data/10.7/ directly, but jenkins can sudo su - user_a, so I think
become: yes
become_user: user_a
should have helped.
What am I still missing?
I believe that defining this at the host level with the following code block:
become: true
become_method: sudo
become_user: root
takes priority over your attempt to become user_a in the tasks with the following code block:
become: yes
become_user: user_a

How to mount a data volume onto an added node on a Jelastic environment

I want to create a Jelastic environment with a load balancer and a cp node. I want to add the cp node with the addNodes api method, because it needs specific data to start. My manifest looks like this:
jpsVersion: 1.3
jpsType: install
application:
id: test-app
name: Test App
version: 0.0
env:
topology:
nodes:
- nodeGroup: bl
nodeType: nginx-dockerized
tag: 1.16.1
displayName: Node balancing
count: 1
fixedCloudlets: 1
cloudlets: 4
onInstall:
- addFile
- setup
actions:
addFile:
- cmd [bl]:
- mkdir /data
- echo "Hello world" > /data/test.txt
user: root
setup:
- addNodes:
- nodeGroup: cp
nodeType: docker
displayName: Test Mount
count: 1
fixedCloudlets: 1
cloudlets: 4
dockerName: alpine
volumeMounts:
/kickstart:
readOnly: true
sourcePath: /data
sourceNodeGroup: bl
dockerVolumes:
- /kickstart
For some reason, I want my alpine image to be provided with the data I am storing in the folder /kickstart. Of course, in that case, it's completely irrelevant. The example above is just kept simple enough to be reproducible. In my real use-case, the docker image I want to mount will not be able to run without some application-specific data that are filled up with the manifest's settings completed upon user input. That's why it is necessary that the data be available upon docker node addition.
My problem is that the above simple manifest does not work. Indeed, on my docker node, I have no access to /kickstart/test.txt folder. What am I doing wrong?
volumeMounts option is not available for action addNodes
Here is an example how to implement it:
type: install
name: Test App
​
nodes:
- nodeGroup: bl
nodeType: nginx
tag: 1.16.1
displayName: Node balancing
cloudlets: 4
​
- nodeGroup: cp
displayName: Test Mount
cloudlets: 4
image: alpine
startServiceOnCreation: false
volumes:
- /kickstart
volumeMounts:
/kickstart:
sourcePath: /data
sourceNodeGroup: bl
readOnly: true
onInstall:
- cmd [bl]: |-
echo "Hello world" > /data/test.txt
user: root
- env.control.ExecDockerRunCmd [${nodes.cp.join(id,)}]
also you can use non-existent directories in volumeMounts
it will create everything by itself

Restart mutiple Docker Containers using Ansible not happening

I am trying to restart my docker containers one by one for a particular image using Ansible but it doesn't seem to be happening. Below is my yml and what it is doing is exiting the current running container.
---
- name: restart app servers
hosts: shashank-VM
connection: local
become: yes
become_method: sudo
tasks:
- name: Get info on the Container
shell: docker ps | awk '/{{ item }}/{print $1}'
register: list_of_containers
with_items:
- ubuntu
- name: Restart Docker Service
docker_container:
name: "{{ item }}"
# image: ubuntu
state: started
restart: yes
with_items: "{{ list_of_containers.results | map(attribute='stdout_lines') | list }}"
If you see the below output when i run docker ps there are no running containers.
TASK [Restart Docker Service] ****************************************************************************************************************
/usr/lib/python2.7/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.25.9) or chardet (3.0.4) doesn't match a supported version!
RequestsDependencyWarning)
changed: [shashank-VM] => (item=c2310b76b005)
PLAY RECAP ***********************************************************************************************************************************
shashank-VM : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
shashank#shashank-VM:~/ansible$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
What am i doing wrong? Can someone help?
I don't think the docker_container module is designed to do what you want (i.e., restart an existing container). The module is designed to manage containers by name, not by id, and will check that the running container matches the options provided to docker_container.
You're probably better off simply using the docker command to restart your containers:
---
- name: restart app servers
hosts: shashank-VM
connection: local
become: yes
become_method: sudo
tasks:
- name: Get info on the Container
shell: docker ps | awk '/{{ item }}/{print $1}'
register: list_of_containers
with_items:
- ubuntu
- name: Restart Docker Service
command: docker restart {{ item }}
with_items: "{{ list_of_containers.results | map(attribute='stdout_lines') | list }}"

How to force Ansible to recreate a docker container if mounted files have changed

I'm trying to get Ansible to recreate an existing docker container in case one of the mounted files have changed. I tried to use docker_containerto remove the container, if it exists and any file has changed, before I deploy it using docker_stack and a compose file. Here is the code:
- name: Template configuration files to destination
template:
...
loop:
...
register: template_files_result
- name: Get docker container name
shell: "docker ps -f 'name=some_name' -q"
register: container_id
- name: Remove container
docker_container:
name: container_id.stdout
force_kill: yes
state: absent
vars:
files_changed: "{{ template_files_result | json_query('results[*].changed') }}"
when: container_id.stdout and files_changed is any
- name: Deploy
docker_stack:
state: present
name: stack_name
compose:
- "compose.yml"
with_registry_auth: true
However, the Remove container task never does anything and I can't figure out why.
What am I missing?

Ansible - playbook dynamic verbosity

I want to build a docker image from a Dockerfile. I can do this by using the bash like this:
[root#srv01 ~]# docker build -t appname/tomcat:someTag /root/Documents/myDockerfiles/tomcat
The good thing about having the image build using the bash is, that it prints to stdout what it executes step-by-step:
Step 1 : FROM tomcat:8.0.32-jre8
8.0.32-jre8: Pulling from library/tomcat
fdd5d7827f33: Already exists
...
When using Ansible in the following fashion from bash:
[root#localhost ansiblescripts]# ansible-playbook -vvvvv build-docker-image.yml:
Where the file build-docker-image.yml contains this content:
- name: "my build-docker-image.yml playbook"
hosts: myHost
tasks:
- name: "simple ping"
ping:
- name: "build the docker image"
become: yes
become_method: root
become_method: su
command: /bin/docker build -t something/tomcat:ver1 /home/docker/tomcat
#async: 1
#poll: 0
It waits for the whole build command to finish and then prints all the stdout as verbose output together in one piece.
Commenting in async:1 and poll:0 doesn't solve my problem, since it doesn't print the stdout at all.

Resources