CLOSED - Ansible task on docker container - Docker command not found in PATH - docker

I am trying to execute some tasks on docker containers. I have 1 host dev.com.peer.2 with at least 1 container dev.com.peer.2.container1. I can't run even a debug task :
- debug:
msg: "Hello world from the Docker container '{{ inventory_hostname }}'"
I encounter this error :
fatal: [dev.com.peer.2.container1]: FAILED! => {"msg": "docker command not found in PATH"}
I understand the error but I don't get why ansible would call the docker command in the container and not on the host as defined. What did I do wrong ?
The host is defined in a previous task as follow :
TASK [debug] ****************************************************************************************************************************************************************
Monday 24 May 2021 09:25:21 +0200 (0:00:00.205) 0:10:06.777 ************
ok: [dev.com.peer.2] => {
"host_docker_inventory_list": {
"add_host": {
"groups": [
"remote_container"
],
"host_name": "dev.com.peer.2.container1",
"host_vars": {
"ansible_connection": "docker",
"ansible_docker_extra_args": "-H=tcp://*host_ip*:*api_port*",
"ansible_user": "root",
"inventory_dir": "/home/user/dev/deploy/inventories/dev",
"parenthostname": "dev.com.peer.2"
}
},
"changed": true,
"failed": false
}
}
I am running ansible 2.9.6 w/ python version = 3.8.5

Related

VS code terminal process failed to launch as debugging in attached running container

I'm trying to setup Airflow debugging environment with VS code using Remote - containers plugin. What I did so far:
docker-compose up the image apache/airflow:2.2.4 with Docker Desktop community 2.4 on macOS 10.13.6
Attach to the running airflow-scheduler container with Remote - containers plugin
Compose a launch.json file with
"version": "0.2.0",
"configurations": [
{
"name": "Airflow Test",
"type": "python",
"request": "launch",
// $ which airflow
"program": "/home/airflow/.local/bin/airflow",
"console": "integratedTerminal",
"args": [
"dags",
"test",
"task_of_middleware",
"2022-04-08"
],
"justMyCode": true
}
]
VS code pops up error below when I start debugging:
The terminal process failed to launch: Path to shell executable "/sbin/nologin" does not exist.
The attached running container shows error:
[1382 ms] Start: Run in container: for pid in `cd /proc && ls -d [0-9]*`; do { echo $pid ; readlink /proc/$pid/cwd ; readlink /proc/$pid/ns/mnt ; cat /proc/$pid/stat | tr "
[1518 ms] Container server: Error: spawn /sbin/nologin ENOENT
at Process.ChildProcess._handle.onexit (node:internal/child_process:282:19)
at onErrorNT (node:internal/child_process:477:16)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
[1525 ms] Error: spawn /sbin/nologin ENOENT
at Process.ChildProcess._handle.onexit (node:internal/child_process:282:19)
at onErrorNT (node:internal/child_process:477:16)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
[1530 ms] Container server: (node:11888) PromiseRejectionHandledWarning: Promise rejection was handled asynchronously (rejection id: 1)
(Use `node --trace-warnings ...` to show where the warning was created)
I think the container runs normally since I'm able to connect to container shell via Docker Desktop and run Airflow test command. Any advice would be appreciated.

Not sure if this is the best practice, I found a way to ease the error and make debugger run normally. Put a config into the Attached container configuration files by select Remote-Containers: Open Container Configuration File from the Command Palette after attaching.
// Container user VS Code should use when connecting
"remoteUser": "root"
Reference here.

Building a docker container via packer and provisioning via chef-solo fails on starting a service

the following is an excerpt of a much bigger image factory template that builds a centos:7 docker image. everything works as expected however i get a dbus error on the running container. any help is appreciated!
this same code works if:
i use vmware-iso or virtualbox builders.
i use a centos:6 image
what i have tried with no effect:
switched to chef-client -z
added the /sys/fs/cgroup:/sys/fs/cgroup:ro volume
added privileged to the docker builder
template:
{
"builders": [{
"type": "docker",
"image": "centos:7",
"privileged": true,
"changes": [
"ONBUILD RUN {{ isotime }}"
],
"volumes": {
"/sys/fs/cgroup": "/sys/fs/cgroup:ro"
},
"export_path": "~/tmp/party_parrot.tar"
}],
"provisioners": [{
"cookbook_paths": [
"chef"
],
"prevent_sudo": true,
"run_list": [
"redhat_factory::default"
],
"chef_license": "accept",
"type": "chef-solo"
}]
}
chef cookbook:
package 'tuned'
service 'tuned' do
action %i(start enable)
end
log:
docker: output will be in this color.
==> docker: Creating a temporary directory for sharing data...
==> docker: Pulling Docker image: centos:7
docker: 7: Pulling from library/centos
docker: Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
docker: Status: Image is up to date for centos:7
docker: docker.io/library/centos:7
==> docker: Starting docker container...
docker: Run command: docker run --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /Users/cr2p/.packer.d/tmp727655581:/packer-files -d -i -t --entrypoint=/bin/sh -- centos:7
docker: Container ID: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
==> docker: Using docker communicator to connect: 172.17.0.4
==> docker: Provisioning with chef-solo
docker: Installing Chef...
==> docker: % Total % Received % Xferd Average Speed Time Time Time Current
==> docker: Dload Upload Total Spent Left Speed
docker: el 7 x86_64
docker: Getting information for chef stable for el...
docker: downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=7&m=x86_64
docker: to file /tmp/install.sh.17/metadata.txt
docker: trying curl...
==> docker: 100 23409 100 23409 0 0 34412 0 --:--:-- --:--:-- --:--:-- 34374
docker: sha1 dffee30e640f443cf1fbf8db17f319db09c1e21e
docker: sha256 b855820c1697dad395d3798f265e8c431b54a3bd29bbbd9ef87995cceaad3f17
docker: url https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
docker: version 17.2.29
docker: downloaded metadata file looks valid...
docker: downloading https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
docker: to file /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm
docker: trying curl...
docker: Comparing checksum with sha256sum...
docker:
docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
docker:
docker: You are installing a package without a version pin. If you are installing
docker: on production servers via an automated process this is DANGEROUS and you will
docker: be upgraded without warning on new releases, even to new major releases.
docker: Letting the version float is only appropriate in desktop, test, development or
docker: CI/CD environments.
docker:
docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
docker:
docker: Installing chef
docker: installing with rpm...
==> docker: warning: /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
docker: Preparing... ########################################
docker: Updating / installing...
docker: chef-17.2.29-1.el7 ########################################
docker: Thank you for installing Chef Infra Client! For help getting started visit https://learn.chef.io
docker: Creating directory: /tmp/packer-chef-solo
docker: Creating directory: /tmp/packer-chef-solo/cookbooks-0
docker: Creating configuration file 'solo.rb'
docker: Creating JSON attribute file
docker: Executing Chef: chef-solo --no-color -c /tmp/packer-chef-solo/solo.rb -j /tmp/packer-chef-solo/node.json
docker: +---------------------------------------------+
docker: ✔ 2 product licenses accepted.
docker: +---------------------------------------------+
docker: Starting Chef Infra Client, version 17.2.29
docker: Patents: https://www.chef.io/patents
docker: [2021-06-17T15:02:07+00:00] WARN: Plugin Network: unable to detect ipaddress
docker: [2021-06-17T15:02:07+00:00] ERROR: shard_seed: Failed to get dmi property serial_number: is dmidecode installed?
docker: resolving cookbooks for run list: ["redhat_factory::default"]
docker: Synchronizing Cookbooks:
docker: - redhat_factory (1.0.0)
docker: Installing Cookbook Gems:
docker: Compiling Cookbooks...
docker: [2021-06-17T15:02:08+00:00] WARN: Resource yum_package built into Chef Infra Client is being overridden by the resource from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
docker: [2021-06-17T15:02:08+00:00] WARN: Provider yum_package built into Chef Infra Client is being overridden by the provider from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
docker: Converging 4 resources
docker: Recipe: redhat_factory::default
docker: * entitler[entitler] action nothing (skipped due to action :nothing)
docker: Recipe: redhat_factory::dummy
docker: * yum_package[tuned] action install
docker: - install version 0:2.11.0-11.el7_9.noarch of package tuned
docker: * service[tuned] action start
docker: * service[tuned]: No custom command for start specified and unable to locate the init.d script!
docker: ================================================================================
docker: Error executing action `start` on resource 'service[tuned]'
docker: ================================================================================
docker:
docker: Chef::Exceptions::Service
docker: -------------------------
docker: service[tuned]: No custom command for start specified and unable to locate the init.d script!
docker:
docker: Resource Declaration:
docker: ---------------------
docker: # In /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb
docker:
docker: 3: service 'tuned' do
docker: 4: action %i(start enable)
docker: 5: end
docker:
docker: Compiled Resource:
docker: ------------------
docker: # Declared in /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb:3:in `from_file'
docker:
docker: service("tuned") do
docker: action [:start, :enable]
docker: default_guard_interpreter :default
docker: declared_type :service
docker: cookbook_name "redhat_factory"
docker: recipe_name "dummy"
docker: service_name "tuned"
docker: supports {:restart=>nil, :reload=>nil, :status=>nil}
docker: end
docker:
docker: System Info:
docker: ------------
docker: chef_version=17.2.29
docker: platform=centos
docker: platform_version=7.9.2009
docker: ruby=ruby 3.0.1p64 (2021-04-05 revision 0fb782ee38) [x86_64-linux]
docker: program_name=/usr/bin/chef-solo
docker: executable=/opt/chef/bin/chef-solo
docker:
docker:
docker: Running handlers:
docker: [2021-06-17T15:02:37+00:00] ERROR: Running exception handlers
docker: Running handlers complete
docker: [2021-06-17T15:02:37+00:00] ERROR: Exception handlers complete
docker: Chef Infra Client failed. 1 resources updated in 31 seconds
docker: [2021-06-17T15:02:37+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
docker: [2021-06-17T15:02:37+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
docker: [2021-06-17T15:02:37+00:00] FATAL: Chef::Exceptions::Service: service[tuned] (redhat_factory::dummy line 3) had an error: Chef::Exceptions::Service: service[tuned]: No custom command for start specified and unable to locate the init.d script!
==> docker: Provisioning step had errors: Running the cleanup provisioner, if present...
==> docker: Killing the container: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
Build 'docker' errored after 48 seconds 995 milliseconds: Error executing Chef: Non-zero exit status: 1
==> Wait completed after 48 seconds 996 milliseconds
==> Some builds didn't complete successfully and had errors:
--> docker: Error executing Chef: Non-zero exit status: 1
==> Builds finished but no artifacts were created.
connecting to the running container:
[root#a74a6b2cfa39 /]# systemctl --system status tuned
Failed to get D-Bus connection: Operation not permitted
[root#a74a6b2cfa39 /]# systemctl --system start tuned
Failed to get D-Bus connection: Operation not permitted
thanks in advance!

i've been able to solve this by modifying my work in the following ways:
modify the run_command specifically the entrypoint attribute
add the tmpfs array
finally modify the staging directory of the chef provisioner
packer template:
{
"builders": [{
"type": "docker",
"image": "centos:7",
"pull": false,
"privileged": true,
"changes": [
"ONBUILD RUN {{ isotime }}"
],
"volumes": {
"/sys/fs/cgroup": "/sys/fs/cgroup:ro"
},
"export_path": "~/tmp/party_parrot.tar",
"tmpfs": [
"/tmp",
"/run"
],
"run_command": ["-d", "-i", "-t", "--entrypoint=/usr/sbin/init", "--", "{{.Image}}"]
}],
"provisioners": [{
"cookbook_paths": [
"chef"
],
"prevent_sudo": true,
"run_list": [
"redhat_factory::default"
],
"chef_license": "accept",
"type": "chef-solo",
"staging_directory": "/chef"
}]
}

The "systemctl" script is small program that just communicates with the systemd dameon on PID 1 in a system. The communication channel is opened by asking d-bus which is also not started. The privledged/cgroup trick had been used for some time until docker containers were able to run the systemd daemon directly.
Personally I'd prefer to use the docker-systemctl-replacement/ in order to get an installer up and running that was not prepared for a docker environment. While it was developed with "ansible" in mind it may be interesting to see it working with "chef" instead.

Ansible invoked via Jenkins error "Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock"

Looks like this question has been asked before but I have done what other people suggested yet, still get the error.
The user I am running jenkins on is called: jenkinsuser
docker is installed with version: Docker version 20.10.4, build d3cb89e
jenkinsuser is already in docker group:
$> grep docker /etc/group
docker:x:497:jenkinsuser
My ansible script looks like this:
---
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name:
"get the username running the deploy"
local_action: command whoami
register: username_on_the_host
- debug: var=username_on_the_host
- name:
"Download tensorflow/serving image"
shell: docker pull tensorflow/serving
become: false
and when I invoke it using Jenkins it errors with:
TASK [get the username running the deploy] *************************************
changed: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"username_on_the_host": {
"changed": true,
"cmd": [
"whoami"
],
"delta": "0:00:00.014707",
"end": "2021-03-05 16:29:34.138218",
"failed": false,
"rc": 0,
"start": "2021-03-05 16:29:34.123511",
"stderr": "",
"stderr_lines": [],
"stdout": "jenkinsuser",
"stdout_lines": [
"jenkinsuser"
]
}
}
TASK [Download tensorflow/serving image] ***************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "docker pull tensorflow/serving", "delta": "0:00:00.120564", "end": "2021-03-05 16:29:50.688169", "msg": "non-zero return code", "rc": 1, "start": "2021-03-05 16:29:50.567605", "stderr": "Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=tensorflow%2Fserving&tag=latest: dial unix /var/run/docker.sock: connect: permission denied", "stderr_lines": ["Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=tensorflow%2Fserving&tag=latest: dial unix /var/run/docker.sock: connect: permission denied"], "stdout": "Using default tag: latest", "stdout_lines": ["Using default tag: latest"]}
Am i missing something??
Also, I can not run as root on the jenkins server so i can't run it as root.
$> stat /var/run/docker.sock
File: ‘/var/run/docker.sock’
Size: 0 Blocks: 0 IO Block: 4096 socket
Device: 14h/20d Inode: 558480959 Links: 1
Access: (0660/srw-rw----) Uid: ( 0/ root) Gid: ( 497/ docker)
Access: 2021-03-05 20:01:04.712848585 +0000
Modify: 2021-03-02 22:00:01.367880977 +0000
Change: 2021-03-02 22:00:01.376880979 +0000
Birth: -

Launching Multiple Docker Containers using Ansible

I am trying to build an image and trying to launch multiple docker containers using ansible playbook. I am not able to understand how do i publish the ports. The below playbook gives me an error which is quite obvious that the port is already allocated but then how do i achieve this because from outside the containers there will only be one port right to acces all the containers?
Playbook -
- name: Manage Docker instances via Ansible
hosts: shashank-VM
connection: local
become: yes
become_method: sudo
tasks:
- name: Building an image from Dockerfile
docker_image:
build:
path: .
pull: yes
name: web_new
source: build
- name: Creation of Docker Containers
docker_container:
name: my-app-{{ item }}
image: web_new
state: present
ports:
- "79:80"
with_sequence: count=3
- name: Starting Docker Containers
docker_container:
name: my-app-{{ item }}
image: web_new
state: started
with_sequence: count=3
Error -
changed: [shashank-VM]
TASK [Creation of Docker Containers] *********************************************************************************************************
changed: [shashank-VM] => (item=1)
changed: [shashank-VM] => (item=2)
changed: [shashank-VM] => (item=3)
TASK [Starting Docker Containers] ************************************************************************************************************
changed: [shashank-VM] => (item=1)
failed: [shashank-VM] (item=2) => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "ansible_loop_var": "item", "changed": false, "item": "2", "msg": "Error starting container beb7f1d204f47862d16722f70b812df7193ddacf12d15350a9095cec2ebf4d85: 500 Server Error: Internal Server Error (\"driver failed programming external connectivity on endpoint my-app-2 (880c06fe9e2efa75537e350734be1d46d0cc76e7acf70733d19ad38706dde5ab): Bind for 0.0.0.0:78 failed: port is already allocated\")"}
failed: [shashank-VM] (item=3) => {"ansible_loop_var": "item", "changed": false, "item": "3", "msg": "Error starting container 048f2f3ea6fed5e094fdf59a4650b2b3f8164d804ee7dc8875e6e95bda1300d7: 500 Server Error: Internal Server Error (\"driver failed programming external connectivity on endpoint my-app-3 (8247f75384b240cb9bf1ee66cc9f0404df5465e6c08903304f14bd813c218fa1): Bind for 0.0.0.0:78 failed: port is already allocated\")"}
NOTE : I have an application for which I am building an image and there will be multiple containers running for that image. How do i accessible my application from outside? How do i work on the ports?
Any help is appreciated

The cause of the issue is here:
> Bind for 0.0.0.0:78 failed: port is already allocated
Check what application/container blocks port 78
You can do it with ss:
sudo ss -plunt | grep :78
Or with lsof:
lsof -i :78
Or with fuser:
fuser -v -n tcp 78

unable to load ansible playbook to a docker host (host unreachable)

im trying to : ansible-playbook install_docker.yml
and keep getting the following error:
TASK [setup] *******************************************************************
fatal: [172.17.0.2]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}
my playbook looks like this
---
- hosts: all
vars:
docker_opts: >
- "H unix:///var/run/docker.sock"
- "H tcp://0.0.0.0:2375"
remote_user: root
roles:
- angstwad.docker.ubuntu
im providing the docker host ip by copying the ip using:
docker inspect apacheweb1 | grep IPAddress
how can i reach the docker host?

Resources