im trying to : ansible-playbook install_docker.yml
and keep getting the following error:
TASK [setup] *******************************************************************
fatal: [172.17.0.2]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}
my playbook looks like this
---
- hosts: all
vars:
docker_opts: >
- "H unix:///var/run/docker.sock"
- "H tcp://0.0.0.0:2375"
remote_user: root
roles:
- angstwad.docker.ubuntu
im providing the docker host ip by copying the ip using:
docker inspect apacheweb1 | grep IPAddress
how can i reach the docker host?
Related
I'm facing a bit weird issue targeting in ansible docker containers.
Inventory
el7_02 ansible_port=6000 ansible_user=user ansible_host=localhost
el7_03 ansible_port=6001 ansible_user=user ansible_host=localhost
playbook
- shell: hostname
register: x
- debug: msg="{{ x.stdout}}, {{ansible_hostname}}, {{ansible_user}}, {{ansible_port}}"
output
TASK [Gathering Facts] *************************************************************************************************
ok: [el7_03]
ok: [el7_02]
TASK [x : shell] *************************************************************************************************
changed: [el7_03]
changed: [el7_02]
TASK [x : debug] *************************************************************************************************
ok: [el7_03] => {
"msg": "el7_02, el7_02, user, 6001"
}
ok: [el7_02] => {
"msg": "el7_02, el7_02, user, 6000"
}
as you can see for some reasons I see not expected hostname for the container el7_03. While I'd expect to see in a debug tasks for the docker el7_03 the same hostname (i.e. el7_03 but not el7_02). Why I receive "the wrong" output?
checking hostnames in docker
~/ $ ssh -p 6000 user#localhost 'hostname'
el7_02
~/ $ ssh -p 6001 user#localhost 'hostname'
el7_03
if I will switch to ansible_connection=docker then I get what I expect. however, I cannot use it because when I interact with anything located outside of my laptop (installing anything or downloading from the internet) time to time (and quite often) I receive timeouts. Maybe there is a way how to get rid of timeouts?
os: macos
ansible: 2.9.11
python: 3.8.5
docker: 19.0.3.8
thank you
you need to work around the issue that ansible looks up a host via hostname and not via hostname:port pair .
my workaround for this issue is as follows:
$ grep pi. /etc/hosts
127.0.0.1 pi1
127.0.0.1 pi2
127.0.0.1 pi3
# inventory contents:
$ cat all_rpis.ini
pi1:3321
pi2:3322
pi3:3323
I am trying to build an image and trying to launch multiple docker containers using ansible playbook. I am not able to understand how do i publish the ports. The below playbook gives me an error which is quite obvious that the port is already allocated but then how do i achieve this because from outside the containers there will only be one port right to acces all the containers?
Playbook -
- name: Manage Docker instances via Ansible
hosts: shashank-VM
connection: local
become: yes
become_method: sudo
tasks:
- name: Building an image from Dockerfile
docker_image:
build:
path: .
pull: yes
name: web_new
source: build
- name: Creation of Docker Containers
docker_container:
name: my-app-{{ item }}
image: web_new
state: present
ports:
- "79:80"
with_sequence: count=3
- name: Starting Docker Containers
docker_container:
name: my-app-{{ item }}
image: web_new
state: started
with_sequence: count=3
Error -
changed: [shashank-VM]
TASK [Creation of Docker Containers] *********************************************************************************************************
changed: [shashank-VM] => (item=1)
changed: [shashank-VM] => (item=2)
changed: [shashank-VM] => (item=3)
TASK [Starting Docker Containers] ************************************************************************************************************
changed: [shashank-VM] => (item=1)
failed: [shashank-VM] (item=2) => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "ansible_loop_var": "item", "changed": false, "item": "2", "msg": "Error starting container beb7f1d204f47862d16722f70b812df7193ddacf12d15350a9095cec2ebf4d85: 500 Server Error: Internal Server Error (\"driver failed programming external connectivity on endpoint my-app-2 (880c06fe9e2efa75537e350734be1d46d0cc76e7acf70733d19ad38706dde5ab): Bind for 0.0.0.0:78 failed: port is already allocated\")"}
failed: [shashank-VM] (item=3) => {"ansible_loop_var": "item", "changed": false, "item": "3", "msg": "Error starting container 048f2f3ea6fed5e094fdf59a4650b2b3f8164d804ee7dc8875e6e95bda1300d7: 500 Server Error: Internal Server Error (\"driver failed programming external connectivity on endpoint my-app-3 (8247f75384b240cb9bf1ee66cc9f0404df5465e6c08903304f14bd813c218fa1): Bind for 0.0.0.0:78 failed: port is already allocated\")"}
NOTE : I have an application for which I am building an image and there will be multiple containers running for that image. How do i accessible my application from outside? How do i work on the ports?
Any help is appreciated
The cause of the issue is here:
> Bind for 0.0.0.0:78 failed: port is already allocated
Check what application/container blocks port 78
You can do it with ss:
sudo ss -plunt | grep :78
Or with lsof:
lsof -i :78
Or with fuser:
fuser -v -n tcp 78
I use an ansible script to load & start the https://hub.docker.com/r/rastasheep/ubuntu-sshd/ container.
so it starts well of course :
bash-4.4$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8bedbd3b7d88 rastasheep/ubuntu-sshd "/usr/sbin/sshd -D" 37 minutes ago Up 36 minutes 0.0.0.0:49154->22/tcp test
bash-4.4$
so after ansible failure on ssh access to it I tested manually from shell
this is also ok.
bash-4.4$ ssh root#172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:YtTfuoRRR5qStSVA5UuznGamA/dvf+djbIT6Y48IYD0.
ECDSA key fingerprint is MD5:43:3f:41:e9:89:45:06:6f:f6:42:c4:6a:70:37:f8:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root#172.17.0.2's password:
root#8bedbd3b7d88:~# logout
Connection to 172.17.0.2 closed.
bash-4.4$
so the step that failed is trying to get on it from ansible script & make access to ssh-copy-id
ansible error message is :
Fatal: [172.17.0.2]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n", "unreachable": true}
---
- hosts: 127.0.0.1
tasks:
- name: start docker service
service:
name: docker
state: started
- name: load and start the container we wanna use
docker_container:
name: test
image: rastasheep/ubuntu-sshd
state: started
ports:
- "49154:22"
- name: Wait maximum of 300 seconds for ports to be available
wait_for:
host: 0.0.0.0
port: 49154
state: started
- hosts: 172.17.0.2
vars:
passwordadmin: $6$pbE6yznA$AeFIdI.....K0
passwordroot: $6$TMrxQUxT$I8.JIzR.....TV1
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
tasks:
- name: Build test container root user rsa ssh-key
shell: docker exec test ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
so I cannot even run the needed step to build ssh
how to do then ??
1st step (ansible task) : load docker container
2cd step (ansible task on only 172.17.0.2) : connect to it & setup it
there will be 3rd step to run application on it after that.
the problem occurs only when starting the 2cd step
Ok after many trys on a second container
conclusion is my procedure was bad
what I have done to solve that :
build a diroctory tree separating ./ ./inventory ./includes
build 1 yaml file by host (local, docker, labo)
build 1 main yaml file on ./
build 1 new host file in ./inventory
connect forced by sshpass to docker on default password
changed it
add the host key on authorized key to a login dedicated usage
installed pyhton (needed to answer ansible host else it makes
randomly module errors or refused connections depending on current
action)
setup a ssh login user in sudoers
then I can un the docker.yaml actions
then only at last I can run the labo.yaml actions.
Thanks for help
now I'm able to build the missing tools.
I am trying to deploy a docker setup using Ansible playbook. For this, I am using docker_service.
My Playbook looks like:
---
- name: Run Docker compose
hosts: all
gather_facts: no
tasks:
- debug: msg="Container - {{ inventory_hostname }}"
- docker_service:
project_src: "compose"
state: absent
- docker_service:
project_src: "compose"
state: present
Upon running this simple playbook as:
ansible-playbook -v playbook.yml --ask-sudo-pass
I added --ask-sudo-pass to ensure that it was not a permission issue.
OUTPUT
SUDO password:
PLAY [Run Docker compose] ******************************************************
TASK [debug] *******************************************************************
ok: [prolims-staging] => {
"msg": "Container - prolims-staging"
}
TASK [docker_service] **********************************************************
fatal: [prolims-staging]: FAILED! => {"changed": false, "msg": "Error connecting: Error while fetching server API version: ('Connection aborted.', error(13, 'Permission denied'))"}
to retry, use: --limit #/data/prolims-provision/provision-docker.retry
PLAY RECAP *********************************************************************
prolims-staging : ok=1 changed=0 unreachable=0 failed=1
I did try looking out for this issue on other forums as well ( and similar questions on this StackOverflow too), but those were not helpful.
Note: I am able to run docker-compose successfully in the target machine from its CLI (using sudo).
Also, I tried playing around with docker_container as well. I tried to execute a playbook with contents below:
...
- name: check container status
command: docker ps
register: result
- name: Create a container
docker_container:
name: db_pg
image: "postgres:latest"
state: present
recreate: yes
...
and running this playbook works perfectly fine.
I assume, posting my docker-compose file might not be relevant here.
I followed this example, but did not work. Maybe, I might be missing some stupid or really important thing here.
Any help on understanding and resolving this issue would be appreciated.
I am able to run docker-compose successfully in the target machine from its CLI (using sudo).
So you need to use become declaration for the task.
I added --ask-sudo-pass to ensure that it was not a permission issue.
Just adding --ask-sudo-pass to the ansible-playbook parameters doesn't have any effect unless the relevant tasks/plays have become declaration (and become_method is set to sudo, but this is by default).
Reference.
In DockerCloud I am trying to get my container to speak with the other container. I believe the problem is the hostname not resolving (this is set in /conf.d/kafka.yaml shown below).
To get DockerCloud to have the two containers communicate, I have tried many variations including the full host-name kafka-development-1 and kafka-development-1.kafka, etc.
The error I keep getting is in the datadog-agent info:
Within the container I run ./etc/init.d/datadog-agent info and receive:
kafka
-----
- instance #kafka-kafka-development-9092 [ERROR]: 'Cannot connect to instance
kafka-development:9092 java.io.IOException: Failed to retrieve RMIServer stub:
javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: \n\tjava.net.SocketException: Connection reset]' collected 0 metrics
- Collected 0 metrics, 0 events & 0 service checks
The steps I take for details
SSH Into Docker Node:
$ docker ps
CONTAINER | PORTS
datadog-agent-kafka-development-1.2fb73f62 | 8125/udp, 9001/tcp
kafka-development-1.3dc7c2d0 | 0.0.0.0:9092->9092/tcp
I log into the containers to see their values, this is the datadog-agent:
$ docker exec -it datadog-agent-kafka-development-1.2fb73f62 /bin/bash
$ > echo $DOCKERCLOUD_CONTAINER_HOSTNAME
datadog-agent-kafka-development-1
$ > tail /etc/hosts
172.17.0.7 datadog-agent-kafka-development-1
10.7.0.151 datadog-agent-kafka-development-1
This is the kafka container:
$ docker exec -it kafka-development-1.3dc7c2d0 /bin/bash
$ > echo $DOCKERCLOUD_CONTAINER_HOSTNAME
kafka-development-1
$ > tail /etc/hosts
172.17.0.6 kafka-development-1
10.7.0.8 kafka-development-1
$ > echo $KAFKA_ADVERTISED_HOST_NAME
kafka-development.c23d1d00.svc.dockerapp.io
$ > echo $KAFKA_ADVERTISED_PORT
9092
$ > echo $KAFKA_ZOOKEEPER_CONNECT
zookeeper-development:2181
Datadog conf.d/kafka.yaml:
instances:
- host: kafka-development
port: 9092 # This is the JMX port on which Kafka exposes its metrics (usually 9999)
tags:
kafka: broker
env: development
# ... Defaults Below
Can anyone see what I am doing wrong?