As the release of Ansible 2.0 draws closer, I'd like to take a look at some of the new features that are coming down the pipe. In this post, we'll look at the docker connection driver.

A "connection driver" is the mechanism by which Ansible connects to your target hosts. These days it uses ssh by default (which relies on the OpenSSH command line client for connectivity), and it also offers the Paramiko library as an alternative ssh implementation (this was in fact the default driver in earlier versions of Ansible). Alternative drivers offered by recent versions of ansible included the winrm driver, for accessing Windows hosts, the fireball driver, a (deprecated) driver that used 0mq for communication, and jail, a driver for connecting to FreeBSD jails.

Ansible 2.0 will offer a docker connection driver, which can be used to connect to Docker containers via the docker exec command. Assuming you have a running container named target, you can run an ad-hoc command like this:

$ ansible all -i target, -c docker -m command -a 'uptime'
target | SUCCESS | rc=0 >>
 03:54:21 up 7 days, 15:00,  0 users,  load average: 0.81, 0.60, 0.46

You can specify the connection driver as part of a play in your playbook:

- hosts: target
  connection: docker
  tasks:
    - package:
        name: git
        state: latest

Or as a variable in your inventory. Here's an example that has both a docker container and an ssh-accessible host:

target ansible_connection=docker
server ansible_host=192.168.1.20 ansible_user=root

Given the following playbook:

- hosts: all
  tasks:
    - ping:

If we run it like this, assuming the above inventory is in the file inventory:

$ ansible-playbook -i inventory playbook.yml

The output will look something like:

TASK [ping] ********************************************************************
<192.168.1.20> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.1.20> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s ... 192.168.1.20 ...
<192.168.1.20> PUT /tmp/tmpbtrmo5 TO /root/.ansible/tmp/ansible-tmp-1444795190.49-64658551273604/ping
<192.168.1.20> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s ... 192.168.1.20 ...
ESTABLISH DOCKER CONNECTION FOR USER: lars
<target> EXEC ['/usr/bin/docker', 'exec', '-i', u'target', '/bin/sh', '-c', ...
<target> PUT /tmp/tmpNmcPTf TO /root/.ansible/tmp/ansible-tmp-1444795190.53-251446545325875/ping
<192.168.1.20> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.1.20> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s ... 192.168.1.20 ...
ok: [server -> localhost] => {"changed": false, "ping": "pong"}
<target> EXEC ['/usr/bin/docker', 'exec', '-i', u'target', '/bin/sh', '-c', ...
ok: [target -> localhost] => {"changed": false, "ping": "pong"}

PLAY RECAP *********************************************************************
server                     : ok=2    changed=0    unreachable=0    failed=0   
target                     : ok=2    changed=0    unreachable=0    failed=0

Now you have a unified mechanism for managing configuration changes in traditional hosts as well as in Docker containers.


Running NTP in a Container

Fri 09 October 2015 by Lars Kellogg-Stedman Tags docker atomic

Someone asked on IRC about running ntpd in a container on Atomic, so I've put together a small example. We'll start with a very simple Dockerfile:

FROM alpine
RUN apk update
RUN apk add openntpd
ENTRYPOINT ["ntpd"]

I'm using the alpine image as my starting point because it's very small …

read more

Heat-kubernetes Demo with Autoscaling

Next week is the Red Hat Summit in Boston, and I'll be taking part in a Project Atomic presentation in which I will discuss various (well, two) options for deploying Atomic into an OpenStack environment, focusing on my heat-kubernetes templates.

As part of that presentation, I've put together a short …

read more

Suggestions for the Docker MAINTAINER directive

Mon 27 April 2015 by Lars Kellogg-Stedman Tags docker

Because nobody asked for it, this is my opinion on the use of the MAINTAINER directive in your Dockerfiles.

The documentation says simply:

The MAINTAINER instruction allows you to set the Author field of the generated images.

Many people end up putting the name and email address of an actual …

read more

Converting hexadecimal ip addresses to dotted quads with Bash

Sun 08 March 2015 by Lars Kellogg-Stedman Tags bash docker

This is another post that is primarily for my own benefit for the next time I forget how to do this.

I wanted to read routing information directly from /proc/net/route using bash, because you never know what may or may not be available in the minimal environment of …

read more