Operate according to the Excel procedure manual! I saw on some site that ansible could be used to change the reality, so I tried to verify it in combination with docker. And I learned that ssh is unnecessary if I use ** "Docker connection plugin for Ansible" ** as the connection method to the container, so I made a note until I can connect after changing it.
os: centos7 ansible: 2.9.13 docker: 19.03.13 docker-compose: 1.26.2
The installation of each middle is omitted because various people are open to the public.
# OS
FROM centos:centos7
# pkg install
RUN yum install -y epel-release && \
yum update -y && \
yum install -y openssh-server openssh-clients sshpass && \
yum install -y net-tools vim
ENV LANG ja_JP.UTF-8
# root password
RUN echo password | passwd --stdin root
# # sshd_config edit
RUN sed -ri "s/#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
RUN systemctl enable sshd.service
CMD ["/sbin/init"]
Prepare a container for connection with ansible (I made it because I was trying to use ssh at first)
version: '3.7'
services:
srv1:
build:
context: .
dockerfile: srv-dockerfile
hostname: srv1
container_name: srv1
environment:
- TZ=Asia/Tokyo
restart: always
tty: true
networks:
app_net:
ipv4_address: 172.16.238.101
srv2:
build:
context: .
dockerfile: srv-dockerfile
hostname: srv2
container_name: srv2
environment:
- TZ=Asia/Tokyo
restart: always
tty: true
networks:
app_net:
ipv4_address: 172.16.238.102
#NW setting for fixed IP assignment
networks:
app_net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
I gave it a ** fixed IP ** because it seems to be useful for sshing.
# docker-compose up -d
Starting srv1 ... done
Starting srv2 ... done
[testGrp]
172.16.238.101
172.16.238.102
- name: start up a docker container
hosts: localhost
tasks:
- name: start up a docker container by running bash
command: docker-compose -f /srv/ansible/docker-compose.yml up -d
tags:
- never # docker-"always" in compose:Since it says "restart", I made it not work normally
- name: connection test
hosts: testGrp
connection: docker #Specifying the use of connection plugin
tasks:
- name: ping
ping:
# ansible-playbook -i hosts test-ansible.yml --check --diff
PLAY [start up a docker container] ***********************************************************************************************************************************
PLAY [connection test] ***********************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************
fatal: [172.16.238.101]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1602479114.98-3164-90901945313893 `\" && echo ansible-tmp-1602479114.98-3164-90901945313893=\"` echo ~/.ansible/tmp/ansible-tmp-1602479114.98-3164-90901945313893 `\" ), exited with result 1", "unreachable": true}
fatal: [172.16.238.102]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1602479115.05-3165-268763785818242 `\" && echo ansible-tmp-1602479115.05-3165-268763785818242=\"` echo ~/.ansible/tmp/ansible-tmp-1602479115.05-3165-268763785818242 `\" ), exited with result 1", "unreachable": true}
PLAY RECAP ***********************************************************************************************************************************************************
172.16.238.101 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
172.16.238.102 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
I failed safely. There was a possibility that the error message did not have the authority of the tmp folder, but there is no such thing as insufficient authority with ping, and I left it.
# docker-compose ps
Name Command State Ports
---------------------------------
srv1 /sbin/init Up
srv2 /sbin/init Up
# docker inspect srv1 | grep IPv4Address
"IPv4Address": "172.16.238.101"
# ping 172.16.238.101
PING 172.16.238.101 (172.16.238.101) 56(84) bytes of data.
64 bytes from 172.16.238.101: icmp_seq=1 ttl=64 time=0.133 ms
64 bytes from 172.16.238.101: icmp_seq=2 ttl=64 time=0.134 ms
Just in case, I executed it with ping alone, but since this was successful, I decided that there was no problem with the container itself.
[testGrp]
#172.16.238.101
#172.16.238.102
srv1
srv2
When I look at various articles that are helpful, I notice that all the articles are specified by "host name" when using the plug-in (half a day has passed at this point). So, change the target specification method from "IP" to ** "container name" **.
# ansible-playbook -i hosts test-ansible.yml --check --diff
PLAY [start up a docker container] ***********************************************************************************************************************************
PLAY [connection test] ***********************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************
ok: [srv2]
ok: [srv1]
TASK [ping] **********************************************************************************************************************************************************
ok: [srv2]
ok: [srv1]
PLAY RECAP ***********************************************************************************************************************************************************
srv1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
success!
Even if you don't look closely, it says "container name" or "host name" including the official one. Starting from the verification of ssh connection, it was a failure as a result of proceeding with the assumption that IP was fixed for the time being and IP specified connection was possible. .. ..
I really wanted to start everything including ansible in a container, but when I made it into a container, I could not access other containers via the corresponding plugin, so I installed it directly on the host for the time being. There was an article saying that you can use DooD, but for some reason the container did not recognize it and you could not use the docker command. .. .. Well, the main is not there, so later.