{{tag>Brouillon}}
= Ansible Vagrant et Docker
== Docker
=== Install
==== Proxy
Voir [[Notes - docker - proxy]]
==== Général
Ajout du compte au groupe **docker**
adduser jean docker
**Attention, cela créé une faille de sécurité**
Exemple
docker run -ti --privileged -v /:/host fedora chroot /host
Voir http://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/
=== Conf conteneur
''Dockerfile''
FROM debian:jessie
#ENV http_proxy http://192.168.56.1:3128
#ENV https_proxy http://192.168.56.1:3128
ARG https_proxy
ARG http_proxy
ENV DEBIAN_FRONTEND noninteractive
ENV TERM linux
ENV LANG C.UTF-8
ENV LANGUAGE C.UTF-8
ENV LC_ALL C.UTF-8
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list
RUN (apt-get update && apt-get upgrade -y -q && apt-get dist-upgrade -y -q && apt-get -y -q autoclean && apt-get -y -q autoremove)
RUN apt-get install -q -y --no-install-recommends openssh-server python-minimal tmux bash locales sudo vim supervisor
RUN apt-get install -q -y --no-install-recommends -t jessie-backports ansible
RUN (locale-gen fr_FR.UTF-8 UTF-8 && dpkg-reconfigure locales)
RUN mkdir -p /var/run/sshd
RUN mkdir /root/.ssh
RUN echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQP77kB6AoqUSfvgy844x46CpJC5qLFTgnh2meUxMxA98jvk8TkheKICY2WBiEdORC4uGWVuMEIy0Zy/vL25JFlu7lgZ2B8g7r7JmITpVQMc+TlF5GyJqE1r56A5ljqZXKVVE9PnLCi2FN0rhQLpYM645U0Akvkc6yS0+6RFSWkobrC9/F1L6PU+dzmw6Yisd2nFDjw/J43QrADGPi3HCY+xTjcW/TD8FyGlNWuvNlvHY8aQKoOnuvWnK7F32ciaJE6/8BLKCap/lmkEtxAFd7hAt5YpLK6lNXtkbTKxBZF7SChVW4KJbI5IK2kaHIuXBhMfVTt3xSxk08wahbnVhV root@debian2.localdomain" > /root/.ssh/authorized_keys
COPY sshd.conf /etc/supervisor/conf.d/sshd.conf
EXPOSE 22
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf", "-n"]
Conf supervisord
''sshd.conf''
[program:sshd]
directory=/
command=/usr/sbin/sshd
autostart=true
autorestart=true
user = root
#docker build --no-cache -t plop --build-arg http_proxy=http://192.168.56.1:3128 --build-arg https_proxy=http://192.168.56.1:3128 .
docker build -t plop --build-arg http_proxy=http://192.168.56.1:3128 --build-arg https_proxy=http://192.168.56.1:3128 .
== Vagrant
''Vagrantfile''
Vagrant.configure("2") do |config|
config.vm.provider "docker" do |d|
#d.image = "debian:jessie"
d.remains_running = false
d.build_dir = "."
d.has_ssh = true
d.create_args = ['--name=ansible1']
end
config.ssh.username = "root"
config.ssh.private_key_path = "~/.ssh/id_rsa"
config.vm.provision "ansible" do |ansible|
ansible.playbook = "play-fi.yml"
ansible.extra_vars = {
hostname: "default"
}
end
end
== Autre
Un Makefile pour nous simplifier la vie
''Makefile''
FicListYaml = $(shell find . -type f -iname "*.yml" -not -iname "mdp.yml")
FicListPlayBook = $(shell echo play*.yml)
check: check-yaml check-ansible
# Check YAML syntax
check-yaml:
for Fic in $(FicListYaml); do \
ansible-lint "$$Fic" || break ; \
done
check-ansible:
for Fic in $(FicListPlayBook); do \
ansible-playbook --check "$$Fic" || break ; \
done
apply:
for Fic in $(FicListPlayBook); do \
ansible-playbook "$$Fic" || break ; \
done
# Check idempotent
check-active:
$(eval changed := $(shell ansible-playbook play-fi.yml |tail -2 |sed -e 's/^.*changed=\([0-9][0-9]*\).*/\1/'))
@if [ "$(changed)" != "0" ]; then\
echo "ERR NO idempostent";\
false ;\
fi
clean:
rm -f *.retry
vagrant destroy -f
build:
vagrant up --provider=docker
status:
vagrant global-status
docker ps
== Pb
La commande **hostname** échoue dans un Docker
J'ai dû utiliser la clause **WHEN**
- name: define hostname
hostname: name='{{hostnameFqdn}}'
when: ansible_virtualization_type != "docker"
La modification du fichier /etc/hosts via **lineinfile** pose également pb.
Could not replace file: /tmp/tmpu74RFY to /etc/hosts: [Errno 16] Device or resource busy
https://github.com/William-Yeh/docker-ansible/issues/4