Ajout du compte au groupe docker
adduser jean docker
Attention, cela créé une faille de sécurité
Exemple
docker run -ti --privileged -v /:/host fedora chroot /host
Dockerfile
FROM debian:jessie #ENV http_proxy http://192.168.56.1:3128 #ENV https_proxy http://192.168.56.1:3128 ARG https_proxy ARG http_proxy ENV DEBIAN_FRONTEND noninteractive ENV TERM linux ENV LANG C.UTF-8 ENV LANGUAGE C.UTF-8 ENV LC_ALL C.UTF-8 RUN echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list RUN (apt-get update && apt-get upgrade -y -q && apt-get dist-upgrade -y -q && apt-get -y -q autoclean && apt-get -y -q autoremove) RUN apt-get install -q -y --no-install-recommends openssh-server python-minimal tmux bash locales sudo vim supervisor RUN apt-get install -q -y --no-install-recommends -t jessie-backports ansible RUN (locale-gen fr_FR.UTF-8 UTF-8 && dpkg-reconfigure locales) RUN mkdir -p /var/run/sshd RUN mkdir /root/.ssh RUN echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQP77kB6AoqUSfvgy844x46CpJC5qLFTgnh2meUxMxA98jvk8TkheKICY2WBiEdORC4uGWVuMEIy0Zy/vL25JFlu7lgZ2B8g7r7JmITpVQMc+TlF5GyJqE1r56A5ljqZXKVVE9PnLCi2FN0rhQLpYM645U0Akvkc6yS0+6RFSWkobrC9/F1L6PU+dzmw6Yisd2nFDjw/J43QrADGPi3HCY+xTjcW/TD8FyGlNWuvNlvHY8aQKoOnuvWnK7F32ciaJE6/8BLKCap/lmkEtxAFd7hAt5YpLK6lNXtkbTKxBZF7SChVW4KJbI5IK2kaHIuXBhMfVTt3xSxk08wahbnVhV root@debian2.localdomain" > /root/.ssh/authorized_keys COPY sshd.conf /etc/supervisor/conf.d/sshd.conf EXPOSE 22 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf", "-n"]
Conf supervisord
sshd.conf
[program:sshd] directory=/ command=/usr/sbin/sshd autostart=true autorestart=true user = root
#docker build --no-cache -t plop --build-arg http_proxy=http://192.168.56.1:3128 --build-arg https_proxy=http://192.168.56.1:3128 . docker build -t plop --build-arg http_proxy=http://192.168.56.1:3128 --build-arg https_proxy=http://192.168.56.1:3128 .
Vagrantfile
Vagrant.configure("2") do |config| config.vm.provider "docker" do |d| #d.image = "debian:jessie" d.remains_running = false d.build_dir = "." d.has_ssh = true d.create_args = ['--name=ansible1'] end config.ssh.username = "root" config.ssh.private_key_path = "~/.ssh/id_rsa" config.vm.provision "ansible" do |ansible| ansible.playbook = "play-fi.yml" ansible.extra_vars = { hostname: "default" } end end
Un Makefile pour nous simplifier la vie
Makefile
FicListYaml = $(shell find . -type f -iname "*.yml" -not -iname "mdp.yml") FicListPlayBook = $(shell echo play*.yml) check: check-yaml check-ansible # Check YAML syntax check-yaml: for Fic in $(FicListYaml); do \ ansible-lint "$$Fic" || break ; \ done check-ansible: for Fic in $(FicListPlayBook); do \ ansible-playbook --check "$$Fic" || break ; \ done apply: for Fic in $(FicListPlayBook); do \ ansible-playbook "$$Fic" || break ; \ done # Check idempotent check-active: $(eval changed := $(shell ansible-playbook play-fi.yml |tail -2 |sed -e 's/^.*changed=\([0-9][0-9]*\).*/\1/')) @if [ "$(changed)" != "0" ]; then\ echo "ERR NO idempostent";\ false ;\ fi clean: rm -f *.retry vagrant destroy -f build: vagrant up --provider=docker status: vagrant global-status docker ps
La commande hostname échoue dans un Docker
J'ai dû utiliser la clause WHEN
- name: define hostname hostname: name='{{hostnameFqdn}}' when: ansible_virtualization_type != "docker"
La modification du fichier /etc/hosts via lineinfile pose également pb.
Could not replace file: /tmp/tmpu74RFY to /etc/hosts: [Errno 16] Device or resource busy