From 3dface826f27f16ef74a2bc7a46eca5b83307bda Mon Sep 17 00:00:00 2001 From: Malin Freeborn Date: Sat, 16 Aug 2025 02:54:41 +0200 Subject: [PATCH] playing with ansible --- system/ansible/ansible_with_docker.md | 114 ++++++++++++++++++++++++++ virtualization/docker.md | 1 + 2 files changed, 115 insertions(+) create mode 100644 system/ansible/ansible_with_docker.md diff --git a/system/ansible/ansible_with_docker.md b/system/ansible/ansible_with_docker.md new file mode 100644 index 0000000..3b765fa --- /dev/null +++ b/system/ansible/ansible_with_docker.md @@ -0,0 +1,114 @@ +--- +title: "Ansible with Docker" +tags: [ "system", "ansible", "docker" ] +requires: [ "Docker" ] +--- + +Set up two containers: `deb` and `arch`, add them to an `ansible` hosts file, then do a 'ping' to see if they respond. + +## Required Packages + +- `ansible` +- `jq` +- `docker` + +## Debian Container + +```sh +docker run -di --rm --name deb --hostname deb debian +docker exec -it deb sh -c 'apt update && apt -y install openssh-server python3 sudo' +``` + +Generate the host's ssh keys, then start the ssh daemon: + +```sh +docker exec -it deb sh -c 'ssh-keygen -A' +docker exec -d deb /usr/sbin/sshd -D +``` + +## Arch Linux Container + +```sh +docker run -di --rm --name arch --hostname arch archlinux +docker exec -it arch sh -c 'pacman -Syu --noconfirm python sudo openssh' +docker exec -it arch sh -c 'ssh-keygen -A' +docker exec -d arch /usr/sbin/sshd -D +``` + +## `ssh` Keys + +Copy across your public ssh key to the container's `authorized_keys` file: + +```sh +pubkey=~/.ssh/id_rsa.pub +for hostname in arch deb; do + docker cp $pubkey $hostname:/root/.ssh/authorized_keys + docker exec -it $hostname sh -c "chown -R root:root /root/.ssh/" + docker exec -it $hostname sh -c "chmod -R 700 /root/.ssh/" +done +``` + +## Hosts File + +Find name of containers' IPv4 addresses. + +```sh +docker network inspect bridge +``` + +The output is awful. +Use `jq` to parse the `json`: + +```sh +docker network inspect bridge | jq -r '.[].Containers | .[].IPv4Address' +``` + +Now put those into a host file: + +```sh +docker_hosts=hosts.txt +echo '[containers]' > $docker_hosts + +docker network inspect bridge | \ + jq -r '.[].Containers | .[] | "root@" + .IPv4Address' | \ + cut -d/ -f1 >> $docker_hosts +``` + +You may need to add those host keys to your known hosts file. +Either connect interactively, or (for scripts): + +```sh +hosts="$(docker network inspect bridge | jq -r '.[].Containers | .[] | .Name + " " + .IPv4Address' | \ + cut -d/ -f1)" + +echo "$hosts" + +echo "$hosts" | while read hostname ip; do + printf "%s" "$ip" + key="$(docker exec $hostname cat /etc/ssh/ssh_host_ed25519_key.pub)" + echo "$ip $key" >> ~/.ssh/known_hosts +done +``` + +Check if they ping: + +```sh +ansible -i $docker_hosts all -m ping +``` + +This command produces an irritating warning about the python interpreter (i.e., `python3`). + +Make the warning shut-up: + +```sh +echo ' +[containers:vars] +ansible_python_interpreter=/usr/bin/python3.13' >> $docker_hosts +``` + +Now the ping is cleaner: + +```sh +ansible -i $docker_hosts all -m ping +``` + diff --git a/virtualization/docker.md b/virtualization/docker.md index 5997c69..9c5aeb0 100644 --- a/virtualization/docker.md +++ b/virtualization/docker.md @@ -1,6 +1,7 @@ --- title: "Docker" tags: [ "documentation", "virtualization" ] +requires: [ "Managing Groups" ] --- ```sh sudo pacman -S docker