andonome/lk
2
1
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3dface826f27f16ef74a2bc7a46eca5b83307bda
lk/system/ansible/ansible_with_docker.md
Malin Freeborn 3dface826f playing with ansible
2025-08-16 02:54:41 +02:00

2.4 KiB
Raw Blame History

title, tags, requires
title tags requires
Ansible with Docker
system
ansible
docker
Docker

Set up two containers: deb and arch, add them to an ansible hosts file, then do a 'ping' to see if they respond.

Required Packages

  • ansible
  • jq
  • docker

Debian Container

docker run -di --rm --name deb --hostname deb debian
docker exec -it deb sh -c 'apt update && apt -y install openssh-server python3 sudo'

Generate the host's ssh keys, then start the ssh daemon:

docker exec -it deb sh -c 'ssh-keygen -A'
docker exec -d deb /usr/sbin/sshd -D

Arch Linux Container

docker run -di --rm --name arch --hostname arch archlinux
docker exec -it arch sh -c 'pacman -Syu --noconfirm python sudo openssh'
docker exec -it arch sh -c 'ssh-keygen -A'
docker exec -d arch /usr/sbin/sshd -D

ssh Keys

Copy across your public ssh key to the container's authorized_keys file:

pubkey=~/.ssh/id_rsa.pub
for hostname in arch deb; do
    docker cp $pubkey $hostname:/root/.ssh/authorized_keys
    docker exec -it $hostname sh -c "chown -R root:root /root/.ssh/"
    docker exec -it $hostname sh -c "chmod -R 700 /root/.ssh/"
done

Hosts File

Find name of containers' IPv4 addresses.

docker network inspect bridge

The output is awful. Use jq to parse the json:

docker network inspect bridge  | jq -r '.[].Containers | .[].IPv4Address'

Now put those into a host file:

docker_hosts=hosts.txt
echo '[containers]' > $docker_hosts

docker network inspect bridge  | \
    jq -r '.[].Containers | .[] | "root@" + .IPv4Address' | \
    cut -d/ -f1 >> $docker_hosts

You may need to add those host keys to your known hosts file. Either connect interactively, or (for scripts):

hosts="$(docker network inspect bridge  | jq -r '.[].Containers | .[] | .Name + " " + .IPv4Address' | \
    cut -d/ -f1)"

echo "$hosts"

echo "$hosts" | while read hostname ip; do
    printf "%s" "$ip"
    key="$(docker exec $hostname cat /etc/ssh/ssh_host_ed25519_key.pub)"
    echo "$ip $key" >> ~/.ssh/known_hosts
done

Check if they ping:

ansible -i $docker_hosts all -m ping

This command produces an irritating warning about the python interpreter (i.e., python3).

Make the warning shut-up:

echo '
[containers:vars]
ansible_python_interpreter=/usr/bin/python3.13' >> $docker_hosts

Now the ping is cleaner:

ansible -i $docker_hosts all -m ping