Giter Club home page Giter Club logo

docker-ansible's Introduction

Docker image for ansible

Build Status Tag License

All #awesome-ci Docker images

ansible ansible-lint awesome-ci black checkmake eslint file-lint gofmt goimports golint jsonlint phpcbf phpcs php-cs-fixer pycodestyle pylint terraform-docs terragrunt terragrunt-fmt yamllint

All #awesome-ci Makefiles

Visit cytopia/makefiles for seamless project integration, minimum required best-practice code linting and CI.

View Dockerfile on GitHub.

Docker hub

Tiny Alpine-based multistage-build dockerized version of Ansible[1] in many different flavours. The image is built nightly against multiple stable versions and pushed to Dockerhub.

[1] Official project: https://github.com/ansible/ansible

Available Docker image versions

Ansible base

The following Ansible Docker images are as small as possible and only contain Ansible itself.

Docker tag Build from
latest Latest stable Ansible version
2.8 Latest stable Ansible 2.8.x version
2.7 Latest stable Ansible 2.7.x version
2.6 Latest stable Ansible 2.6.x version
2.5 Latest stable Ansible 2.5.x version
2.4 Latest stable Ansible 2.4.x version
2.3 Latest stable Ansible 2.3.x version

Ansible tools

The following Ansible Docker images contain everything from Ansible base and additionally: bash, git, gpg, jq and ssh.

Docker tag Build from
latest-tools Latest stable Ansible version
2.8-tools Latest stable Ansible 2.8.x version
2.7-tools Latest stable Ansible 2.7.x version
2.6-tools Latest stable Ansible 2.6.x version
2.5-tools Latest stable Ansible 2.5.x version
2.4-tools Latest stable Ansible 2.4.x version
2.3-tools Latest stable Ansible 2.3.x version

Ansible aws

The following Ansible Docker images contain everything from Ansible tools and additionally: aws-cli, boto, boto3 and botocore.

Docker tag Build from
latest-aws Latest stable Ansible version
2.8-aws Latest stable Ansible 2.8.x version
2.7-aws Latest stable Ansible 2.7.x version
2.6-aws Latest stable Ansible 2.6.x version
2.5-aws Latest stable Ansible 2.5.x version
2.4-aws Latest stable Ansible 2.4.x version
2.3-aws Latest stable Ansible 2.3.x version

Ansible awsk8s

The following Ansible Docker images contain everything from Ansible aws and additionally: openshift and kubectl.

Docker tag Build from
latest-awsk8s Latest stable Ansible version
2.8-awsk8s Latest stable Ansible 2.8.x version
2.7-awsk8s Latest stable Ansible 2.7.x version
2.6-awsk8s Latest stable Ansible 2.6.x version
2.5-awsk8s Latest stable Ansible 2.5.x version
2.4-awsk8s Latest stable Ansible 2.4.x version
2.3-awsk8s Latest stable Ansible 2.3.x version

Ansible awskops

The following Ansible Docker images contain everything from Ansible awsk8s and additionally: kops in its latest patch level version.

Kops 1.12 (latest 1.12.x)

Docker tag Build from
latest-awskops1.12 Latest stable Ansible version
2.8-awskops1.12 Latest stable Ansible 2.8.x version
2.7-awskops1.12 Latest stable Ansible 2.7.x version
2.6-awskops1.12 Latest stable Ansible 2.6.x version
2.5-awskops1.12 Latest stable Ansible 2.5.x version
2.4-awskops1.12 Latest stable Ansible 2.4.x version
2.3-awskops1.12 Latest stable Ansible 2.3.x version

Kops 1.11 (latest 1.11.x)

Docker tag Build from
latest-awskops1.11 Latest stable Ansible version
2.8-awskops1.11 Latest stable Ansible 2.8.x version
2.7-awskops1.11 Latest stable Ansible 2.7.x version
2.6-awskops1.11 Latest stable Ansible 2.6.x version
2.5-awskops1.11 Latest stable Ansible 2.5.x version
2.4-awskops1.11 Latest stable Ansible 2.4.x version
2.3-awskops1.11 Latest stable Ansible 2.3.x version

Kops 1.10 (latest 1.10.x)

Docker tag Build from
latest-awskops1.10 Latest stable Ansible version
2.8-awskops1.10 Latest stable Ansible 2.8.x version
2.7-awskops1.10 Latest stable Ansible 2.7.x version
2.6-awskops1.10 Latest stable Ansible 2.6.x version
2.5-awskops1.10 Latest stable Ansible 2.5.x version
2.4-awskops1.10 Latest stable Ansible 2.4.x version
2.3-awskops1.10 Latest stable Ansible 2.3.x version

Kops 1.9 (latest 1.9.x)

Docker tag Build from
latest-awskops1.9 Latest stable Ansible version
2.8-awskops1.9 Latest stable Ansible 2.8.x version
2.7-awskops1.9 Latest stable Ansible 2.7.x version
2.6-awskops1.9 Latest stable Ansible 2.6.x version
2.5-awskops1.9 Latest stable Ansible 2.5.x version
2.4-awskops1.9 Latest stable Ansible 2.4.x version
2.3-awskops1.9 Latest stable Ansible 2.3.x version

Kops 1.8 (latest 1.8.x)

Docker tag Build from
latest-awskops1.8 Latest stable Ansible version
2.8-awskops1.8 Latest stable Ansible 2.8.x version
2.7-awskops1.8 Latest stable Ansible 2.7.x version
2.6-awskops1.8 Latest stable Ansible 2.6.x version
2.5-awskops1.8 Latest stable Ansible 2.5.x version
2.4-awskops1.8 Latest stable Ansible 2.4.x version
2.3-awskops1.8 Latest stable Ansible 2.3.x version

Ansible awshelm

The following Ansible Docker images contain everything from Ansible awsk8s and additionally: helm in its latest patch level version.

Helm 2.14 (latest 2.14.x)

Docker tag Build from
latest-awshelm2.14 Latest stable Ansible version
2.8-awshelm2.14 Latest stable Ansible 2.8.x version
2.7-awshelm2.14 Latest stable Ansible 2.7.x version
2.6-awshelm2.14 Latest stable Ansible 2.6.x version
2.5-awshelm2.14 Latest stable Ansible 2.5.x version
2.4-awshelm2.14 Latest stable Ansible 2.4.x version
2.3-awshelm2.14 Latest stable Ansible 2.3.x version

Heml 2.13 (latest 2.13.x)

Docker tag Build from
latest-awshelm2.13 Latest stable Ansible version
2.8-awshelm2.13 Latest stable Ansible 2.8.x version
2.7-awshelm2.13 Latest stable Ansible 2.7.x version
2.6-awshelm2.13 Latest stable Ansible 2.6.x version
2.5-awshelm2.13 Latest stable Ansible 2.5.x version
2.4-awshelm2.13 Latest stable Ansible 2.4.x version
2.3-awshelm2.13 Latest stable Ansible 2.3.x version

Helm 2.12 (latest 2.12.x)

Docker tag Build from
latest-awshelm2.12 Latest stable Ansible version
2.8-awshelm2.12 Latest stable Ansible 2.8.x version
2.7-awshelm2.12 Latest stable Ansible 2.7.x version
2.6-awshelm2.12 Latest stable Ansible 2.6.x version
2.5-awshelm2.12 Latest stable Ansible 2.5.x version
2.4-awshelm2.12 Latest stable Ansible 2.4.x version
2.3-awshelm2.12 Latest stable Ansible 2.3.x version

Helm 2.11 (latest 2.11.x)

Docker tag Build from
latest-awshelm2.11 Latest stable Ansible version
2.8-awshelm2.11 Latest stable Ansible 2.8.x version
2.7-awshelm2.11 Latest stable Ansible 2.7.x version
2.6-awshelm2.11 Latest stable Ansible 2.6.x version
2.5-awshelm2.11 Latest stable Ansible 2.5.x version
2.4-awshelm2.11 Latest stable Ansible 2.4.x version
2.3-awshelm2.11 Latest stable Ansible 2.3.x version

Docker environment variables

Environment variables are available for all flavours except for Ansible base.

Variable Default Allowed values Description
USER `` ansible Set this to ansible to have everything run inside the container by the user ansible instead of root
UID 1000 integer If your local uid is not 1000 set it to your uid to syncronize file/dir permissions during mounting
GID 1000 integer If your local gid is not 1000 set it to your gid to syncronize file/dir permissions during mounting

Docker mounts

The working directory inside the Docker container is /data/ and should be mounted locally to the root of your project where your Ansible playbooks are.

Examples

Run Ansible playbook

docker run --rm -v $(pwd):/data cytopia/ansible ansible-playbook playbook.yml

Run Ansible playbook with non-root user

# Use 'ansible' user inside Docker container
docker run --rm \
  -e USER=ansible \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml
# Use 'ansible' user inside Docker container
# Use custom uid/gid for 'ansible' user inside Docker container
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml

Run Ansible playbook with local ssh keys mounted

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.ssh/:/home/ansible/.ssh/:ro \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml

Run Ansible playbook with local gpg keys mounted

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml

Run Ansible Galaxy

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-galaxy install -r requirements.yml

Run Ansible playbook with AWS credentials

# Basic
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -v $(pwd):/data \
  cytopia/ansible:latest-aws ansible-playbook playbook.yml
# With AWS Session Token
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -v $(pwd):/data \
  cytopia/ansible:latest-aws ansible-playbook playbook.yml
# With ~/.aws/ config and credentials directories mounted (read/only)
# If you want to make explicit use of aws profiles, use this variant
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.aws/config:/home/ansible/.aws/config:ro \
  -v ${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
  -v $(pwd):/data \
  cytopia/ansible:latest-aws ansible-playbook playbook.yml

Run Ansible playbook against AWS and gpg vault initialization

Imagine your Ansible vault uses a script to gpg encrypt the passphrase for team members against multiple gpg keys. Using Docker will not allow you to have a popup open where you can enter the gpg key password. To circumvent this, you will need to initialize the gpg key password and then run Ansible.

The following Ansible vault script which can be shows how this is setup:

#!/bin/sh
# Read password from argument
if [ "${#}" -gt "0" ]; then
	gpg --pinentry-mode loopback --passphrase "${1}" --decrypt vault/pass.gpg
# Ask for password or use keyring (does not work inside Docker)
else
	gpg --batch --use-agent --decrypt vault/pass.gpg
fi

With this in mind the Ansible call would look as follows

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.aws/config:/home/ansible/.aws/config:ro \
  -v ${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
  -v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
  -v $(pwd):/data \
  cytopia/ansible:latest-aws \
  sh -c './vault/open_vault.sh '''THE_GPG_PASSWORD_HERE'''; ansible-playbook playbook.yml'
  • Note 1: the quoting for the GPG password is required in case you are using a ! as part of the passwort
  • Note 2: every $ sign in your GPG password will require 3 backslashes in front of it: \\\$

As the command is getting pretty long, you could wrap it into a Makefile.

ifneq (,)
.error This Makefile requires GNU Make.
endif

.PHONY: dry run

CURRENT_DIR = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
ANSIBLE = 2.8
UID = 1000
GID = 1000

dry:
ifndef GPG_PASS
	docker run --rm \
		-e USER=ansible \
		-e MY_UID=$(UID) \
		-e MY_GID=$(GID) \
		-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
		-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
		-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
		-v $(CURRENT_DIR):/data \
		cytopia/ansible:$(ANSIBLE)-aws ansible-playbook playbook.yml --check
else
	docker run --rm \
		-e USER=ansible \
		-e MY_UID=$(UID) \
		-e MY_GID=$(GID) \
		-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
		-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
		-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
		-v $(CURRENT_DIR):/data \
		cytopia/ansible:$(ANSIBLE)-aws \
		sh -c './vault/open_vault.sh '''$(GPG_PASS)'''; ansible-playbook playbook.yml --check'
endif

run:
ifndef GPG_PASS
	docker run --rm \
		-e USER=ansible \
		-e MY_UID=$(UID) \
		-e MY_GID=$(GID) \
		-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
		-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
		-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
		-v $(CURRENT_DIR):/data \
		cytopia/ansible:$(ANSIBLE)-aws ansible-playbook playbook.yml
else
	docker run --rm \
		-e USER=ansible \
		-e MY_UID=$(UID) \
		-e MY_GID=$(GID) \
		-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
		-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
		-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
		-v $(CURRENT_DIR):/data \
		cytopia/ansible:$(ANSIBLE)-aws \
		sh -c './vault/open_vault.sh '''$(GPG_PASS)'''; ansible-playbook playbook.yml'
endif

Then you can call it easily:

# With GPG password
make dry GPG_PASS='THE_GPG_PASSWORD_HERE'
make run GPG_PASS='THE_GPG_PASSWORD_HERE'

# Without GPG password
make dry
make run

# With different Ansible version
make dry ANSIBLE=2.6
make run ANSIBLE=2.6

# With different uid/gid
make dry UID=1001 GID=1001
make run UID=1001 GID=1001
  • Note: every $ sign in your GPG password will require 3 backslashes in front of it: \\\$

Related #awesome-ci projects

Docker images

Save yourself from installing lot's of dependencies and pick a dockerized version of your favourite linter below for reproducible local or remote CI tests:

GitHub DockerHub Type Description
awesome-ci aci-hub-img Basic Tools for git, file and static source code analysis
file-lint flint-hub-img Basic Baisc source code analysis
jsonlint jlint-hub-img Basic Lint JSON files [1]
yamllint ylint-hub-img Basic Lint Yaml files
ansible ansible-hub-img Ansible Multiple versions and flavours of Ansible
ansible-lint alint-hub-img Ansible Lint Ansible
gofmt gfmt-hub-img Go Format Go source code [1]
goimports gimp-hub-img Go Format Go source code [1]
golint glint-hub-img Go Lint Go code
eslint elint-hub-img Javascript Lint Javascript code
checkmake cm-hub-img Make Lint Makefiles
phpcbf pcbf-hub-img PHP PHP Code Beautifier and Fixer
phpcs pcs-hub-img PHP PHP Code Sniffer
php-cs-fixer pcsf-hub-img PHP PHP Coding Standards Fixer
black black-hub-img Python The uncompromising Python code formatter
pycodestyle pycs-hub-img Python Python style guide checker
pylint pylint-hub-img Python Python source code, bug and quality checker
terraform-docs tfdocs-hub-img Terraform Terraform doc generator (TF 0.12 ready) [1]
terragrunt tg-hub-img Terraform Terragrunt and Terraform
terragrunt-fmt tgfmt-hub-img Terraform terraform fmt for Terragrunt files [1]

[1] Uses a shell wrapper to add enhanced functionality not available by original project.

Makefiles

Visit cytopia/makefiles for dependency-less, seamless project integration and minimum required best-practice code linting for CI. The provided Makefiles will only require GNU Make and Docker itself removing the need to install anything else.

License

MIT License

Copyright (c) 2019 cytopia

docker-ansible's People

Contributors

cytopia avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.