/docker-ansible-playbook

Docker Image of Ansible for executing ansible-playbook command against an externally mounted set of Ansible playbooks

Primary LanguageShell

Ansible Playbook Docker Image

Docker Image of Ansible for executing ansible-playbook command against an externally mounted set of Ansible playbooks. Based on philm/ansible_playbook

Build

docker build -t walokra/ansible-playbook .

Test

$ docker run --name ansible-playbook --rm walokra/ansible-playbook --version

ansible-playbook 2.3.0.0
  config file =
  configured module search path = [u'/opt/ansible/library']
  python version = 2.7.13 (default, Apr 20 2017, 12:13:37) [GCC 6.3.0]

Running Ansible Playbook

docker run --rm -it -v PATH_TO_LOCAL_PLAYBOOKS_DIR:/ansible/playbooks walokra/ansible-playbook PLAYBOOK_FILE

For example, assuming your project's structure follows best practices, the command to run ansible-playbook from the top-level directory would look like:

docker run --rm -it -v $(pwd):/ansible/playbooks walokra/ansible-playbook site.yml

Ansible playbook variables can simply be added after the playbook name.

Ansible Helper wrapper

Shell script named ansible_helper that wraps a Docker image containing Ansible:

docker run --rm -it \
  -v ~/.ssh/id_rsa:/root/.ssh/id_rsa \
  -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \
  -v $(pwd):/ansible/playbooks \
  -v /var/log/ansible/ansible.log \
  walokra/ansible-playbook "$@"

Point the above script to any inventory file so that we can execute any Ansible command on any host, e.g.

./ansible_helper play playbooks/create_user.yml -i inventory/staging -e 'some_var=some_value'

SSH Keys

If Ansible is interacting with external machines, you'll need to mount an SSH key pair for the duration of the play:

docker run --rm -it \
    -v ~/.ssh/id_rsa:/root/.ssh/id_rsa \
    -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \
    -v $(pwd):/ansible/playbooks \
    walokra/ansible-playbook site.yml

Ansible Vault

If you've encrypted any data using Ansible Vault, you can decrypt during a play by either passing --ask-vault-pass after the playbook name, or pointing to a password file. For the latter, you can mount an external file:

docker run --rm -it -v $(pwd):/ansible/playbooks \
    -v ~/.vault_pass.txt:/root/.vault_pass.txt \
    walokra/ansible-playbook \
    site.yml --vault-password-file /root/.vault_pass.txt

Note: the Ansible Vault executable is embedded in this image. To use it, specify a different entrypoint:

docker run --rm -it -v $(pwd):/ansible/playbooks --entrypoint ansible-vault \
  walokra/ansible-playbook encrypt FILENAME