Alpine-based multistage-build version of Ansible for reproducible usage in CI
900cb1e8
93.5 MB
3 months ago
273.2M
Name
Layer
Last update
6 months ago
3 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
6 months ago
Readme

Docker image for ansible

Tag License

All #awesome-ci Docker images

ansible ansible-lint awesome-ci black checkmake eslint file-lint gofmt goimports golint jsonlint phpcbf phpcs phplint php-cs-fixer pycodestyle pylint terraform-docs terragrunt terragrunt-fmt yamlfmt yamllint

All #awesome-ci Makefiles

Visit cytopia/makefiles for seamless project integration, minimum required best-practice code linting and CI.

View Dockerfile on GitHub.

Docker hub

Tiny Alpine-based multistage-build dockerized version of Ansible[1] in many different flavours. It comes with Mitogen[2] to speed up your runs by up to 600%[3][4] (see Examples). The image is built nightly against multiple stable versions and pushed to Dockerhub.

Available Docker image versions

Ansible base

The following Ansible Docker images are as small as possible and only contain Ansible itself.

Docker tagBuild from
latestLatest stable Ansible version
2.8Latest stable Ansible 2.8.x version
2.7Latest stable Ansible 2.7.x version
2.6Latest stable Ansible 2.6.x version
2.5Latest stable Ansible 2.5.x version
2.4Latest stable Ansible 2.4.x version
2.3Latest stable Ansible 2.3.x version

Ansible tools

The following Ansible Docker images contain everything from Ansible base and additionally: bash, git, gpg, jq, ssh and Ansible mitogen strategy plugin (see Examples).

Docker tagBuild from
latest-toolsLatest stable Ansible version
2.8-toolsLatest stable Ansible 2.8.x version
2.7-toolsLatest stable Ansible 2.7.x version
2.6-toolsLatest stable Ansible 2.6.x version
2.5-toolsLatest stable Ansible 2.5.x version
2.4-toolsLatest stable Ansible 2.4.x version
2.3-toolsLatest stable Ansible 2.3.x version

Ansible aws

The following Ansible Docker images contain everything from Ansible tools and additionally: aws-cli, boto, boto3 and botocore.

Docker tagBuild from
latest-awsLatest stable Ansible version
2.8-awsLatest stable Ansible 2.8.x version
2.7-awsLatest stable Ansible 2.7.x version
2.6-awsLatest stable Ansible 2.6.x version
2.5-awsLatest stable Ansible 2.5.x version
2.4-awsLatest stable Ansible 2.4.x version
2.3-awsLatest stable Ansible 2.3.x version

Ansible awsk8s

The following Ansible Docker images contain everything from Ansible aws and additionally: openshift and kubectl.

Docker tagBuild from
latest-awsk8sLatest stable Ansible version
2.8-awsk8sLatest stable Ansible 2.8.x version
2.7-awsk8sLatest stable Ansible 2.7.x version
2.6-awsk8sLatest stable Ansible 2.6.x version
2.5-awsk8sLatest stable Ansible 2.5.x version
2.4-awsk8sLatest stable Ansible 2.4.x version
2.3-awsk8sLatest stable Ansible 2.3.x version

Ansible awskops

The following Ansible Docker images contain everything from Ansible awsk8s and additionally: kops in its latest patch level version.

Kops 1.12 (latest 1.12.x)

Docker tagBuild from
latest-awskops1.12Latest stable Ansible version
2.8-awskops1.12Latest stable Ansible 2.8.x version
2.7-awskops1.12Latest stable Ansible 2.7.x version
2.6-awskops1.12Latest stable Ansible 2.6.x version
2.5-awskops1.12Latest stable Ansible 2.5.x version
2.4-awskops1.12Latest stable Ansible 2.4.x version
2.3-awskops1.12Latest stable Ansible 2.3.x version

---------- More kops images truncated due to Dockerhubs limit on description size. See GitHub page for all tags ----------

Ansible awshelm

The following Ansible Docker images contain everything from Ansible awsk8s and additionally: helm in its latest patch level version.

Helm 2.14 (latest 2.14.x)

Docker tagBuild from
latest-awshelm2.14Latest stable Ansible version
2.8-awshelm2.14Latest stable Ansible 2.8.x version
2.7-awshelm2.14Latest stable Ansible 2.7.x version
2.6-awshelm2.14Latest stable Ansible 2.6.x version
2.5-awshelm2.14Latest stable Ansible 2.5.x version
2.4-awshelm2.14Latest stable Ansible 2.4.x version
2.3-awshelm2.14Latest stable Ansible 2.3.x version

---------- More helm images truncated due to Dockerhubs limit on description size. See GitHub page for all tags ----------

Docker environment variables

Environment variables are available for all flavours except for Ansible base.

VariableDefaultAllowed valuesDescription
USER``ansibleSet this to ansible to have everything run inside the container by the user ansible instead of root
UID1000integerIf your local uid is not 1000 set it to your uid to syncronize file/dir permissions during mounting
GID1000integerIf your local gid is not 1000 set it to your gid to syncronize file/dir permissions during mounting

Docker mounts

The working directory inside the Docker container is /data/ and should be mounted locally to the root of your project where your Ansible playbooks are.

Examples

Run Ansible playbook

docker run --rm -v $(pwd):/data cytopia/ansible ansible-playbook playbook.yml

Run Ansible playbook with Mitogen

Mitogen updates Ansible’s slow and wasteful shell-centric implementation with pure-Python equivalents, invoked via highly efficient remote procedure calls to persistent interpreters tunnelled over SSH.

No changes are required to target hosts. The extension is considered stable and real-world use is encouraged.

Configuration

ansible.cfg

[defaults]
strategy_plugins = /usr/lib/python3.6/site-packages/ansible_mitogen/plugins/strategy
strategy         = mitogen_linear

Invocation

docker run --rm -v $(pwd):/data cytopia/ansible:latest-tools ansible-playbook playbook.yml

Further readings:

Run Ansible playbook with non-root user

# Use 'ansible' user inside Docker container
docker run --rm \
  -e USER=ansible \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml
# Use 'ansible' user inside Docker container
# Use custom uid/gid for 'ansible' user inside Docker container
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml

Run Ansible playbook with local ssh keys mounted

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.ssh/:/home/ansible/.ssh/:ro \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml

Run Ansible playbook with local gpg keys mounted

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-playbook playbook.yml

Run Ansible Galaxy

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v $(pwd):/data \
  cytopia/ansible:latest-tools ansible-galaxy install -r requirements.yml

Run Ansible playbook with AWS credentials

# Basic
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -v $(pwd):/data \
  cytopia/ansible:latest-aws ansible-playbook playbook.yml
# With AWS Session Token
docker run --rm \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -v $(pwd):/data \
  cytopia/ansible:latest-aws ansible-playbook playbook.yml
# With ~/.aws/ config and credentials directories mounted (read/only)
# If you want to make explicit use of aws profiles, use this variant
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.aws/config:/home/ansible/.aws/config:ro \
  -v ${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
  -v $(pwd):/data \
  cytopia/ansible:latest-aws ansible-playbook playbook.yml

Run Ansible playbook against AWS and gpg vault initialization

Imagine your Ansible vault uses a script to gpg encrypt the passphrase for team members against multiple gpg keys. Using Docker will not allow you to have a popup open where you can enter the gpg key password. To circumvent this, you will need to initialize the gpg key password and then run Ansible.

The following Ansible vault script which can be shows how this is setup:

#!/bin/sh
# Read password from argument
if [ "${#}" -gt "0" ]; then
	gpg --pinentry-mode loopback --passphrase "${1}" --decrypt vault/pass.gpg
# Ask for password or use keyring (does not work inside Docker)
else
	gpg --batch --use-agent --decrypt vault/pass.gpg
fi

With this in mind the Ansible call would look as follows

# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
  -e USER=ansible \
  -e MY_UID=1000 \
  -e MY_GID=1000 \
  -v ${HOME}/.aws/config:/home/ansible/.aws/config:ro \
  -v ${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
  -v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
  -v $(pwd):/data \
  cytopia/ansible \
  sh -c './vault/open_vault.sh '''THE_GPG_PASSWORD_HERE'''; ansible-playbook playbook.yml'
  • Note 1: the quoting for the GPG password is required in case you are using a ! as part of the passwort
  • Note 2: every $ sign in your password will require 3 backslashes in front of it: \\\$

As the command is getting pretty long, you could wrap it into a Makefile.

ifneq (,)
.error This Makefile requires GNU Make.
endif

.PHONY: dry run

CURRENT_DIR = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
GPG_PASS =

dry:
	docker run --rm \
		-e USER=ansible \
		-e MY_UID=1000 \
		-e MY_GID=1000 \
		-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
		-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
		-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
		-v $(CURRENT_DIR):/data \
		cytopia/ansible \
		sh -c './vault/open_vault.sh '''$(GPG_PASS)'''; ansible-playbook playbook.yml --check'

run:
	docker run --rm \
		-e USER=ansible \
		-e MY_UID=1000 \
		-e MY_GID=1000 \
		-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
		-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
		-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
		-v $(CURRENT_DIR):/data \
		cytopia/ansible \
		sh -c './vault/open_vault.sh '''$(GPG_PASS)'''; ansible-playbook playbook.yml'

Then you can call it easily:

make dry GPG_PASS='THE_GPG_PASSWORD_HERE'
make run GPG_PASS='THE_GPG_PASSWORD_HERE'

Related #awesome-ci projects

Docker images

Save yourself from installing lot's of dependencies and pick a dockerized version of your favourite linter below for reproducible local or remote CI tests:

GitHubDockerHubTypeDescription
awesome-ciaci-hub-imgBasicTools for git, file and static source code analysis
file-lintflint-hub-imgBasicBaisc source code analysis
ansibleansible-hub-imgAnsibleMultiple versions and flavours of Ansible
ansible-lintalint-hub-imgAnsibleLint Ansible
gofmtgfmt-hub-imgGoFormat Go source code [1]
goimportsgimp-hub-imgGoFormat Go source code [1]
golintglint-hub-imgGoLint Go code
eslintelint-hub-imgJavascriptLint Javascript code
jsonlintjlint-hub-imgJSONLint JSON files [1]
checkmakecm-hub-imgMakeLint Makefiles
phpcbfpcbf-hub-imgPHPPHP Code Beautifier and Fixer
phpcspcs-hub-imgPHPPHP Code Sniffer
phplintplint-hub-imgPHPPHP Code Linter [1]
php-cs-fixerpcsf-hub-imgPHPPHP Coding Standards Fixer
blackblack-hub-imgPythonThe uncompromising Python code formatter
pycodestylepycs-hub-imgPythonPython style guide checker
pylintpylint-hub-imgPythonPython source code, bug and quality checker
terraform-docstfdocs-hub-imgTerraformTerraform doc generator (TF 0.12 ready) [1]
terragrunttg-hub-imgTerraformTerragrunt and Terraform
terragrunt-fmttgfmt-hub-imgTerraformterraform fmt for Terragrunt files [1]
yamlfmtyfmt-hub-imgYamlFormat Yaml files [1]
yamllintylint-hub-imgYamlLint Yaml files

[1] Uses a shell wrapper to add enhanced functionality not available by original project.

Makefiles

Visit cytopia/makefiles for dependency-less, seamless project integration and minimum required best-practice code linting for CI. The provided Makefiles will only require GNU Make and Docker itself removing the need to install anything else.

License

MIT License

Copyright (c) 2019 cytopia