Managing Dynamic Inventory for Docker containers in Ansible

Overview

Ansible has been a common language for the organizations for automating any aspect of IT, system configurations, system provisioning on premises or on cloud, network automation, security automation or orchestration, integrating different tools to make a common workflows and remove various team inter-dependencies causing increased turn around time and so on.

Many people are using docker containers and keep on launching the containers using standard docker image and want a way to do all configurations inside containers runtime using ansible like what is being done in case of VMs, Inventory Management becomes a tedious job if one manages inventory for containers static. In this article, I'm covering how to create dynamic inventories for docker containers running on docker hosts.

Ansible Dynamic Inventory for Docker?

Ansible uses the SSH connection by default to connect its managed nodes and run the commands or respective playbooks. Ansible also supports non-ssh based connections as well to automate the things. i.e. winrm for windows etc.. Below are a few examples:-

[root@pat-centos8-ansible ~]# ansible-doc -l -t connection

community.docker.docker ? ? Run tasks in docker containers
community.docker.docker_api Run tasks in docker containers 
community.docker.nsenter? ? execute on host running controller container ? 
local ? ? ? ? ? ? ? ? ? ? ? execute on controller? ? ? ? ? ? ? ? ? ? ? 
paramiko_ssh? ? ? ? ? ? ? ? Run tasks via python ssh (paramiko)? ? ? ? 
psrp? ? ? ? ? ? ? ? ? ? ? ? Run tasks over Microsoft PowerShell Remoting Protocol
ssh ? ? ? ? ? ? ? ? ? ? ? ? connect via SSH client binary? ? ? ? ? ? ? 
winrm ? ? ? ? ? ? ? ? ? ? ? Run tasks over Microsoft's WinRM?        

Similarly, docker containers can also be managed with the help of community.docker ansible collections.? Below diagram depicts the same:-

Prerequisites:

• Assuming that Ansible is already running properly.
• Docker Engine is installed and running on Docker Host system.

Steps:

1. Install Docker SDK for Python:

The SDK needs to be installed on the machines where the modules and plugins are executed, and for the Python version(s) with which the modules and plugins are executed.

You can install the Docker SDK for Python 3.6 or later as follows:

Enabling Docker on ansible host

• Install Docker on Ansible host:-

[root@pat-centos8-ansible ~]# pip3 install docker

[root@pat-centos8-ansible ~]# yum install -y yum-utils

[root@pat-centos8-ansible ~]# yum-config-manager \

? ? --add-repo \

? ? https://download.docker.com/linux/centos/docker-ce.repo

[root@pat-centos8-ansible ~]# yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
        

• Enable/Start the docker service and launch a test docker container:-

[root@pat-centos8-vm1 ~]# systemctl enable docker

[root@pat-centos8-vm1 ~]# systemctl start docker

[root@pat-centos8-vm1 ~]# docker run -dit --name test-pat centos:latest

[root@pat-centos8-vm1 ~]# docker ps
CONTAINER ID ? IMAGE ? ? ? ? ? COMMAND ? ? ? CREATED? ? ? STATUS ? ? ? ? PORTS ? ? NAMES
4b58c41c7448 ? centos:latest ? "/bin/bash" ? 7 days ago ? Up 3 seconds ? ? ? ? ? ? test-pat        

Enabling Ansible Docker Connector(Remote Docker Host)??

As stated ansible can connect to docker hosts on it’s API to manage the docker containers, docker host API must be enabled. Update ExecStart entry in? /usr/lib/systemd/system/docker.service file with below entry:-

ExecStart=/usr/bin/dockerd -H fd:// -H=tcp://0.0.0.0:2375        

To make the effective, restart/reload the systemctl daemons:-

[root@pat-centos8-vm1 ~]# systemctl daemon-reload

[root@pat-centos8-vm1 ~]# systemctl restart docker
        

Creating directory structure for Ansible Automation

Create your own ansible project directory structure, preferably make it git repository, below is reference directory tree :-

[root@pat-centos8-ansible ansible]# tree .
.
├── ansible.cfg
├── hosts
│ ? ├── docker_hosts
│ ? ├── main_docker.yml
│ ? └── pat_centos_docker.yml
└── playbook.yml

1 directory, 5 files        

ansible.cfg

[root@pat-centos8-ansible ansible]# cat ansible.cfg
[defaults]
inventory? ? ? = hosts
roles_path? ? = roles
host_key_checking = False
deprecation_warnings=False        

Sample inventories

hosts/docker_hosts is static inventory where you could put the all the IPs of docker hosts which you’d like to manage:-

[root@pat-centos8-ansible ansible]# cat hosts/docker_hosts
[docker_hosts]
192.168.122.112
localhost


[root@pat-centos8-ansible ansible]# cat hosts/main_docker.yml
plugin: community.docker.docker_containers
docker_host: unix://var/run/docker.sock

[root@pat-centos8-ansible ansible]# cat hosts/pat_centos_docker.yml
plugin: community.docker.docker_containers
docker_host: tcp://192.168.122.112:2375        

Validating Dynamic Inventories:-

[root@pat-centos8-ansible ansible]# ansible-inventory --graph
@all:
? |--@docker_hosts:
? |? |--192.168.122.112
? |? |--localhost
? |--@ungrouped:
? |? |--test-ansible-centos8
? |? |--test-pat        

This concludes that dynamic inventory is working for docker containers and based on use case they can be configured like any standard VMs and reduce the requirement of maintaining individual container images for different configurations.

References:-

• https://docs.ansible.com/ansible/latest/collections/community/docker/index.html?
• https://docs.ansible.com/ansible/latest/collections/community/docker/docsite/scenario_guide.html#ansible-collections-community-docker-docsite-scenario-guide?