Use Ansible docker container in daily development

calendar Sep 20, 2021 ·  · Ansible docker ssh  ·
: linkedin copy

Make Ansible docker image for CI/CD workfolws

Sometimes need connect to the remote host use publickey and jump server,copy the ssh key to docker image is necessary

  • The Dockerfile
 1FROM centos:7
 2
 3ARG SSH_PRIVATE_KEY
 4ARG SSH_HOST_CONFIG
 5
 6RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo && \
 7    yum clean all && yum makecache fast && \
 8    yum install -y epel-release gcc libffi-devel openssh-clients git wget && \
 9    yum install -y python python2-pip ansible
10
11RUN python -m pip install "pysocks" "pyspnego==0.1.6" "pywinrm==0.4.1" 'pypsrp==0.5.0' && \
12    yum clean all
13
14WORKDIR /var/app
15COPY entrypoint.sh /var/app/entrypoint.sh
16
17RUN ansible-galaxy collection install community.general && \
18    mkdir ~/.ssh/ && \
19    echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa && \
20    echo "${SSH_HOST_CONFIG}" >> ~/.ssh/config && \
21    chmod 600 ~/.ssh/id_rsa && \
22    sed -i '/\[defaults\]/ a  host_key_checking = False' /etc/ansible/ansible.cfg && \
23    echo -e "\tServerAliveCountMax 5\n\tServerAliveInterval 5\n\tTCPKeepAlive yes" >> /etc/ssh/ssh_config && \
24    chmod +x /var/app/entrypoint.sh
25
26ENTRYPOINT []
27CMD /var/app/entrypoint.sh
  • When make the docker image needs pass the build arguments to context
1# docker build  --network=host --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" --build-arg SSH_HOST_CONFIG="$(cat ~/.ssh/config)" -t  registry.me/public/ansible:test .
  • The entrypoint.sh
1#!/usr/bin/env bash
2
3
4while true; do
5
6  echo `date +"[%Y-%m-%d %H:%M:%S]"` I\'m healthily
7  sleep 30;
8
9done
  • The hosts mode config ~/.ssh/config
 1Host *
 2        StrictHostKeyChecking no
 3        UserKnownHostsFile /dev/null
 4Host nu1.proxy
 5        Hostname 1.1.1.2
 6        Port 2233  
 7Host nu2.proxy
 8        Hostname 1.1.1.3
 9        Port 2244
10Host 10.10.19.*
11        Proxycommand ssh -W %h:%p nu1.proxy
12Host 10.20.19.*
13        Proxycommand ssh -W %h:%p nu2.proxy
  • And the ansible host.ini look like following
 1pg_xl_01 ansible_host=10.20.19.14
 2pg_xl_02 ansible_host=10.20.19.15
 3pg_xl_03 ansible_host=10.20.19.16
 4
 5win_server_2008r2 ansible_host=10.20.19.11 ansible_user=Administrator ansible_password=xxxxxx ansible_connection=psrp ansible_psrp_protocol=http ansible_psrp_proxy=socks5h://127.0.0.1:5985
 6
 7[pg_cluster]
 8pg_xl_0[1:3]
 9
10[win_server]
11win_server_2008r2
12
13[pg_cluster:vars]
14ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -W %h:%p -q nu01.proxy"'
  • When execute the ansible commands before must be launch the ssh sock proxy for windows machine
1ssh -o "ControlMaster=auto" -o "ControlPersist=no" -o "ControlPath=~/.ssh/proxy-%r@%h:%p" -CfNq -D 127.0.0.1:5985  root@nu01.proxy
2
3ansible-playbook -i dev.local playbook.yml -e "target_server=pg_cluster"  --tags ping
4
5#to win server 
6ansible -i dev.local win_server -m win_ping