cytopia / docker-ansible Goto Github PK
View Code? Open in Web Editor NEWAlpine-based multistage-build version of Ansible for reproducible usage in CI
License: MIT License
docker-ansible's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
cdstkj mgit-at ay-b cytopia-forked hardeep18 arcanine525 duckybsd asharpe demacr willianccs gbcarpiartstudio codebymikey juluo urbinaalex17 siavashghf2000 etoews tyler-smith mwallraf veselahouba adolci aruntheja-3 gbo35 tomashkhamlai morganchristiansson loesterfranco bbarman4u vlaquit chusiang orange1fruit snovikov titanlien xdavidt xirixiz jpatigny rickbankers awsmmsr rkoosaar malikkillian krishnamurtyp ulagbulag agaillar jyasuu blofeldthefish jeremypasco cjcshadowsan cohorts-praetoriae aropc sherwind classcit lbi22 cookie0700 je-itz g0rducci fleischkarussel gizex borikoss ff4415 wishmastersystemdocker-ansible's Issues
Support 'jc' filter
The python lib jc is a requirement for the community.general.jc filter, which is a very useful tool e.g. for parsing output of commands.
Installing jc via the proposed ansible.builtin.pip task (see jc examples) fails inside cytopia/ansible containers because of missing gcc:
Exception: command 'gcc' failed: No such file or directory
Please add the python lib jc (at least) to the infra flavour of the cytopia/ansible docker images.
I made a pull request.
Thanks!
Azure CLI is not included in ansible:2.9-azure
Hi,
I noticed the Azure CLI was not included in this package. I haven't try another image as my Ansible code base are still based on Ansible v2.9.
Thanks,
Joseph
bash-5.1#` az --version
bash: az: command not found
Specify USER not working with gitlab CI docker executor
When using this image , with gitlab CI docker executor, I got the error:
[INFO] Running container with user 'ansible'
[INFO] Adjusting local user with uid:999 and gid:1000
[INFO] Adjusting ownership on directory: ~/.gnupg/
[INFO] Adjusting ownership on directory: ~/.ssh/
[INFO] ansible> sh -c if [ -x /usr/local/bin/bash ]; then
exec /usr/local/bin/bash
elif [ -x /usr/bin/bash ]; then
exec /usr/bin/bash
elif [ -x /bin/bash ]; then
exec /bin/bash
elif [ -x /usr/local/bin/sh ]; then
exec /usr/local/bin/sh
elif [ -x /usr/bin/sh ]; then
exec /usr/bin/sh
elif [ -x /bin/sh ]; then
exec /bin/sh
elif [ -x /busybox/sh ]; then
exec /busybox/sh
else
echo shell not found
exit 1
fi
bash: -c: line 1: syntax error near unexpected token `then'
bash: -c: line 1: `sh -c if [ -x /usr/local/bin/bash ]; then'
This is because the bootstrap gitlabCI script: https://gitlab.com/gitlab-org/gitlab-runner/-/blob/main/shells/bash.go#L18-37
How can I downgrade git version in the docker
Hi All,
How do i downgrade git version. it shows 2.36.3
I need 2.30
I try many ways doesnt work apk add git=2.30
/home/ansible/.ssh doesn't have 700 permissions
I want to run an sshd inside your container image and discovered that the mentioned directory has too wide permissions. An authorized_keys file in there will not be accepted by sshd unless the folder has 700 permissions.
ansible collection issues in 2.11 tags
It seems that tags using 2.10 leverage the default ansible collection location path /usr/lib/python3.8/site-packages/ansible_collections.
It seems that tags using 2.10 leverage the default ansible collection location path /root/.ansible/collections:/usr/share/ansible/collections. The problem with this is that if you run a playbook or run the command ansible-galaxy collection list ansible does not see this new path for some reason and collections cannot be found.
This effectively makes collection usage with 2.11 unusable.
ansible tools should come with `python-jmespath` for `json_query`
All flavours should contain rsync
Hello,
Proposing that all flavors add rsync, without it, the synchronization module does not work, building a customer layer is always an option but it still seems as if a critical component is missing.
home directory not being rebuilt when specifying UID
docker run --rm -it -v $(pwd):/data -v ssh-agent:/ssh-agent -e USER=ansible -e UID=501 cytopia/ansible:2.6-tools /bin/bash
[INFO] Running container with user 'ansible'
[INFO] Changing UID to 501
[INFO] Adjusting local user with uid:501 and gid:1000
[INFO] ansible> /bin/bash
bash-4.4$ ls -la ~
total 16
drwxr-sr-x 4 ansible ansible 4096 Nov 27 00:29 .
drwxr-xr-x 4 root root 4096 Nov 28 11:38 ..
drwx------ 2 1000 ansible 4096 Nov 27 00:29 .gnupg
drwx------ 2 1000 ansible 4096 Nov 27 00:29 .ssh
observe that the .gnupg and .ssh directories are still owned by uid 1000
I would expect that the owner of these directories is ansible, and my suspicion is that deluser requires the --remove-home option when used in /docker-entrypoint.sh
bash-4.4$ deluser --help
BusyBox v1.29.3 (2019-01-24 07:45:07 UTC) multi-call binary.
Usage: deluser [--remove-home] USER
Delete USER from the system
support hashicorp consul and vault
SUMMARY:
This request is for adding python-consul and hvac python libraries to support Ansible lookups to HashiCorp Consul/Vault.
CONTEXT:
HashiCorp Consul and HashiCorp Vault are powerful development tools for storing secrets/configurations and widely used across the industry. Ansible offers lookup modules for these tools, however they require additional packages on the Ansible controller to use.
DETAILS:
consul_kv_lookup
https://docs.ansible.com/ansible/latest/collections/community/general/consul_kv_lookup.html
requires: python-consul2 python library
https://www.consul.io/api-docs/libraries-and-sdks
community.hashi_vault.hashi_vault
https://docs.ansible.com/ansible/latest/collections/community/hashi_vault/hashi_vault_lookup.html#ansible-collections-community-hashi-vault-hashi-vault-lookup
requires: hvac python library
https://www.vaultproject.io/api-docs/libraries
edit: updating to python-consul2 library + links to libraries
arm64 docker images
Having ansible image that run on arm64 would be real nice. I'm running CI on arm64/raspberry pi. And arm is becoming popular with AWS Graviton2 instances.
So I've forked the repo and have trying some things out for multi arch...
First.. Building on arm64 is much slower due to running in qemu in github actions. If workers running on arm64 were available it would run as-fast as amd64.
There's some 3x different ways to build images:
- docker build per platform
- docker buildx per platform
- docker buildx multiple platforms
The benefit of running per-platform is that the very slow arm64 builds run in separate GH actions. It will require a final step to creates multi-arch image manifest that point to amd64/arm64 specific images.
docker buildx build with image registry for cache has really helped speed up the github actions. I'm testing using github container registry for cache and final image sto docker hub. I think this will be important for arm64 builds to run at reasonable speed.
There's also some 350+ actions to run on PR after adding below to github workflow matrix.
matrix:
platform:
- amd64
- arm64
Also kubectl and oc need to be fetched from different source that provide arm64 go binaries.
Also there's some duplication in Makefile and github workflows which is making the work to add arm64 a bit extra tedious.
I'm happy to keep trying things out in my fork .. would like to upstream at some point and wondering what everyone thinks..
There's probably better place than github actions to run arm64 builds .. but in interest of a future PR it may be best place? CircleCI and TravisCI have native arm64 workers.
Bump version
I am getting error:
AnsibleError: template error while templating string: No filter named 'ansible.utils.ipmath'
passphrase prompted on private_key
Hello,
First of all I wanted to thank you for your work.
I hope you could help me.
I have Docker for mac (version 2.2.0.5)
I have in my inventory file:
[group1]
xx.xx.xx.xx
[group2]
xx.xx.xx.xx ansible_port=811
[vps:children]
group1
group2
[vps:vars]
ansible_ssh_user=myuser
ansible_ssh_private_key_file=~/Documents/personal_server/myKey_rsa
I run my docker like this:
docker run --rm -it \
-v ~/.ssh:/root/.ssh \
-v ${HOME}/Documents/personal_server/:/ansible/ \
-v "$SSH_AUTH_SOCK":"/root/$(basename $SSH_AUTH_SOCK)" \
-e SSH_AUTH_SOCK="/root/$(basename $SSH_AUTH_SOCK)" \
-e HOST_KEY_CHECKING=False \
cytopia/ansible:latest-infra ansible vps -i /ansible/myinventory -b -m ping
ssh asks me to enter the passphrase every time.
With one server, it's ok, but when you have about 20 servers, it becomes complicated to enter the passphrase for each iteration.
INFO] root> ansible vps -i /ansible/myinventory -b -m ping
Enter passphrase for key '/root/.ssh/myKey_rsa': Enter passphrase for key '/root/.ssh/myKey_rsa':
Thank you for your help.
ansible-vault requires either the cryptography library (preferred) or pycrypto in order to function
Hello! We had an issue this morning in our build pipeline that looks like:
ansible-vault requires either the cryptography library (preferred) or pycrypto in order to function.
Reproduction Steps
Unfortunately, I can't do this justice because I can't re-build the image locally. Running make build ANSIBLE=2.3 FLAVOUR=aws fails with
=> ERROR [internal] load metadata for docker.io/cytopia/ansible-builder:latest 1.2s
------
> [internal] load metadata for docker.io/cytopia/ansible-builder:latest:
------
failed to solve with frontend dockerfile.v0: failed to create LLB definition: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
make: *** [build] Error 1
Indicative Reproduction Steps
Instead, here's what we're doing:
- Specifying the
cytopia/ansible:latest-awsas a base image for a CI job. - Running
ansible-playbook --vault-password-file ${VAULT_PASSWORD_FILE} -v <the playbook> - Running this task as part of the playbook, where
vars/secret/staging.ymlis a vault
- name: Setup staging platform
block:
- name: Import environment config for staging
include_vars:
file: vars/{{ item }}/staging.yml
loop:
- secret
- platform
- include_role:
name: platform
Here's the error from the logs with a bit more context
TASK [Import environment config for staging] ***********************************
failed: [localhost] (item=secret) => {"ansible_facts": {}, "ansible_included_var_files": [], "ansible_loop_var": "item", "changed": false, "item": "secret", "message": "ansible-vault requires either the cryptography library (preferred) or pycrypto in order to function."}
Notes
This is the place in ansible where this error is stemming from. I've since installed their requirements and tested that it still works with 35.0.0.
psycopg2 broken in latest infra flavor
It looks like one of the recent changes removed libpq:
docker run --rm -it cytopia/ansible:2.9-infra sh
[INFO] root> sh
/data # python3
Python 3.6.9 (default, Jul 19 2020, 03:46:11)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import psycopg2
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.6/site-packages/psycopg2/__init__.py", line 51, in <module>
from psycopg2._psycopg import ( # noqa
ImportError: Error loading shared library libpq.so.5: No such file or directory (needed by /usr/lib/python3.6/site-packages/psycopg2/_psycopg.cpython-36m-x86_64-linux-gnu.so)
>>>
/data # apk add libpq
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/1) Installing libpq (11.10-r0)
OK: 103 MiB in 59 packages
/data # python3
Python 3.6.9 (default, Jul 19 2020, 03:46:11)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import psycopg2
>>> Include Windows hosts management
Hello,
It would be nice to be able to manage windows hosts (via winrm) using those docker images.
To do so here is the list of missing packages :
Packages :
- krb5-dev
- openldap-dev (optional)
Python packages :
- pywinrm
- pywinrm[kerberos]
- pywinrm[credssp]
- pyldap (optional)
NB : optional packages could be useful to query ldap to generate dynamic inventories
I would gladly submit a PR but I don't know how to organize this on 'image tree" point of view.
Should I include them to ansible-builder image ?
Should I include them to base image ?
Should I created a base image windows ?
Any idea/comment is welcome.
add paramiko to the `tools` flavor?
Hi,
will it be possible to consider to include paramiko python module to the tools flavor? This module is handy to have for local actions that use networking modules of ansible
Include OpenShift oc CLI?
These are some great images. Exactly the sort of thing I've been looking for. Thanks!
In your awsk8s flavour, I see you've included the openshift lib. Would you be interested in including the OpenShift oc CLI too?
I've already got a branch that does it, see master...etoews:oc
Note how the oc binary is dynamically linked so getting it to run in Alpine requires a workaround.
Here are the related issues:
I don't think Red Hat will be providing a statically linked oc binary any time soon.
If you're interested, I could send a PR.
ansible:2.9-infra latest image uses Python3.10, which is not compatible with Mitogen
Two issues are affecting this image that recently got updated:
- mitogen-hq/mitogen#906
- Mitogen is not compatible with Python 3.10 apparently
2.11-infra no tags found in dockerhub
2.11-infra no tags found in dockerhub
Feature Request: netaddr package
It would be nice if netaddr package was added to at least the infra version of the container given netaddr is the basis of ipaddr and ipsubnet filters.
Thanks again!
builds fail with cython error
maybe this can be fixed by updating to PyYAML>=6.0.1
see this for reference, I can't say for sure if this also applies here:
matrix-org/synapse#15996
Consider tagging the lastest release with the version
Hi,
Would it be possible to consider tagging the latest version of the images with the ansible version ?
Currently, latest is 1.12, but when 1.13 will be out, then latest will point toward this version and might break CI or scripts using it. While I'm in favor for rapid upgrades, those have to be tested first.
Tagging the latest release also with the current version will allow for better stability and easier migrations.
Thank you for your project and your work.
why is ansible container so slow?
Hi,
I'm trying the container:
docker pull cytopia/ansible:2.10
And my tests are really, really slow.
here the execution context:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
$ docker version
Client:
Version: 20.10.2
API version: 1.41
Go version: go1.13.8
Git commit: 20.10.2-0ubuntu1~20.04.2
Built: Tue Mar 30 21:24:57 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.12)
Go version: go1.13.8
Git commit: 20.10.2-0ubuntu1~20.04.2
Built: Mon Mar 29 19:10:09 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4-0ubuntu1~20.04.2
GitCommit:
runc:
Version: spec: 1.0.2-dev
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
I've done a hello_world sample:
---
- hosts: localhost
connection: local
gather_facts: False
tasks:
- name: hello world
debug:
msg: hello worldtests
local ansible version 2.10 via pip : ~ 650 ms
$ time ansible --version
ansible 2.10.10
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/sylvain/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/sylvain/.local/lib/python3.8/site-packages/ansible
executable location = /home/sylvain/.local/bin/ansible
python version = 3.8.5 (default, May 27 2021, 13:30:53) [GCC 9.3.0]
real 0m0,622s
user 0m0,584s
sys 0m0,038s
On the playbook
$ time ansible-playbook hello_world.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ************************************************************************************************************************************
TASK [hello world] **********************************************************************************************************************************
ok: [localhost] => {
"msg": "hello world"
}
PLAY RECAP ******************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
real 0m0,689s
user 0m0,637s
sys 0m0,057s
docker version docker run cytopia/ansible:2.10 : > 7000 ms
$ time docker run -v $(pwd):/data cytopia/ansible:2.10 ansible-playbook hello_world.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************
TASK [hello world] *************************************************************
ok: [localhost] => {
"msg": "hello world"
}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
real 0m7,487s
user 0m0,021s
sys 0m0,050s
from inside the container : (first) ~6400 ms (next: 4700 ms)
ran 3 times in a row
$ docker run -it -v $(pwd):/data cytopia/ansible:2.10 sh
/data # time ansible-playbook hello_world.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ************************************************************************************************************************************
TASK [hello world] **********************************************************************************************************************************
ok: [localhost] => {
"msg": "hello world"
}
PLAY RECAP ******************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
real 0m 6.40s
user 0m 6.17s
sys 0m 0.22s
/data # time ansible-playbook hello_world.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ************************************************************************************************************************************
TASK [hello world] **********************************************************************************************************************************
ok: [localhost] => {
"msg": "hello world"
}
PLAY RECAP ******************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
real 0m 4.76s
user 0m 4.66s
sys 0m 0.10s
/data # time ansible-playbook hello_world.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ************************************************************************************************************************************
TASK [hello world] **********************************************************************************************************************************
ok: [localhost] => {
"msg": "hello world"
}
PLAY RECAP ******************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
real 0m 4.84s
user 0m 4.72s
sys 0m 0.12s
and even the --version is much much slower:
/data # time ansible --version
ansible 2.10.10
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.8/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.8.10 (default, May 6 2021, 00:05:59) [GCC 10.2.1 20201203]
real 0m 4.21s
user 0m 4.11s
sys 0m 0.07s
As I've another physical ssd drive for docker storage, I though it could come from a slow disk. But test from another docker:
root@a77f6bfcba9c:~# time ansible --version
ansible 2.9.18
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.16 (default, Oct 10 2019, 22:02:15) [GCC 8.3.0]
real 0m0.460s
user 0m0.352s
sys 0m0.108s
root@a77f6bfcba9c:~# time ansible-playbook hello_world.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ************************************************************************************************************************************
TASK [hello world] **********************************************************************************************************************************
ok: [localhost] => {
"msg": "hello world"
}
PLAY RECAP ******************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
real 0m0.907s
user 0m0.677s
sys 0m0.160s
any clue?
Support Ansible 2.14
Hi,
it would be nice to see the docker images for Ansible 2.14.
Can I contribute anything to help out here?
Kind regards
SSH Keys to open
I'm running this on a GitLab pipeline and works like a charm when using cytopia/ansible:latest image. However when I switch to cytopia/ansible:latest-tools I start getting the SSH key to open error.
SSH key is passed as a file via GitLab variables
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0666 for '/builds/<project-path>/SSH_PRIVATE_KEY' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/builds/<project-path>/SSH_PRIVATE_KEY\": bad permissions\r\[email protected]: Permission denied (publickey,password).", "unreachable": true}
I have tried setting 400 permissions on the file but no luck. Even verified but the perms as below.
'
$ chmod -v 400 "${SSH_PRIVATE_KEY}"
mode of '/builds//SSH_PRIVATE_KEY' changed to 0400 (r--------)
$ ls -al "${SSH_PRIVATE_KEY}"
-r-------- 1 root root 2609 Jun 22 05:57 /builds//SSH_PRIVATE_KEY
NREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0666 for '/builds//SSH_PRIVATE_KEY' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key "/builds//SSH_PRIVATE_KEY": bad permissions\r\[email protected]: Permission denied (publickey,password).", "unreachable": true}
'
Add ansible-lint and rsync to tools flavour
kwt
Add lxml junit-xml
First of all, I appreciate the collection of images you maintain! Thanks!
Given GitLab-CI junit test reporting, it would be nice to package lxml and junit-xml with the ansible images.
use /bin/sh or /bin/bash as the default CMD
So if you run the container without specifying ansible-playbook or other then it's easier to play in the images
SSH issues with cytopia/Ansible:latest-tools
Hi there!
I'm trying to use your docker image to deploy a remote raspberry pi on my local network. I was checking if I could reach it but I can't due to SSH error issues.
Here's what I'm trying:
docker run --rm \
-e USER=ansible \
-v ${HOME}/.ssh/:/home/ansible/.ssh/ \
-v $(pwd):/data \
cytopia/ansible:latest-tools \
ansible -i hosts.ini raspberrypi -k -m ping
Error message:
[INFO] Running container with user 'ansible'
[INFO] Adjusting local user with uid:1000 and gid:1000
[INFO] Adjusting ownership on directory: ~/.gnupg/
[INFO] Adjusting ownership on directory: ~/.ssh/
[INFO] ansible> ansible -i hosts.ini raspberrypi -k -m ping
/usr/lib/python3.8/getpass.py:91: GetPassWarning: Can not control echo on the terminal.
passwd = fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
SSH password: 192.168.1.77 | FAILED! => {
"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}
Do I have to change your dockerfile image and install sshpass ?
docker images - updated ca certificates
Some trusted ca certificates have recently expired.
Could we please have some updated images (on dockerhub) which include the latest ca-certificates available?
Thanks
iam-authenticator is missing:
Missing packages in case of IAM authentication needed:
2.6-awskops1.12: Pulling from cytopia/ansible
Digest: sha256:e08dd6ec3b6ac48de532374fc06adc36ff3fab138359c72ec76f4807e065c78e
Status: Image is up to date for cytopia/ansible:2.6-awskops1.12
bash-4.4$ kubectl get pods --all-namespaces
Unable to connect to the server: getting credentials: exec: exec: "aws-iam-authenticator": executable file not found in $PATH
Image should include 'sshpass' package by default
Although it's probably ill-advised, connecting to a remote node with password authentication is still a valid use-case for Ansible. However, after much experimenting it seems clear that docker-ansible does not support password authentication out of the box.
These should be the minimum steps to reproduce:
- Create a new inventory file containing a single host that allows SSH password authentication.
[server01]
# Docker container running SSHD, root login is allowed
127.0.0.1 ansible_port=49153 ansible_ssh_user=root
- Run a simple ping test using
ansible:latest-tools(should apply to any version really).
$ docker run --rm -it \
-e USER=ansible \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible all --ask-pass -i temp-inventory -m ping
- Enter the remote user's password when prompted.
[INFO] Running container with user 'ansible'
[INFO] Adjusting local user with uid:1000 and gid:1000
[INFO] Adjusting ownership on directory: ~/.gnupg/
[INFO] Adjusting ownership on directory: ~/.ssh/
[INFO] ansible> ansible all --ask-pass -i temp-inventory -m ping
SSH password:
The result will be a failure with this message:
127.0.0.1 | FAILED! => {
"msg": "to use the 'ssh' connection type with passwords or pkcs11_provider, you must install the sshpass program"
}
Running the following commands demonstrates that adding the sshpass package should be all that is needed to provide password authentication:
$ docker run --rm -it \
-v (pwd):/data \
--net=host \
cytopia/ansible:latest-tools sh
[INFO] root> sh
/data # apk add sshpass
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
(1/1) Installing sshpass (1.06-r0)
Executing busybox-1.32.1-r7.trigger
OK: 111 MiB in 86 packages
/data # ANSIBLE_HOST_KEY_CHECKING=False ansible all --ask-pass -i temp-inventory -m ping
SSH password:
[WARNING]: Platform linux on host 127.0.0.1 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another Python interpreter could
change the meaning of that path. See https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more information.
127.0.0.1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3.9"
},
"changed": false,
"ping": "pong"
}
latest-tools is missing cryptography library
Using cytopia/ansible:latest-tools image b564a7f156e0208ea6d95647dd78d026eb57897a672b56af2c3e1e317cc77a6b following error is shown:
ERROR! ansible-vault requires either the cryptography library (preferred) or pycrypto in order to function.
Last working version for us is latest-tools-0.34
ForwardAgent option does not work
Context
I share my local ~/.shh directory to the ansible-tool image this way.
alias ansible-playbook='docker run --rm -it -e USER=ansible -e MY_UID=1000 -e MY_GID=1000 -v ${HOME}/.ssh/:/home/ansible/.ssh/ -v $(pwd):/data cytopia/ansible:latest-tools ansible-playbook'
The problem is
And I'm trying to clone my git repo and I get Cloning into '/var/www'...\[email protected]: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.
sshd config at server
cat /etc/ssh/sshd_config | grep AllowAgentForwarding
AllowAgentForwarding yes
the shared local ssh config ~/.ssh/config
Host *
StrictHostKeyChecking no
ForwardAgent yes
ansible.cfg
[ssh_connection]
ssh_args= -o ForwardAgent=yes -o StrictHostKeyChecking=no -o ControlMaster=auto -o ControlPersist=60s
/etc/sudoers
cat /etc/sudoers | grep SSH
Defaults env_keep += "SSH_AUTH_SOCK"
When I connect to the server via ssh traditionally the forwarding of my local ssh key work correctly and the cloning of git repo works.
ansible-galaxy requirements contains git repo
Hi, after issuing
docker run -i --rm -v $(pwd):/data cytopia/ansible ansible-galaxy collection install --requirements-file ansible/requirements.yml
I'm getting:
ERROR! Could not find git executable to extract the collection from the Git repository `[email protected]:REDACTED.git`.
Is this to be expected?
I'm trying to install my private collection that I stored on my github repo.
When using Kubuntu's 23.04 ansible it's going with no problem:
# ansible-galaxy --version
ansible-galaxy [core 2.14.2]
(...)
Is it just a git not installed within the docker image?
BTW, great work! I'm using your's docker ansible-lint for a few months and it helped me a lot with my daily work.
2.11-infra-0.39 --> ERROR! Your Ansible version (2.11.7) is too recent (mitogen)
Hi,
i just tried to use the dockerhub 2.11-infra-0.39 image which results in the following error:
ERROR! Your Ansible version (2.11.7) is too recent. The most recent version
supported by Mitogen for Ansible is (2, 10).x. Please check the Mitogen
release notes to see if a new version is available, otherwise
subscribe to the corresponding GitHub issue to be notified when
support becomes available.
https://mitogen.rtfd.io/en/latest/changelog.html
https://github.com/mitogen-hq/mitogen/issues/
I think that should not happen with mitogen 0.30 but it does
Requirement already satisfied: dnspython in /usr/lib/python3.8/site-packages (2.1.0)
Requirement already satisfied: mitogen in /usr/lib/python3.8/site-packages (0.3.0)
# bash-5.1# ansible --version
# ansible [core 2.11.7]
....
# ansible python module location = /usr/lib/python3.8/site-packages/ansible
# ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
# executable location = /usr/bin/ansible
# python version = 3.8.10 (default, May 6 2021, 00:05:59) [GCC 10.2.1 20201203]
# jinja version = 3.0.3
# libyaml = True
I tried dockerhub 2.10-infra-0.39 which works.
Best Regards
Update alpine to latest version 3.12
Alpine base image need an update from 3.9 to 3.12 (actual latest). Some packages versions are too old, like python and ssh.
module 'ansible_collections.ansible.builtin.plugins.action' has no attribute 'ActionBase'
Attached mitogen configuration doesn't works
Image
cytopia/ansible:2.9-tools
ansible.cfg
[defaults]
...
;Run Ansible playbooks with Mitogen
strategy_plugins = /usr/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
strategy = mitogen_linearCI output
ERROR! Unexpected Exception, this is probably a bug: module 'ansible_collections.ansible.builtin.plugins.action' has no attribute 'ActionBase'
the full traceback was:
Traceback (most recent call last):
File "/usr/bin/ansible-playbook", line 123, in <module>
exit_code = cli.run()
File "/usr/lib/python3.8/site-packages/ansible/cli/playbook.py", line 128, in run
results = pbex.run()
File "/usr/lib/python3.8/site-packages/ansible/executor/playbook_executor.py", line 169, in run
result = self._tqm.run(play=play)
File "/usr/lib/python3.8/site-packages/ansible/executor/task_queue_manager.py", line 261, in run
strategy = strategy_loader.get(new_play.strategy, self)
File "/usr/lib/python3.8/site-packages/ansible/plugins/loader.py", line 552, in get
self._module_cache[path] = self._load_module_source(name, path)
File "/usr/lib/python3.8/site-packages/ansible/plugins/loader.py", line 525, in _load_module_source
spec.loader.exec_module(module)
File "<frozen importlib._bootstrap_external>", line 848, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/usr/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy/mitogen_linear.py", line 56, in <module>
import ansible_mitogen.strategy
File "/usr/lib/python3.8/site-packages/ansible_mitogen/strategy.py", line 43, in <module>
import ansible_mitogen.mixins
File "/usr/lib/python3.8/site-packages/ansible_mitogen/mixins.py", line 78, in <module>
class ActionModuleMixin(ansible.plugins.action.ActionBase):
AttributeError: module 'ansible_collections.ansible.builtin.plugins.action' has no attribute 'ActionBase'
2.10-infra cannot use curl (curl_global_trace: symbol not found)
Cannot use curl.
Dockerfile
ARG ansible_version=2.10
FROM cytopia/ansible:$ansible_version-infra
# FROM alpine
RUN apk update --no-cache
RUN apk add --no-cache curl
RUN curl --help
What's the problem:
docker compose run --build --rm -ti ansible;
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.18kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/cytopia/ansible:2.10-infra 1.4s
=> CACHED [1/4] FROM docker.io/cytopia/ansible:2.10-infra@sha256:064552ec0e9d871a2b47295116bdac7c02c6454893c5ac9be9e90fa4be0072dd 0.0s
=> [2/4] RUN apk update --no-cache 2.9s
=> [3/4] RUN apk add --no-cache curl 2.6s
=> ERROR [4/4] RUN curl --help 0.6s
------
> [4/4] RUN curl --help:
#0 0.549 Error relocating /usr/bin/curl: curl_global_trace: symbol not found
------
failed to solve: executor failed running [/bin/sh -c curl --help]: exit code: 127
Support for TinySSH server
I have tried to connect with cytopia docker images to a server with TinySSH server (https://tinyssh.org, https://github.com/janmojzis/tinyssh) installed (using Paramiko and Mitogen) and got the following error:
<aaa.bbb.ccc.ddd> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: user on PORT 22 TO aaa.bbb.ccc.ddd
Exception (client): Incompatible ssh server (no acceptable ciphers)
I was able to fix it according to:
https://stackoverflow.com/a/35389702
using:
pip3 install --upgrade fabric
Will create a PR to fix this.
mitogen not working in ansible:2.13-infra
It seems like the installed mitogen version only supports up to ansible 2.12
ERROR! Your Ansible version ((2, 13, 10)) is too recent. The most recent version
supported by Mitogen for Ansible is (2, 12).x. Please check the Mitogen
release notes to see if a new version is available, otherwise
subscribe to the corresponding GitHub issue to be notified when
support becomes available.
https://mitogen.rtfd.io/en/latest/changelog.html
https://github.com/mitogen-hq/mitogen/issues/
The latest version on github though already supports 2.13.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.