Automatizacion, Geeks

My Ansible Lab using Docker containers

By Leave a comment

This is my personal project to use Docker containers for Ansible playbooks testings.

It’s faster to run your tests on your local machine than on your remote GitLab repository, pushing every time you make changes to the code, etc.

My GitLab project: https://gitlab.com/RoberMB/lab_docker

Requirements

  • Download and install Docker Desktop for macOS:

Docker Desktop 4.16.2 (2023-01-19): https://www.docker.com/products/docker-desktop/ (compatible with macOS Big Sur 11.0.0 and above)

Docker Desktop 4.15.0 (2022-12-01): https://docs.docker.com/desktop/release-notes/#4150 (compatible with macOS Catalina 10.15.7 and below)

  • Clone my GitLab repository with all the lab files:
robermb@MacBook-Pro-de-RoberMB $ git clone https://gitlab.com/RoberMB/lab_docker.git

Build my_lab and deploy the containers:

  • Build my_lab:
robermb@MacBook-Pro-de-RoberMB lab_docker $ . 1-build_my_lab.sh
  • Create containers:
robermb@MacBook-Pro-de-RoberMB lab_docker $ . 2-create_containers_from_inventory.sh inventory_small

Commands:

  • Build or rebuild services:
# Build Docker services defined in the docker-compose.yml file
$ docker-compose build
  • Create container node_manager:
# Start the Docker service named 'node_manager' in detached mode
$ docker-compose up -d node_manager
  • Connect to node_manager container:
# Access the bash shell of the 'node_manager' Docker container
$ docker exec -ti node_manager bash
  • Create container target_node1:
# Run a Docker container named 'target_node1' with specific configurations
$ docker run -d -ti --privileged --cgroupns=host  -v /sys/fs/cgroup:/sys/fs/cgroup:rw --network lab_docker_default --name target_node1 lab_docker-target_node
  • Create container target_node2:
# Run a Docker container named 'target_node2' with specific configurations
$ docker run -d -ti --privileged --cgroupns=host  -v /sys/fs/cgroup:/sys/fs/cgroup:rw --network lab_docker_default --name target_node2 lab_docker-target_node
  • Here the specific configurations I’ve mentioned before:
-d: Run the container in the background (detached mode).

-ti: Allocate a pseudo-TTY and keep STDIN open, allowing interactive access.

--privileged: Give extended privileges to this container. This option gives the container full access to the host system.

--cgroupns=host: Share the host's cgroup namespace with the container, allowing the container to view and manipulate cgroups on the host.

-v /sys/fs/cgroup:/sys/fs/cgroup:rw: Mount the host's cgroup filesystem into the container. This is related to container resource control using cgroups.

--network lab_docker_default: Connect the container to the 'lab_docker_default' network.

--name target_node1: Assign the name 'target_node1' to the running container.

lab_docker-target_node: The name of the Docker image used to create the container.

Avoid error during a second run:

If “target_node1” or/and “target_node2” nodes already exist you will receive the following error. This means that we have already deployed the containers before and just need to start them up:

docker: Error response from daemon: Conflict. 
The container name "/target_node1" is already in use by 
container "51668206d2461eb402543a1daa0914d4480ac2f8f4abaaa941d762ff822c9231". 
You have to remove (or rename) that container to be able to reuse that name.

To avoid that you can execute the docker start command to start the existing containers:

# Start Docker container target_node1
$ docker start target_node1

# Start Docker container target_node2
$ docker start target_node2

Checking Docker commands

  • Show docker containers, images, etc:
# Display running containers
$ docker ps

# Display all containers (including stopped ones)
$ docker ps -a

# List Docker images
$ docker images

# List Docker networks
$ docker network ls

Tests

  • From container node_manager:
$ docker exec -ti node_manager bash
  • Connect once to target hosts:
root@node_manager $ ssh target_node1
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

root@node_manager $ ssh target_node2
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Note: ssh password is set into the file ‘target_node.Dockerfile’ (example for the lab: mypassword)

  • Execute the playbook ping.yml:
root@node_manager $ cd /applis/12402-acfrb/repository/SAaas/roles

root@node_manager $ ansible-playbook ansible-tests/others/ping.yml -i ansible-tests/inv_target_nodes

Or remotely:

robermb@MacBook-Pro-de-RoberMB $ docker exec -ti node_manager ansible-playbook -i target_nodes ./roles/others/ping.yml

WORKAROUND

Workaround for “Unable to run systemd services on Docker Desktop” error: https://github.com/docker/for-mac/issues/6073

Dropping back to Docker Desktop 4.2.0 fixes the issue. I assume that it's related to the note in the 4.3.0 release notes:

Docker Desktop now uses cgroupv2. If you need to run systemd in a container then:

* Ensure your version of systemd supports cgroupv2. It must be at least systemd 247. Consider upgrading any centos:7 images to centos:8.

* Containers running systemd need the following options: --privileged --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw.

OFFICIAL DOCUMENTATION

  • Docker: The base command for the Docker CLI.

https://docs.docker.com/engine/reference/commandline/docker/

https://docs.docker.com/engine/reference/commandline/compose_build/

Compartir:
, , ,

This article was written by RoberMB

💻OS, ☁️Cloud, 🛡️Cybersecurity, ✈️Traveling #Linux, #Ansible, #AWS, #VMware, #Docker 🏴‍☠️ CEH v10, CPHE 🏴‍☠️ ... Always learning, always enjoying.

Leave a Reply

Your email address will not be published. Required fields are marked *