From 959a6ac0b1a7aedf97d775788d2e9feabebd1f9c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Jun 2022 14:42:04 +0300 Subject: [PATCH] Upgrade devture/ansible version and documen nsenter usage Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1772 --- docs/ansible.md | 51 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index 50cf83ed..5802e8cb 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting ## Using Ansible via Docker -Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). +Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image). -Here's a sample command to get you started (run this from the playbook's directory): +This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook. + +There are 2 ways to go about it: + +- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) +- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server) + + +### Running Ansible in a container on the Matrix server itself + +To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation. +Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it: + +- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker +- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around + +Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md). + +You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH. +Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...` + +Run this from the playbook's directory: + +```bash +docker run -it --rm \ +--privileged \ +--pid=host \ +-w /work \ +-v `pwd`:/work \ +--entrypoint=/bin/sh \ +docker.io/devture/ansible:2.13.0-r0 +``` + +Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. +The `/work` directory contains the playbook's code. + +You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. + + +### Running Ansible in a container on another computer (not the Matrix server) + +Run this from the playbook's directory: ```bash docker run -it --rm \ @@ -51,7 +92,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.11.6-r1 +docker.io/devture/ansible:2.13.0-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). @@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook` commands as per normal now. +You can execute `ansible-playbook ...` commands as per normal now. -### If you don't use SSH keys for authentication +#### If you don't use SSH keys for authentication If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`). To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run: