I’d like to share in this post a quick setup using Docker containers for Ansible testing.

I wanted to create a small lab for my Ansible scripts testing. The natural option that came to my mind was to create some virtual machines with Virtualbox using Vagrant in order to automate that process. However as I’m using a Macbook with a chip Apple M1, Virtualbox is not supported on that hardware. I then decided to explore using containers instead of virtual machines.

The first step is to look after an existing docker image that would already have Ansible and Openssh installed. There is no need to reinvente the wheel in the age of space travelling so my colleague Jean-Philippe Clapot (our Docker guru!) quickly spotted the perfect image for my need: https://hub.docker.com/r/jcpowermac/alpine-ansible-ssh

The launch

As docker and Docker desktop are already installed on my laptop I just have to pull that image:

% docker pull jcpowermac/alpine-ansible-ssh

Then I can run some containers:

% docker run --name=controller --platform linux/amd64 -d jcpowermac/alpine-ansible-ssh
% docker run --name=target1 --platform linux/amd64 -d jcpowermac/alpine-ansible-ssh
% docker run --name=target2 --platform linux/amd64 -d jcpowermac/alpine-ansible-ssh

The idea for now is to have one container named “controller” on which I’ll write and run my Ansible scripts. Then, two target containers named “target1” and “target2” will be the targeting hosts of my scripts. Using containers instead of Virtual Machine give me plenty of spare resources to run much more of those bad boys when doing more advanced Ansible testing. Note the parameter --platform linux/amd64 which specify the platform to use on my Apple M1 chip. Without this parameter you get a warning but the container is properly created anyway.

All three containers are now up and running:

% docker ps
CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS          PORTS     NAMES
786309da3987   jcpowermac/alpine-ansible-ssh   "/bin/ash -c '/usr/s…"   5 seconds ago    Up 4 seconds              target2
abe685b1f1ab   jcpowermac/alpine-ansible-ssh   "/bin/ash -c '/usr/s…"   28 seconds ago   Up 27 seconds             target1
e063d4e9267d   jcpowermac/alpine-ansible-ssh   "/bin/ash -c '/usr/s…"   44 seconds ago   Up 43 seconds             controller

The network

As this setup is only for temporary tests, I didn’t create a dedicated network for those containers. They all use the default bridge network in the default range 172.17.0.0/16.

The first container “controller” get the first free IP Address in this range which is 172.17.0.2/16 (172.17.0.1/16 is taken by the bridge interface. Each target will get the next free IP Address. We can check the IP Addresses assigned to the containers with the one-liner below:

% for i in $(docker ps|awk '{print $1}'|tail -n +2); do docker exec $i ip a|grep 172.17;done
    inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0

We can now connect to the controller container and check the ansible version installed in this image:

% docker exec -it controller /bin/sh
/ # id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

/ # ansible --version
ansible 2.7.2
  config file = None
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15 (default, Aug 16 2018, 14:17:09) [GCC 6.4.0]

This Docker image comes with the user ansible already created so let’s use it:

/ # su ansible
~/projects $ pwd
/home/ansible/projects
~/projects $ id
uid=1000(ansible) gid=1000(ansible) groups=1000(ansible)
~/projects $

We can first check the connectivity:

~/projects $ ssh 172.17.0.3
The authenticity of host '172.17.0.3 (172.17.0.3)' can't be established.
ECDSA key fingerprint is SHA256:ntBTgrAxi9bUSIb47U31BFzD4rE5ktFnwRxztqXFICE.
Are you sure you want to continue connecting (yes/no)? yes

~/projects $ ssh 172.17.0.4
The authenticity of host '172.17.0.4 (172.17.0.4)' can't be established.
ECDSA key fingerprint is SHA256:ntBTgrAxi9bUSIb47U31BFzD4rE5ktFnwRxztqXFICE.
Are you sure you want to continue connecting (yes/no)? yes

~/projects $

From the controller I can ssh to target1 and target2, my setup is now completed and I can start playing with Ansible.

The Ansible test

The first step is to create an inventory file in the home folder:

~/projects $ cat <<EOF > inventory.txt
target1 ansible_host=172.17.0.3
target2 ansible_host=172.17.0.4
EOF

We can then run a basic Ansible command against our both target:

~/projects $ ansible target* -m ping -i inventory.txt
target2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
target1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

All is working as expected, our test platform is now ready for more advanced Ansible testing.

Learn more on Ansible with our Training course: https://www.dbi-services.com/en/courses/ansible-basics/


Thumbnail [60x60]
by
Benoît Entzmann