Saturday, 2016-08-13 Posted in [Ansible][Linux]
LXC is one of many available containerization solutions for Linux. Ansible has basic support for LXC integrated, which is fine if you do not intend to do much inside of the container (aka: fire & forget). My goal however is to start a full flavored container, and manage this container with Ansible as well. That’s where things get a bit tricky, and looking around I couldn’t find much documentation how to do this.
This posting describes my approach.
I had several problems to solve:
A container usually has a private IP-address on the hypervisor host
Ansible needs to know on which hypervisor the container must be started
Ansible can’t connect to the container before it is started
Define hypervisors and containers
In order to solve the first problem, I grouped my hypervisor hosts and my container hosts in two groups in my host file:
# hypervisor group
# VM group
Add hypervisor information
Every container needs additional information on which hypervisor it is running:
After this play, the container is created and started, Python is installed in it, the default ubuntu user is setup to run sudo without password. Also ssh keys for the host (hypervisor) are created, and exchanged with the container. Creating ssh keys can probably be moved into the hypervisor setup, but it’s included here for completeness.
Setup connection information for the container
In order to connect Ansible to the container, it needs to use the hypervisor as proxy:
The ssh arguments will use key authentication to connect to the hypervisor host (the inner ProxyCommand), and will ignore unknown keys for connecting to the container (else you need to exchange keys between your container and the Ansible host).
Now Ansible can connect to the container and you can deploy your regular plays there as well.