Skip to content

Latest commit

 

History

History
216 lines (166 loc) · 14.4 KB

README.md

File metadata and controls

216 lines (166 loc) · 14.4 KB

Docker Images Logo

Build Status License Support us
serversideup/ansible pullsserversideup/ansible-core pulls Discord

Introduction

serversideup/ansible is a lightweight solution for running Ansible in a containerized environment. This project builds upon many things we learned from willhallonline/docker-ansible. It provides a secure and isolated environment for running Ansible tasks, with support for both Alpine and Debian-based distributions and gives you the flexibility to run Ansible as an unprivileged user without the headaches of proper file permissions.

Features

  • 🐧 Debian and Alpine - Choose your OS
  • 🐍 Built on official Python images - Choose your Python version
  • 🔒 Unprivileged user - Choose to run as root or an unprivileged user
  • 📌 Pinned Ansible Version - Set your Ansible version down to the patch version
  • 🔧 Customize your "run as" user - Customize the username to run as
  • 🔑 Set your own PUID and PGID - Have the PUID and PGID match your host user
  • 📦 DockerHub and GitHub Container Registry - Choose where you'd like to pull your image from
  • 🤖 Multi-architecture - Every image ships with x86_64 and arm64 architectures

Usage

Getting started is easy. Here's a few tips on how to use this image.

Choose between ansible and ansible-core

Our images are available on Docker Hub and GitHub Container Registry 🥳

DockerHub:

GitHub Container Registry:

Versions are made available with ansible and ansible-core. Everything is versioned appropriately according to the Ansible release process.

Variation Image Size Description
serversideup/ansible-core DockerHub serversideup/ansible-core:alpine
DockerHub serversideup/ansible-core
Lightweight, core installation of Ansible.
serversideup/ansible DockerHub serversideup/ansible:alpine
DockerHub serversideup/ansible
"Batteries included" installation of Ansible.

Image Tagging System

Our Docker images use a comprehensive tagging system for flexibility and specificity.

Tag Components

Component Example
Ansible version 2.17.3, 2.17
Base OS alpine3.20, bullseye
Python version python3.11
OS family alpine, debian

Tag Examples

Tag Meaning
2.17.3-alpine3.20-python3.11 Most specific
2.17.3-alpine3.20 Latest Python for specific Ansible and OS
2.17.3 Latest OS and Python for specific Ansible
2.17-alpine3.20-python3.11 Latest patch for Ansible minor version
2.17-alpine-python3.11 OS family-based

Run a playbook

Important

In almost all cases you will need to mount a volume to the Ansible "working directory" (default: /ansible) and your SSH configurations (usually ~/.ssh).

docker run --rm -it \
  -v "$HOME/.ssh:/ssh" \
  -v "$(pwd):/ansible" \
  serversideup/ansible:latest ansible-playbook playbook.yml

Change the "run as" user, PUID and PGID

docker run --rm -it \
  -v "$HOME/.ssh:/ssh" \
  -v "$(pwd):/ansible" \
  -e PUID=9999 -e PGID=9999 \
  -e RUN_AS_USER=bob \
  serversideup/ansible:latest ansible-playbook playbook.yml

Run a shell

docker run --rm -it \
  -v "$HOME/.ssh:/ssh" \
  -v "$(pwd):/ansible" \
  serversideup/ansible:latest /bin/sh

Working with SSH

Note

Working with SSH keys can be tricky, especially if we're setting a RUN_AS_USER dynamically. We created a few things to help reduce the headache of getting this configured.

The /ssh directory

By default, we have a /ssh directory that is symbolically linked from ~/.ssh. The /ssh directory is used as our single source of truth for SSH keys and configurations.

If you set RUN_AS_USER, the entrypoint will create a home directory at /home/${RUN_AS_USER}, then create a symbolic link from /home/${RUN_AS_USER}/.ssh to /ssh. This gives you the power to set your RUN_AS_USER to anything you want without us needing to predict what user you want to run as.

Mounting the SSH auth socket

The SSH auth socket is a Unix socket used by the SSH agent to communicate with other processes, allowing for secure key management. To use it with Docker, you can mount it as follows:

macOS:

docker run --rm -it \
  -v "$HOME/.ssh:/ssh:ro" \
  -v "$HOME/.ssh/known_hosts:/ssh/known_hosts:rw" \
  -v "$(pwd):/ansible" \
  -v "/run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock" \
  -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" \
  serversideup/ansible:latest ansible-playbook playbook.yml

Notice how we're matching the SSH_AUTH_SOCK to the host's socket. This is necessary for the SSH agent to communicate with the container.

Linux:

docker run --rm -it \
  -v "$HOME/.ssh:/ssh:ro" \
 -v "$HOME/.ssh/known_hosts:/ssh/known_hosts:rw" \
  -v "$(pwd):/ansible" \
  -v "$SSH_AUTH_SOCK:$SSH_AUTH_SOCK" \
  -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK" \
  serversideup/ansible:latest ansible-playbook playbook.yml

Environment Variables

You can customize the image easily with the following environment variables:

Variable Default Description
PUID 1000 Set the User ID that you'd like to run Ansible as
PGID 1000 Set the Group ID that you'd like to run Ansible as
RUN_AS_USER ansible The username you'd like to run Ansible as (this will be created for you and will default to an unprivileged user)
DEBUG false Enable debug output of container startup

Resources

  • DockerHub to browse the images.
  • Discord for friendly support from the community and the team.
  • GitHub for source code, bug reports, and project management.
  • Get Professional Help - Get video + screen-sharing help directly from the core contributors.

Contributing

As an open-source project, we strive for transparency and collaboration in our development process. We greatly appreciate any contributions members of our community can provide. Whether you're fixing bugs, proposing features, improving documentation, or spreading awareness - your involvement strengthens the project. Please review our code of conduct to understand how we work together respectfully.

Need help getting started? Join our Discord community and we'll help you out!

Our Sponsors

All of our software is free an open to the world. None of this can be brought to you without the financial backing of our sponsors.

Sponsors

Black Level Sponsors

Sevalla

Bronze Sponsors

No bronze sponsors yet. Become a sponsor →

Individual Supporters

GeekDougle  JQuilty  MaltMethodDev  

About Us

We're Dan and Jay - a two person team with a passion for open source products. We created Server Side Up to help share what we learn.

Dan Pastori
Jay Rogers


Find us at:

  • 📖 Blog - Get the latest guides and free courses on all things web/mobile development.
  • 🙋 Community - Get friendly help from our community members.
  • 🤵‍♂️ Get Professional Help - Get video + screen-sharing support from the core contributors.
  • 💻 GitHub - Check out our other open source projects.
  • 📫 Newsletter - Skip the algorithms and get quality content right to your inbox.
  • 🐥 Twitter - You can also follow Dan and Jay.
  • ❤️ Sponsor Us - Please consider sponsoring us so we can create more helpful resources.

Our products

If you appreciate this project, be sure to check out our other projects.

📚 Books

🛠️ Software-as-a-Service

  • Bugflow: Get visual bug reports directly in GitHub, GitLab, and more.
  • SelfHost Pro: Connect Stripe or Lemonsqueezy to a private docker registry for self-hosted apps.

🌍 Open Source

  • AmplitudeJS: Open-source HTML5 & JavaScript Web Audio Library.
  • Spin: Laravel Sail alternative for running Docker from development → production.
  • Financial Freedom: Open source alternative to Mint, YNAB, & Monarch Money.