4

I'm unable to run my ansible playbook inside a Dockerfile due to authentication issues.

Here's my dockerfile:

FROM ubuntu:14.04
MAINTAINER hyperfocus

# Update system and install ansible
RUN apt-get -y update
RUN apt-get install -y python-yaml python-jinja2 git
RUN git clone http://github.com/ansible/ansible.git /tmp/ansible

# Set environment
WORKDIR /tmp/ansible
ENV PATH /tmp/ansible/bin:/sbin:/usr/sbin:/usr/bin
ENV ANSIBLE_LIBRARY /tmp/ansible/library
ENV PYTHONPATH /tmp/ansible/lib:$PYTHON_PATH

# Add repo key and add it to known hosts
ADD id_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts

# Bootstrap playbook
RUN git clone git@bitbucket.org:xxx/xxx.git /tmp/playbook
ADD hosts /etc/ansible/hosts
WORKDIR /tmp/playbook

# Bootstrap
RUN ansible-playbook /tmp/playbook/site.yml -c local -t bootstrap

# Debug
# RUN ansible all -m ping -i /etc/ansible/hosts -vvvvvv

# Container settings
EXPOSE 22 3000
ENTRYPOINT [“/usr/bin/foo”]

My hosts file:

[web]
localhost ansible_connection=local

[database]
localhost ansible_connection=local

[cache]
localhost ansible_connection=local

Output:

PLAY [bootstrap installer] ****************************************************

GATHERING FACTS ***************************************************************
fatal: [localhost] => Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-tmp-1403661775.03-87881370436819 && echo $HOME/.ansible/tmp/ansible-tmp-1403661775.03-87881370436819, exited with result 127

What am I missing here?

Hyperfocus
  • 1,177
  • 4
  • 14
  • 23
  • We've had issues with /root not being the home directory for the active process... Try moving the ssh files into / --> /.ssh/ and debug interactively by logging into the container and running it manually just to be sure ;) – Gekkie Jul 14 '14 at 12:02

1 Answers1

1

Ansible is running in the container trying to connect to the container so you need to authorize both the container and the root user. The container must be a known host and root's public key must be authorized. For example:

RUN ssh-keyscan -t rsa 127.0.0.1 >>/root/.ssh/known_hosts
RUN cat /root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys

I am using Docker version 1.1.2, build d84a070. Logged in to my container (as root) I found that pip used /.pip and not /root/.pip; while ssh used /root/.ssh as expected and not /.ssh as Gekkie suggested.

paul
  • 11
  • 1