Testing Ansible playbooks often requires a controlled environment where configurations and commands can be executed without interference. A blank Docker container provides an isolated environment that can be easily reset or modified, allowing for extensive testing of Ansible configurations. This setup facilitates a streamlined process for testing playbooks, ensuring that they function correctly before being deployed in production.
Setup
A blank Docker container is spun up with SSH access enabled to perform tasks using Ansible.
This container is based on Ubuntu 20.04 and includes necessary components such as openssh-server
and systemd
to simulate a more traditional server environment.
The container is configured to run commands via SSH and allows for testing Ansible playbooks in a controlled setting.
Creating the Docker Environment:
The following Dockerfile creates a minimal environment with SSH enabled. This configuration is useful for basic testing scenarios where system services are not required.
FROM ubuntu:20.04
RUN apt update && apt install openssh-server sudo -y
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 test
RUN echo 'test:test' | chpasswd
RUN service ssh start
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
This Dockerfile installs the openssh-server
and creates a user named “test” with sudo privileges, allowing remote SSH access for Ansible to connect and execute commands.
Dockerfile with Systemd for Testing More Complex Scenarios:
For cases requiring a systemd environment, a more advanced Dockerfile is used. This configuration allows testing services managed by systemd, which is not natively available in Docker containers.
FROM ubuntu:20.04
RUN apt-get update && \
apt-get install -y --no-install-recommends \
systemd systemd-sysv dbus dbus-user-session
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
This setup is useful for simulating a real-world environment where services need to be managed by systemd, making it ideal for more comprehensive Ansible playbook testing.
Combining SSH and Systemd in a Docker Container:
To incorporate both SSH and systemd functionalities, a combined Dockerfile is used. This file creates an environment where Ansible can connect via SSH and also control services managed by systemd.
FROM ubuntu:20.04
RUN apt update && apt install -y --no-install-recommends \
openssh-server sudo \
systemd systemd-sysv dbus dbus-user-session
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 test
RUN echo 'test:test' | chpasswd
RUN echo 'root:root' | chpasswd
RUN printf '#!/bin/sh\nexit 0' > /usr/sbin/policy-rc.d
RUN printf "systemctl start systemd-logind" >> /etc/profile
RUN service ssh start
EXPOSE 22
CMD ["/bin/bash", "-c", "/sbin/init", "&&", "/usr/sbin/sshd","-D"]
This Dockerfile includes openssh-server
for SSH connectivity, adds a test user, and sets up systemd components, allowing the container to function similarly to a standard Ubuntu server.
The container starts the SSH service and systemd, providing a robust environment for testing.
Additional Considerations:
Running commands as “root” in Docker containers can pose security concerns. It is essential to investigate and address these risks, particularly in environments where elevated privileges could lead to vulnerabilities.
The lack of a native init system within Docker containers also requires workarounds, such as the use of systemd within the container. A solution involving systemctl
commands is necessary for scenarios requiring full control over system services.
Conclusion:
By using Docker containers configured with SSH and systemd, Ansible playbooks can be tested in environments that closely mimic production servers. This method provides a flexible and secure way to ensure configurations are correct and perform as expected, ultimately saving time and reducing errors in deployment.