Ansible remote provisioner error when used with Docker builder #3260
Comments
|
Thanks for reporting this. Can you provide a minimal repro (i.e. templates and configs?). I can't see whether you are running docker on a remote host or locally on linux, or what's inside your images playbook for example. |
|
Attached is a test case that includes a packer configuration file and ansible playbook files that reproduce the issue I detailed above. Extract the archive and just run: packer build centos-7-x86_64-docker-base-image.jsonusing packer 0.9.0 and docker-1.10.0 on CentOS 7.2 to duplicate my test environment. The results are the same whether I run this on VMware or AWS. |
|
@cbednarski I think when should just warn or fail if there is a ansible provisioner configured for docker builder since there is no reason that a docker container should be accessible on SSH and add some docs. |
cbednarski
added
enhancement
stage/thinking
|
@rickard-von-essen I see your point and I think turning this into a validation error is a good fix for now. I think people will expect this to work. I have no plans to work on this, though. |
|
I just ran into this myself. I'm not sure I agree with the conclusion, however. Technically speaking, isn't it possible to do this? I ask because I'm not sure. It seems to me, as someone who appreciates build automation with Ansible and also appreciates smaller images which don't include downloading ansible into the running container to build the image, this should be possible but I appreciate if there are stumbling blocks preventing such a thing. Thanks. |
|
I'm willing to contribute to a fix if possible. |
|
@jstnlef I think it's only partially possible (and maybe not very useful) since ansible talks SSH and Docker of course speaks docker API, so it would only work if you start a container running sshd. |
|
Hrm. So it would seem that the fix should probably be on ansible's end if this were to happen, with minimal change here to use the new functionality. |
|
Is this fixable by changing which connection driver ansible uses? Packer would have to activate the docker connection driver any time the builder is docker. This is a new feature in ansible since 2.0: the ability to tunnel its commands over |
|
@b11z Interesting, the strange thin is that there is zero mentions about this in the official docs. |
|
This should be technically possible now. I suspect the problem is either that a ptty is being allocated or else the docker container doesn't have an sftp subsystem available where the ansible provisioner expects it to be. Just for everyone's clarification; the ansible provisioner does not require that sshd be run on the machine being provisioned; SSH is only used to communicate between Ansible and Packer, the ansible provisioner then translates SSH commands to Packer communicator commands to actually talk to the node. |
|
The Ansible remote provisioner with the Docker builder already works. You will need to change the ansible_connection from "ssh" to "docker" and set a Docker container name via the --name option. On a CI server you probably want to overwrite ansible_host with a random name. Example Packer template: {
"variables": {
"ansible_host": "default",
"ansible_connection": "docker"
},
"builders":[
{
"type": "docker",
"image": "centos:7",
"commit": true,
"run_command": [ "-d", "-i", "-t", "--name", "{{user `ansible_host`}}", "{{.Image}}", "/bin/bash" ]
}
],
"provisioners": [
{
"type": "ansible",
"groups": [ "webserver" ],
"playbook_file": "./webserver.yml",
"extra_arguments": [
"--extra-vars",
"ansible_host={{user `ansible_host`}} ansible_connection={{user `ansible_connection`}}"
]
}
]
}Example playbook: Build: |
|
👍 Excellent for this. It'd be great if this could end up making its way to the documentation :). Thanks. |
|
Using the docker connection that ships with Ansible 2.0 works for me. Thank you @yveslaroche. One thing to note, though, is that Ansible's docker connection implementation does not pass the "-t" flag to allocate a pseudo tty when translating ansible directives to execute via docker exec. Commands like sudo end up failing. I had to disable the "requiretty" setting in /etc/sudoers as a workaround. Hopefully they address this at some point. |
|
I can confirm that there are problems with the ansible-remote provisioner and docker builder. I am working on a solution and hope to submit a PR in the coming days. In the meantime, though, you should know that using Ansible's docker connection will work in some scenarios with Packer, but not all. Thankfully, the best supported scenario is also the primary use case; when the Docker host is accessible from the Packer host. But if you're using the amazon-instance builder to create a Docker image in coordination with the Artifice post-provisioner, I think you'll run into problems trying to use Ansible's docker connection. |
|
A simple, elegant, explanation. Better than any I've seen @yveslaroche Well done, sir |
|
I am getting the same problem, but specifying the docker connection and an image name as @yveslaroche suggests does not solve the problem. Here's my {
"builders": [
{
"type": "docker",
"image": "ubuntu:xenial",
"run_command": ["-d", "-i", "-t", "--name", "Project-{{timestamp}}", "{{.Image}}", "/bin/bash"],
"export_path": "image.tar"
}
],
"provisioners": [
{
"type": "ansible",
"playbook_file": "./playbook.yml",
"extra_arguments": [
"--vault-password-file", "vault_password",
"--connection", "docker"
]
}
]
}packer-io 0.10.1 |
|
@AndydeCleyre What's your OS and if you run docker-machine which version and driver? |
|
@rickard-von-essen I'm using Arch Linux, and don't run docker-machine. |
|
I have the same issue.. I get the following message: Docker-Image: fatal: [updatesvc]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: ( umask 22 && mkdir -p " |
|
I have tried runnin exactly the the packer template + playbook as suggested by @yveslaroche, unfortunately I get the same UNREACHABLE as @emoshaya-cognito. docker: 1.11.1 Any help on this would be hugely appreciated, or even some ideas about how to go about debugging it. EDIT: I note that I am running an identical setup to @AndydeCleyre |
|
I have found that adding |
|
This issue seems to have regressed with packer 1.0.2 |
|
Hi @nullobject, thanks for reaching out. This ticket is really old so it's probably not relevant to the issue you're seeing. If you're still having trouble, would you please open a new issue with the debug log and a json that reproduces the issue? Thanks! |
|
This is happening to me too, only not with the docker connect, I'm building a vmware-vmx machine from an ubuntu host with packer 1.0.3, it hangs on the ssh to the client machine. If I use packer 1.0.0, it works fine. |
|
@phreddrick there was a bug with ansible hanging that was introduced in 1.0.3, but 1.0.4 was released today and should fix it. |
|
LOL.. I literally downloaded 1.0.3 today.. Thanks! |
|
1.0.4 doesn't make any difference for me 😿 |
|
I found that everything is fine when running this from my droplet on DigitalOcean, but running Packer (1.0.2)/Ansible/Docker within a container (on CircleCI 2) was a nightmare. Probably because I don't understand it. This post worked though: I did have to add the "user": "root" property to the provisioner though. I wish I understood more about to figure out if I could correct something in the environment to have it just work like it did in the droplet. |
|
@lucasyvas I created #5287 to address this. Feel free to open an issue if the are missing information in the docs or ask a question on the mailing list. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Provisioning a docker image via the new ansible remote provisioner on packer 0.9.0 results in a fatal docker builder error. Ansible reports that the remote host is "UNREACHABLE", but the initial Ansible command to create temp directories reports back a syntax error.
The Ansible remote provisioner is configured as follows and the docker builder was run through packer 0.9.0 on CentOS 7.
{ "type" : "ansible", "ansible_env_vars" : [ "ANSIBLE_HOST_KEY_CHECKING=False", "ANSIBLE_SSH_ARGS='-v -o ControlMaster=auto -o ControlPersist=15m'" ], "extra_arguments" : [ "-vvv", "--tags='base'" ], "playbook_file" : "provisioners/ansible/playbooks/images.yml" }The entire Ansible remote provisioning step with PACKER_LOG=1 is included below.
The text was updated successfully, but these errors were encountered: