Ansible Connecting to remote Docker container over SSH

Question

I have the following situation: I have a remote server that runs docker with a Postgres container. The Postgres instance is only reachable through a docker network, not directly from the remote server.

I am trying to create an ansible role that makes sure all the required databases and users exist in the Postgres instance. For this I am trying to make Ansible first connect to the remote server, then connect to the Postgres docker container, and from there use the community.postgresql.postgresql_* modules to create the databases and users. However, I am stuck trying to get Ansible to do the nested connection. I currently have the following ansible-playbook:

# playbook.yml
- name: Postgres
  hosts: dockerservers
  roles:
    - name: postgres
      tags: [postgres, never]
roles/postgres/tasks/main.yml

name: Connect to database docker container
add_host:
  name: "postgres"
  ansible_connection: docker
changed_when: false

name: Inside postgres docker container
delegate_to: "postgres"
block:

name: Debug
community.postgresql.postgresql_info:

Docker tries to use the local docker cli (which is not installed) to connect to the remote docker daemon. Is there a way to somehow hop from the remote server to the docker container, instead of trying to directly connect to it?

score 1 · Answer 1 · answered Jul 16 '23 at 08:29

I have found a hacky workaround for my problem. I replicated the behavior of the community.postgresql.* modules that I want to use in a bash script and execute it using the community.docker.docker_container module.

- name: Ensure databases and users exist
  register: "pg_ensure_db"
  changed_when: "not 'created' in pg_ensure_db.container.Output"
  community.docker.docker_container:
    name: postgresql-ensure-db
    image: "{{postgres_image}}"
    cleanup: true
    detach: false
    networks:
      - name: "db"
    command_handling: correct
    command: ["bash", "-c", "{{lookup('template', 'postgres-ensure-db.j2.sh')}}" ]

While this is not directly an answer to my question, and certainly less maintainable than if it was done natively using Ansible, I thought I would share it anyway until I find a better solution.

don Rumata · Answer 2 · 2024-11-22T11:42:01.587

I used this solution:

ssh u.local
git clone https://github.com/serkodev/rabbitmq-cluster-docker
cd ./rabbitmq-cluster-docker
docker compose up -d
exit

ssh -L /tmp/docker.sock:/var/run/docker.sock u.local

cat inventory/docker.yml:

plugin: community.docker.docker_containers
docker_host: unix:///tmp/docker.sock
filters:
  - exclude: >-
      inventory_hostname.startswith("rabbitmq-cluster-docker-haproxy")

ansible-playbook -i inventory/docker.yml ping.yml

output:

rabbitmq-cluster-docker-rabbitmq1-1 : ok=2    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
rabbitmq-cluster-docker-rabbitmq2-1 : ok=2    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
rabbitmq-cluster-docker-rabbitmq3-1 : ok=2    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

src: https://stackoverflow.com/a/59829788

Ansible Connecting to remote Docker container over SSH

roles/postgres/tasks/main.yml

2 Answers2