Docker image for ansible
All #awesome-ci Docker images
ansible-lint • ansible • awesome-ci • bandit • black • checkmake • eslint • file-lint • gofmt • goimports • golint • jsonlint • kubeval • linkcheck • mypy • php-cs-fixer • phpcbf • phpcs • phplint • pycodestyle • pydocstyle • pylint • terraform-docs • terragrunt-fmt • terragrunt • yamlfmt • yamllint
View Dockerfiles on GitHub.
Available Architectures: amd64, arm64
Tiny Alpine-based multistage-build dockerized version of Ansible[1] in many different flavours. It comes with Mitogen[2] to speed up your runs by up to 600%[3][4] (see Examples). The image is built nightly against multiple stable versions and pushed to Dockerhub.
- [1] Official project: https://github.com/ansible/ansible
- [2] Official project: https://github.com/dw/mitogen
- [3] How to Speed Up Your Ansible Playbooks Over 600%
- [4] Mitogen for Ansible
🐳 Available Docker image versions
This repository provides many different Ansible flavours (each flavour also divided into different Ansible versions).
The following tree shows how the different flavours derive from each other (each child has all the tools and features of its parent plus its own additions).
base #docker-tag: :latest
| :<version>
|
tools #docker-tag: :latest-tools
/ | \ :<version>-tools
/ | \
infra azure aws #docker-tag: :latest-infra :latest-azure :latest-aws
| :<version>-infra :<version>-azure :<version>-aws
|
awsk8s #docker-tag: :latest-awsk8s
/ \ :<version>-awsk8s
/ \
awskops awshelm #docker-tag :latest-awskops :latest-awshelm
:<version>-awskops :<version>-awshelm
<version>refers to the latest[1], patch-level version of Ansible. E.g.:2.9,2.10,2.11, ...
[1]: latest as docker images are (re)built every night via CI against the latest available patch level version of Ansible
The following table shows a quick overview of provided libraries and tools for each flavour. For more details see further down below.
| Flavour | Based on | Additional Python libs | Additional binaries |
|---|---|---|---|
| base | - | cffi, cryptography, Jinja2, junit-xml, lxml, paramiko, PyYAML |
- |
| tools | base | dnspython, JMESPath, mitogen |
bash, git, gpg, jq, ssh, yq |
| infra | tools | docker, docker-compose, jsondiff, netaddr, pexpect, psycopg2, pyldap, pypsexec, pymongo, PyMySQL, pywinrm, smbprotocol |
rsync, sshpass |
| azure | tools | azure-* |
az |
| aws | tools | awscli, botocore, boto, boto3 |
aws, aws-iam-authenticator |
| awsk8s | aws | openshift |
kubectl, oc |
| awskops | awsk8s | - | kops |
| awshelm | awsk8s | - | helm |
🔁 Rolling releases
The following Docker image tags are rolling releases and are built and updated every night.
Ansible base
The following Ansible Docker images are as small as possible and only contain Ansible itself.
| Docker Tag | Git Ref | Ansible | Available Architectures |
|---|---|---|---|
latest |
master | latest | amd64, arm64 |
2.13 |
master | 2.13.x |
amd64, arm64 |
2.12 |
master | 2.12.x |
amd64, arm64 |
2.11 |
master | 2.11.x |
amd64, arm64 |
2.10 |
master | 2.10.x |
amd64, arm64 |
2.9 |
master | 2.9.x |
amd64, arm64 |
2.8 |
master | 2.8.x |
amd64, arm64 |
Ansible tools
The following Ansible Docker images contain everything from Ansible base and additionally: bash, git, gpg, jq, ssh and dnspython and Ansible mitogen strategy plugin (see Examples).
| Docker Tag | Git Ref | Ansible | Available Architectures |
|---|---|---|---|
latest-tools |
master | latest | amd64, arm64 |
2.13-tools |
master | 2.13.x |
amd64, arm64 |
2.12-tools |
master | 2.12.x |
amd64, arm64 |
2.11-tools |
master | 2.11.x |
amd64, arm64 |
2.10-tools |
master | 2.10.x |
amd64, arm64 |
2.9-tools |
master | 2.9.x |
amd64, arm64 |
2.8-tools |
master | 2.8.x |
amd64, arm64 |
Ansible azure
The following Ansible Docker images contain everything from Ansible tools and additionally: azure.
| Docker Tag | Git Ref | Ansible | Available Architectures |
|---|---|---|---|
latest-azure |
master | latest | amd64, arm64 |
2.13-azure |
master | 2.13.x |
amd64, arm64 |
2.12-azure |
master | 2.12.x |
amd64, arm64 |
2.11-azure |
master | 2.11.x |
amd64, arm64 |
2.10-azure |
master | 2.10.x |
amd64, arm64 |
2.9-azure |
master | 2.9.x |
amd64, arm64 |
2.8-azure |
master | 2.8.x |
amd64, arm64 |
Ansible aws
The following Ansible Docker images contain everything from Ansible tools and additionally: aws-cli, boto, boto3 and botocore.
| Docker Tag | Git Ref | Ansible | Available Architectures |
|---|---|---|---|
latest-aws |
master | latest | amd64, arm64 |
2.13-aws |
master | 2.13.x |
amd64, arm64 |
2.12-aws |
master | 2.12.x |
amd64, arm64 |
2.11-aws |
master | 2.11.x |
amd64, arm64 |
2.10-aws |
master | 2.10.x |
amd64, arm64 |
2.9-aws |
master | 2.9.x |
amd64, arm64 |
2.8-aws |
master | 2.8.x |
amd64, arm64 |
Ansible awsk8s
The following Ansible Docker images contain everything from Ansible aws and additionally: openshift and kubectl.
| Docker Tag | Git Ref | Ansible | Available Architectures |
|---|---|---|---|
latest-awsk8s |
master | latest | amd64, arm64 |
2.13-awsk8s |
master | 2.13.x |
amd64, arm64 |
2.12-awsk8s |
master | 2.12.x |
amd64, arm64 |
2.11-awsk8s |
master | 2.11.x |
amd64, arm64 |
2.10-awsk8s |
master | 2.10.x |
amd64, arm64 |
2.9-awsk8s |
master | 2.9.x |
amd64, arm64 |
2.8-awsk8s |
master | 2.8.x |
amd64, arm64 |
Ansible awskops
The following Ansible Docker images contain everything from Ansible awsk8s and additionally: kops in its latest patch level version.
| Docker Tag | Git Ref | Ansible | Kops | Available Architectures |
|---|---|---|---|---|
latest-awskops1.25 |
master | latest | 1.25.x |
amd64, arm64 |
2.13-awskops1.25 |
master | 2.13.x |
1.25.x |
amd64, arm64 |
2.12-awskops1.25 |
master | 2.12.x |
1.25.x |
amd64, arm64 |
2.11-awskops1.25 |
master | 2.11.x |
1.25.x |
amd64, arm64 |
2.10-awskops1.25 |
master | 2.10.x |
1.25.x |
amd64, arm64 |
2.9-awskops1.25 |
master | 2.9.x |
1.25.x |
amd64, arm64 |
2.8-awskops1.25 |
master | 2.8.x |
1.25.x |
amd64, arm64 |
latest-awskops1.24 |
master | latest | 1.24.x |
amd64, arm64 |
2.13-awskops1.24 |
master | 2.13.x |
1.24.x |
amd64, arm64 |
2.12-awskops1.24 |
master | 2.12.x |
1.24.x |
amd64, arm64 |
2.11-awskops1.24 |
master | 2.11.x |
1.24.x |
amd64, arm64 |
2.10-awskops1.24 |
master | 2.10.x |
1.24.x |
amd64, arm64 |
2.9-awskops1.24 |
master | 2.9.x |
1.24.x |
amd64, arm64 |
2.8-awskops1.24 |
master | 2.8.x |
1.24.x |
amd64, arm64 |
latest-awskops1.23 |
master | latest | 1.23.x |
amd64, arm64 |
2.13-awskops1.23 |
master | 2.13.x |
1.23.x |
amd64, arm64 |
2.12-awskops1.23 |
master | 2.12.x |
1.23.x |
amd64, arm64 |
2.11-awskops1.23 |
master | 2.11.x |
1.23.x |
amd64, arm64 |
2.10-awskops1.23 |
master | 2.10.x |
1.23.x |
amd64, arm64 |
2.9-awskops1.23 |
master | 2.9.x |
1.23.x |
amd64, arm64 |
2.8-awskops1.23 |
master | 2.8.x |
1.23.x |
amd64, arm64 |
latest-awskops1.22 |
master | latest | 1.22.x |
amd64, arm64 |
2.13-awskops1.22 |
master | 2.13.x |
1.22.x |
amd64, arm64 |
2.12-awskops1.22 |
master | 2.12.x |
1.22.x |
amd64, arm64 |
2.11-awskops1.22 |
master | 2.11.x |
1.22.x |
amd64, arm64 |
2.10-awskops1.22 |
master | 2.10.x |
1.22.x |
amd64, arm64 |
2.9-awskops1.22 |
master | 2.9.x |
1.22.x |
amd64, arm64 |
2.8-awskops1.22 |
master | 2.8.x |
1.22.x |
amd64, arm64 |
latest-awskops1.21 |
master | latest | 1.21.x |
amd64, arm64 |
2.13-awskops1.21 |
master | 2.13.x |
1.21.x |
amd64, arm64 |
2.12-awskops1.21 |
master | 2.12.x |
1.21.x |
amd64, arm64 |
2.11-awskops1.21 |
master | 2.11.x |
1.21.x |
amd64, arm64 |
2.10-awskops1.21 |
master | 2.10.x |
1.21.x |
amd64, arm64 |
2.9-awskops1.21 |
master | 2.9.x |
1.21.x |
amd64, arm64 |
2.8-awskops1.21 |
master | 2.8.x |
1.21.x |
amd64, arm64 |
latest-awskops1.20 |
master | latest | 1.20.x |
amd64, arm64 |
2.13-awskops1.20 |
master | 2.13.x |
1.20.x |
amd64, arm64 |
2.12-awskops1.20 |
master | 2.12.x |
1.20.x |
amd64, arm64 |
2.11-awskops1.20 |
master | 2.11.x |
1.20.x |
amd64, arm64 |
2.10-awskops1.20 |
master | 2.10.x |
1.20.x |
amd64, arm64 |
2.9-awskops1.20 |
master | 2.9.x |
1.20.x |
amd64, arm64 |
2.8-awskops1.20 |
master | 2.8.x |
1.20.x |
amd64, arm64 |
latest-awskops1.19 |
master | latest | 1.19.x |
amd64, arm64 |
2.13-awskops1.19 |
master | 2.13.x |
1.19.x |
amd64, arm64 |
2.12-awskops1.19 |
master | 2.12.x |
1.19.x |
amd64, arm64 |
2.11-awskops1.19 |
master | 2.11.x |
1.19.x |
amd64, arm64 |
2.10-awskops1.19 |
master | 2.10.x |
1.19.x |
amd64, arm64 |
2.9-awskops1.19 |
master | 2.9.x |
1.19.x |
amd64, arm64 |
2.8-awskops1.19 |
master | 2.8.x |
1.19.x |
amd64, arm64 |
Ansible awshelm
The following Ansible Docker images contain everything from Ansible awsk8s and additionally: helm in its latest patch level version.
| Docker Tag | Git Ref | Ansible | Helm | Available Architectures |
|---|---|---|---|---|
latest-awshelm3.11 |
master | latest | 3.11.x |
amd64, arm64 |
2.13-awshelm3.11 |
master | 2.13.x |
3.11.x |
amd64, arm64 |
2.12-awshelm3.11 |
master | 2.12.x |
3.11.x |
amd64, arm64 |
2.11-awshelm3.11 |
master | 2.11.x |
3.11.x |
amd64, arm64 |
2.10-awshelm3.11 |
master | 2.10.x |
3.11.x |
amd64, arm64 |
2.9-awshelm3.11 |
master | 2.9.x |
3.11.x |
amd64, arm64 |
2.8-awshelm3.11 |
master | 2.8.x |
3.11.x |
amd64, arm64 |
latest-awshelm3.10 |
master | latest | 3.10.x |
amd64, arm64 |
2.13-awshelm3.10 |
master | 2.13.x |
3.10.x |
amd64, arm64 |
2.12-awshelm3.10 |
master | 2.12.x |
3.10.x |
amd64, arm64 |
2.11-awshelm3.10 |
master | 2.11.x |
3.10.x |
amd64, arm64 |
2.10-awshelm3.10 |
master | 2.10.x |
3.10.x |
amd64, arm64 |
2.9-awshelm3.10 |
master | 2.9.x |
3.10.x |
amd64, arm64 |
2.8-awshelm3.10 |
master | 2.8.x |
3.10.x |
amd64, arm64 |
latest-awshelm3.9 |
master | latest | 3.9.x |
amd64, arm64 |
2.13-awshelm3.9 |
master | 2.13.x |
3.9.x |
amd64, arm64 |
2.12-awshelm3.9 |
master | 2.12.x |
3.9.x |
amd64, arm64 |
2.11-awshelm3.9 |
master | 2.11.x |
3.9.x |
amd64, arm64 |
2.10-awshelm3.9 |
master | 2.10.x |
3.9.x |
amd64, arm64 |
2.9-awshelm3.9 |
master | 2.9.x |
3.9.x |
amd64, arm64 |
2.8-awshelm3.9 |
master | 2.8.x |
3.9.x |
amd64, arm64 |
latest-awshelm3.8 |
master | latest | 3.8.x |
amd64, arm64 |
2.13-awshelm3.8 |
master | 2.13.x |
3.8.x |
amd64, arm64 |
2.12-awshelm3.8 |
master | 2.12.x |
3.8.x |
amd64, arm64 |
2.11-awshelm3.8 |
master | 2.11.x |
3.8.x |
amd64, arm64 |
2.10-awshelm3.8 |
master | 2.10.x |
3.8.x |
amd64, arm64 |
2.9-awshelm3.8 |
master | 2.9.x |
3.8.x |
amd64, arm64 |
2.8-awshelm3.8 |
master | 2.8.x |
3.8.x |
amd64, arm64 |
latest-awshelm3.7 |
master | latest | 3.7.x |
amd64, arm64 |
2.13-awshelm3.7 |
master | 2.13.x |
3.7.x |
amd64, arm64 |
2.12-awshelm3.7 |
master | 2.12.x |
3.7.x |
amd64, arm64 |
2.11-awshelm3.7 |
master | 2.11.x |
3.7.x |
amd64, arm64 |
2.10-awshelm3.7 |
master | 2.10.x |
3.7.x |
amd64, arm64 |
2.9-awshelm3.7 |
master | 2.9.x |
3.7.x |
amd64, arm64 |
2.8-awshelm3.7 |
master | 2.8.x |
3.7.x |
amd64, arm64 |
latest-awshelm3.6 |
master | latest | 3.6.x |
amd64, arm64 |
2.13-awshelm3.6 |
master | 2.13.x |
3.6.x |
amd64, arm64 |
2.12-awshelm3.6 |
master | 2.12.x |
3.6.x |
amd64, arm64 |
2.11-awshelm3.6 |
master | 2.11.x |
3.6.x |
amd64, arm64 |
2.10-awshelm3.6 |
master | 2.10.x |
3.6.x |
amd64, arm64 |
2.9-awshelm3.6 |
master | 2.9.x |
3.6.x |
amd64, arm64 |
2.8-awshelm3.6 |
master | 2.8.x |
3.6.x |
amd64, arm64 |
latest-awshelm3.5 |
master | latest | 3.5.x |
amd64, arm64 |
2.13-awshelm3.5 |
master | 2.13.x |
3.5.x |
amd64, arm64 |
2.12-awshelm3.5 |
master | 2.12.x |
3.5.x |
amd64, arm64 |
2.11-awshelm3.5 |
master | 2.11.x |
3.5.x |
amd64, arm64 |
2.10-awshelm3.5 |
master | 2.10.x |
3.5.x |
amd64, arm64 |
2.9-awshelm3.5 |
master | 2.9.x |
3.5.x |
amd64, arm64 |
2.8-awshelm3.5 |
master | 2.8.x |
3.5.x |
amd64, arm64 |
latest-awshelm3.4 |
master | latest | 3.4.x |
amd64, arm64 |
2.13-awshelm3.4 |
master | 2.13.x |
3.4.x |
amd64, arm64 |
2.12-awshelm3.4 |
master | 2.12.x |
3.4.x |
amd64, arm64 |
2.11-awshelm3.4 |
master | 2.11.x |
3.4.x |
amd64, arm64 |
2.10-awshelm3.4 |
master | 2.10.x |
3.4.x |
amd64, arm64 |
2.9-awshelm3.4 |
master | 2.9.x |
3.4.x |
amd64, arm64 |
2.8-awshelm3.4 |
master | 2.8.x |
3.4.x |
amd64, arm64 |
latest-awshelm3.3 |
master | latest | 3.3.x |
amd64, arm64 |
2.13-awshelm3.3 |
master | 2.13.x |
3.3.x |
amd64, arm64 |
2.12-awshelm3.3 |
master | 2.12.x |
3.3.x |
amd64, arm64 |
2.11-awshelm3.3 |
master | 2.11.x |
3.3.x |
amd64, arm64 |
2.10-awshelm3.3 |
master | 2.10.x |
3.3.x |
amd64, arm64 |
2.9-awshelm3.3 |
master | 2.9.x |
3.3.x |
amd64, arm64 |
2.8-awshelm3.3 |
master | 2.8.x |
3.3.x |
amd64, arm64 |
latest-awshelm3.2 |
master | latest | 3.2.x |
amd64, arm64 |
2.13-awshelm3.2 |
master | 2.13.x |
3.2.x |
amd64, arm64 |
2.12-awshelm3.2 |
master | 2.12.x |
3.2.x |
amd64, arm64 |
2.11-awshelm3.2 |
master | 2.11.x |
3.2.x |
amd64, arm64 |
2.10-awshelm3.2 |
master | 2.10.x |
3.2.x |
amd64, arm64 |
2.9-awshelm3.2 |
master | 2.9.x |
3.2.x |
amd64, arm64 |
2.8-awshelm3.2 |
master | 2.8.x |
3.2.x |
amd64, arm64 |
latest-awshelm3.1 |
master | latest | 3.1.x |
amd64, arm64 |
2.13-awshelm3.1 |
master | 2.13.x |
3.1.x |
amd64, arm64 |
2.12-awshelm3.1 |
master | 2.12.x |
3.1.x |
amd64, arm64 |
2.11-awshelm3.1 |
master | 2.11.x |
3.1.x |
amd64, arm64 |
2.10-awshelm3.1 |
master | 2.10.x |
3.1.x |
amd64, arm64 |
2.9-awshelm3.1 |
master | 2.9.x |
3.1.x |
amd64, arm64 |
2.8-awshelm3.1 |
master | 2.8.x |
3.1.x |
amd64, arm64 |
latest-awshelm3.0 |
master | latest | 3.0.x |
amd64, arm64 |
2.13-awshelm3.0 |
master | 2.13.x |
3.0.x |
amd64, arm64 |
2.12-awshelm3.0 |
master | 2.12.x |
3.0.x |
amd64, arm64 |
2.11-awshelm3.0 |
master | 2.11.x |
3.0.x |
amd64, arm64 |
2.10-awshelm3.0 |
master | 2.10.x |
3.0.x |
amd64, arm64 |
2.9-awshelm3.0 |
master | 2.9.x |
3.0.x |
amd64, arm64 |
2.8-awshelm3.0 |
master | 2.8.x |
3.0.x |
amd64, arm64 |
latest-awshelm2.16 |
master | latest | 2.16.x |
amd64, arm64 |
2.13-awshelm2.16 |
master | 2.13.x |
2.16.x |
amd64, arm64 |
2.12-awshelm2.16 |
master | 2.12.x |
2.16.x |
amd64, arm64 |
2.11-awshelm2.16 |
master | 2.11.x |
2.16.x |
amd64, arm64 |
2.10-awshelm2.16 |
master | 2.10.x |
2.16.x |
amd64, arm64 |
2.9-awshelm2.16 |
master | 2.9.x |
2.16.x |
amd64, arm64 |
2.8-awshelm2.16 |
master | 2.8.x |
2.16.x |
amd64, arm64 |
🆕 Point in time releases
The following Docker image tags are built once and can be used for reproducible builds. Its version never changes so you will have to update tags in your pipelines from time to time in order to stay up-to-date.
| Docker Tag | Git Ref | Available Architectures |
|---|---|---|
<docker-tag>-<tag> |
git: <tag> |
amd64, arm64 |
- Where
<docker-tag>refers to any of the tags listed in Rolling releases above.- Where
<tag>refers to the chosen git tag from this repository.
🔠 Docker environment variables
Environment variables are available for all flavours except for Ansible base.
| Variable | Default | Allowed values | Description |
|---|---|---|---|
USER |
`` | ansible |
Set this to ansible to have everything run inside the container by the user ansible instead of root |
UID |
1000 |
integer | If your local uid is not 1000 set it to your uid to syncronize file/dir permissions during mounting |
GID |
1000 |
integer | If your local gid is not 1000 set it to your gid to syncronize file/dir permissions during mounting |
INIT_GPG_KEY |
`` | string | If your gpg key requires a password you can initialize it during startup and cache the password (requires INIT_GPG_PASS as well) |
INIT_GPG_PASS |
`` | string | If your gpg key requires a password you can initialize it during startup and cache the password (requires INIT_GPG_KEY as well) |
INIT_GPG_CMD |
`` | string | A custom command which will initialize the GPG key password. This allows for interactive mode to enter your password manually during startup. (Mutually exclusive to INIT_GPG_KEY and INIT_GPG_PASS) |
📂 Docker mounts
The working directory inside the Docker container is /data/ and should be mounted locally to
the root of your project where your Ansible playbooks are.
ℹ️ Examples
Run Ansible playbook
docker run --rm -v $(pwd):/data cytopia/ansible ansible-playbook playbook.ymlRun Ansible playbook with Mitogen
Mitogen updates Ansible’s slow and wasteful shell-centric implementation with pure-Python equivalents, invoked via highly efficient remote procedure calls to persistent interpreters tunnelled over SSH.
No changes are required to target hosts. The extension is considered stable and real-world use is encouraged.
Configuration (option 1)
ansible.cfg
[defaults]
strategy_plugins = /usr/lib/python3.10/site-packages/ansible_mitogen/plugins/strategy
strategy = mitogen_linearConfiguratoin (option 2)
# Instead of hardcoding it via ansible.cfg, you could also add the
# option on-the-fly via environment variables.
export ANSIBLE_STRATEGY_PLUGINS=/usr/lib/python3.10/site-packages/ansible_mitogen/plugins/strategy
export ANSIBLE_STRATEGY=mitogen_linearInvocation
docker run --rm -v $(pwd):/data cytopia/ansible:latest-tools ansible-playbook playbook.ymlFurther readings:
- Mitogen on GitHub
- Mitogen Documentation
- How to Speed Up Your Ansible Playbooks Over 600%
- Speed up Ansible with Mitogen
Run Ansible playbook with non-root user
# Use 'ansible' user inside Docker container
docker run --rm \
-e USER=ansible \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-playbook playbook.yml# Use 'ansible' user inside Docker container
# Use custom uid/gid for 'ansible' user inside Docker container
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-playbook playbook.ymlRun Ansible playbook with local ssh keys mounted
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-v ${HOME}/.ssh/:/home/ansible/.ssh/ \
-v ${SSH_AUTH_SOCK}:/ssh-agent --env SSH_AUTH_SOCK=/ssh-agent \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-playbook playbook.ymlRun Ansible playbook with local password-less gpg keys mounted
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-playbook playbook.ymlRun Ansible playbook with local gpg keys mounted and automatically initialized
This is required in case your GPG key itself is encrypted with a password. Note that the password needs to be in single quotes.
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-e [email protected] \
-e INIT_GPG_PASS='my gpg password' \
-v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-playbook playbook.ymlAlternatively you can also export your GPG key and password to the shell's environment:
# Ensure to write the password in single quotes
export MY_GPG_KEY='[email protected]'
export MY_GPG_PASS='my gpg password'# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-e INIT_GPG_KEY=${MY_GPG_KEY} \
-e INIT_GPG_PASS=${MY_GPG_PASS} \
-v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-playbook playbook.ymlRun Ansible playbook with local gpg keys mounted and interactively interactively
The following will work with password-less and password-set GPG keys. In case it requires a password, it will ask for the password and you need to enter it.
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-e INIT_GPG_CMD='echo test | gpg --encrypt -r [email protected] | gpg --decrypt --pinentry-mode loopback' \
-v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-playbook playbook.ymlRun Ansible Galaxy
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-v $(pwd):/data \
cytopia/ansible:latest-tools ansible-galaxy install -r requirements.ymlRun Ansible playbook with AWS credentials
# Basic
docker run --rm \
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-v $(pwd):/data \
cytopia/ansible:latest-aws ansible-playbook playbook.yml# With AWS Session Token
docker run --rm \
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
-v $(pwd):/data \
cytopia/ansible:latest-aws ansible-playbook playbook.yml# With ~/.aws/ config and credentials directories mounted (read/only)
# If you want to make explicit use of aws profiles, use this variant
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-v ${HOME}/.aws/config:/home/ansible/.aws/config:ro \
-v ${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
-v $(pwd):/data \
cytopia/ansible:latest-aws ansible-playbook playbook.ymlRun Ansible playbook against AWS with gpg vault initialization
# Ensure to set same uid/gid as on your local system for Docker user
# to prevent permission issues during docker mounts
docker run --rm \
-e USER=ansible \
-e MY_UID=1000 \
-e MY_GID=1000 \
-e [email protected] \
-e INIT_GPG_PASS='my gpg password' \
-v ${HOME}/.aws/config:/home/ansible/.aws/config:ro \
-v ${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
-v ${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(pwd):/data \
cytopia/ansible:latest-aws \
ansible-playbook playbook.ymlAs the command is getting pretty long, you could wrap it into a Makefile.
ifneq (,)
.error This Makefile requires GNU Make.
endif
.PHONY: dry run
CURRENT_DIR = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
ANSIBLE = 2.8
UID = 1000
GID = 1000
# Ansible check mode uses mitogen_linear strategy for much faster roll-outs
dry:
ifndef GPG_PASS
docker run --rm -it \
-e ANSIBLE_STRATEGY_PLUGINS=/usr/lib/python3.10/site-packages/ansible_mitogen/plugins/strategy \
-e ANSIBLE_STRATEGY=mitogen_linear \
-e USER=ansible \
-e MY_UID=$(UID) \
-e MY_GID=$(GID) \
-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(CURRENT_DIR):/data \
cytopia/ansible:$(ANSIBLE)-aws \
ansible-playbook playbook.yml --check
else
docker run --rm -it \
-e ANSIBLE_STRATEGY_PLUGINS=/usr/lib/python3.10/site-packages/ansible_mitogen/plugins/strategy \
-e ANSIBLE_STRATEGY=mitogen_linear \
-e USER=ansible \
-e MY_UID=$(UID) \
-e MY_GID=$(GID) \
-e INIT_GPG_KEY=$${GPG_KEY} \
-e INIT_GPG_PASS=$${GPG_PASS} \
-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(CURRENT_DIR):/data \
cytopia/ansible:$(ANSIBLE)-aws \
ansible-playbook playbook.yml --check
endif
# Ansible real run uses default strategy
run:
ifndef GPG_PASS
docker run --rm -it \
-e USER=ansible \
-e MY_UID=$(UID) \
-e MY_GID=$(GID) \
-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(CURRENT_DIR):/data \
cytopia/ansible:$(ANSIBLE)-aws ansible-playbook playbook.yml
else
docker run --rm -it \
-e USER=ansible \
-e MY_UID=$(UID) \
-e MY_GID=$(GID) \
-e INIT_GPG_KEY=$${GPG_KEY} \
-e INIT_GPG_PASS=$${GPG_PASS} \
-v $${HOME}/.aws/config:/home/ansible/.aws/config:ro \
-v $${HOME}/.aws/credentials:/home/ansible/.aws/credentials:ro \
-v $${HOME}/.gnupg/:/home/ansible/.gnupg/ \
-v $(CURRENT_DIR):/data \
cytopia/ansible:$(ANSIBLE)-aws \
ansible-playbook playbook.yml
endifImportant:
THE GPG_KEY and GPG_PASS will not be echo'ed out by the Make command and you are advised to
export those values via your shell's export command to the env in order to hide it.
If you still want to specify them on the command line via make dry GPG_KEY='pass'
and your pass or key contains one or more $ characters
then they must all be escaped with an additional $ in front. This is not necessary if you export
them.
Example: If your password is test$5, then you must use make dry GPG_PASS='test$$5'.
Then you can call it easily:
# With GPG password from the env
export GPG_KEY='[email protected]'
export GPG_PASS='THE_GPG_PASSWORD_HERE'
make dry
make run
# With GPG password on the cli
make dry GPG_KEY='[email protected]' GPG_PASS='THE_GPG_PASSWORD_HERE'
make run GPG_KEY='[email protected]' GPG_PASS='THE_GPG_PASSWORD_HERE'
# Without GPG password
make dry
make run
# With different Ansible version
make dry ANSIBLE=2.6
make run ANSIBLE=2.6
# With different uid/gid
make dry UID=1001 GID=1001
make run UID=1001 GID=1001💻 Build locally
To build locally you require GNU Make to be installed. Instructions as shown below.
amd64 vs arm64
If you want to build the Ansible image for a different platform, use the ARCH make variable as shown below. This also applies to all other examples below.
# Build amd64 images (default)
make build
make build ARCH=linux/amd64
# Build arm64 images
make build ARCH=linux/arm64Ansible base
# Build latest Ansible base
# image: cytopia/ansible:latest
make build
# Build Ansible 2.6 base
# image: cytopia/ansible:2.6
make build VERSION=2.6Ansible tools
# Build latest Ansible tools
# image: cytopia/ansible:latest-tools
make build VERSION=latest STAGE=tools
# Build Ansible 2.6 tools
# image: cytopia/ansible:2.6-tools
make build VERSION=2.6 STAGE=toolsAnsible infra
# Build latest Ansible infra
# image: cytopia/ansible:latest-infra
make build VERSION=latest STAGE=infra
# Build Ansible 2.6 infra
# image: cytopia/ansible:2.6-infra
make build VERSION=2.6 STAGE=infraAnsible azure
# Build latest Ansible azure
# image: cytopia/ansible:latest-azure
make build VERSION=latest STAGE=azure
# Build Ansible 2.6 azure
# image: cytopia/ansible:2.6-azure
make build VERSION=2.6 STAGE=azureAnsible aws
# Build latest Ansible aws
# image: cytopia/ansible:latest-aws
make build VERSION=latest STAGE=aws
# Build Ansible 2.6 aws
# image: cytopia/ansible:2.6-aws
make build VERSION=2.6 STAGE=awsAnsible awsk8s
# Build latest Ansible awsk8s
# image: cytopia/ansible:latest-awsk8s
make build VERSION=latest STAGE=awsk8s
# Build Ansible 2.6 awsk8s
# image: cytopia/ansible:2.6-awsk8s
make build VERSION=2.6 STAGE=awsk8sAnsible awskops
# Build latest Ansible with Kops 1.8
# image: cytopia/ansible:latest-awskops1.8
make build VERSION=latest STAGE=awskops KOPS=1.8
# Build Ansible 2.6 with Kops 1.8
# image: cytopia/ansible:2.6-awskops1.8
make build VERSION=2.6 STAGE=awskops KOPS=1.8Ansible awshelm
# Build latest Ansible with Helm 2.14
# image: cytopia/ansible:latest-awshelm2.14
make build VERSION=latest STAGE=awshelm HELM=2.14🔄 Related #awesome-ci projects
Docker images
Save yourself from installing lot's of dependencies and pick a dockerized version of your favourite linter below for reproducible local or remote CI tests:
| GitHub | DockerHub | Type | Description |
|---|---|---|---|
| awesome-ci |  |
Basic | Tools for git, file and static source code analysis |
| file-lint |  |
Basic | Baisc source code analysis |
| linkcheck |  |
Basic | Search for URLs in files and validate their HTTP status code |
| ansible | |
Ansible | Multiple versions and flavours of Ansible |
| ansible-lint |  |
Ansible | Lint Ansible |
| gofmt |  |
Go | Format Go source code [1] |
| goimports |  |
Go | Format Go source code [1] |
| golint |  |
Go | Lint Go code |
| eslint |  |
Javascript | Lint Javascript code |
| jsonlint |  |
JSON | Lint JSON files [1] |
| kubeval |  |
K8s | Lint Kubernetes files |
| checkmake |  |
Make | Lint Makefiles |
| phpcbf |  |
PHP | PHP Code Beautifier and Fixer |
| phpcs |  |
PHP | PHP Code Sniffer |
| phplint |  |
PHP | PHP Code Linter [1] |
| php-cs-fixer |  |
PHP | PHP Coding Standards Fixer |
| bandit |  |
Python | A security linter from PyCQA |
| black |  |
Python | The uncompromising Python code formatter |
| mypy |  |
Python | Static source code analysis |
| pycodestyle |  |
Python | Python style guide checker |
| pydocstyle |  |
Python | Python docstyle checker |
| pylint |  |
Python | Python source code, bug and quality checker |
| terraform-docs |  |
Terraform | Terraform doc generator (TF 0.12 ready) [1] |
| terragrunt |  |
Terraform | Terragrunt and Terraform |
| terragrunt-fmt |  |
Terraform | terraform fmt for Terragrunt files [1] |
| yamlfmt |  |
Yaml | Format Yaml files [1] |
| yamllint |  |
Yaml | Lint Yaml files |
[1] Uses a shell wrapper to add enhanced functionality not available by original project.
Makefiles
Visit cytopia/makefiles for dependency-less, seamless project integration and minimum required best-practice code linting for CI. The provided Makefiles will only require GNU Make and Docker itself removing the need to install anything else.
📄 License
Copyright (c) 2019 cytopia