在 Docker 与 VM 上运行 Ansible

Question

I want to create test environment for ansible-playbook from my PC to Linux server cluster which installs ELK on it, considering whether to run it on a container or a VM.

Obviously using docker should make the process easier and faster to facilitate, but I think there is more depth to this topic beyond the general discussion of choosing Docker versus VM , by focusing on Ansible deployments with relation to storage, networking and privileges management.

What are the considerations for running Ansible deployments on Docker container versus Virtual Machine?

Answer 1

I'd almost never target Ansible against a Docker container.

Ansible's model is much more suited to targeting a VM. If you have an existing Ansible playbook that's targeting a physical system or a cloud instance, a VM will be a good mirror of the operating system environment it expects, but a Docker setup will be very different.

Ansible generally expects to make an ssh connection to its target host, run a Python installed there, and its changes to be reasonably persistent. In contrast a Docker container almost never runs an ssh daemon, frequently won't have Python, and any changes that get made will be lost as soon as the container exits. A typical server-oriented Ansible playbook will do things like set up service configuration and init scripts, but in a Docker system there isn't an init and service configuration is generally injected.

It's probably better here to think of a Docker container as packaging around a single process. You can use bind mounts to inject configuration from the host, and you could use Ansible on the host to start the container, but you wouldn't use Ansible to "set up" a container. If you need software installed in a container then using Docker's native docker build system can get this done in a reproducible way, without needing additional steps after the container is started.

The one prominent exception to the "almost never" is running Molecule tests inside a container , but note that this setup does have the nature of changes being temporary and short-lived (as soon as the test is over you want to tear down the container).