Docker 将SSH作为参数传递到ansible剧本中
我有Dockerfile:Docker 将SSH作为参数传递到ansible剧本中,docker,ssh,ansible,docker-image,Docker,Ssh,Ansible,Docker Image,我有Dockerfile: FROM ubuntu:16.04 ARG ssh_prv_key ARG ssh_pub_key RUN apt-get update && \ apt-get install ... USUAL INSTALL STUFF ... WORKDIR /app/ CMD git clone MY_REPO 我建立这样的形象: $ docker build -t example --build-arg ssh_prv_key="$(ca
FROM ubuntu:16.04
ARG ssh_prv_key
ARG ssh_pub_key
RUN apt-get update && \
apt-get install ... USUAL INSTALL STUFF ...
WORKDIR /app/
CMD git clone MY_REPO
我建立这样的形象:
$ docker build -t example --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" .
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key: '{{ pub }}'
ssh_prv_key: '{{ pvt }}'
ansible-playbook bibansible.yml --extra-vars "pub=$(cat ~/.ssh/id_rsa.pub) pvt=$(cat ~/.ssh/id_rsa)"
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key:
command: cat ~/.ssh/id_rsa.pub
ssh_prv_key:
command: cat ~/.ssh/id_rsa
当我从这个映像创建容器时,它会自动提取git repo并使用-v
参数将其保存在主机上,并使用--rm
进行自我销毁
当我尝试使用ansible docker_图像模块做同样的事情时,问题就开始了
剧本如下:
$ docker build -t example --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" .
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key: '{{ pub }}'
ssh_prv_key: '{{ pvt }}'
ansible-playbook bibansible.yml --extra-vars "pub=$(cat ~/.ssh/id_rsa.pub) pvt=$(cat ~/.ssh/id_rsa)"
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key:
command: cat ~/.ssh/id_rsa.pub
ssh_prv_key:
command: cat ~/.ssh/id_rsa
我是这样开始的:
$ docker build -t example --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" .
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key: '{{ pub }}'
ssh_prv_key: '{{ pvt }}'
ansible-playbook bibansible.yml --extra-vars "pub=$(cat ~/.ssh/id_rsa.pub) pvt=$(cat ~/.ssh/id_rsa)"
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key:
command: cat ~/.ssh/id_rsa.pub
ssh_prv_key:
command: cat ~/.ssh/id_rsa
映像已成功构建,但在运行容器时,我收到权限错误(publickey)。
我还尝试将参数传递到.yml文件,如下所示:
$ docker build -t example --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" .
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key: '{{ pub }}'
ssh_prv_key: '{{ pvt }}'
ansible-playbook bibansible.yml --extra-vars "pub=$(cat ~/.ssh/id_rsa.pub) pvt=$(cat ~/.ssh/id_rsa)"
---
- hosts: localhost
environment:
PYTHONPATH: /usr/local/lib/python2.7/site-packages/
tasks:
- name: create image from Dockerfile
docker_image:
path: /home/demaunt/Jun/dock_click
dockerfile: biba.dockerfile
name: myimage
buildargs:
ssh_pub_key:
command: cat ~/.ssh/id_rsa.pub
ssh_prv_key:
command: cat ~/.ssh/id_rsa
另外,我知道将ssh密钥传递到映像中不是最好的选择,但作为临时解决方案是可以接受的。您不能在ansible的这个级别上使用
命令。
但要获取本地文件的内容,请查看