Hi all,

I've been trying the docker module and I'm facing permission issues.
My use case is the following:

- I installed ansible (ubuntu package 1.7.1), python pip (ubuntu package),
docker-py (pip package)
- I created a playbook with a simple task based on the docker module. I
want to create my container with ansible and provision it with ansible. I
don't want any ansible code to run inside my container.

I get this error:
msg: ConnectionError(MaxRetryError("UnixHTTPConnectionPool(host='localhost',
port=None): Max retries exceeded with url:
/run/docker.sock/v1.12/containers/json?all=1&limit=-1&trunc_cmd=1&size=0
(Caused by <class 'socket.error'>: [Errno 13] Permission denied)",),)

Intent : *create one container on localhost via ansible, (**maybe the
playbook does not understand it the same way)*
Pre-requisites: docker server is already up and running on localhost

I would be very grateful if anyone could explain me what I'm doing wrong
because I must be doing somthing wrong as my script is so trivial.

Thank you for your help.

Regards,

Louis

Below various additional information (console outputs + playbook)

python version
$ python --version
Python 2.7.6

docker version
$ docker --version
Docker version 1.2.0, build fa7b24f

pip list
$ pip list
ansible (1.7.1)
apt-xapian-index (0.45)
argparse (1.2.1)
backports.ssl-match-hostname (3.4.0.2)
chardet (2.0.1)
colorama (0.2.5)
command-not-found (0.3)
debtagshw (0.1)
defer (1.0.6)
dirspec (13.10)
docker-py (0.5.0)
dopy (0.2.3)
html5lib (0.999)
httplib2 (0.8)
Jinja2 (2.7.2)
lxml (3.3.3)
MarkupSafe (0.18)
oauthlib (0.6.1)
oneconf (0.3.7)
PAM (0.4.2)
paramiko (1.10.1)
pexpect (3.1)
Pillow (2.3.0)
pip (1.5.4)
piston-mini-client (0.7.5)
psutil (1.2.1)
pycrypto (2.6.1)
pycups (1.9.66)
pycurl (7.19.3)
pygobject (3.12.0)
pyOpenSSL (0.13)
pyserial (2.6)
pysmbc (1.0.14.1)
python-apt (0.9.3.5)
python-debian (0.1.21-nmu2ubuntu2)
pyxdg (0.25)
PyYAML (3.10)
reportlab (3.0)
requests (2.3.0)
sessioninstaller (0.0.0)
setuptools (3.3)
six (1.5.2)
software-center-aptd-plugins (0.0.0)
Twisted-Core (13.2.0)
Twisted-Web (13.2.0)
urllib3 (1.7.1)
websocket-client (0.18.0)
wsgiref (0.1.2)
zope.interface (4.0.5)

playbook
---
- hosts: localhost
   vars:
   - image: "ubuntu:14.04"
   - host_name: "risk-data"

   tasks:
     - name: "bring up container for {{ host_name }} from {{ image }}"
       docker: hostname="{{ host_name }}" image="{{ image }}" name="{{
host_name }}" expose=22

     - name: "wait for {{ host_name }}'s sshd to come up"
       wait_for: host="{{ host_name }}" port=22 state=started

     - name: "dump facts"
       debug: msg="Container {{ item.key }}"
       with_items: docker_containers

     - name: "add {{ host_name }} to inventory"
       add_host: name="{{ host_name }}" groups=risk ansible_ssh_host="{{
item.NetworkSettings.IPAddress }}" ansible_ssh_port=22
       with_items: docker_containers

playbook command line
$ ansible-playbook playbook.yml

PLAY [localhost]
**************************************************************

GATHERING FACTS
***************************************************************
ok: [localhost]

TASK: [bring up container for risk-data from ubuntu:14.04]
********************
failed: [localhost] => {"changed": false, "failed": true}
msg: ConnectionError(MaxRetryError("UnixHTTPConnectionPool(host='localhost',
port=None): Max retries exceeded with url: /run/docker.sock/v1.12/
containers/json?all=1&limit=-1&trunc_cmd=1&size=0 (Caused by <class
'socket.error'>: [Errno 13] Permission denied)",),)

FATAL: all hosts have already failed -- aborting

PLAY RECAP
********************************************************************
            to retry, use: --limit @/home/louis/playbook.retry

localhost : ok=1 changed=0 unreachable=0 failed=1



--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/32b01b4f-7365-44c1-99ac-caf1d6a12cb6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • James Cammarata at Sep 15, 2014 at 8:28 pm
    Hi Louis, it looks like you're running your playbook from a user account
    that does not have access to the docker socket file. You should run the
    playbook using the sudo: or su: options to switch to a user that does have
    permission, or configure docker to allow your current user to connect using
    the file socket shown in the error.
    On Mon, Sep 15, 2014 at 12:05 PM, louis gueye wrote:

    Hi all,

    I've been trying the docker module and I'm facing permission issues.
    My use case is the following:

    - I installed ansible (ubuntu package 1.7.1), python pip (ubuntu package),
    docker-py (pip package)
    - I created a playbook with a simple task based on the docker module. I
    want to create my container with ansible and provision it with ansible. I
    don't want any ansible code to run inside my container.

    I get this error:
    msg: ConnectionError(MaxRetryError("UnixHTTPConnectionPool(host='localhost',
    port=None): Max retries exceeded with url: /run/docker.sock/v1.12/
    containers/json?all=1&limit=-1&trunc_cmd=1&size=0 (Caused by <class
    'socket.error'>: [Errno 13] Permission denied)",),)

    Intent : *create one container on localhost via ansible, (**maybe the
    playbook does not understand it the same way)*
    Pre-requisites: docker server is already up and running on localhost

    I would be very grateful if anyone could explain me what I'm doing wrong
    because I must be doing somthing wrong as my script is so trivial.

    Thank you for your help.

    Regards,

    Louis

    Below various additional information (console outputs + playbook)

    python version
    $ python --version
    Python 2.7.6

    docker version
    $ docker --version
    Docker version 1.2.0, build fa7b24f

    pip list
    $ pip list
    ansible (1.7.1)
    apt-xapian-index (0.45)
    argparse (1.2.1)
    backports.ssl-match-hostname (3.4.0.2)
    chardet (2.0.1)
    colorama (0.2.5)
    command-not-found (0.3)
    debtagshw (0.1)
    defer (1.0.6)
    dirspec (13.10)
    docker-py (0.5.0)
    dopy (0.2.3)
    html5lib (0.999)
    httplib2 (0.8)
    Jinja2 (2.7.2)
    lxml (3.3.3)
    MarkupSafe (0.18)
    oauthlib (0.6.1)
    oneconf (0.3.7)
    PAM (0.4.2)
    paramiko (1.10.1)
    pexpect (3.1)
    Pillow (2.3.0)
    pip (1.5.4)
    piston-mini-client (0.7.5)
    psutil (1.2.1)
    pycrypto (2.6.1)
    pycups (1.9.66)
    pycurl (7.19.3)
    pygobject (3.12.0)
    pyOpenSSL (0.13)
    pyserial (2.6)
    pysmbc (1.0.14.1)
    python-apt (0.9.3.5)
    python-debian (0.1.21-nmu2ubuntu2)
    pyxdg (0.25)
    PyYAML (3.10)
    reportlab (3.0)
    requests (2.3.0)
    sessioninstaller (0.0.0)
    setuptools (3.3)
    six (1.5.2)
    software-center-aptd-plugins (0.0.0)
    Twisted-Core (13.2.0)
    Twisted-Web (13.2.0)
    urllib3 (1.7.1)
    websocket-client (0.18.0)
    wsgiref (0.1.2)
    zope.interface (4.0.5)

    playbook
    ---
    - hosts: localhost
    vars:
    - image: "ubuntu:14.04"
    - host_name: "risk-data"

    tasks:
    - name: "bring up container for {{ host_name }} from {{ image }}"
    docker: hostname="{{ host_name }}" image="{{ image }}" name="{{
    host_name }}" expose=22

    - name: "wait for {{ host_name }}'s sshd to come up"
    wait_for: host="{{ host_name }}" port=22 state=started

    - name: "dump facts"
    debug: msg="Container {{ item.key }}"
    with_items: docker_containers

    - name: "add {{ host_name }} to inventory"
    add_host: name="{{ host_name }}" groups=risk ansible_ssh_host="{{
    item.NetworkSettings.IPAddress }}" ansible_ssh_port=22
    with_items: docker_containers

    playbook command line
    $ ansible-playbook playbook.yml

    PLAY [localhost] ******************************
    ********************************

    GATHERING FACTS ******************************
    *********************************
    ok: [localhost]

    TASK: [bring up container for risk-data from ubuntu:14.04]
    ********************
    failed: [localhost] => {"changed": false, "failed": true}
    msg: ConnectionError(MaxRetryError("UnixHTTPConnectionPool(host='localhost',
    port=None): Max retries exceeded with url: /run/docker.sock/v1.12/
    containers/json?all=1&limit=-1&trunc_cmd=1&size=0 (Caused by <class
    'socket.error'>: [Errno 13] Permission denied)",),)

    FATAL: all hosts have already failed -- aborting

    PLAY RECAP ************************************************************
    ********
    to retry, use: --limit @/home/louis/playbook.retry

    localhost : ok=1 changed=0 unreachable=0
    failed=1


    --
    You received this message because you are subscribed to the Google Groups
    "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/ansible-project/32b01b4f-7365-44c1-99ac-caf1d6a12cb6%40googlegroups.com
    <https://groups.google.com/d/msgid/ansible-project/32b01b4f-7365-44c1-99ac-caf1d6a12cb6%40googlegroups.com?utm_medium=email&utm_source=footer>
    .
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMFyvFg%2BM341HAwFUzk1J7HDFidWUMT4qT2WM0KS-WdMAGhyBw%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.
  • Louis gueye at Sep 17, 2014 at 10:21 pm
    Hi James,

    Thank you for your insight.
    Actually I could not use any ansible property/directive in the playbook to
    run it successfully.
    I had to run the whole ansible command with sudo... Which is not the best
    option I guess.

    In addition 2 strange things occur when I run this playbook:
    - the wait_for directive hangs indefinitely so I had to comment it.
    - I was expecting a running container so in order to check the container
    status I listed containers (sudo docker ps -a): my container is there,
    created but not running. (No wonder why the wait_for directive hangs)

    My next question to the community (if you don't mind helping me) is how do
    I make sure my container is created and listening to port 22?
    I tried "state=present" and "state=running" my container is still down off.

    Thank you for your help.

    Le lundi 15 septembre 2014 22:28:36 UTC+2, James Cammarata a écrit :
    Hi Louis, it looks like you're running your playbook from a user account
    that does not have access to the docker socket file. You should run the
    playbook using the sudo: or su: options to switch to a user that does have
    permission, or configure docker to allow your current user to connect using
    the file socket shown in the error.

    On Mon, Sep 15, 2014 at 12:05 PM, louis gueye <louis...@gmail.com
    <javascript:>> wrote:
    Hi all,

    I've been trying the docker module and I'm facing permission issues.
    My use case is the following:

    - I installed ansible (ubuntu package 1.7.1), python pip (ubuntu
    package), docker-py (pip package)
    - I created a playbook with a simple task based on the docker module. I
    want to create my container with ansible and provision it with ansible. I
    don't want any ansible code to run inside my container.

    I get this error:
    msg: ConnectionError(MaxRetryError("UnixHTTPConnectionPool(host='localhost',
    port=None): Max retries exceeded with url: /run/docker.sock/v1.12/
    containers/json?all=1&limit=-1&trunc_cmd=1&size=0 (Caused by <class
    'socket.error'>: [Errno 13] Permission denied)",),)

    Intent : *create one container on localhost via ansible, (**maybe the
    playbook does not understand it the same way)*
    Pre-requisites: docker server is already up and running on localhost

    I would be very grateful if anyone could explain me what I'm doing wrong
    because I must be doing somthing wrong as my script is so trivial.

    Thank you for your help.

    Regards,

    Louis

    Below various additional information (console outputs + playbook)

    python version
    $ python --version
    Python 2.7.6

    docker version
    $ docker --version
    Docker version 1.2.0, build fa7b24f

    pip list
    $ pip list
    ansible (1.7.1)
    apt-xapian-index (0.45)
    argparse (1.2.1)
    backports.ssl-match-hostname (3.4.0.2)
    chardet (2.0.1)
    colorama (0.2.5)
    command-not-found (0.3)
    debtagshw (0.1)
    defer (1.0.6)
    dirspec (13.10)
    docker-py (0.5.0)
    dopy (0.2.3)
    html5lib (0.999)
    httplib2 (0.8)
    Jinja2 (2.7.2)
    lxml (3.3.3)
    MarkupSafe (0.18)
    oauthlib (0.6.1)
    oneconf (0.3.7)
    PAM (0.4.2)
    paramiko (1.10.1)
    pexpect (3.1)
    Pillow (2.3.0)
    pip (1.5.4)
    piston-mini-client (0.7.5)
    psutil (1.2.1)
    pycrypto (2.6.1)
    pycups (1.9.66)
    pycurl (7.19.3)
    pygobject (3.12.0)
    pyOpenSSL (0.13)
    pyserial (2.6)
    pysmbc (1.0.14.1)
    python-apt (0.9.3.5)
    python-debian (0.1.21-nmu2ubuntu2)
    pyxdg (0.25)
    PyYAML (3.10)
    reportlab (3.0)
    requests (2.3.0)
    sessioninstaller (0.0.0)
    setuptools (3.3)
    six (1.5.2)
    software-center-aptd-plugins (0.0.0)
    Twisted-Core (13.2.0)
    Twisted-Web (13.2.0)
    urllib3 (1.7.1)
    websocket-client (0.18.0)
    wsgiref (0.1.2)
    zope.interface (4.0.5)

    playbook
    ---
    - hosts: localhost
    vars:
    - image: "ubuntu:14.04"
    - host_name: "risk-data"

    tasks:
    - name: "bring up container for {{ host_name }} from {{ image }}"
    docker: hostname="{{ host_name }}" image="{{ image }}" name="{{
    host_name }}" expose=22

    - name: "wait for {{ host_name }}'s sshd to come up"
    wait_for: host="{{ host_name }}" port=22 state=started

    - name: "dump facts"
    debug: msg="Container {{ item.key }}"
    with_items: docker_containers

    - name: "add {{ host_name }} to inventory"
    add_host: name="{{ host_name }}" groups=risk ansible_ssh_host="{{
    item.NetworkSettings.IPAddress }}" ansible_ssh_port=22
    with_items: docker_containers

    playbook command line
    $ ansible-playbook playbook.yml

    PLAY [localhost] ******************************
    ********************************

    GATHERING FACTS ******************************
    *********************************
    ok: [localhost]

    TASK: [bring up container for risk-data from ubuntu:14.04]
    ********************
    failed: [localhost] => {"changed": false, "failed": true}
    msg: ConnectionError(MaxRetryError("UnixHTTPConnectionPool(host='localhost',
    port=None): Max retries exceeded with url: /run/docker.sock/v1.12/
    containers/json?all=1&limit=-1&trunc_cmd=1&size=0 (Caused by <class
    'socket.error'>: [Errno 13] Permission denied)",),)

    FATAL: all hosts have already failed -- aborting

    PLAY RECAP ************************************************************
    ********
    to retry, use: --limit @/home/louis/playbook.retry

    localhost : ok=1 changed=0 unreachable=0
    failed=1


    --
    You received this message because you are subscribed to the Google Groups
    "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to ansible-proje...@googlegroups.com <javascript:>.
    To post to this group, send email to ansible...@googlegroups.com
    <javascript:>.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/ansible-project/32b01b4f-7365-44c1-99ac-caf1d6a12cb6%40googlegroups.com
    <https://groups.google.com/d/msgid/ansible-project/32b01b4f-7365-44c1-99ac-caf1d6a12cb6%40googlegroups.com?utm_medium=email&utm_source=footer>
    .
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/43b428f3-f044-4b97-bc13-189aafd3440d%40googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Toshio Kuratomi at Sep 17, 2014 at 11:23 pm

    On Wed, Sep 17, 2014 at 3:21 PM, louis gueye wrote:

    Hi James,

    Thank you for your insight.
    Actually I could not use any ansible property/directive in the playbook to
    run it successfully.
    I had to run the whole ansible command with sudo... Which is not the best
    option I guess.
    ansible is typically used for system management. So if you are doing
    something that needs more privileges you'll need to use it with an account
    that has sufficient privileges to perform those actions[1]. For docker,
    you can configure your docker server such that a normal user account can
    connect to it or you can configure it so that only an account with specific
    privileges (such as root) can do so. Ansible does not allow you to get
    around your operating systems system of privileges, it simply makes it
    easier to do things that you already have permission to do.

    [1]: One note here, ansible has facilities that allow you to run it as a
    normal user and switch to another user from inside ansible itself (using
    sudo or su). This isn't much different than running ansible as root when
    you're only talking to localhost but it can make a big difference when
    you're using ansible to manage many remote machines.

    In addition 2 strange things occur when I run this playbook:
    - the wait_for directive hangs indefinitely so I had to comment it.
    - I was expecting a running container so in order to check the container
    status I listed containers (sudo docker ps -a): my container is there,
    created but not running. (No wonder why the wait_for directive hangs)

    My next question to the community (if you don't mind helping me) is how do
    I make sure my container is created and listening to port 22?
    I tried "state=present" and "state=running" my container is still down off.
    This is actually a docker question. Many docker containers including the
    ubuntu ones from docker hub aren't configured like a virtual machine that
    you start up and it then runs constantly waiting for you to login and give
    it commands. Instead, they're designed for you to give it a single command
    which it then executes in the containers environment and then the container
    exits after . That command could be a one-off that runs briefly, does one
    thing and then exits or it could be a long running process that you can
    interact with as you would a service running on a normal machine. If you
    want a container that acts like a virtual machine running sshd that you can
    connect to you likely need to either build a container that starts up sshd
    as its command or look for a different container on docker hub that is
    already built for that purpose.

    -Toshio

    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9juEoEPTUJNFywCQ4SdcLwLk_etZoMEkB8pcQD%2BgOYxNDJxw%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.
  • Louis gueye at Sep 18, 2014 at 6:31 pm
    Hi Toshio,

    I'm so grateful that you took the time provide such a clear explanation.
    On top of that I now have a better understanding of docker.

    Thank you so much.

    Regards,

    Louis

    Le jeudi 18 septembre 2014 01:23:06 UTC+2, tkuratomi a écrit :


    On Wed, Sep 17, 2014 at 3:21 PM, louis gueye <louis...@gmail.com
    <javascript:>> wrote:
    Hi James,

    Thank you for your insight.
    Actually I could not use any ansible property/directive in the playbook
    to run it successfully.
    I had to run the whole ansible command with sudo... Which is not the best
    option I guess.
    ansible is typically used for system management. So if you are doing
    something that needs more privileges you'll need to use it with an account
    that has sufficient privileges to perform those actions[1]. For docker,
    you can configure your docker server such that a normal user account can
    connect to it or you can configure it so that only an account with specific
    privileges (such as root) can do so. Ansible does not allow you to get
    around your operating systems system of privileges, it simply makes it
    easier to do things that you already have permission to do.

    [1]: One note here, ansible has facilities that allow you to run it as a
    normal user and switch to another user from inside ansible itself (using
    sudo or su). This isn't much different than running ansible as root when
    you're only talking to localhost but it can make a big difference when
    you're using ansible to manage many remote machines.

    In addition 2 strange things occur when I run this playbook:
    - the wait_for directive hangs indefinitely so I had to comment it.
    - I was expecting a running container so in order to check the container
    status I listed containers (sudo docker ps -a): my container is there,
    created but not running. (No wonder why the wait_for directive hangs)

    My next question to the community (if you don't mind helping me) is how
    do I make sure my container is created and listening to port 22?
    I tried "state=present" and "state=running" my container is still down
    off.
    This is actually a docker question. Many docker containers including the
    ubuntu ones from docker hub aren't configured like a virtual machine that
    you start up and it then runs constantly waiting for you to login and give
    it commands. Instead, they're designed for you to give it a single command
    which it then executes in the containers environment and then the container
    exits after . That command could be a one-off that runs briefly, does one
    thing and then exits or it could be a long running process that you can
    interact with as you would a service running on a normal machine. If you
    want a container that acts like a virtual machine running sshd that you can
    connect to you likely need to either build a container that starts up sshd
    as its command or look for a different container on docker hub that is
    already built for that purpose.

    -Toshio
    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f260eab8-9ebf-4555-be32-3f68caa80055%40googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupansible-project @
postedSep 15, '14 at 7:43p
activeSep 18, '14 at 6:31p
posts5
users3

People

Translate

site design / logo © 2021 Grokbase