1. Ansible の Playbook 作成
Docker 用に Ansible の Playbook を作成します。
内容は以下のとおり。
内容は以下のとおり。
[root@centos0702 packer]# cat centos6_ec2.yml
- hosts: all
connection: docker
tasks:
- name: install package
yum: name={{item}} state=latest
with_items:
- cloud-init
- iptables-ipv6
- openssh-server
- openssh-clients
- sudo
- name: reinstall glibc-common
shell: yum -y reinstall glibc-common
- name: change /etc/sudoers
lineinfile: >
dest='/etc/sudoers'
regexp='^# (%wheel.ALL=\(ALL\).NOPASSWD: ALL)$'
line='\1'
backrefs=yes
# パスワード暗号化 : python -c "import crypt, getpass, pwd; print crypt.crypt('p@ssw0rd', '\$6\$salt1234\$')"
- name: add centos user
user: >
name=centos
groups=wheel
createhome=yes
home=/home/centos
password=$6$salt1234$sv0i3N5lezqgOuRzpaTKuS431i5yVnqiJoiJJ8L/fAHSmYw2sD9IS0gsNEeUzDvW.4HODNlu0hEYUU5xIZnCG1
shell=/bin/bash
- name: start service sshd
service: name=sshd state=started
- name: stop service sshd
service: name=sshd state=stopped
- name: copy to /etc/selinux/config
copy: >
src=/root/workspace/docker/selinux_config
dest=/etc/selinux/config
owner=root
group=root
mode=0644
- name: create directory /home/centos/.ssh
file: >
path=/home/centos/.ssh
owner=centos
group=centos
mode=0700
state=directory
- name: copy to /home/centos/.ssh/authorized_keys
copy: >
src=/root/workspace/docker/authorized_keys
dest=/home/centos/.ssh/authorized_keys
owner=centos
group=centos
mode=0600
2. Packer のテンプレート作成
次のように動作するPacker のテンプレートを作成します。
- centos:6 のイメージから Dockerコンテナを起動します。
- 上記で作成した Ansibleの Playbook を実行します。(Ansible はホスト側で実行します。)
- Ansibleの実行が完了したら、Dockerコンテナをコミットして、タグ名を設定します。
テンプレートの内容は以下のとおり。
[root@centos0702 packer]# cat centos6_ec2.json
{
"variables": {
"ansible_host": "centos6"
},
"builders":[{
"type": "docker",
"image": "centos:6",
"commit": "true",
"run_command": [ "-d", "-i", "-t", "--name", "{{user `ansible_host`}}", "{{.Image}}", "/bin/bash" ],
"changes": ["CMD /usr/sbin/sshd -D"]
}],
"provisioners":[{
"type": "ansible",
"playbook_file": "centos6_ec2.yml",
"extra_arguments": [
"--extra-vars",
"ansible_host={{user `ansible_host`}} ansible_connection=docker"
]
}],
"post-processors": [{
"type": "docker-tag",
"repository": "centos6_ec2",
"tag": "2"
}]
}
3. Dockerイメージの作成
Packer を実行して、Dockerイメージを作成します。
[root@centos0702 packer]# packer build ./centos6_ec2.json
docker output will be in this color.
==> docker: Creating a temporary directory for sharing data...
==> docker: Pulling Docker image: centos:6
docker: Trying to pull repository docker.io/library/centos ...
docker: 6: Pulling from docker.io/library/centos
docker: Digest: sha256:1092df198d3da4faccc0660941b763ce5adf133b0ec71701b760d6f173c1f47b
docker: Status: Image is up to date for docker.io/centos:6
==> docker: Starting docker container...
docker: Run command: docker run -v /root/.packer.d/tmp/packer-docker592982584:/packer-files -d -i -t --name centos6 centos:6 /bin/bash
docker: Container ID: 16ad609b19d65f381ce7feb77f9c9e30447615644096ec3c35d840eafc15d973
==> docker: Provisioning with Ansible...
docker:
docker: PLAY [all] *********************************************************************
docker:
docker: TASK [setup] *******************************************************************
docker: ok: [default]
docker:
docker: TASK [install package] *********************************************************
docker: changed: [default] => (item=[u'cloud-init', u'iptables-ipv6', u'openssh-server', u'openssh-clients', u'sudo'])
docker:
docker: TASK [reinstall glibc-common] **************************************************
docker: changed: [default]
docker: [WARNING]: Consider using yum module rather than running yum
docker:
docker: TASK [change /etc/sudoers] *****************************************************
docker: changed: [default]
docker:
docker: TASK [add centos user] *********************************************************
docker: changed: [default]
docker:
docker: TASK [start service sshd] ******************************************************
docker: changed: [default]
docker:
docker: TASK [stop service sshd] *******************************************************
docker: changed: [default]
docker:
docker: TASK [copy to /etc/selinux/config] *********************************************
docker: changed: [default]
docker:
docker: TASK [create directory /home/centos/.ssh] **************************************
docker: changed: [default]
docker:
docker: TASK [copy to /home/centos/.ssh/authorized_keys] *******************************
docker: changed: [default]
docker:
docker: PLAY RECAP *********************************************************************
docker: default : ok=10 changed=9 unreachable=0 failed=0
docker:
==> docker: Committing the container
docker: Image ID: sha256:58e51bade44e19ca54e521209b34ee4c8cb784b77998b7c96a5e4bf38baa833f
==> docker: Killing the container: 16ad609b19d65f381ce7feb77f9c9e30447615644096ec3c35d840eafc15d973
==> docker: Running post-processor: docker-tag
docker (docker-tag): Tagging image: sha256:58e51bade44e19ca54e521209b34ee4c8cb784b77998b7c96a5e4bf38baa833f
docker (docker-tag): Repository: centos6_ec2:2
Build 'docker' finished.
==> Builds finished. The artifacts of successful builds are:
--> docker: Imported Docker image: sha256:58e51bade44e19ca54e521209b34ee4c8cb784b77998b7c96a5e4bf38baa833f
--> docker: Imported Docker image: centos6_ec2:2
Docker イメージを確認します。
[root@centos0702 packer]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos6_ec2 2 58e51bade44e 30 seconds ago 633 MB centos6_sshd 1 7eb9929a5863 About an hour ago 657.4 MB docker.io/centos 6 8315978ceaaa 10 weeks ago 194.6 MB
4. Docker コンテナの動作確認
Docker コンテナを起動します。
[root@centos0702 packer]# docker run -d centos6_ec2:2 a13c24ba353bb36584feeb16e291a70206d00bc374303c599097219419929a06 [root@centos0702 packer]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a13c24ba353b centos6_ec2:2 "/bin/sh -c '/usr/sbi" 5 seconds ago Up 3 seconds compassionate_boyd
Docker コンテナのIPアドレスを確認します。
[root@centos0702 packer]# docker inspect a13c24ba353b | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.3",
"IPAddress": "172.17.0.3",
ssh ログインと sudo できるか確認します。
[root@centos0702 packer]# ssh -l centos -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null 172.17.0.3 Warning: Permanently added '172.17.0.3' (RSA) to the list of known hosts. [centos@a13c24ba353b ~]$ sudo id uid=0(root) gid=0(root) 所属グループ=0(root) [centos@a13c24ba353b ~]$ exit logout Connection to 172.17.0.3 closed.
