Running Docker-compose from Ansible playbooks
On my home devices, I run and maintain my docker containers(ct-s with my Ansible playbooks.
But why use Docker-compose and not Docker Swarm or Kubernetes
Because I only have four devices that I run docker ct-s on, and each serve a dedicated function at my place.
Here are the following devices:
- Old Acer laptop
- HP Gen8 microserver
- Custom built desktop
- HP laptop
Since I've got each devices dedicated to a certain function, I just prefer the simplicity of knowing what docker ct-s each device is running as declared in a playbook with a docker_compose task.
My current playbooks are in https://gitlab.com/richardskumat/ansible-playbooks-homelab.
Each device is assigned into a group.
Each group has a group_vars directory for variables and secrets. These directories are not public.
In each groups directory, where their playbooks reside, I have symlinked the homelab/group_vars directory so I can use them with vagrant testing. When I do a vagrant up in a group's directory, there's a task in the Vagrantfile that runs the group's playbooks.
I didn't have the group_vars directory symlinked into each subdirectory, then the vagrant's playbook test runs fail with XYZ variable undefined and so on.
Here's a tree output of how my playbooks look are structured:
user@host:~/wherever/homelab$ tree . ├── acer │ ├── acerlaptop.yml │ ├── group_vars -> ../group_vars │ ├── interfaces.j2 │ ├── readme.md │ ├── Vagrantfile │ └── wildcard-local.conf.j2.example ├── add_remotes_back.sh ├── client │ ├── client.yml │ ├── group_vars -> ../group_vars │ ├── readme.md │ ├── sysctl-local.conf.j2 │ └── Vagrantfile ├── group_vars │ ├── acer │ ├── all │ ├── desktop │ ├── hpg8 │ ├── laptop │ └── rpi ├── hosts ├── hpg8 │ ├── group_vars -> ../group_vars │ ├── hpg8-dc.yml │ ├── hpg8.yml │ ├── readme.md │ └── Vagrantfile ├── LICENSE ├── README.md ├── reboot.yml ├── rpi │ ├── group_vars -> ../group_vars │ ├── raspi-debug.yml │ ├── readme.md │ ├── rpi3-dc.yml │ └── rpi.yml └── shutdown.yml
I'm currently going to change my playbooks to use import_task for the docker_compose playbook.
Then each playbook is structured according to the following thinking:
- establish connections details(host groups, remote user and become method)
- roles: each device runs a couple of Ansible roles
- tasks: extra tasks needed done
The docker_compose task is also part of these tasks, however the indentation requirements for yaml are unpleasant.
Fortunately, VSCode is really good in showing indentation and syntax errors.
I want to move them into separate yml files, so they're more readable.
Traefik for proxying and Let's Encrypt(LE) certificates(cert)
I also run traefik on each device and it serves as a reverse proxy for the other containers having a web interface.
Looking into better alternatives
I'm really satisfied with the simplicity of ansible and the docker_compose module.
The ct-s I run are documented in each group's docker_compose files/tasks so I know what personal device runs what containers.
I intend to look Kubernetes and Swarm in the future, maybe test them out in their own virtual machines.
Swarm is also part of Docker CE, so if I wanted to, I could use it straight away.