I’m not accustomed to seeing a Docker image configured with Ansible. Can someone who is familiar with this pattern of using Ansible to configure a Docker image and commit the result [0] explain why this approach might be useful? Preference? Power of Ansible? Uniformity with non-Docker approach?
Hi! I'm one of the contributors to the repo. Primary reason was for uniformity. Initially, we built our EC2 and DO Droplet images with Ansible and our Docker image with a Dockerfile [0]. It became tedious over time as adding a new extension meant double the work since we had to write separate instructions for Ansible and the Dockerfile. Also, the Dockerfile itself started to become long-winded and cluttered with the amount of extensions that we were pumping in.
As there are multiple approaches to address that issue (I use Dockerfile templates with loops for example, but I am not a fan of them), I was wondering if you considered different approaches too. In my experience, users like to have regular Dockerfile, as they are familiar with it. Would it be possible or make sense in your opinion to run Ansible inside the Dockerfile and keep a more standard approach to Docker image building?
When the transition from using a Dockerfile to Ansible was done, the primary consideration was to be able to reuse as much existing instruction/ task files as possible. As such, iirc, this was the first approach taken. It fortunately became the last one as well since it worked.
For context, producing AWS EC2/ DO droplet images are more of the more important objectives of the repository. Hence, the idea of using Ansible which is used to build these images naturally became the first approach in order to consolidate everyone together.
As for running Ansible inside the Dockerfile, I have yet to try that out myself but it does sound possible since one can run Ansible on itself locally. Would have definitely considered it as the next approach to attempt if the first one failed.
This makes inspecting the Dockerfile so much more harder. Not only this is non uniformity, Ansible really isn't the tool of choice if you want to "repeatedly" perform reproducible steps. So, I wonder why not just a Dockerfile instead of writing a playbook and then using `docker commit` (a command I've barely used/seen being used in my 2+ years of using docker daily).
> Ansible really isn't the tool of choice if you want to "repeatedly" perform reproducible steps.
Ansible is a tool for provisioning a system in a particular way. What's the difference between running ansible against an ephemeral VM vs running against a container?
So, I wonder why not just a Dockerfile instead of writing a playbook
One of the maintainers commented in a sibling comment to yours that they use the same ansible to build VM images, so that was more work.
> and then using `docker commit` (a command I've barely used/seen being used in my 2+ years of using docker daily).
Well, if you use Dockerfiles then of course you won't see a command used mostly by alternative build processes, but that's hardly a meaningful objection.
To be fair, I can see why anyone would want to avoid Dockerfiles. Nowadays I use Packer with file and shell provisioners to build Docker images and avoid all that nastiness, especially the dreaded `&& \`. It's also quicker and I can do things like automate tagging and the like, but mainly avoiding `RUN` is enough for me.
Ansible is a configuration management tool and docker is a container runtime (am I getting the terminology right)? They can compliment each other and provide their individual strengths to many types of deployments. There is some overlap in how both tools and their larger ecosystems impact a system - but that’s not necessarily a bad thing.
I personally prefer a different setup, but any team that already has a strong skill set in both tools may benefit from building on top of preecisting domain knowledge.
[0]: https://github.com/supabase/postgres/blob/de88f3dc1c80fbf7d1...