community.docker.nsenter – execute on host running controller container

Note

This plugin is part of the community.docker collection (version 1.9.1).

To install it use: ansible-galaxy collection install community.docker.

To use it in a playbook, specify: community.docker.nsenter.

New in version 1.9.0: of community.docker

Synopsis

  • This connection plugin allows Ansible, running in a privileged container, to execute tasks on the container host instead of in the container itself.

  • This is useful for running Ansible in a pull model, while still keeping the Ansible control node containerized.

  • It relies on having privileged access to run nsenter in the host’s PID namespace, allowing it to enter the namespaces of the provided PID (default PID 1, or init/systemd).

Parameters

Parameter Choices/Defaults Configuration Comments
nsenter_pid
integer
Default:
1
ini entries:

[nsenter_connection]
nsenter_pid = 1

env:ANSIBLE_NSENTER_PID
var: ansible_nsenter_pid
PID to attach with using nsenter.
The default should be fine unless you are attaching as a non-root user.

Notes

Note

  • The remote user is ignored; this plugin always runs as root.

  • This plugin requires the Ansible controller container to be launched in the following way: (1) The container image contains the nsenter program; (2) The container is launched in privileged mode; (3) The container is launched in the host’s PID namespace (--pid host).

Authors

  • Jeff Goldschrafe (@jgoldschrafe)