Skip to content
/ ansible Public

Ansible Docker with Vault support & 70+ collections for infrastructure, cloud & network automation

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

optimode/ansible

BranchesTags

Repository files navigation

Ansible Docker Image

License: MIT Docker Ansible

A production-ready Docker image for Ansible with HashiCorp Vault support and 70+ pre-installed collections for infrastructure automation, cloud management, network device configuration, and more.

Features

  • Multiple Ansible versions: Choose between stable (11.12.0) or latest (12.2.0)
  • HashiCorp Vault integration: Built-in hvac library for seamless secrets management
  • 70+ Pre-installed collections: Ready-to-use collections for AWS, Azure, GCP, Cisco, VMware, Kubernetes, and more
  • Security-focused: Runs as non-root user (UID 1000)
  • Lightweight: Based on Python slim images
  • CI/CD ready: Perfect for automated pipelines and Infrastructure as Code workflows

Supported Versions

Image Tag Ansible Version Python Version Ansible Core
latest, 12, 12.2 12.2.0 3.12 2.19.4
11, 11.12 11.12.0 3.11 2.18.11

Quick Start

Basic Usage

Run an Ansible ad-hoc command:

docker run --rm ghcr.io/optimode/ansible:latest ansible --version

Run a playbook from your local directory:

docker run --rm \
  -v $(pwd):/workspace \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook playbook.yml

Interactive Shell

Start an interactive session:

docker run --rm -it \
  -v $(pwd):/workspace \
  ghcr.io/optimode/ansible:latest

Pre-installed Collections

This image comes with 70+ Ansible collections covering a wide range of platforms and technologies:

Cloud Providers

  • AWS: amazon.aws, community.aws
  • Azure: azure.azcollection
  • GCP: google.cloud
  • OpenStack: openstack.cloud
  • Hetzner: hetzner.hcloud
  • Vultr: vultr.cloud
  • DigitalOcean: community.digitalocean

Network Devices

  • Cisco: cisco.ios, cisco.nxos, cisco.iosxr, cisco.aci, cisco.meraki
  • Arista: arista.eos
  • Juniper: junipernetworks.junos
  • VyOS: vyos.vyos
  • F5: f5networks.f5_modules
  • Fortinet: fortinet.fortios, fortinet.fortimanager

Container & Orchestration

  • Kubernetes: kubernetes.core, kubevirt.core
  • Docker: community.docker
  • Podman: containers.podman
  • OpenShift: community.okd

Databases

  • MySQL: community.mysql
  • PostgreSQL: community.postgresql
  • MongoDB: community.mongodb
  • SQL Server: lowlydba.sqlserver

Storage Systems

  • NetApp: netapp.ontap, netapp.storagegrid, netapp.cloudmanager
  • Dell EMC: dellemc.powerflex, dellemc.unity, dellemc.openmanage
  • Pure Storage: purestorage.flasharray, purestorage.flashblade
  • Infinidat: infinidat.infinibox

Security & Secrets

  • HashiCorp Vault: community.hashi_vault
  • CyberArk: cyberark.conjur, cyberark.pas
  • Cryptography: community.crypto
  • SOPS: community.sops

Monitoring & Observability

  • Zabbix: community.zabbix
  • Grafana: grafana.grafana, community.grafana
  • Splunk: splunk.es

Virtualization

  • VMware: vmware.vmware, vmware.vmware_rest, community.vmware
  • Proxmox: community.proxmox
  • oVirt: ovirt.ovirt
  • libvirt: community.libvirt
View complete collection list 
amazon.aws, ansible.netcommon, ansible.posix, ansible.utils, ansible.windows,
arista.eos, awx.awx, azure.azcollection, check_point.mgmt, chocolatey.chocolatey,
cisco.aci, cisco.dnac, cisco.intersight, cisco.ios, cisco.iosxr, cisco.meraki,
cisco.mso, cisco.nxos, cisco.ucs, cloudscale_ch.cloud, community.aws,
community.ciscosmb, community.crypto, community.digitalocean, community.dns,
community.docker, community.general, community.grafana, community.hashi_vault,
community.hrobot, community.libvirt, community.mongodb, community.mysql,
community.okd, community.postgresql, community.proxmox, community.proxysql,
community.rabbitmq, community.routeros, community.sap_libs, community.sops,
community.vmware, community.windows, community.zabbix, containers.podman,
cyberark.conjur, cyberark.pas, dellemc.enterprise_sonic, dellemc.openmanage,
dellemc.powerflex, dellemc.unity, f5networks.f5_modules, fortinet.fortimanager,
fortinet.fortios, google.cloud, grafana.grafana, hetzner.hcloud,
hitachivantara.vspone_block, hitachivantara.vspone_object, ibm.qradar,
ibm.storage_virtualize, ieisystem.inmanage, infinidat.infinibox,
infoblox.nios_modules, inspur.ispim, junipernetworks.junos, kaytus.ksmanage,
kubernetes.core, kubevirt.core, lowlydba.sqlserver, microsoft.ad, microsoft.iis,
netapp.cloudmanager, netapp.ontap, netapp.storagegrid, netapp_eseries.santricity,
netbox.netbox, ngine_io.cloudstack, openstack.cloud, ovirt.ovirt,
purestorage.flasharray, purestorage.flashblade, ravendb.ravendb, splunk.es,
telekom_mms.icinga_director, theforeman.foreman, vmware.vmware, vmware.vmware_rest,
vultr.cloud, vyos.vyos, wti.remote

Building the Image

Quick Build

Use the provided build script:

./build.sh

This builds Ansible 12.2.0 with Python 3.12 and tags it as latest.

Custom Build

Build a specific version:

# Ansible 11.12.0 with Python 3.11
docker build \
  --build-arg PYTHON_VERSION=3.11 \
  --build-arg ANSIBLE_VERSION=11.12.0 \
  --tag my-ansible:11 \
  .

# Ansible 12.2.0 with Python 3.12
docker build \
  --build-arg PYTHON_VERSION=3.12 \
  --build-arg ANSIBLE_VERSION=12.2.0 \
  --tag my-ansible:12 \
  .

Build Arguments

Argument Description Required Default
PYTHON_VERSION Python base image version No 3.11
ANSIBLE_VERSION Ansible version to install Yes -
URL Project URL (OCI label) No -
SOURCE Source repository (OCI label) No -
BUILD_DATE Build timestamp (OCI label) No -
AUTHORS Image authors (OCI label) No -
VENDOR Vendor name (OCI label) No -
REVISION Git commit hash (OCI label) No -

Advanced Usage

Using SSH Keys

Mount your SSH keys for remote host access:

docker run --rm \
  -v $(pwd):/workspace \
  -v ~/.ssh:/home/ansible/.ssh:ro \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook -i inventory.ini playbook.yml

Using Ansible Vault

Pass vault password via file:

docker run --rm \
  -v $(pwd):/workspace \
  -v $(pwd)/.vault-pass:/home/ansible/.vault-pass:ro \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook --vault-password-file=/home/ansible/.vault-pass playbook.yml

Or via environment variable:

docker run --rm \
  -v $(pwd):/workspace \
  -e ANSIBLE_VAULT_PASSWORD=mysecret \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook playbook.yml

HashiCorp Vault Integration

The image includes hvac library for Vault integration. Configure via environment:

docker run --rm \
  -v $(pwd):/workspace \
  -e VAULT_ADDR=https://vault.example.com:8200 \
  -e VAULT_TOKEN=s.xxxxxxxxxxxxxx \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook playbook.yml

Custom Inventory

Use dynamic inventory or custom inventory files:

docker run --rm \
  -v $(pwd):/workspace \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook -i inventory/production.yml deploy.yml

Installing Additional Collections

Install collections at runtime:

docker run --rm \
  -v $(pwd):/workspace \
  ghcr.io/optimode/ansible:latest \
  bash -c "ansible-galaxy collection install my.collection && ansible-playbook playbook.yml"

Or build a custom image:

FROM ghcr.io/optimode/ansible:latest

COPY my-collections.yml /tmp/
RUN ansible-galaxy collection install -r /tmp/my-collections.yml

Running as Different User

docker run --rm \
  --user $(id -u):$(id -g) \
  -v $(pwd):/workspace \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook playbook.yml

CI/CD Integration

GitHub Actions

name: Deploy with Ansible
on: [push]
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Ansible Playbook
        run: |
          docker run --rm \
            -v ${{ github.workspace }}:/workspace \
            -e ANSIBLE_VAULT_PASSWORD=${{ secrets.VAULT_PASSWORD }} \
            ghcr.io/optimode/ansible:latest \
            ansible-playbook -i inventory/production.yml deploy.yml

GitLab CI

deploy:
  image: ghcr.io/optimode/ansible:latest
  script:
    - ansible-playbook -i inventory/production.yml deploy.yml
  only:
    - main

Environment Variables

Common Ansible environment variables you can use:

Variable Description Example
ANSIBLE_CONFIG Path to ansible.cfg /workspace/ansible.cfg
ANSIBLE_INVENTORY Default inventory path /workspace/inventory
ANSIBLE_VAULT_PASSWORD Vault password mysecretpass
ANSIBLE_HOST_KEY_CHECKING SSH host key checking False
ANSIBLE_STDOUT_CALLBACK Output format yaml
ANSIBLE_FORCE_COLOR Force colored output true
VAULT_ADDR HashiCorp Vault address https://vault:8200
VAULT_TOKEN Vault authentication token s.xxxxx

Examples

Example 1: Simple Playbook Execution

# Create a simple playbook
cat > playbook.yml <<EOF
---
- hosts: localhost
  tasks:
    - name: Print Ansible version
      debug:
        msg: "Running Ansible {{ ansible_version.full }}"
EOF

# Run it
docker run --rm -v $(pwd):/workspace ghcr.io/optimode/ansible:latest \
  ansible-playbook playbook.yml

Example 2: AWS Infrastructure

docker run --rm \
  -v $(pwd):/workspace \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_DEFAULT_REGION=us-east-1 \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook aws-deploy.yml

Example 3: Kubernetes Management

docker run --rm \
  -v $(pwd):/workspace \
  -v ~/.kube/config:/home/ansible/.kube/config:ro \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook k8s-deploy.yml

Example 4: Network Device Configuration

docker run --rm \
  -v $(pwd):/workspace \
  ghcr.io/optimode/ansible:latest \
  ansible-playbook -i network-inventory.ini configure-switches.yml

Installed Packages

Python Packages

  • ansible - Full Ansible package with core
  • ansible-lint - Best practices checker for Ansible
  • hvac - HashiCorp Vault client library
  • jmespath - JSON query language for data parsing
  • netaddr - Network address manipulation
  • docker - Docker SDK for Python

System Packages

  • git - Version control system
  • openssh-client - SSH client for remote connections
  • sshpass - Non-interactive SSH password authentication
  • rsync - Fast file synchronization tool

Troubleshooting

Permission Issues

If you encounter permission errors with mounted volumes:

# Run as your current user
docker run --rm --user $(id -u):$(id -g) -v $(pwd):/workspace ghcr.io/optimode/ansible:latest ansible-playbook playbook.yml

SSH Connection Issues

Enable SSH debugging:

docker run --rm -v $(pwd):/workspace ghcr.io/optimode/ansible:latest \
  ansible-playbook -vvv playbook.yml

Collection Not Found

Verify installed collections:

docker run --rm ghcr.io/optimode/ansible:latest ansible-galaxy collection list

Install missing collection:

docker run --rm ghcr.io/optimode/ansible:latest \
  ansible-galaxy collection install namespace.collection

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Adding New Collections

To add collections to the base image, update requirements-collections.yml or the version-specific YAML files (ansible-11.12.0.yaml, ansible-12.2.0.yaml).

Testing Changes

# Build locally
docker build --build-arg ANSIBLE_VERSION=12.2.0 -t test-ansible .

# Test
docker run --rm test-ansible ansible --version
docker run --rm test-ansible ansible-galaxy collection list

License

This project is licensed under the MIT License - see the LICENSE file for details.

Maintainer

Laszlo Malina Optimode (Laszlo Malina) GitHub: @optimode

Resources

Support

If you encounter issues or have questions:

  1. Check the Troubleshooting section
  2. Review Ansible documentation
  3. Open an issue on GitHub

Built with ❤️ by Optimode

About

Ansible Docker with Vault support & 70+ collections for infrastructure, cloud & network automation

Topics

docker dockerfile ansible devops ansible-playbook automation docker-compose ci-cd hashicorp-vault ansible-collections

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Packages

 
 
 

Languages