CATPOD is Ansible in a container for automated provisioning, orchestration and deployment tasks. (You can think of it as a minimalist Jenkins-like tool without the Java.)
The basic idea beind CATPOD is to have a container that can be run on demand to execute Ansible playbooks without having ansible to be installed on a particular machine.
What led to this development is my work on Docker applications that grew in complexity but needed to remain simple to set up and maintain for team members who didn't (and needn't) know the whole application in all its details. Working in a Digital Humanities context, most of them had only limited Docker and Ansible experience, if at all. Requirements to learn more about these technologies as well as requirements to install additional software beyond Docker on their machines needed to be kept to a minimum.
Similarly, I also like the idea of executing Ansible on a production machine without to deploy a complex Docker application without first having to install Ansible itself.
These days, lots of stuff is done with Docker (or Podman, or whatever your favourite is) containers. While there are plenty of modules for handling Docker with Ansible, using these inside of the CATPOD container would not help much -- after all, CATPOD is used to handle Docker applications on the same host it is running on itself.
To do this, we need to mount the Docker socket of the host system into the CATPOD container. We can then use it to create and provision containers for other applications on the host system (see https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/#the-socket-solution for this wonderfully simple strategy).
For now, there's only one measly example but more (for more complex cases) will be following soon.
Here, CATPOD uses the test playbook to create a container from the Docker hello-world
image remove itself when done.
docker run -it -v /var/run/docker.sock:/var/run/docker.sock -v ./tes
t.yml:/tmp/test.yml --rm fpod/catpod test.yml
You can use CATPOD to encrypt data with Ansible Vault by using the vault
followed by anything you would use with locally installed ansbile-vault
. For example, you can use the following command to encrypt a string:
docker run -it fpod/catpod vault encrypt_string '<variable value>' --name '<variable key>'
(For more details see https://docs.ansible.com/ansible/latest/vault_guide/vault_encrypting_content.html#creating-encrypted-variables.)
What is going to happen next?
- More example cases
- Integrated Webhooks server with Ansible Runner
- Integrated default Ansible playbooks/roles and/or scripts
When? Hopefully soon.
CATPOD is largely based on work I do for the Digital Academy at the Academy of Sciences and Literature | Mainz and for the Zeitschrift für Praktische Philosophie. Thanks to the people involved for letting me tinkering along on weird solutions that surprisingly work (most of the time).
Logo made with DALL-E and edited manually. Teaser image made with DALL-E.
EUPL 1.2