#ansible (2021-01)
Discussions related to ansible configuration management
2021-01-27
Does anyone use ansible to build your containers rather than Docker files with bash scripts?
I read that ansible had container build stuff but it never seemed to be very popular. I guess I still struggle with the haphazard nature of Docker files in comparison to a more declarative approach that handles a lot of the package matching to the right distro and so on. I could use packer which is cool, but still seems like something could just be much better here
We tried Ansible Container a long time ago. It was much too heavy. I still very much love Ansible, but haven’t actually touched it in a few years.
I think where I saw using Ansible for building Docker container fail is with distributed teams, where that team that runs the service owned the build processes for the containers. Asking them to master Ansible + know the ins and outs of Docker was too heavy. It was much easier for most teams to just compose Dockerfiles and let figure out how to run them on the shared hosts.
Also, the containers built by Ansible were generally larger, because you couldn’t do the layer optimization possible with “&& " in the dockerfiles. The nail in the coffin for using Ansible for building Docker containers for me was the multi-stage Dockerfiles build process. When that was released, it was too good to not use it.
Does anyone use brew in Linux for easier docker builds instead of having to parse all the github release paths for stuff not updated in yum/apt?
I tried it and it’s apple like easy. Not sure if it’s a “bad practice” thought for simpler dockerfiles
Is there any trick to knowing what to copy over in multistage builds? Took me a while to figure out the right way to say get linuxbrew that way vs installing (100x faster too). Any tooling for examining and then copying the right artifact path would be cool. All I know of related to this is Dive but not sure it does what I looking for
I don’t think there is a trick. It really depends on what’s the build container vs the last/“runtime” container
E.g.
If it’s a Go multi-stage, you’ll probably start with a container with all the src files needed to build the distributable, but by the last stage, you usually will only want to copy over the single binary. Python projects with system linked libraries - hopefully everything needed ends up in just the virtualenv folder, but I’ve seen lots of weirdness on ML/Computer Vision projects because of the needed links.
I haven’t worked with Docker in the last two years (yikes I know), so there’s probably been a ton in this space I’ve missed. Maybe someone else has some more current advice.