community.docker.nsenter connection – execute on host running controller container

Note

This connection plugin is part of the community.docker collection (version 3.13.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.docker.

To use it in a playbook, specify: community.docker.nsenter.

New in community.docker 1.9.0

Synopsis

  • This connection plugin allows Ansible, running in a privileged container, to execute tasks on the container host instead of in the container itself.

  • This is useful for running Ansible in a pull model, while still keeping the Ansible control node containerized.

  • It relies on having privileged access to run nsenter in the host’s PID namespace, allowing it to enter the namespaces of the provided PID (default PID 1, or init/systemd).

Parameters

Parameter

Comments

nsenter_pid

integer

PID to attach with using nsenter.

The default should be fine unless you are attaching as a non-root user.

Default: 1

Configuration:

  • INI entry:

    [nsenter_connection]
    nsenter_pid = 1
    
  • Environment variable: ANSIBLE_NSENTER_PID

  • Variable: ansible_nsenter_pid

Notes

Note

  • The remote user is ignored; this plugin always runs as root.

  • This plugin requires the Ansible controller container to be launched in the following way: (1) The container image contains the nsenter program; (2) The container is launched in privileged mode; (3) The container is launched in the host’s PID namespace (--pid host).

Authors

  • Jeff Goldschrafe (@jgoldschrafe)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.