Creating file via ansible directly in container

Question

I want to create a file, directly in a container directory.

I created a directory before:

   - name: create private in container
     ansible.builtin.file:
      path: playcontainer:/etc/ssl/private/
      state: directory
      mode: 0755

But it doesn´t let me create a file in that directory

   - name: openssl key
     openssl_privatekey:
      path: playcontainer:/etc/ssl/private/playkey.key
      size: "{{ key_size }}"
      type: "{{ key_type }}"`

What am I missing?

Answer 1

From scratch full example to interact with a container from ansible.

Please note that this is not always what you want to do. In this specific case, unless if testing an ansible role for example, the key should be written inside the image at build time when running your Dockerfile, or bind mounted from host at container start. You should not mess with the container filesystem once started on production.

First we create a container for our test:

docker run -d --rm --name so_example python:latest sleep infinity

Now we need an inventory to target that container (inventories/default/main.yml)

---
all:
  vars:
    ansible_connection: docker
  hosts:
    so_example:

Finally a test playbook.yml to achieve your goal:

---
- hosts: all
  gather_facts: false

  vars:
    key_path: /etc/ssl/private
    key_size: 4096
    key_type: RSA

  tasks:
    - name: Make sure package requirements are met
      apt:
        name: python3-pip
        state: present

    - name: Make sure python requirements are met
      pip:
        name: cryptography
        state: present

    - name: Create private directory
      file:
        path: "{{ key_path }}"
        state: directory
        owner: root
        group: root
        mode: 0750

    - name: Create a key
      openssl_privatekey:
        path: "{{ key_path }}/playkey.key"
        size: "{{ key_size }}"
        type: "{{ key_type }}"

Running the playbook gives:

$ ansible-playbook -i inventories/default/ playbook.yml 

PLAY [all] *****************************************************************************************************************************************************************************************

TASK [Make sure package requirements are met] ******************************************************************************************************************************************************
changed: [so_example]

TASK [Make sure python requirements are met] *******************************************************************************************************************************************************
changed: [so_example]

TASK [Create private directory] ********************************************************************************************************************************************************************
changed: [so_example]

TASK [Create a key] ********************************************************************************************************************************************************************************
changed: [so_example]

PLAY RECAP *****************************************************************************************************************************************************************************************
so_example                 : ok=4    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

We can now check that the file is there

$ docker exec so_example ls -l /etc/ssl/private
total 5
-rw------- 1 root root 3243 Sep 15 13:28 playkey.key

$ docker exec so_example head -2 /etc/ssl/private/playkey.key
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA6xrz5kQuXbd59Bq0fqnwJ+dhkcHWCMh4sZO6UNCfodve7JP0

Clean-up:

docker stop so_example