Install docker and update docker containers using Ansible in CentOS 8 / Rocky Linux 8

Hi there.

Today I want to take a look, at how to update docker containers using ansible. This is a single home server setup, so no Kubernetes or other orchestration applications. Just simple docker. I have been managing my home servers with ansible for a while now. Nothing too extreme, but every change I make on a server, I try to do with ansible. This makes it easier to reinstall a server in case something goes wrong.

I will also show how to install docker and quick container deployment, just as an example. This server runs Rocky Linux 8.4. To be clear, we could do all of these things with ansible as well, but I think it would be good to see how it’s done manually first.

Let’s begin.

Installation of Docker on Rocky Linux 8/CentOS 8

We will start with the installation of docker. For this we will use the official repository, which you can get from

First, we need the repository.

docker :: ~ » sudo dnf install yum-utils -y
docker :: ~ » sudo yum-config-manager --add-repo 

Now installing docker.

docker :: ~ » sudo dnf install docker-ce docker-ce-cli -y

Ok. We have docker now. Let’s check if the service is running.

docker :: ~ » sudo systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

No, it’s not. We need to start the service and make sure it starts on boot.

docker :: ~ » sudo systemctl start docker.service
docker :: ~ » sudo systemctl enable docker.service
Created symlink /etc/systemd/system/ → /usr/lib/systemd/system/docker.service.

That’s it for the installation. Next, let’s deploy a container. I will use “portainer” as an example for a few reasons. Primarily because I like it, but also because it uses volumes which makes it more interesting as an example.

Prepare Host for Ansible

There are a few pre-requirements on the docker host to get ansible to work.

I will create a dedicated user for ansible.

docker :: ~ » sudo useradd ansible
docker :: ~ » sudo passwd ansible
Changing password for user ansible.
New password: 

Next, we need python3. Ansible needs python for a lot of modules on the target machine.

docker :: ~ » sudo dnf install python3

Now, I did not find another way to get ansible to work with docker, without also installing “docker” with root privileges via pip3.

docker :: ~ » sudo pip3 install docker

Deploying a docker container

As mentioned, we need to create a volume for portainer.

docker :: ~ » sudo docker volume create portainer_data
docker :: ~ » sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data

This will pull and deploy the container. At this point, we won’t be able to access the WebUI, since the port will be blocked by the firewall. We need to take care of that first.

Let’s check the required ports. I will mark the one we need for the WebUI red.

docker :: ~ » sudo docker ps
CONTAINER ID   IMAGE                                    COMMAND        CREATED         STATUS         PORTS                                                                                            NAMES
26faf16e0bb5   "/portainer"   3 minutes ago   Up 3 minutes>8000/tcp, :::8000->8000/tcp,>9443/tcp, :::9443->9443/tcp, 9000/tcp   portainer

Configuring the firewall.

docker :: ~ » sudo firewall-cmd --add-port 9443/tcp
docker :: ~ » sudo firewall-cmd --add-port 9443/tcp --permanent

(Optional) Inital configuration of Portainer

In case you are interested in portainer, here is a quick guide on how to configure it. Skip this if you don’t care about it.

Open a web browser and enter the IP of your server with port 9443. in my case.

Next, enter a password and click on “create user”.

Choose “Get Started”.

Now you have an overview of your containers, volumes etc. You can manage your containers from here, deploy new ones or check the logs.

Installation of Ansible and creation of the configuration files

Good, now we need ansible. I will install it on my home pc, not a dedicated server. Since my configuration files are on a nextcloud share, I am not worried about losing anything and it’s very simple to get ansible up and running (in this tiny deployment). I am using Fedora 35 for this.

Installing ansible.

fedora-kde :: ~ » sudo dnf install ansible python3

That’s that. Next, we will create a few folders for our configuration files. My current folder layout looks like this. Most of those we won’t use in this guide.

fedora-kde :: ~ » ll /home/Nextcloud/ansible

I will begin with the “Inventory” file. This has a list of the hosts we want to manage with ansible. Here is a snippet out of my file. The lower block (new🙂 is what we are using. The lines marked green are the hostnames, and the orange ones are the variables. Group names are purple. If you cannot resolve the hostname, you can add the IP address with “ansible_host”. In this case, I am using a password to execute the commands on the server. But you could (and probably should) use ssh keys for the login.

If you want more details on how to build your inventory, the official documentation explains it beautifully.

fedora-kde :: ~ » cat /home/user/Nextcloud/ansible/hosts
        ansible_user: ansible
        ansible_become_pass: super-secure-password
        ansible_ssh_private_key_file: ssh_key/ansible
        ansible_python_interpreter: /usr/bin/python3

        ansible_user: ansible
        ansible_become_pass: this_is_a_password
        ansible_password: this_is_a_password
        ansible_python_interpreter: /usr/bin/python3

Next is the “playbook”. This defines the state of the hosts we want. I tend to create roles for everything because I like the flexibility and I think it’s a bit more organized. This would be out of scope for this post though.

This will create the volume for “portainer” (if it doesn’t already exist) and pull/deploy the “portainer” container. Since I already deployed it, it will only check if there is a newer version available.

fedora-kde :: ~ » cat /home/Nextcloud/ansible/playbooks/docker-update.yml
- hosts: new
  gather_facts: false
  strategy: free
  become: true
    - name: Create Portainer Volume "portainer_data"
       name: portainer_data
       state: present

- hosts: new
  gather_facts: false
  strategy: free
  become: true
    - name: Create/Update docker container | portainer
       name: portainer
       image: portainer/portainer-ce:latest
       pull: yes
       state: started
       restart_policy: always
        - /var/run/docker.sock:/var/run/docker.sock
        - portainer_data:/data

That’s it for the configuration files. Let’s try our first test run.

Running Ansible

We will get right into it. The “-C” option runs ansible in “check” mode. Meaning it won’t actually make any changes.

fedora-kde :: ~ » cd /home/user/Nextcloud/ansible
fedora-kde :: ~/Nextcloud/ansible » ansible-playbook -i hosts playbooks/docker-update.yml -C

PLAY [new] **************************************************************************************************************

TASK [Create Portainer Volume "portainer_data"] *************************************************************************
ok: [docker]

PLAY [new] **************************************************************************************************************

TASK [Create/Update docker container | portainer] ***********************************************************************
ok: [docker]

PLAY RECAP **************************************************************************************************************
docker                       : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Looks good to me. Green means that nothing was or in this case would have been changed.

Let’s see what actually happens if there is a change. You can add the option “-v” to get more verbose output. Up to 4 “v” are possible. I will run the command without it.

fedora-kde :: ~ » ~/Nextcloud/ansible » ansible-playbook -i hosts playbooks/docker-update.yml

PLAY [new] *********************************************************************************************************************

TASK [Create Portainer Volume "portainer_data"] ********************************************************************************
changed: [docker]

PLAY [new] *********************************************************************************************************************

TASK [Create/Update docker container | portainer] ******************************************************************************
changed: [docker]

PLAY RECAP *********************************************************************************************************************
docker                       : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Ok, great. We could check the server now, but the output would be the same as the above example with the manually deployed container.

Error Message

If you get an error similar to this one, check again if you installed docker with pip3 as root/sudo.

fedora-kde :: ~/Nextcloud/ansible » ansible-playbook -i hosts playbooks/docker-update.yml -C

PLAY [new] **************************************************************************************************************

TASK [Create Portainer Volume "portainer_data"] *************************************************************************
fatal: [docker]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (Docker SDK for Python: docker (Python >= 2.7) or docker-py (Python 2.6)) on docker's Python /usr/bin/python3. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter, for example via `pip install docker` or `pip install docker-py` (Python 2.6). The error was: No module named 'docker'"}

Docker playbook

Here is a little extra. This task yaml is from my media server, which runs several containers. There are a few more variables in this one, so could be interesting.


Leave a Reply