Introduction

serversideup/ansible is a lightweight solution for running Ansible in a containerized environment. This project builds upon many things we learned from willhallonline/docker-ansible. It provides a secure and isolated environment for running Ansible tasks, with support for both Alpine and Debian-based distributions and gives you the flexibility to run Ansible as an unprivileged user without the headaches of proper file permissions.

Features

• 🐧 Debian and Alpine - Choose your OS
• 🐍 Built on official Python images - Choose your Python version
• 🔒 Unprivileged user - Choose to run as root or an unprivileged user
• 📌 Pinned Ansible Version - Set your Ansible version down to the patch version
• 🔧 Customize your "run as" user - Customize the username to run as
• 🔑 Set your own PUID and PGID - Have the PUID and PGID match your host user
• 📦 DockerHub and GitHub Container Registry - Choose where you'd like to pull your image from
• 🤖 Multi-architecture - Every image ships with x86_64 and arm64 architectures

Usage

Getting started is easy. Here's a few tips on how to use this image.

Choose between ansible and ansible-core

Our images are available on Docker Hub and GitHub Container Registry 🥳

DockerHub:

• serversideup/ansible
• serversideup/ansible-core

GitHub Container Registry:

• ghcr.io/serversideup/ansible
• ghcr.io/serversideup/ansible-core

Versions are made available with ansible and ansible-core. Everything is versioned appropriately according to the Ansible release process.

Variation	Image Size	Description
serversideup/ansible-core		Lightweight, core installation of Ansible.
serversideup/ansible		"Batteries included" installation of Ansible.

Image Tagging System

Our Docker images use a comprehensive tagging system for flexibility and specificity.

Tag Components

Component	Example
Ansible version	2.17.3, 2.17
Base OS	alpine3.20, bullseye
Python version	python3.11
OS family	alpine, debian

Tag Examples

Tag	Meaning
2.17.3-alpine3.20-python3.11	Most specific
2.17.3-alpine3.20	Latest Python for specific Ansible and OS
2.17.3	Latest OS and Python for specific Ansible
2.17-alpine3.20-python3.11	Latest patch for Ansible minor version
2.17-alpine-python3.11	OS family-based

Run a playbook

Important

In almost all cases you will need to mount a volume to the Ansible "working directory" (default: /ansible) and your SSH configurations (usually ~/.ssh).

docker run --rm -it \
  -v "$HOME/.ssh:/ssh" \
  -v "$(pwd):/ansible" \
  serversideup/ansible:latest ansible-playbook playbook.yml

Change the "run as" user, PUID and PGID

docker run --rm -it \
  -v "$HOME/.ssh:/ssh" \
  -v "$(pwd):/ansible" \
  -e PUID=9999 -e PGID=9999 \
  -e RUN_AS_USER=bob \
  serversideup/ansible:latest ansible-playbook playbook.yml

Run a shell

docker run --rm -it \
  -v "$HOME/.ssh:/ssh" \
  -v "$(pwd):/ansible" \
  serversideup/ansible:latest /bin/sh

Working with SSH

Note

Working with SSH keys can be tricky, especially if we're setting a RUN_AS_USER dynamically. We created a few things to help reduce the headache of getting this configured.

The /ssh directory

By default, we have a /ssh directory that is symbolically linked from ~/.ssh. The /ssh directory is used as our single source of truth for SSH keys and configurations.

If you set RUN_AS_USER, the entrypoint will create a home directory at /home/${RUN_AS_USER}, then create a symbolic link from /home/${RUN_AS_USER}/.ssh to /ssh. This gives you the power to set your RUN_AS_USER to anything you want without us needing to predict what user you want to run as.

Mounting the SSH auth socket

The SSH auth socket is a Unix socket used by the SSH agent to communicate with other processes, allowing for secure key management. To use it with Docker, you can mount it as follows:

macOS:

docker run --rm -it \
  -v "$HOME/.ssh:/ssh:ro" \
  -v "$HOME/.ssh/known_hosts:/ssh/known_hosts:rw" \
  -v "$(pwd):/ansible" \
  -v "/run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock" \
  -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" \
  serversideup/ansible:latest ansible-playbook playbook.yml

Notice how we're matching the SSH_AUTH_SOCK to the host's socket. This is necessary for the SSH agent to communicate with the container.

Linux:

docker run --rm -it \
  -v "$HOME/.ssh:/ssh:ro" \
 -v "$HOME/.ssh/known_hosts:/ssh/known_hosts:rw" \
  -v "$(pwd):/ansible" \
  -v "$SSH_AUTH_SOCK:$SSH_AUTH_SOCK" \
  -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK" \
  serversideup/ansible:latest ansible-playbook playbook.yml

Environment Variables

You can customize the image easily with the following environment variables:

Variable	Default	Description
PUID	1000	Set the User ID that you'd like to run Ansible as
PGID	1000	Set the Group ID that you'd like to run Ansible as
RUN_AS_USER	ansible	The username you'd like to run Ansible as (this will be created for you and will default to an unprivileged user)
DEBUG	false	Enable debug output of container startup

Resources

• DockerHub to browse the images.
• Discord for friendly support from the community and the team.
• GitHub for source code, bug reports, and project management.
• Get Professional Help - Get video + screen-sharing help directly from the core contributors.

Contributing

As an open-source project, we strive for transparency and collaboration in our development process. We greatly appreciate any contributions members of our community can provide. Whether you're fixing bugs, proposing features, improving documentation, or spreading awareness - your involvement strengthens the project. Please review our code of conduct to understand how we work together respectfully.

• Bug Report: If you're experiencing an issue while using these images, please create an issue.
• Feature Request: Make this project better by submitting a feature request.
• Documentation: Improve our documentation by submitting a documentation change.
• Community Support: Help others on GitHub Discussions or Discord.
• Security Report: Report critical security issues via our responsible disclosure policy.

Need help getting started? Join our Discord community and we'll help you out!

Our Sponsors

All of our software is free an open to the world. None of this can be brought to you without the financial backing of our sponsors.

Black Level Sponsors

Bronze Sponsors

No bronze sponsors yet. Become a sponsor →

Individual Supporters

      

About Us

We're Dan and Jay - a two person team with a passion for open source products. We created Server Side Up to help share what we learn.

Dan Pastori	Jay Rogers

Find us at:

• 📖 Blog - Get the latest guides and free courses on all things web/mobile development.
• 🙋 Community - Get friendly help from our community members.
• 🤵‍♂️ Get Professional Help - Get video + screen-sharing support from the core contributors.
• 💻 GitHub - Check out our other open source projects.
• 📫 Newsletter - Skip the algorithms and get quality content right to your inbox.
• 🐥 Twitter - You can also follow Dan and Jay.
• ❤️ Sponsor Us - Please consider sponsoring us so we can create more helpful resources.

Our products

If you appreciate this project, be sure to check out our other projects.

📚 Books

• The Ultimate Guide to Building APIs & SPAs: Build web & mobile apps from the same codebase.
• Building Multi-Platform Browser Extensions: Ship extensions to all browsers from the same codebase.

🛠️ Software-as-a-Service

• Bugflow: Get visual bug reports directly in GitHub, GitLab, and more.
• SelfHost Pro: Connect Stripe or Lemonsqueezy to a private docker registry for self-hosted apps.

🌍 Open Source

• AmplitudeJS: Open-source HTML5 & JavaScript Web Audio Library.
• Spin: Laravel Sail alternative for running Docker from development → production.
• Financial Freedom: Open source alternative to Mint, YNAB, & Monarch Money.