Skip to main content

Build Docker images for the real world using ansible playbooks

Project description

Building Docker images for the real world

build status Documentation Status


dockalot is a tool to build Docker images using Ansible playbooks for application and configuration installation. It addresses several shortcomings with the default Docker toolkit to make building non-trivial images easier.

Using a Dockerfile is fine if you are repackaging an open source or other publicly available package. But if you aren’t, you might have one or more of these problems:

  • Building your image requires credentials to a private source code or package repository
  • Building your image requires a custom package installation procedure more complicated than apt-get install

Because of the way docker build works by building your image in layers on top of layers, you may find that your super-secret private repository credentials gets trapped in one of those layers. Go ahead, export an image using docker save and poke around the layers of an image you’ve already built. Is that your access token in there? Well, it’s everyone’s access token now…

Temporary files part of any non-trivial package installation also get trapped in those middle layers causing your final Docker image to be much larger than they need to be. Workarounds for this problem include &&-itis; joining dozens of shell commands together with && in an attempt to keep them all on the same layer. When you do this you lose the ability to add comments in-line and your Dockerfile becomes a mess.

It doesn’t have to be this way.

dockalot solves these problems by executing all of the installation commands in one Docker layer. There are no hidden layers for credentials or temporary files to hide in. You can focus on just installing software into your Docker image using high-level Ansible modules and let the tools handle the low-level details.


  • Build smaller images without having to think about Docker layers.
  • Pass your API keys into the build process and don’t worry about them getting stuck in any hidden Docker layers.
  • Take advantage of purpose-built Ansible modules. Never run sed again!
  • Use variables and templates in Ansible instead of clunky environment variables.
  • Support for most of the important Dockerfile commands. Goal is to have feature-parity with Dockerfiles.


  • Python 2.7
  • Docker >= 1.12

Install dockalot using pip:

ubuntu@ubuntu-vm:~$ sudo pip install dockalot

Or, to install without root access you can use a virtual environment:

ubuntu@ubuntu-vm:~$ mkvirtualenv dockalot
ubuntu@ubuntu-vm:~$ . dockalot/bin/activate
(dockalot) ubuntu@ubuntu-vm:~$ pip install dockalot

Example Usage

A simple configuration file (example1.yml) to build an image looks like this:

  base_image: "python:2.7"
  entrypoint: [ "/" ]
    - myapp
- name: Provision the container
  hosts: all
    - name: Install the thing
        dest: /
        content: |
          #!/usr/bin/env python
          print("I'm a Python script")
        mode: 0755

Build the image:

ubuntu@ubuntu-vm:~$ dockalot example1.yml
INFO:Creating the container to provision
INFO:Committing the image
INFO:Created sha256:662a2be8c1215de09fc410f2c5c7fb2e8b6ed00b125c4cd27fe8a28972f8542c
INFO:Tagging image myapp:latest

Then run your shiny new image:

ubuntu@ubuntu-vm:~$ docker run myapp
I'm a Python script

Also take a look at some more complex examples.


The project is licensed under the MIT license.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for dockalot, version 0.7.1
Filename, size File type Python version Upload date Hashes
Filename, size dockalot-0.7.1.tar.gz (25.8 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page