Hello all,

I am evaluating docker as a testing platform for our various ansible playbooks, and came across some strange behavior. I was wondering what I was doing wrong, or at least what I was misunderstanding about docker.

I had three containers in a docker-compose file - each of them in the same network. I set them all up with sshd and keys and had one of the machines be the ansible c&c machine. I had the c&c machine depend on the first two so that when it came up, I could have it initiate the ansible.playbook. That worked fine for what it was, but I couldn’t make the build idempotent.

For example, after I ran docker-compose up --build, and the playbook ran (successfully or unsuccessfully didn’t make a difference), I would CTRL-C the containers, fix the playbook, and run docker-compose up --build again. This particular playbook was updating the kernel and I was using docker to test the playbook while I was developing it. However, what I found out was that after the first run where it did successfully update the kernel, all subsequent runs already had the updated kernel installed.

Intuitively I would assume that each new docker-compose up --build would recreate the images as I specified them in their respective dockerfiles, however it appears that they inherited(?) the image where the kernel had already been updated. Am I off in my assumptions?

Docker is a container technology that uses a shared kernel. So yes, as the kernel is the same for all your instances if you are able (for what ever reason like not dropped capabilities) to update the kernel in one instance you automatically update it in all instances.

If you want to manipulate the kernel you should considering using a kernel virtualization like KVM or Virtualbox. That’s out of scope of docker.