Deploy containers with Atomic Host, Ansible, and Cockpit

In the course of my job at Red Hat, I work with Docker containers on Fedora Atomic host every day. The Atomic Host from Project Atomic is a lightweight container OS that can run Linux containers in Docker format. It’s been modified for efficiency, making it optimal to use as a Docker run-time system for cloud environments.

Fortunately I’ve found a great way to manage containers running on the host: Cockpit. Cockpit is a remote manager for GNU/Linux servers with a nice Web UI. It lets me manage servers and containers running on the host. You can read more about Cockpit in this overview article previously published here. However, I also wanted to automate running containers on the host, which I’ve done using Ansible.

Note that we cannot use the dnf command on the Atomic Host. The host is designed not as a general purpose OS, but to be more fit for containers and other purposes. But it’s still very easy to set up applications and services on the Atomic Host. This post shows you how to automate and simplify this process.

Setting up the components

Before getting started, make sure you have Ansible installed on your system.

sudo dnf -y install ansible

First we will need to run the cockpit container on Atomic host. Copy the sources down from on your machine.

$ git clone

Now change your directory to cockpit and edit its inventory file as shown below:

$ cd fedora-cloud-ansible
$ cd cockpit
$ vim inventory

Make the following changes:

  1. Replace IP_ADDRESS_OF_HOST with the IP address of your Atomic host.
  2. Replace PRIVATE_KEY_FILE in the line ansible_ssh_private_key_file=’PRIVATE_KEY_FILE’ with your SSH private key file.

Now save and exit the inventory file.

Next, edit the ansible configuration file:

$ vim ansible.cfg

Replace User in the line remote_user=User with your remote user on your Atomic host. Then save and exit the file.

Putting it all together

Now it’s time to run the playbook. This command starts running the Cockpit container on the Atomic host:

$ ansible-playbook cockpit.yml

Cockpit is now running on the Atomic host. Use your web browser to visit the public IP of your instance on port 9090. This is the default port of Cockpit. For instance, if the IP address of the instance is, browse to You’ll now see the web interface of Cockpit on the web browser:

Cockpit login screen

Managing your containers

Login with the credentials of your Atomic host or as root. Then visit the Containers section on the Cockpit manager to see the containers running on your Atomic host. In the example below, you’ll see I also set up others like httpd and redis:

Cockpit panel for managing containers

Notice the interface lets you start and stop containers directly in the Cockpit manager using the Run and Stop buttons. You can also manage your Atomic host using the Cockpit manager. Go to Tools -> Terminals. There you can use the terminal of the Atomic host:

Cockpit terminal panel

If you plan to deploy your containerized application on Atomic host, you can simply write a playbook for it. Then you can deploy using the ansible-playbook command and manage the containers using Cockpit.

Running ansible-playbook to deploy multiple containers

Feel free to fork or add playbooks for containers in the repository

Fedora Project community


  1. Denis M.

    I will try this out, thank you

  2. Mario Ojeda

    It does work whit windows too?

  3. Not related to this post, but the RSS stream seems to be broken.

    I have this error with Liferea:

    There were errors while parsing this feed!
    Could not detect the type of this feed! Please check if the source really points to a resource provided in one of the supported syndication formats!

    XML Parser Output:
    The URL you want Liferea to subscribe to points to a webpage and the auto discovery found no feeds on this page. Maybe this webpage just does not support feed auto discovery.Could not determine the feed type.

    You may want to contact the author/webmaster of the feed about this!

  4. It might be helpful to mention the requirements from an initial state, like installation.

    This means that what first needs to be done is:

    $ sudo su -
    $ dnf install -y atomic
    $ systemctl enable docker
    $ systemctl start docker

    Also, the Ansible scripts themselves only wrap the atomic command. Might be helpful to explain what it does.

    Besides that, thanks for providing a nice intro to using the atomic command and running cockpit.

    • Sorry, my bad. Forgot it was also about Atomic Host. The use of Atomic and


      as a command is confusing at times ;-). So the initial state is a way to reproduce it on a stock Fedora install, while the comment about the Ansible playbooks still stands. Some explaination about the command might clear confusion that exists with others.

      • Gerard Braad, So the idea is to run containers on the atomic host itself. We are executing all the commands above on our host (I have used workstation here). We are just using the IP Address of Atomic host in the inventory file where we want to run the containers. You just need to have Ansible installed on your host (Workstation/ Cloud/ Server).

        • I understand (already corrected myself as I got interrupted and had too little coffee; atomic host and atomic command). What I meant is the following:

          Your Ansible script invokes: cmd: atomic run [containername]
          what does the command do.
          * pulls image on the target host
          * runs the container according to the labels set
          * etc.

          Explaining what happens on a host can be helpful to newcomers. Treat an article to be targeting a general audience; ELI6 (explain like I am 6). This can prevent questions like: how do I run this? Looking forward to future articles. Hopefully, we will see more about atomic and related projects, like atomic-reactor and commissaire 😉

  5. An easy and nice post. I created an AWS Fedora 24 atomic instance, clone the repo and configured, then ran ansible-playbook. all went fine.
    On https://my-ip:9090 its not accepting any passwords though. (password-based ssh is disable per default with AWS F24 instances).

    Is there any thing that I can do to make it work? Should enable passwordful ssh access?

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions

%d bloggers like this: