Name: playbook2image
Owner: OpenShift
Description: A Source-to-Image (S2I) builder image for packaging Ansible playbooks as a self-executing container
Forked from: aweiteka/playbook2image
Created: 2017-04-28 18:12:28.0
Updated: 2018-05-21 16:07:23.0
Pushed: 2017-08-10 21:42:43.0
Homepage: null
Size: 88
Language: Shell
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
A Source-to-Image (S2I) builder image for packaging Ansible playbooks as a self-executing container.
Prerequisites: an OpenShiftv3 cluster or s2i binary
In this workflow we build a new image with our playbook, setup secrets (private ssh key, for example) and create a job to run our playbook image.
Build: Add your playbook to the image. This will create a new image with your playbook sourcecode
Using OpenShift. In this example we instruct the build script to install the OpenShift CLI so it's available from our playbook:
oc new-build -e INSTALL_OC=true \
docker.io/aweiteka/playbook2image~https://github.com/PLAYBOOK/REPO.git
Using docker:
Using the example Dockerfile, create a Dockerfile in the playbook repository.
Build the image
docker build -t IMAGE_NAME . -f Dockerfile.example
Using s2i CLI tool:
sudo s2i build https://github.com/PLAYBOOK/REPO.git docker.io/aweiteka/playbook2image NEW_PLAYBOOK_IMAGE_NAME
Run: as an OpenShift Job or with docker via command line
Using OpenShift:
Create a secret for our ssh private key
oc secrets new-sshauth sshkey --ssh-privatekey=$HOME/.ssh/id_rsa
Create a new job. Download the sample-job.yaml file, edit and create the job.
oc create -f sample-job.yaml
Using Docker (example command):
sudo docker run \
-v ~/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa \
-e OPTS="--become --user cloud-user" \
-e PLAYBOOK_FILE=PATH_TO_PLAYBOOK \
-e INVENTORY_URL=URL \
IMAGE_FROM_BUILD_STEP
To run it as a system container see the README.md under system-container
for details about why would you want to do this and how to do it.
A container run from a playbook2image image needs at least these configured options:
INVENTORY_FILE
to point to a local path inside the container, INVENTORY_URL
to download a static inventory file, or DYNAMIC_SCRIPT_URL
to download a dynamic inventory script.PLAYBOOK_FILE
./opt/app-root/src/.ssh
).Below is a list of available options. Ansible itself also allows its configuration to be controlled via environment variables and some of these are specially relevant for playbook2image's use case so they are also highligted here (starting with ANSIBLE_*
):
INVENTORY_FILE
Path to the location of the inventory file within the container. It can be a relative path pointing to an inventory provided in the source, or an absolute path to an inventory mounted in the container via a volume.
INVENTORY_URL
URL to inventory file. This is downloaded into the container.
DYNAMIC_SCRIPT_URL
URL to dynamic inventory script. This is downloaded into the container. If the dynamic inventory script is python see PYTHON_REQUIREMENTS.
PLAYBOOK_FILE
Relative path to playbook file relative to project source. This is mounted in the container at /opt/app-root/src/PLAYBOOK_FILE.
ALLOW_ANSIBLE_CONNECTION_LOCAL
(optional)
If set to false all ansible_connection=local
settings in the inventory will be removed. This can help when you want to use an existing inventory file that uses local connections to a host: it is likely that an ssh connection is a better fit when running from a container.
PYTHON_REQUIREMENTS
(optional, default 'requirements.txt')
Relative path to python dependency requirements.txt file to support dynamic inventory script.
ANSIBLE_PRIVATE_KEY_FILE
(optional, e.g. '/opt/app-root/src/.ssh/id_rsa/ssh-privatekey')
Container path to mounted private SSH key. For OpenShift this must match the secret volumeMount (see mountPath in sample-job.yaml). For docker this must match the bindmount container path, e.g. -v ~/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa
.
OPTS
(optional)
List of options appended to ansible-playbook command. An example of commonly used options:
="-vvv --become --user cloud-user"
VAULT_PASS
(optional)
ansible-vault passphrase for decrypting files. This is written to a file and used to decrypt ansible-vault files.
ANSIBLE_HOST_KEY_CHECKING=False
Disable host key checking. See documentation
WORK_DIR
(optional)
If not specified ansible-playbook
will run from ${APP_HOME}
directory (/opt/app-root/src
) where the target repository is mounted.
When relative or absolute path is specified in WORK_DIR
, ansible-playbook
will be launched from WORK_DIR
directory. That might come in handy for
example if you have roles or ansible.cfg
in non-root of the repository.
These options are passed in when building the application (e.g. oc new-build
or docker build
or s2i
)
INSTALL_OC
(optional)
If specified during build (e.g. oc new-build -e INSTALL_OC=true ...
) the oc
OpenShift client
binary is downloaded and installed into the resulting image.
S2I project documentation
To run tests you will need to install the s2i binary.
Running tests
make test