A Source-to-Image (S2I) builder image for packaging Ansible playbooks as a self-executing container.
Prerequisites: an OpenShiftv3 cluster or s2i binary
In this workflow we build a new image with our playbook, setup secrets (private ssh key, for example) and create a job to run our playbook image.
- Build: Add your playbook to the image. This will create a new image with your playbook sourcecode
-
OpenShift:
oc new-build docker.io/aweiteka/playbook2image~https://github.com/PLAYBOOK/REPO.git
-
s2i CLI tool:
sudo s2i build https://github.com/PLAYBOOK/REPO.git docker.io/aweiteka/playbook2image NEW_PLAYBOOK_IMAGE_NAME
- Run: as an OpenShift Job or with docker via command line
-
OpenShift:
-
Create a secret for our ssh private key
oc secrets new-sshauth sshkey --ssh-privatekey=~/.ssh/id_rsa
-
Create a new job. Download the sample-job.yaml file, edit and create the job.
oc create -f sample-job.yaml
-
-
Docker
sudo docker run \ -v ~/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa \ -e OPTS="--become --user cloud-user" \ -e PLAYBOOK_FILE=PATH_TO_PLAYBOOK \ -e INVENTORY_URL=URL \ IMAGE_FROM_BUILD_STEP
PLAYBOOK_FILE
(required)
Relative path to playbook file relative to project source. This is mounted in the container at /opt/app-root/src/PLAYBOOK_FILE.
INVENTORY_FILE
(optional)
Relative path to inventory file relative to project source. This is mounted in the container at /opt/app-root/src/INVENTORY_FILE.
INVENTORY_URL
(optional)
URL to inventory file. This is downloaded into the container as inventory file /opt/app-root/src/inventory.
ALLOW_ANSIBLE_CONNECTION_LOCAL
(optional)
If set to false all ansible_connection=local
settings will be ignored.
DYNAMIC_SCRIPT_URL
(optional)
URL to dynamic inventory script. This is downloaded into the container as /opt/app-root/src/dynamic_inventory_script. If the dynamic inventory script is python see PYTHON_REQUIREMENTS.
PYTHON_REQUIREMENTS
(optional, default 'requirements.txt')
Relative path to python dependency requirements.txt file to support dynamic inventory script.
SSH_KEY
(optional, default '/opt/app-root/src/.ssh/id_rsa')
Container path to mounted private SSH key. For OpenShift this must match the secret volumeMount (see mountPath in sample-job.yaml). For docker this must match the bindmount container path, e.g. -v ~/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa
.
OPTS
(optional)
List of options appended to ansible-playbook command. An example of commonly used options:
OPTS="-vvv --become --user cloud-user --private-key /var/secrets/id_rsa"
VAULT_PASS
(optional)
ansible-vault passphrase for decrypting files. This is written to a file and used to decrypt ansible-vault files.
ANSIBLE_HOST_KEY_CHECKING=False
Disable host key checking. See http://docs.ansible.com/ansible/intro_getting_started.html#host-key-checking
S2I project documentation
OpenShift docs Creating S2I images blog post
You'll need to download the s2i binary.
Runining tests
sudo make test