README_CONTAINER_IMAGE.md 3.1 KB
Containerized openshift-ansible to run playbooks
The Dockerfile in this repository uses the playbook2image source-to-image base image to containerize openshift-ansible. The resulting image can run any of the provided playbooks.
Note: at this time there are known issues that prevent to run this image for installation/upgrade purposes (i.e. run one of the config/upgrade playbooks) from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation.
Build
To build a container image of openshift-ansible:
Using standalone Docker:
cd openshift-ansible docker build -t openshift/openshift-ansible .Using an OpenShift build:
oc new-build docker.io/aweiteka/playbook2image~https://github.com/openshift/openshift-ansible oc describe imagestream openshift-ansible
Usage
The playbook2image base image provides several options to control the behaviour of the containers. For more details on these options see the playbook2image documentation.
At the very least, when running a container using an image built this way you must specify:
- An inventory file. This can be mounted inside the container as a volume and specified with the
INVENTORY_FILEenvironment variable. Alternatively you can serve the inventory file from a web server and use theINVENTORY_URLenvironment variable to fetch it. - ssh keys so that Ansible can reach your hosts. These should be mounted as a volume under
/opt/app-root/src/.ssh - The playbook to run. This is set using the
PLAYBOOK_FILEenvironment variable. If you don't specify a playbook theopenshift_factsplaybook will be run to collecting and show facts about your OpenShift environment.
Here is an example of how to run a containerized openshift-ansible playbook that will check the expiration dates of OpenShift's internal certificates using the openshift_certificate_expiry role. The inventory and ssh keys are mounted as volumes (the latter requires setting the uid in the container and SELinux label in the key file via :Z so they can be accessed) and the PLAYBOOK_FILE environment variable is set to point to an example certificate check playbook that is already part of the image:
docker run -u `id -u` \
-v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \
-v /etc/ansible/hosts:/tmp/inventory \
-e INVENTORY_FILE=/tmp/inventory \
-e OPTS="-v" \
-e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml \
openshift/openshift-ansible
Further usage examples are available in the examples directory.
Additional usage information for images built from playbook2image like this one can be found in the playbook2image examples.