diff options
author | Pep TurrĂ³ Mauri <pep@redhat.com> | 2017-02-13 16:22:20 +0100 |
---|---|---|
committer | Pep TurrĂ³ Mauri <pep@redhat.com> | 2017-03-06 17:54:01 +0100 |
commit | f1b6aa212e32fa711bb8cab42b62260dcfad252c (patch) | |
tree | 04e77ca144e67a3dcc2d73b44f257fe86ec4fe7a /README_CONTAINER_IMAGE.md | |
parent | 6a002fb9641d2631038bba8d80e5467f312fa0db (diff) | |
download | openshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.tar.gz openshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.tar.bz2 openshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.tar.xz openshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.zip |
Dockerfile and docs to run containerized playbooks
Update openshift-ansible's Dockerfile to use playbook2image as a base, with the
goal to run an arbitrary playbook from a container.
The existing Dockerfile is moved to Dockerfile.rhel7 for the productized version
and will be updated to use playbook2image later.
Diffstat (limited to 'README_CONTAINER_IMAGE.md')
-rw-r--r-- | README_CONTAINER_IMAGE.md | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md new file mode 100644 index 000000000..f62fc2ab9 --- /dev/null +++ b/README_CONTAINER_IMAGE.md @@ -0,0 +1,41 @@ +# Containerized openshift-ansible to run playbooks + +The [Dockerfile](Dockerfile) in this repository uses the [playbook2image](https://github.com/aweiteka/playbook2image) source-to-image base image to containerize `openshift-ansible`. The resulting image can run any of the provided playbooks. + +**Note**: at this time there are known issues that prevent to run this image for installation/upgrade purposes from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation. + +## Build + +To build a container image of `openshift-ansible`: + +1. Using standalone **Docker**: + + cd openshift-ansible + docker build -t openshift-ansible . + +1. Using an **OpenShift** build: + + oc new-build docker.io/aweiteka/playbook2image~https://github.com/openshift/openshift-ansible + oc describe imagestream openshift-ansible + +## Usage + +The base image provides several options to control the behaviour of the containers. For more details on these options see the [playbook2image](https://github.com/aweiteka/playbook2image) documentation. + +At the very least, when running a container using an image built this way you must specify: + +1. The **playbook** to run. This is set using the `PLAYBOOK_FILE` environment variable. +1. An **inventory** file. This can be mounted inside the container as a volume and specified with the `INVENTORY_FILE` environment variable. Alternatively you can serve the inventory file from a web server and use the `INVENTORY_URL` environment variable to fetch it. +1. **ssh keys** so that Ansible can reach your hosts. These should be mounted as a volume under `/opt/app-root/src/.ssh` + +Here is an example of how to run a containerized `openshift-ansible` playbook that will check the expiration dates of OpenShift's internal certificates using the [`openshift_certificate_expiry` role](../../roles/openshift_certificate_expiry). The inventory and ssh keys are mounted as volumes (the latter requires setting the uid in the container and SELinux label in the key file via `:Z` so they can be accessed) and the `PLAYBOOK_FILE` environment variable is set to point to an example certificate check playbook that is already part of the image: + + docker run -u `id -u` \ + -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \ + -v /etc/ansible/hosts:/tmp/inventory \ + -e INVENTORY_FILE=/tmp/inventory \ + -e OPTS="-v" \ + -e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml \ + openshift-ansible + +The [playbook2image examples](https://github.com/aweiteka/playbook2image/tree/master/examples) provide additional information on how to use a built image. |