diff options
author | Rodolfo Carvalho <rhcarvalho@gmail.com> | 2017-07-20 16:44:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-07-20 16:44:06 +0200 |
commit | d13c11aceb2c2ccf2c1db1ead9f545d7b0891cfc (patch) | |
tree | 28a935f7291a1f458b149110b9497a3130ed1b53 /README_CONTAINER_IMAGE.md | |
parent | e29eab4e9813c46f4738a81e8698b001bd5981b9 (diff) | |
parent | 5497673a7b5a7c07d3e99d77d028447acbdd36a5 (diff) | |
download | openshift-d13c11aceb2c2ccf2c1db1ead9f545d7b0891cfc.tar.gz openshift-d13c11aceb2c2ccf2c1db1ead9f545d7b0891cfc.tar.bz2 openshift-d13c11aceb2c2ccf2c1db1ead9f545d7b0891cfc.tar.xz openshift-d13c11aceb2c2ccf2c1db1ead9f545d7b0891cfc.zip |
Merge pull request #4742 from juanvallejo/jvallejo/remove-dependency-on-p2i
Remove dependency on playbook2image, rebase directly on OS.
Diffstat (limited to 'README_CONTAINER_IMAGE.md')
-rw-r--r-- | README_CONTAINER_IMAGE.md | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md index cf3b432df..a2151352d 100644 --- a/README_CONTAINER_IMAGE.md +++ b/README_CONTAINER_IMAGE.md @@ -1,6 +1,6 @@ # Containerized openshift-ansible to run playbooks -The [Dockerfile](images/installer/Dockerfile) in this repository uses the [playbook2image](https://github.com/openshift/playbook2image) source-to-image base image to containerize `openshift-ansible`. The resulting image can run any of the provided playbooks. See [BUILD.md](BUILD.md) for image build instructions. +The [Dockerfile](images/installer/Dockerfile) in this repository can be used to build a containerized `openshift-ansible`. The resulting image can run any of the provided playbooks. See [BUILD.md](BUILD.md) for image build instructions. The image is designed to **run as a non-root user**. The container's UID is mapped to the username `default` at runtime. Therefore, the container's environment reflects that user's settings, and the configuration should match that. For example `$HOME` is `/opt/app-root/src`, so ssh keys are expected to be under `/opt/app-root/src/.ssh`. If you ran a container as `root` you would have to adjust the container's configuration accordingly, e.g. by placing ssh keys under `/root/.ssh` instead. Nevertheless, the expectation is that containers will be run as non-root; for example, this container image can be run inside OpenShift under the default `restricted` [security context constraint](https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints). @@ -14,8 +14,6 @@ This provides consistency with other images used by the platform and it's also a ## Usage -The `playbook2image` base image provides several options to control the behaviour of the containers. For more details on these options see the [playbook2image](https://github.com/openshift/playbook2image) documentation. - At the very least, when running a container you must specify: 1. An **inventory**. This can be a location inside the container (possibly mounted as a volume) with a path referenced via the `INVENTORY_FILE` environment variable. Alternatively you can serve the inventory file from a web server and use the `INVENTORY_URL` environment variable to fetch it, or `DYNAMIC_SCRIPT_URL` to download a script that provides a dynamic inventory. @@ -52,8 +50,6 @@ Here is a detailed explanation of the options used in the command above: Further usage examples are available in the [examples directory](examples/) with samples of how to use the image from within OpenShift. -Additional usage information for images built from `playbook2image` like this one can be found in the [playbook2image examples](https://github.com/openshift/playbook2image/tree/master/examples). - ## Running openshift-ansible as a System Container Building the System Container: See the [BUILD.md](BUILD.md). |