From f1b6aa212e32fa711bb8cab42b62260dcfad252c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pep=20Turr=C3=B3=20Mauri?= <pep@redhat.com>
Date: Mon, 13 Feb 2017 16:22:20 +0100
Subject: Dockerfile and docs to run containerized playbooks

Update openshift-ansible's Dockerfile to use playbook2image as a base, with the
goal to run an arbitrary playbook from a container.

The existing Dockerfile is moved to Dockerfile.rhel7 for the productized version
and will be updated to use playbook2image later.
---
 .dockerignore             |  8 ++++++++
 Dockerfile                | 47 +++++++++++++++++++++++++++--------------------
 Dockerfile.rhel7          | 26 ++++++++++++++++++++++++++
 README.md                 |  3 +++
 README_CONTAINER_IMAGE.md | 41 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 105 insertions(+), 20 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 Dockerfile.rhel7
 create mode 100644 README_CONTAINER_IMAGE.md

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..968811df5
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+.*
+bin
+docs
+test
+utils
+**/*.md
+*.spec
+setup*
diff --git a/Dockerfile b/Dockerfile
index f3d45837a..c6593491d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,26 +1,33 @@
-FROM rhel7
+# Using playbook2image as a base
+# See https://github.com/aweiteka/playbook2image for details on the image
+# including documentation for the settings/env vars referenced below
+FROM docker.io/aweiteka/playbook2image:latest
 
-MAINTAINER Troy Dawson <tdawson@redhat.com>
+MAINTAINER OpenShift Team <dev@lists.openshift.redhat.com>
 
-LABEL Name="openshift3/installer"
-LABEL Vendor="Red Hat" License=GPLv2+
-LABEL Version="v3.1.1.901"
-LABEL Release="6"
-LABEL BZComponent="aos3-installation-docker"
-LABEL Architecture="x86_64"
-LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \
-      io.k8s.display-name="Openshift Installer" \
-      io.openshift.tags="openshift,installer"
+LABEL name="openshift-ansible" \
+      summary="OpenShift's installation and configuration tool" \
+      description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+      url="https://github.com/openshift/openshift-ansible" \
+      io.k8s.display-name="openshift-ansible" \
+      io.k8s.description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+      io.openshift.expose-services="" \
+      io.openshift.tags="openshift,install,upgrade,ansible"
 
-RUN INSTALL_PKGS="atomic-openshift-utils" && \
-    yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \
-    rpm -V $INSTALL_PKGS && \
-    yum clean all
+# The playbook to be run is specified via the PLAYBOOK_FILE env var.
+# This sets a default of openshift_facts.yml as it's an informative playbook
+# that can help test that everything is set properly (inventory, sshkeys)
+ENV PLAYBOOK_FILE=playbooks/byo/openshift_facts.yml \
+    OPTS="-v" \
+    INSTALL_OC=true
 
-# Expect user to mount a workdir for container output (installer.cfg, hosts inventory, ansible log)
-VOLUME /var/lib/openshift-installer/
-WORKDIR /var/lib/openshift-installer/
+# playbook2image's assemble script expects the source to be available in
+# /tmp/src (as per the source-to-image specs) so we import it there
+ADD . /tmp/src
 
-RUN mkdir -p /var/lib/openshift-installer/
+# Running the 'assemble' script provided by playbook2image will install
+# dependencies specified in requirements.txt and install the 'oc' client
+# as per the INSTALL_OC environment setting above
+RUN /usr/libexec/s2i/assemble
 
-ENTRYPOINT ["/usr/bin/atomic-openshift-installer", "-c", "/var/lib/openshift-installer/installer.cfg", "--ansible-log-path", "/var/lib/openshift-installer/ansible.log"]
+CMD [ "/usr/libexec/s2i/run" ]
diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7
new file mode 100644
index 000000000..f3d45837a
--- /dev/null
+++ b/Dockerfile.rhel7
@@ -0,0 +1,26 @@
+FROM rhel7
+
+MAINTAINER Troy Dawson <tdawson@redhat.com>
+
+LABEL Name="openshift3/installer"
+LABEL Vendor="Red Hat" License=GPLv2+
+LABEL Version="v3.1.1.901"
+LABEL Release="6"
+LABEL BZComponent="aos3-installation-docker"
+LABEL Architecture="x86_64"
+LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \
+      io.k8s.display-name="Openshift Installer" \
+      io.openshift.tags="openshift,installer"
+
+RUN INSTALL_PKGS="atomic-openshift-utils" && \
+    yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    yum clean all
+
+# Expect user to mount a workdir for container output (installer.cfg, hosts inventory, ansible log)
+VOLUME /var/lib/openshift-installer/
+WORKDIR /var/lib/openshift-installer/
+
+RUN mkdir -p /var/lib/openshift-installer/
+
+ENTRYPOINT ["/usr/bin/atomic-openshift-installer", "-c", "/var/lib/openshift-installer/installer.cfg", "--ansible-log-path", "/var/lib/openshift-installer/ansible.log"]
diff --git a/README.md b/README.md
index c3c022e59..751e5ebf1 100644
--- a/README.md
+++ b/README.md
@@ -74,6 +74,9 @@ you are not running a stable release.
       - [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html)
       - [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html)
 
+## Containerized OpenShift Ansible
+
+See [README_CONTAINER_IMAGE.md](README_CONTAINER_IMAGE.md) for information on how to package openshift-ansible as a container image.
 
 ## Installer Hooks
 
diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md
new file mode 100644
index 000000000..f62fc2ab9
--- /dev/null
+++ b/README_CONTAINER_IMAGE.md
@@ -0,0 +1,41 @@
+# Containerized openshift-ansible to run playbooks
+
+The [Dockerfile](Dockerfile) in this repository uses the [playbook2image](https://github.com/aweiteka/playbook2image) source-to-image base image to containerize `openshift-ansible`. The resulting image can run any of the provided playbooks.
+
+**Note**: at this time there are known issues that prevent to run this image for installation/upgrade purposes from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation.
+
+## Build
+
+To build a container image of `openshift-ansible`:
+
+1. Using standalone **Docker**:
+
+        cd openshift-ansible
+        docker build -t openshift-ansible .
+
+1. Using an **OpenShift** build:
+
+        oc new-build docker.io/aweiteka/playbook2image~https://github.com/openshift/openshift-ansible
+        oc describe imagestream openshift-ansible
+
+## Usage
+
+The base image provides several options to control the behaviour of the containers. For more details on these options see the [playbook2image](https://github.com/aweiteka/playbook2image) documentation.
+
+At the very least, when running a container using an image built this way you must specify:
+
+1. The **playbook** to run. This is set using the `PLAYBOOK_FILE` environment variable.
+1. An **inventory** file. This can be mounted inside the container as a volume and specified with the `INVENTORY_FILE` environment variable. Alternatively you can serve the inventory file from a web server and use the `INVENTORY_URL` environment variable to fetch it.
+1. **ssh keys** so that Ansible can reach your hosts. These should be mounted as a volume under `/opt/app-root/src/.ssh`
+
+Here is an example of how to run a containerized `openshift-ansible` playbook that will check the expiration dates of OpenShift's internal certificates using the [`openshift_certificate_expiry` role](../../roles/openshift_certificate_expiry). The inventory and ssh keys are mounted as volumes (the latter requires setting the uid in the container and SELinux label in the key file via `:Z` so they can be accessed) and the `PLAYBOOK_FILE` environment variable is set to point to an example certificate check playbook that is already part of the image:
+
+    docker run -u `id -u` \
+           -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \
+           -v /etc/ansible/hosts:/tmp/inventory \
+           -e INVENTORY_FILE=/tmp/inventory \
+           -e OPTS="-v" \
+           -e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml \
+           openshift-ansible
+
+The [playbook2image examples](https://github.com/aweiteka/playbook2image/tree/master/examples) provide additional information on how to use a built image.
-- 
cgit v1.2.3