From f1b6aa212e32fa711bb8cab42b62260dcfad252c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pep=20Turr=C3=B3=20Mauri?= <pep@redhat.com> Date: Mon, 13 Feb 2017 16:22:20 +0100 Subject: Dockerfile and docs to run containerized playbooks Update openshift-ansible's Dockerfile to use playbook2image as a base, with the goal to run an arbitrary playbook from a container. The existing Dockerfile is moved to Dockerfile.rhel7 for the productized version and will be updated to use playbook2image later. --- .dockerignore | 8 ++++++++ Dockerfile | 47 +++++++++++++++++++++++++++-------------------- Dockerfile.rhel7 | 26 ++++++++++++++++++++++++++ README.md | 3 +++ README_CONTAINER_IMAGE.md | 41 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 105 insertions(+), 20 deletions(-) create mode 100644 .dockerignore create mode 100644 Dockerfile.rhel7 create mode 100644 README_CONTAINER_IMAGE.md diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..968811df5 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +.* +bin +docs +test +utils +**/*.md +*.spec +setup* diff --git a/Dockerfile b/Dockerfile index f3d45837a..c6593491d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,33 @@ -FROM rhel7 +# Using playbook2image as a base +# See https://github.com/aweiteka/playbook2image for details on the image +# including documentation for the settings/env vars referenced below +FROM docker.io/aweiteka/playbook2image:latest -MAINTAINER Troy Dawson <tdawson@redhat.com> +MAINTAINER OpenShift Team <dev@lists.openshift.redhat.com> -LABEL Name="openshift3/installer" -LABEL Vendor="Red Hat" License=GPLv2+ -LABEL Version="v3.1.1.901" -LABEL Release="6" -LABEL BZComponent="aos3-installation-docker" -LABEL Architecture="x86_64" -LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \ - io.k8s.display-name="Openshift Installer" \ - io.openshift.tags="openshift,installer" +LABEL name="openshift-ansible" \ + summary="OpenShift's installation and configuration tool" \ + description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \ + url="https://github.com/openshift/openshift-ansible" \ + io.k8s.display-name="openshift-ansible" \ + io.k8s.description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \ + io.openshift.expose-services="" \ + io.openshift.tags="openshift,install,upgrade,ansible" -RUN INSTALL_PKGS="atomic-openshift-utils" && \ - yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \ - rpm -V $INSTALL_PKGS && \ - yum clean all +# The playbook to be run is specified via the PLAYBOOK_FILE env var. +# This sets a default of openshift_facts.yml as it's an informative playbook +# that can help test that everything is set properly (inventory, sshkeys) +ENV PLAYBOOK_FILE=playbooks/byo/openshift_facts.yml \ + OPTS="-v" \ + INSTALL_OC=true -# Expect user to mount a workdir for container output (installer.cfg, hosts inventory, ansible log) -VOLUME /var/lib/openshift-installer/ -WORKDIR /var/lib/openshift-installer/ +# playbook2image's assemble script expects the source to be available in +# /tmp/src (as per the source-to-image specs) so we import it there +ADD . /tmp/src -RUN mkdir -p /var/lib/openshift-installer/ +# Running the 'assemble' script provided by playbook2image will install +# dependencies specified in requirements.txt and install the 'oc' client +# as per the INSTALL_OC environment setting above +RUN /usr/libexec/s2i/assemble -ENTRYPOINT ["/usr/bin/atomic-openshift-installer", "-c", "/var/lib/openshift-installer/installer.cfg", "--ansible-log-path", "/var/lib/openshift-installer/ansible.log"] +CMD [ "/usr/libexec/s2i/run" ] diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7 new file mode 100644 index 000000000..f3d45837a --- /dev/null +++ b/Dockerfile.rhel7 @@ -0,0 +1,26 @@ +FROM rhel7 + +MAINTAINER Troy Dawson <tdawson@redhat.com> + +LABEL Name="openshift3/installer" +LABEL Vendor="Red Hat" License=GPLv2+ +LABEL Version="v3.1.1.901" +LABEL Release="6" +LABEL BZComponent="aos3-installation-docker" +LABEL Architecture="x86_64" +LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \ + io.k8s.display-name="Openshift Installer" \ + io.openshift.tags="openshift,installer" + +RUN INSTALL_PKGS="atomic-openshift-utils" && \ + yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum clean all + +# Expect user to mount a workdir for container output (installer.cfg, hosts inventory, ansible log) +VOLUME /var/lib/openshift-installer/ +WORKDIR /var/lib/openshift-installer/ + +RUN mkdir -p /var/lib/openshift-installer/ + +ENTRYPOINT ["/usr/bin/atomic-openshift-installer", "-c", "/var/lib/openshift-installer/installer.cfg", "--ansible-log-path", "/var/lib/openshift-installer/ansible.log"] diff --git a/README.md b/README.md index c3c022e59..751e5ebf1 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,9 @@ you are not running a stable release. - [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html) - [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html) +## Containerized OpenShift Ansible + +See [README_CONTAINER_IMAGE.md](README_CONTAINER_IMAGE.md) for information on how to package openshift-ansible as a container image. ## Installer Hooks diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md new file mode 100644 index 000000000..f62fc2ab9 --- /dev/null +++ b/README_CONTAINER_IMAGE.md @@ -0,0 +1,41 @@ +# Containerized openshift-ansible to run playbooks + +The [Dockerfile](Dockerfile) in this repository uses the [playbook2image](https://github.com/aweiteka/playbook2image) source-to-image base image to containerize `openshift-ansible`. The resulting image can run any of the provided playbooks. + +**Note**: at this time there are known issues that prevent to run this image for installation/upgrade purposes from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation. + +## Build + +To build a container image of `openshift-ansible`: + +1. Using standalone **Docker**: + + cd openshift-ansible + docker build -t openshift-ansible . + +1. Using an **OpenShift** build: + + oc new-build docker.io/aweiteka/playbook2image~https://github.com/openshift/openshift-ansible + oc describe imagestream openshift-ansible + +## Usage + +The base image provides several options to control the behaviour of the containers. For more details on these options see the [playbook2image](https://github.com/aweiteka/playbook2image) documentation. + +At the very least, when running a container using an image built this way you must specify: + +1. The **playbook** to run. This is set using the `PLAYBOOK_FILE` environment variable. +1. An **inventory** file. This can be mounted inside the container as a volume and specified with the `INVENTORY_FILE` environment variable. Alternatively you can serve the inventory file from a web server and use the `INVENTORY_URL` environment variable to fetch it. +1. **ssh keys** so that Ansible can reach your hosts. These should be mounted as a volume under `/opt/app-root/src/.ssh` + +Here is an example of how to run a containerized `openshift-ansible` playbook that will check the expiration dates of OpenShift's internal certificates using the [`openshift_certificate_expiry` role](../../roles/openshift_certificate_expiry). The inventory and ssh keys are mounted as volumes (the latter requires setting the uid in the container and SELinux label in the key file via `:Z` so they can be accessed) and the `PLAYBOOK_FILE` environment variable is set to point to an example certificate check playbook that is already part of the image: + + docker run -u `id -u` \ + -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \ + -v /etc/ansible/hosts:/tmp/inventory \ + -e INVENTORY_FILE=/tmp/inventory \ + -e OPTS="-v" \ + -e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml \ + openshift-ansible + +The [playbook2image examples](https://github.com/aweiteka/playbook2image/tree/master/examples) provide additional information on how to use a built image. -- cgit v1.2.3