summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPep TurrĂ³ Mauri <pep@redhat.com>2017-02-13 16:22:20 +0100
committerPep TurrĂ³ Mauri <pep@redhat.com>2017-03-06 17:54:01 +0100
commitf1b6aa212e32fa711bb8cab42b62260dcfad252c (patch)
tree04e77ca144e67a3dcc2d73b44f257fe86ec4fe7a
parent6a002fb9641d2631038bba8d80e5467f312fa0db (diff)
downloadopenshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.tar.gz
openshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.tar.bz2
openshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.tar.xz
openshift-f1b6aa212e32fa711bb8cab42b62260dcfad252c.zip
Dockerfile and docs to run containerized playbooks
Update openshift-ansible's Dockerfile to use playbook2image as a base, with the goal to run an arbitrary playbook from a container. The existing Dockerfile is moved to Dockerfile.rhel7 for the productized version and will be updated to use playbook2image later.
-rw-r--r--.dockerignore8
-rw-r--r--Dockerfile47
-rw-r--r--Dockerfile.rhel726
-rw-r--r--README.md3
-rw-r--r--README_CONTAINER_IMAGE.md41
5 files changed, 105 insertions, 20 deletions
diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..968811df5
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+.*
+bin
+docs
+test
+utils
+**/*.md
+*.spec
+setup*
diff --git a/Dockerfile b/Dockerfile
index f3d45837a..c6593491d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,26 +1,33 @@
-FROM rhel7
+# Using playbook2image as a base
+# See https://github.com/aweiteka/playbook2image for details on the image
+# including documentation for the settings/env vars referenced below
+FROM docker.io/aweiteka/playbook2image:latest
-MAINTAINER Troy Dawson <tdawson@redhat.com>
+MAINTAINER OpenShift Team <dev@lists.openshift.redhat.com>
-LABEL Name="openshift3/installer"
-LABEL Vendor="Red Hat" License=GPLv2+
-LABEL Version="v3.1.1.901"
-LABEL Release="6"
-LABEL BZComponent="aos3-installation-docker"
-LABEL Architecture="x86_64"
-LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \
- io.k8s.display-name="Openshift Installer" \
- io.openshift.tags="openshift,installer"
+LABEL name="openshift-ansible" \
+ summary="OpenShift's installation and configuration tool" \
+ description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+ url="https://github.com/openshift/openshift-ansible" \
+ io.k8s.display-name="openshift-ansible" \
+ io.k8s.description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+ io.openshift.expose-services="" \
+ io.openshift.tags="openshift,install,upgrade,ansible"
-RUN INSTALL_PKGS="atomic-openshift-utils" && \
- yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \
- rpm -V $INSTALL_PKGS && \
- yum clean all
+# The playbook to be run is specified via the PLAYBOOK_FILE env var.
+# This sets a default of openshift_facts.yml as it's an informative playbook
+# that can help test that everything is set properly (inventory, sshkeys)
+ENV PLAYBOOK_FILE=playbooks/byo/openshift_facts.yml \
+ OPTS="-v" \
+ INSTALL_OC=true
-# Expect user to mount a workdir for container output (installer.cfg, hosts inventory, ansible log)
-VOLUME /var/lib/openshift-installer/
-WORKDIR /var/lib/openshift-installer/
+# playbook2image's assemble script expects the source to be available in
+# /tmp/src (as per the source-to-image specs) so we import it there
+ADD . /tmp/src
-RUN mkdir -p /var/lib/openshift-installer/
+# Running the 'assemble' script provided by playbook2image will install
+# dependencies specified in requirements.txt and install the 'oc' client
+# as per the INSTALL_OC environment setting above
+RUN /usr/libexec/s2i/assemble
-ENTRYPOINT ["/usr/bin/atomic-openshift-installer", "-c", "/var/lib/openshift-installer/installer.cfg", "--ansible-log-path", "/var/lib/openshift-installer/ansible.log"]
+CMD [ "/usr/libexec/s2i/run" ]
diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7
new file mode 100644
index 000000000..f3d45837a
--- /dev/null
+++ b/Dockerfile.rhel7
@@ -0,0 +1,26 @@
+FROM rhel7
+
+MAINTAINER Troy Dawson <tdawson@redhat.com>
+
+LABEL Name="openshift3/installer"
+LABEL Vendor="Red Hat" License=GPLv2+
+LABEL Version="v3.1.1.901"
+LABEL Release="6"
+LABEL BZComponent="aos3-installation-docker"
+LABEL Architecture="x86_64"
+LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \
+ io.k8s.display-name="Openshift Installer" \
+ io.openshift.tags="openshift,installer"
+
+RUN INSTALL_PKGS="atomic-openshift-utils" && \
+ yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \
+ rpm -V $INSTALL_PKGS && \
+ yum clean all
+
+# Expect user to mount a workdir for container output (installer.cfg, hosts inventory, ansible log)
+VOLUME /var/lib/openshift-installer/
+WORKDIR /var/lib/openshift-installer/
+
+RUN mkdir -p /var/lib/openshift-installer/
+
+ENTRYPOINT ["/usr/bin/atomic-openshift-installer", "-c", "/var/lib/openshift-installer/installer.cfg", "--ansible-log-path", "/var/lib/openshift-installer/ansible.log"]
diff --git a/README.md b/README.md
index c3c022e59..751e5ebf1 100644
--- a/README.md
+++ b/README.md
@@ -74,6 +74,9 @@ you are not running a stable release.
- [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html)
- [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html)
+## Containerized OpenShift Ansible
+
+See [README_CONTAINER_IMAGE.md](README_CONTAINER_IMAGE.md) for information on how to package openshift-ansible as a container image.
## Installer Hooks
diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md
new file mode 100644
index 000000000..f62fc2ab9
--- /dev/null
+++ b/README_CONTAINER_IMAGE.md
@@ -0,0 +1,41 @@
+# Containerized openshift-ansible to run playbooks
+
+The [Dockerfile](Dockerfile) in this repository uses the [playbook2image](https://github.com/aweiteka/playbook2image) source-to-image base image to containerize `openshift-ansible`. The resulting image can run any of the provided playbooks.
+
+**Note**: at this time there are known issues that prevent to run this image for installation/upgrade purposes from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation.
+
+## Build
+
+To build a container image of `openshift-ansible`:
+
+1. Using standalone **Docker**:
+
+ cd openshift-ansible
+ docker build -t openshift-ansible .
+
+1. Using an **OpenShift** build:
+
+ oc new-build docker.io/aweiteka/playbook2image~https://github.com/openshift/openshift-ansible
+ oc describe imagestream openshift-ansible
+
+## Usage
+
+The base image provides several options to control the behaviour of the containers. For more details on these options see the [playbook2image](https://github.com/aweiteka/playbook2image) documentation.
+
+At the very least, when running a container using an image built this way you must specify:
+
+1. The **playbook** to run. This is set using the `PLAYBOOK_FILE` environment variable.
+1. An **inventory** file. This can be mounted inside the container as a volume and specified with the `INVENTORY_FILE` environment variable. Alternatively you can serve the inventory file from a web server and use the `INVENTORY_URL` environment variable to fetch it.
+1. **ssh keys** so that Ansible can reach your hosts. These should be mounted as a volume under `/opt/app-root/src/.ssh`
+
+Here is an example of how to run a containerized `openshift-ansible` playbook that will check the expiration dates of OpenShift's internal certificates using the [`openshift_certificate_expiry` role](../../roles/openshift_certificate_expiry). The inventory and ssh keys are mounted as volumes (the latter requires setting the uid in the container and SELinux label in the key file via `:Z` so they can be accessed) and the `PLAYBOOK_FILE` environment variable is set to point to an example certificate check playbook that is already part of the image:
+
+ docker run -u `id -u` \
+ -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \
+ -v /etc/ansible/hosts:/tmp/inventory \
+ -e INVENTORY_FILE=/tmp/inventory \
+ -e OPTS="-v" \
+ -e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml \
+ openshift-ansible
+
+The [playbook2image examples](https://github.com/aweiteka/playbook2image/tree/master/examples) provide additional information on how to use a built image.