A Source-to-Image (S2I) builder image for packaging Ansible playbooks as a self-executing container.

Prerequisites: an OpenShiftv3 cluster or s2i binary

In this workflow we build a new image with our playbook, setup secrets (private ssh key, for example) and create a job to run our playbook image.

1. Build: Add your playbook to the image. This will create a new image with your playbook sourcecode

• OpenShift:

    oc new-build docker.io/aweiteka/playbook2image~https://github.com/PLAYBOOK/REPO.git
  

• s2i CLI tool:

    sudo s2i build https://github.com/PLAYBOOK/REPO.git docker.io/aweiteka/playbook2image NEW_PLAYBOOK_IMAGE_NAME
  

1. Run: as an OpenShift Job or with docker via command line

• OpenShift:

  1. Create a secret for our ssh private key

      oc secrets new-sshauth sshkey --ssh-privatekey=~/.ssh/id_rsa
     

  2. Create a new job. Download the sample-job.yaml file, edit and create the job.

      oc create -f sample-job.yaml
     

• Docker

    sudo docker run \
         -v ~/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa \
         -e OPTS="--become --user cloud-user" \
         -e PLAYBOOK_FILE=PATH_TO_PLAYBOOK \
         -e INVENTORY_URL=URL \
         IMAGE_FROM_BUILD_STEP
  

PLAYBOOK_FILE (required) Relative path to playbook file relative to project source. This is mounted in the container at /opt/app-root/src/PLAYBOOK_FILE.

INVENTORY_FILE (optional) Relative path to inventory file relative to project source. This is mounted in the container at /opt/app-root/src/INVENTORY_FILE.

INVENTORY_URL (optional) URL to inventory file. This is downloaded into the container as inventory file /opt/app-root/src/inventory.

ALLOW_ANSIBLE_CONNECTION_LOCAL (optional) If set to false all ansible_connection=local settings will be ignored.

DYNAMIC_SCRIPT_URL (optional) URL to dynamic inventory script. This is downloaded into the container as /opt/app-root/src/dynamic_inventory_script. If the dynamic inventory script is python see PYTHON_REQUIREMENTS.

PYTHON_REQUIREMENTS (optional, default 'requirements.txt') Relative path to python dependency requirements.txt file to support dynamic inventory script.

SSH_KEY (optional, default '/opt/app-root/src/.ssh/id_rsa') Container path to mounted private SSH key. For OpenShift this must match the secret volumeMount (see mountPath in sample-job.yaml). For docker this must match the bindmount container path, e.g. -v ~/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa.

OPTS (optional) List of options appended to ansible-playbook command. An example of commonly used options:

OPTS="-vvv --become --user cloud-user --private-key /var/secrets/id_rsa"

VAULT_PASS (optional) ansible-vault passphrase for decrypting files. This is written to a file and used to decrypt ansible-vault files.

ANSIBLE_HOST_KEY_CHECKING=False Disable host key checking. See http://docs.ansible.com/ansible/intro_getting_started.html#host-key-checking

S2I project documentation

OpenShift docs Creating S2I images blog post

You'll need to download the s2i binary.

Runining tests

sudo make test