openshift/origin-ansible

Containerized openshift-ansible

This image packages https://github.com/openshift/openshift-ansible, the Ansible-based tooling to install and manage OpenShift clusters.

This image is built upon the https://hub.docker.com/r/aweiteka/playbook2image/ source-to-image base image. The resulting image can run any of the playbooks provided in openshift-ansible.

Note: at this time there are known issues that prevent to run this image for installation/upgrade purposes (i.e. run one of the config/upgrade playbooks) from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation.

Usage

The playbook2image base image provides several options to control the behaviour of the containers. For more details on these options see the https://github.com/aweiteka/playbook2image documentation.

At the very least, when running a container using this image you must specify:

1. An inventory file. This can be mounted inside the container as a volume and specified with the INVENTORY_FILE environment variable. Alternatively you can serve the inventory file from a web server and use the INVENTORY_URL environment variable to fetch it.
2. ssh keys so that Ansible can reach your hosts. These should be mounted as a volume under /opt/app-root/src/.ssh
3. The playbook to run. This is set using the PLAYBOOK_FILE environment variable. If you don't specify a playbook the openshift_facts playbook will be run, collecting and showing facts about your OpenShift environment.

Here is an example of how to run a containerized openshift-ansible playbook that will check the expiration dates of OpenShift's internal certificates using the https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_certificate_expiry. The inventory and ssh keys are mounted as volumes (the latter requires setting the uid in the container and SELinux label in the key file via :Z so they can be accessed) and the PLAYBOOK_FILE environment variable is set to point to an example certificate check playbook that is already part of the image:

docker run -u `id -u` \
       -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z,ro \
       -v /etc/ansible/hosts:/tmp/inventory:ro \
       -e INVENTORY_FILE=/tmp/inventory \
       -e OPTS="-v" \
       -e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml \
       openshift/origin-ansible

The https://github.com/openshift/playbook2image/tree/master/examples provide additional information on how to use an image built from it like this one.