Skip to content

Commit cd03d57

Browse files
Add example
1 parent 639555d commit cd03d57

File tree

11 files changed

+214
-38
lines changed

11 files changed

+214
-38
lines changed

Dockerfile

Lines changed: 40 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,57 @@
11
FROM alpine:3.11.6
22

3-
WORKDIR /ansible
3+
ENV ANSIBLE_SSH_CONTROL_PATH /dev/shm/cp%%h-%%p-%%r
4+
ENV ANSIBLE_INVENTORY inventory.yml
5+
ENV ANSIBLE_FORCE_COLOR True
6+
ENV ANSIBLE_HOST_KEY_CHECKING False
7+
ENV ANSIBLE_COMMAND_WARNINGS False
8+
ENV ANSIBLE_RETRY_FILES_ENABLED False
9+
ENV ANSIBLE_GATHERING explicit
10+
ENV ANSIBLE_PRIVATE_ROLE_VARS True
11+
ENV ANSIBLE_REMOTE_USER root
12+
ENV ANSIBLE_ROLES_PATH /ansible/baked/roles
13+
ENV ANSIBLE_CALLBACK_WHITELIST profile_tasks
14+
ENV ANSIBLE_SSH_RETRIES 3
15+
ENV ANSIBLE_PYTHON_INTERPRETER /usr/bin/python3
16+
17+
ENV ANSIBLE_PLAYBOOK_CMD_OPTIONS "-v"
18+
ENV ANSIBLE_PLAYBOOK_CMD_SKIP_TAGS ""
19+
20+
ENV CCD_USER ansible
21+
ENV CCD_GROUP ansible
22+
ENV CDD_BASE_FOLDER /ansible
23+
ENV CDD_BAKED_FOLDER ${CDD_BASE_FOLDER}/baked
24+
ENV CDD_DEBUG_FOLDER ${CDD_BASE_FOLDER}/debug
25+
ENV CDD_PLAY_FOLDER ${CDD_BASE_FOLDER}/play
426

527
# Setup base system + ansible
6-
RUN addgroup -S ansible && \
7-
adduser -S ansible -G ansible && \
8-
apk upgrade \
28+
RUN addgroup -S ${CCD_GROUP} && \
29+
adduser -S ${CCD_USER} -G ${CCD_GROUP}
30+
31+
RUN apk upgrade \
932
--no-cache && \
1033
apk add \
34+
ansible=2.9.6-r0 \
35+
bash \
1136
curl \
1237
libressl \
1338
ca-certificates \
14-
ansible \
1539
git \
1640
openssh-client \
17-
--no-cache && \
18-
pip3 install --upgrade pip && \
19-
pip3 install dnspython && \
20-
pip3 install netaddr && \
21-
pip3 install jmespath && \
22-
mkdir /ansible-playbook-base/ /ansible-playbook && \
23-
chown -R ansible:ansible /ansible /ansible-playbook-base/ /ansible-playbook
41+
sshpass \
42+
--no-cache
43+
44+
COPY requirements.txt /var/run/requirements.txt
45+
46+
RUN pip3 install --upgrade pip && \
47+
pip3 install --no-cache-dir -r /var/run/requirements.txt
48+
49+
RUN mkdir -p ${CDD_DEBUG_FOLDER} ${CDD_BAKED_FOLDER} ${CDD_PLAY_FOLDER} && chown -R ${CCD_USER}:${CCD_GROUP} ${CDD_BASE_FOLDER}
2450

2551
COPY entrypoint.sh /
2652

27-
USER ansible
53+
USER ${CCD_USER}
2854

29-
COPY ansible.cfg /ansible-playbook-base/
55+
WORKDIR ${CDD_PLAY_FOLDER}
3056

3157
ENTRYPOINT ["/entrypoint.sh"]

README.md

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,50 @@
11
# Ansible Playbook Base docker image
22

33
Base docker image for 🎁 ansible playbooks
4+
5+
## Usage
6+
7+
See [./example](./example) folder
8+
9+
1. Creare own [Dockerfile](./example/Dockerfile) based on this docker image `docker.io/devincan/ansible-playbook-base:v0.1`
10+
2. Add your playbooks
11+
3. Build
12+
4. Run
13+
14+
15+
## Why?
16+
17+
1. 🦾 Modern CI ready.
18+
2. 🏺 Caching - Ansible roles baked in docker image upfront.
19+
3. 🎡 Reproducible runs with same ansible, python libraries, roles, ansible.cfg, playbooks.
20+
4. ⚗️ When you want to run playbooks on Windows
21+
22+
# How does it work?
23+
24+
1. Build docker image including everything needed for playbook to be executed ( Ansible, Python libraries, roles and playbooks )
25+
2. Run this docker image with mounted inventory.yml and id_rsa key from you local or CI
26+
3. Profit 🎩
27+
28+
## What exaclty base image does?
29+
30+
1. Setup ansible senzible defaults
31+
32+
- [ANSIBLE_INVENTORY](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_INVENTORY) `inventory.yml`
33+
- [ANSIBLE_FORCE_COLOR](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_FORCE_COLOR) `True`
34+
- [ANSIBLE_HOST_KEY_CHECKING](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_HOST_KEY_CHECKING) `False`
35+
- [ANSIBLE_COMMAND_WARNINGS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_COMMAND_WARNINGS) `False`
36+
- [ANSIBLE_RETRY_FILES_ENABLED](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_RETRY_FILES_ENABLED) `False`
37+
- [ANSIBLE_GATHERING](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_GATHERING) `explicit`
38+
- [ANSIBLE_PRIVATE_ROLE_VARS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_PRIVATE_ROLE_VARS) `True`
39+
- [ANSIBLE_REMOTE_USER](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_REMOTE_USER) `pddevops`
40+
- [ANSIBLE_ROLES_PATH](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_ROLES_PATH) `roles`
41+
- [ANSIBLE_CALLBACK_WHITELIST](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_CALLBACK_WHITELIST) `profile_tasks`
42+
- [ANSIBLE_SSH_RETRIES](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_SSH_RETRIES) `10`
43+
- [ANSIBLE_SSH_CONTROL_PATH](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_SSH_CONTROL_PATH) `/dev/shm/cp%%h-%%p-%%r`
44+
- [ANSIBE_OPTIONS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBE_OPTIONS) `"-v"`
45+
46+
2. Add [entrypoint.sh](entrypoint.sh)
47+
48+
This entrypoint will copy baked roles, playbooks and other files from `/ansible-baked` to `/ansible` workdir. Then it will run site.yml playbook.
49+
50+
3. Add essential Python/Ansible dependencies listed in [requirements.txt](./requirements.txt)

ansible.cfg

Lines changed: 0 additions & 13 deletions
This file was deleted.

entrypoint.sh

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,26 @@
1-
#!/bin/sh
1+
#!/bin/bash
22

3-
echo "Moving base files ( /ansible-playbook-base/* ) to workdir ( $PWD )"
4-
cp -r /ansible-playbook-base/* .
3+
set -eox pipefail
4+
IFS=$'\n\t'
55

6-
echo "Moving playbook files ( /ansible-playbook/* ) to workdir ( $PWD )"
7-
cp -r /ansible-playbook/* .
6+
Y='\033[0;33m'
7+
NC='\033[0m'
88

9-
echo "Setting ANSIBLE_CONFIG to $PWD/ansible.cfg to prevent issues on CI with other workdir than /ansible"
10-
export ANSIBLE_CONFIG=$PWD/ansible.cfg
9+
mkdir -p ${CDD_PLAY_FOLDER}
1110

12-
echo "Setting proper rights to $HOME/.ssh/*"
13-
chmod -R 400 $HOME/.ssh/*
11+
if [ "$(ls -A $CDD_DEBUG_FOLDER)" ]; then
1412

15-
echo "Executing ansible-playbook site.yml --skip-tags=\"$SKIP_TAGS\" $OPTIONS $@"
16-
ansible-playbook site.yml --skip-tags="$SKIP_TAGS" $OPTIONS "$@"
13+
echo -e "${Y}Moving debug files '${CDD_DEBUG_FOLDER}/*' to workdir '${CDD_PLAY_FOLDER}/'${NC}"
14+
cp -r ${CDD_DEBUG_FOLDER}/* ${CDD_PLAY_FOLDER}/
15+
16+
fi
17+
18+
if [ "$(ls -A $CDD_BAKED_FOLDER)" ]; then
19+
20+
echo -e "${Y}Moving baked files '${CDD_BAKED_FOLDER}/*' to workdir '${CDD_PLAY_FOLDER}/'${NC}"
21+
cp -r ${CDD_BAKED_FOLDER}/* ${CDD_PLAY_FOLDER}/
22+
23+
fi
24+
25+
cd ${CDD_PLAY_FOLDER}
26+
ansible-playbook site.yml --skip-tags="${ANSIBLE_PLAYBOOK_CMD_SKIP_TAGS}" "${ANSIBLE_PLAYBOOK_CMD_OPTIONS}" "${@}"

example/1-example-playbook.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
- name: Example playbook
2+
hosts: all
3+
tasks:
4+
5+
- name: Debug variables
6+
include_role:
7+
name: grog.debug-variable
8+
vars:
9+
grog_debug_variable_test: "{{ global_test_variable }}"
10+
11+
- name: Slurp variables dump file
12+
slurp:
13+
src: /tmp/ansible.dump
14+
register: slurpfile
15+
16+
- name: Print variables dump file
17+
debug:
18+
msg: "{{ slurpfile['content'] | b64decode }}"

example/Dockerfile

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
FROM docker.io/devincan/ansible-playbook-base:v0.1
2+
3+
COPY --chown=ansible:ansible ./*.yml /ansible-playbook/
4+
5+
RUN ansible-galaxy install -r /ansible-playbook/requirements.yml -p /ansible-playbook/roles --force

example/LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2019 Container Driven Development
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

example/README.md

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
# Ansible Playbook Example
2+
3+
Example playbook 🎁 in docker image, this image is based on https://github.com/Container-Driven-Development/ansible-playbook-base, us base dir or just take it as an inspiration and create completely own [Dockerfile](https://github.com/Container-Driven-Development/ansible-playbook-base/blob/master/Dockerfile).
4+
5+
Just go ahead and try [run](#run-wrapped-playbook) this example docker image against your playbook it will just print host ansible variables.
6+
7+
## Why?
8+
9+
1. Modern CI ready.
10+
2. Caching - Ansible roles baked in docker image upfront.
11+
3. Reproducible runs with same ansible, python libraries, roles, ansible.cfg, playbooks.
12+
13+
# How does it work?
14+
15+
1. Build docker image including everything needed for playbook to be executed ( ansible, python libraries, roles, ansible.cfg and playbooks )
16+
2. Run this docker image with mounted inventory.yml and id_rsa key from you local or CI
17+
3. Profit 🎩
18+
19+
## Run wrapped playbook
20+
21+
```
22+
$ docker run -it \
23+
-v $HOME/.ssh/id_rsa:/home/ansible/.ssh/id_rsa \
24+
-v /path/to/inventory.yml:/ansible/inventory.yml \
25+
docker.io/devincan/ansible-playbook-example:v0.1 \
26+
-v -e global_test_variable=test
27+
```
28+
29+
## Use wrapped playbook in Gitlab CI
30+
31+
```yaml
32+
ansible-playbook-example:
33+
stage: example
34+
image:
35+
name: docker.io/devincan/ansible-playbook-example:v0.1
36+
entrypoint: [""]
37+
script:
38+
- /entrypoint.sh
39+
variables:
40+
OPTIONS: "-e global_test_variable=test"
41+
```
42+
43+
## Developing playbook
44+
45+
Simply mounting your own playbook into `/ansible-playbook` will allow you to run docker image with your changes without need to rebuild image each time.
46+
47+
```
48+
$ ansible-galaxy install -r /ansible-playbook/requirements.yml -p /ansible-playbook/roles --force
49+
50+
$ docker run -it \
51+
-v $PWD:/ansible-playbook \
52+
-v $HOME/.ssh/id_rsa:/home/ansible/.ssh/id_rsa \
53+
-v /path/to/inventory.yml:/ansible/inventory.yml \
54+
docker.io/devincan/ansible-playbook-example:v0.1 \
55+
-v -e global_test_variable=test
56+
```

example/requirements.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
- src: grog.debug-variable
2+
version: v1.2.0

example/site.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
- import_playbook: 1-example-playbook.yml

requirements.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
dnspython==1.16.0
2+
netaddr==0.7.19
3+
jmespath==0.9.5

0 commit comments

Comments
 (0)