Add example

Author: devopsmariocom

Dockerfile

@@ -1,31 +1,57 @@
 FROM alpine:3.11.6
 
-WORKDIR /ansible
+ENV ANSIBLE_SSH_CONTROL_PATH /dev/shm/cp%%h-%%p-%%r
+ENV ANSIBLE_INVENTORY inventory.yml
+ENV ANSIBLE_FORCE_COLOR True
+ENV ANSIBLE_HOST_KEY_CHECKING False
+ENV ANSIBLE_COMMAND_WARNINGS False
+ENV ANSIBLE_RETRY_FILES_ENABLED False
+ENV ANSIBLE_GATHERING explicit
+ENV ANSIBLE_PRIVATE_ROLE_VARS True
+ENV ANSIBLE_REMOTE_USER root
+ENV ANSIBLE_ROLES_PATH /ansible/baked/roles
+ENV ANSIBLE_CALLBACK_WHITELIST profile_tasks
+ENV ANSIBLE_SSH_RETRIES 3
+ENV ANSIBLE_PYTHON_INTERPRETER /usr/bin/python3
+
+ENV ANSIBLE_PLAYBOOK_CMD_OPTIONS "-v"
+ENV ANSIBLE_PLAYBOOK_CMD_SKIP_TAGS ""
+
+ENV CCD_USER ansible
+ENV CCD_GROUP ansible
+ENV CDD_BASE_FOLDER /ansible
+ENV CDD_BAKED_FOLDER ${CDD_BASE_FOLDER}/baked
+ENV CDD_DEBUG_FOLDER ${CDD_BASE_FOLDER}/debug
+ENV CDD_PLAY_FOLDER ${CDD_BASE_FOLDER}/play
 
 # Setup base system + ansible
-RUN addgroup -S ansible && \
-    adduser -S ansible -G ansible && \
-    apk upgrade \
+RUN addgroup -S ${CCD_GROUP} && \
+    adduser -S ${CCD_USER} -G ${CCD_GROUP}
+
+RUN apk upgrade \
         --no-cache && \
     apk add \
+        ansible=2.9.6-r0 \
+        bash \
         curl \
         libressl \
         ca-certificates \
-        ansible \
         git \
         openssh-client \
-        --no-cache && \
-    pip3 install --upgrade pip && \
-    pip3 install dnspython && \
-    pip3 install netaddr && \
-    pip3 install jmespath && \
-    mkdir /ansible-playbook-base/ /ansible-playbook && \
-    chown -R ansible:ansible /ansible /ansible-playbook-base/ /ansible-playbook
+        sshpass \
+        --no-cache
+
+COPY requirements.txt /var/run/requirements.txt
+
+RUN pip3 install --upgrade pip && \
+    pip3 install --no-cache-dir -r /var/run/requirements.txt
+
+RUN mkdir -p ${CDD_DEBUG_FOLDER} ${CDD_BAKED_FOLDER} ${CDD_PLAY_FOLDER} && chown -R ${CCD_USER}:${CCD_GROUP} ${CDD_BASE_FOLDER}
 
 COPY entrypoint.sh /
 
-USER ansible
+USER ${CCD_USER}
 
-COPY ansible.cfg /ansible-playbook-base/
+WORKDIR ${CDD_PLAY_FOLDER}
 
 ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,3 +1,50 @@
 # Ansible Playbook Base docker image
 
 Base docker image for 🎁 ansible playbooks
+
+## Usage
+
+See [./example](./example) folder
+
+1. Creare own [Dockerfile](./example/Dockerfile) based on this docker image `docker.io/devincan/ansible-playbook-base:v0.1`
+2. Add your playbooks
+3. Build
+4. Run
+
+
+## Why?
+
+1. 🦾 Modern CI ready.
+2. 🏺 Caching - Ansible roles baked in docker image upfront.
+3. 🎡 Reproducible runs with same ansible, python libraries, roles, ansible.cfg, playbooks.
+4. ⚗️ When you want to run playbooks on Windows
+
+# How does it work?
+
+1. Build docker image including everything needed for playbook to be executed ( Ansible, Python libraries, roles and playbooks )
+2. Run this docker image with mounted inventory.yml and id_rsa key from you local or CI
+3. Profit 🎩
+
+## What exaclty base image does?
+
+1. Setup ansible senzible defaults
+
+    - [ANSIBLE_INVENTORY](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_INVENTORY) `inventory.yml`
+    - [ANSIBLE_FORCE_COLOR](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_FORCE_COLOR) `True`
+    - [ANSIBLE_HOST_KEY_CHECKING](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_HOST_KEY_CHECKING) `False`
+    - [ANSIBLE_COMMAND_WARNINGS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_COMMAND_WARNINGS) `False`
+    - [ANSIBLE_RETRY_FILES_ENABLED](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_RETRY_FILES_ENABLED) `False`
+    - [ANSIBLE_GATHERING](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_GATHERING) `explicit`
+    - [ANSIBLE_PRIVATE_ROLE_VARS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_PRIVATE_ROLE_VARS) `True`
+    - [ANSIBLE_REMOTE_USER](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_REMOTE_USER) `pddevops`
+    - [ANSIBLE_ROLES_PATH](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_ROLES_PATH) `roles`
+    - [ANSIBLE_CALLBACK_WHITELIST](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_CALLBACK_WHITELIST) `profile_tasks`
+    - [ANSIBLE_SSH_RETRIES](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_SSH_RETRIES) `10`
+    - [ANSIBLE_SSH_CONTROL_PATH](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_SSH_CONTROL_PATH) `/dev/shm/cp%%h-%%p-%%r`
+    - [ANSIBE_OPTIONS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBE_OPTIONS) `"-v"`
+
+2. Add [entrypoint.sh](entrypoint.sh)
+
+   This entrypoint will copy baked roles, playbooks and other files from `/ansible-baked` to `/ansible` workdir. Then it will run site.yml playbook.
+
+3. Add essential Python/Ansible dependencies listed in [requirements.txt](./requirements.txt) 

ansible.cfg

@@ -1,16 +1,26 @@
-#!/bin/sh
+#!/bin/bash
 
-echo "Moving base files ( /ansible-playbook-base/* ) to workdir ( $PWD )"
-cp -r /ansible-playbook-base/* .
+set -eox pipefail
+IFS=$'\n\t'
 
-echo "Moving playbook files ( /ansible-playbook/* ) to workdir ( $PWD )"
-cp -r /ansible-playbook/* .
+Y='\033[0;33m'
+NC='\033[0m'
 
-echo "Setting ANSIBLE_CONFIG to $PWD/ansible.cfg to prevent issues on CI with other workdir than /ansible"
-export ANSIBLE_CONFIG=$PWD/ansible.cfg
+mkdir -p ${CDD_PLAY_FOLDER}
 
-echo "Setting proper rights to $HOME/.ssh/*"
-chmod -R 400 $HOME/.ssh/*
+if [ "$(ls -A $CDD_DEBUG_FOLDER)" ]; then
 
-echo "Executing ansible-playbook site.yml --skip-tags=\"$SKIP_TAGS\" $OPTIONS $@"
-ansible-playbook site.yml --skip-tags="$SKIP_TAGS" $OPTIONS "$@"
+    echo -e "${Y}Moving debug files '${CDD_DEBUG_FOLDER}/*' to workdir '${CDD_PLAY_FOLDER}/'${NC}"
+    cp -r ${CDD_DEBUG_FOLDER}/* ${CDD_PLAY_FOLDER}/
+
+fi
+
+if [ "$(ls -A $CDD_BAKED_FOLDER)" ]; then
+
+echo -e "${Y}Moving baked files '${CDD_BAKED_FOLDER}/*' to workdir '${CDD_PLAY_FOLDER}/'${NC}"
+cp -r ${CDD_BAKED_FOLDER}/* ${CDD_PLAY_FOLDER}/
+
+fi
+
+cd ${CDD_PLAY_FOLDER}
+ansible-playbook site.yml --skip-tags="${ANSIBLE_PLAYBOOK_CMD_SKIP_TAGS}" "${ANSIBLE_PLAYBOOK_CMD_OPTIONS}" "${@}"

entrypoint.sh

@@ -0,0 +1,18 @@
+- name: Example playbook
+  hosts: all
+  tasks:
+
+  - name: Debug variables
+    include_role:
+      name: grog.debug-variable
+    vars:
+      grog_debug_variable_test: "{{ global_test_variable }}"
+
+  - name: Slurp variables dump file
+    slurp:
+      src: /tmp/ansible.dump
+    register: slurpfile
+
+  - name: Print variables dump file
+    debug:
+      msg: "{{ slurpfile['content'] | b64decode }}"

example/1-example-playbook.yml

@@ -0,0 +1,5 @@
+FROM docker.io/devincan/ansible-playbook-base:v0.1
+
+COPY --chown=ansible:ansible ./*.yml /ansible-playbook/
+
+RUN ansible-galaxy install -r /ansible-playbook/requirements.yml -p /ansible-playbook/roles --force

example/Dockerfile

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Container Driven Development
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

example/LICENSE

@@ -0,0 +1,56 @@
+# Ansible Playbook Example
+
+Example playbook 🎁 in docker image, this image is based on https://github.com/Container-Driven-Development/ansible-playbook-base, us base dir or just take it as an inspiration and create completely own [Dockerfile](https://github.com/Container-Driven-Development/ansible-playbook-base/blob/master/Dockerfile). 
+
+Just go ahead and try [run](#run-wrapped-playbook) this example docker image against your playbook it will just print host ansible variables.
+
+## Why?
+
+1. Modern CI ready.
+2. Caching - Ansible roles baked in docker image upfront.
+3. Reproducible runs with same ansible, python libraries, roles, ansible.cfg, playbooks.
+
+# How does it work?
+
+1. Build docker image including everything needed for playbook to be executed ( ansible, python libraries, roles, ansible.cfg and playbooks )
+2. Run this docker image with mounted inventory.yml and id_rsa key from you local or CI
+3. Profit 🎩
+
+## Run wrapped playbook
+
+```
+$ docker run -it \
+-v $HOME/.ssh/id_rsa:/home/ansible/.ssh/id_rsa \
+-v /path/to/inventory.yml:/ansible/inventory.yml \
+docker.io/devincan/ansible-playbook-example:v0.1 \
+-v -e global_test_variable=test
+```
+
+## Use wrapped playbook in Gitlab CI
+
+```yaml
+ansible-playbook-example:
+  stage: example
+  image: 
+    name: docker.io/devincan/ansible-playbook-example:v0.1
+    entrypoint: [""]
+  script:
+  - /entrypoint.sh
+  variables:
+    OPTIONS: "-e global_test_variable=test"
+```
+
+## Developing playbook
+
+Simply mounting your own playbook into `/ansible-playbook` will allow you to run docker image with your changes without need to rebuild image each time.
+
+```
+$ ansible-galaxy install -r /ansible-playbook/requirements.yml -p /ansible-playbook/roles --force
+
+$ docker run -it \
+-v $PWD:/ansible-playbook \
+-v $HOME/.ssh/id_rsa:/home/ansible/.ssh/id_rsa \
+-v /path/to/inventory.yml:/ansible/inventory.yml \
+docker.io/devincan/ansible-playbook-example:v0.1 \
+-v -e global_test_variable=test
+```

example/README.md

@@ -0,0 +1,2 @@
+- src: grog.debug-variable
+  version: v1.2.0

example/requirements.yml

@@ -0,0 +1 @@
+- import_playbook: 1-example-playbook.yml

example/site.yml

@@ -0,0 +1,3 @@
+dnspython==1.16.0
+netaddr==0.7.19
+jmespath==0.9.5