adrien/ansible-docker
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

First commit

Browse source
This commit is contained in:
Adrien Reslinger 2020-05-31 18:18:14 +02:00
parent 1ac9d9d809
commit f498390635
3 changed files with 84 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

29
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,29 @@
stages:
- verify
- build
variables:
IMAGE_NAME: "$CI_REGISTRY_IMAGE"
image: docker:latest
# Beyond this point, each top level item is a Job name (beside templates)
# NB: each job is run on a separate container
docker:lint:
stage: verify
image: projectatomic/dockerfile-lint
script:
- dockerfile_lint -p -f ansible.Dockerfile
build:
stage: build
image: docker:latest
script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
- export DATE=$(date +%Y%m%d)
- docker build -f ansible.Dockerfile -t $CI_REGISTRY_IMAGE:$DATE .
- docker push $CI_REGISTRY_IMAGE:$DATE
- docker build -f ansible.Dockerfile -t $CI_REGISTRY_IMAGE:latest .
- docker push $CI_REGISTRY_IMAGE:latest

10
README.md
View file

@ -1,3 +1,13 @@
# ansible-docker # ansible-docker
ansible in a container ansible in a container
It include hashicorp vault and kubectl binary
You can use it with something like that :
```bash
alias ansible-playbook='docker run --rm --dns=192.168.18.11 -ti -v $(pwd):/ansible/playbooks -v ~/.kube:/root/.kube -e VAULT_ADDR=$VAULT_ADDR -e VAULT_TOKEN="$(cat ~/.vault-token)" registry.example.net/ansible-docker:latest ansible-playbook'
ansible-playbook main.yml
```

44
ansible.Dockerfile Normal file
View file

@ -0,0 +1,44 @@
# docker container run -ti --name ansible python:3.6-alpine sh
# ~/.vault-token
# docker build -f ansible.Dockerfile -t adrien/ansible ./
# time docker run --rm --dns=192.168.18.11 -ti -v $(pwd):/ansible/playbooks -v ~/.kube:/root/.kube -e VAULT_ADDR=$VAULT_ADDR -e VAULT_TOKEN="$(cat ~/.vault-token)" -e VAULT_CACERT=/ansible/playbooks/rootCA.pem adrien/ansible ansible-playbook -i inventories/bpipp.flaminem.com/ -l localhost playbook.yml --diff -t prom
FROM python:3.7-alpine
LABEL name="ansible" \
version="latest"
RUN VAULT_VERSION=1.4.2 && KUBECTL_VERSION=v1.18.3 && \
apk --update add --virtual build-dependencies gcc musl-dev libffi-dev openssl-dev build-base libvirt-dev && \
pip3 install ansible asn1crypto bcrypt cachetools certifi cffi chardet cryptography dictdiffer \
docker-py google-auth httplib2 hvac idna ipaddress Jinja2 jmespath jsonpatch jsonpointer jsonschema \
kubernetes~=9.0.0 libvirt-python MarkupSafe oauthlib openshift~=0.9.0 paramiko pyasn1 pyasn1-modules pycparser \
PyNaCl python-dateutil python-string-utils PyYAML q requests requests-oauthlib rsa ruamel.yaml \
six simplejson urllib3 websocket-client ansible-lint && \
apk add ca-certificates && \
apk del build-dependencies && \
rm -rf /var/cache/apk/* && \
wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip && \
unzip vault_${VAULT_VERSION}_linux_amd64.zip && \
install vault /usr/local/bin/vault -o root -g root -m 0755 && \
rm -f vault vault_${VAULT_VERSION}_linux_amd64.zip && \
wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \
install kubectl /usr/local/bin/kubectl -o root -g root -m 0755 && \
rm -f kubectl && \
mkdir -p /etc/ansible /ansible && \
echo "[local]" >> /etc/ansible/hosts && \
echo "localhost" >> /etc/ansible/hosts && \
ln -s /usr/local/bin/python3 /usr/bin/python3
COPY ./rootCA.pem /usr/local/share/ca-certificates/beethoven.pem
RUN update-ca-certificates
ENV ANSIBLE_GATHERING=smart \
ANSIBLE_HOST_KEY_CHECKING=false \
ANSIBLE_RETRY_FILES_ENABLED=false \
ANSIBLE_ROLES_PATH=/ansible/playbooks/roles \
ANSIBLE_SSH_PIPELINING=True \
PYTHONPATH=/ansible/lib \
PATH=/ansible/bin:$PATH \
ANSIBLE_LIBRARY=/ansible/library
WORKDIR /ansible/playbooks
CMD ["ansible"]