# docker container run -ti --name ansible python:3.6-alpine sh
# ~/.vault-token
# docker build -f ansible.Dockerfile -t adrien/ansible ./
# time docker run --rm --dns=192.168.18.11 -ti -v $(pwd):/ansible/playbooks -v ~/.kube:/root/.kube -e VAULT_ADDR=$VAULT_ADDR -e VAULT_TOKEN="$(cat ~/.vault-token)" -e VAULT_CACERT=/ansible/playbooks/rootCA.pem adrien/ansible ansible-playbook -i inventories/bpipp.flaminem.com/ -l localhost playbook.yml --diff -t prom

FROM python:3.7-alpine
LABEL name="ansible" \
      version="latest"
RUN VAULT_VERSION=1.4.2 && KUBECTL_VERSION=v1.18.3 && \
    apk --update add --virtual build-dependencies gcc musl-dev libffi-dev openssl-dev build-base libvirt-dev && \
    pip3 install ansible asn1crypto bcrypt cachetools certifi cffi chardet cryptography dictdiffer \
      docker-py google-auth httplib2 hvac idna ipaddress Jinja2 jmespath jsonpatch jsonpointer jsonschema \
      kubernetes~=9.0.0 libvirt-python MarkupSafe oauthlib openshift~=0.9.0 paramiko pyasn1 pyasn1-modules pycparser \
      PyNaCl python-dateutil python-string-utils PyYAML q requests requests-oauthlib rsa ruamel.yaml \
      six simplejson urllib3 websocket-client ansible-lint && \
    apk add ca-certificates && \
    apk del build-dependencies && \
    rm -rf /var/cache/apk/* && \
    wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip && \
    unzip vault_${VAULT_VERSION}_linux_amd64.zip && \
    install vault /usr/local/bin/vault -o root -g root -m 0755 && \
    rm -f vault vault_${VAULT_VERSION}_linux_amd64.zip && \
    wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \
    install kubectl /usr/local/bin/kubectl -o root -g root -m 0755 && \
    rm -f kubectl && \
    mkdir -p /etc/ansible /ansible && \
    echo "[local]" >> /etc/ansible/hosts && \
    echo "localhost" >> /etc/ansible/hosts && \
    ln -s /usr/local/bin/python3 /usr/bin/python3
COPY ./rootCA.pem /usr/local/share/ca-certificates/beethoven.pem
RUN update-ca-certificates

ENV ANSIBLE_GATHERING=smart \
    ANSIBLE_HOST_KEY_CHECKING=false \
    ANSIBLE_RETRY_FILES_ENABLED=false \
    ANSIBLE_ROLES_PATH=/ansible/playbooks/roles \
    ANSIBLE_SSH_PIPELINING=True \
    PYTHONPATH=/ansible/lib \
    PATH=/ansible/bin:$PATH \
    ANSIBLE_LIBRARY=/ansible/library
 
WORKDIR /ansible/playbooks
 
CMD ["ansible"]