Use ansible-runner in APB Base (#36)

* Update entrypoint for ansible-runner * Update Dockerfile's for ansible-runner * Update RPM for new file locations * Handle extravars * Update canary to install runner from source * Install inventory and config where they belong * Make inventory dir * Create /opt/apb/env dir on rpm install Declare /opt/apb/env dir in files
ansibleplaybookbundle · Jul 19, 2018 · 4c7e68d · 4c7e68d
1 parent d5ba976
commit 4c7e68d
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 47 deletions.
diff --git a/Dockerfile-canary b/Dockerfile-canary
@@ -1,4 +1,5 @@
 FROM centos:7
+
 MAINTAINER Ansible Playbook Bundle Community
 LABEL "com.redhat.apb.runtime"="2"
 
@@ -9,12 +10,13 @@ ENV HOME=${BASE_DIR}
 
 
 RUN mkdir -p /usr/share/ansible/openshift \
-             /etc/ansible /opt/apb /opt/ansible
+             /etc/ansible /opt/apb/env /opt/ansible
 
 RUN yum -y install epel-release centos-release-openshift-origin \
     && yum -y update \
     && yum -y install bind-utils \
                       gcc \
+                      jq \
                       libffi-devel \
                       make \
                       net-tools \
@@ -27,12 +29,10 @@ RUN yum -y install epel-release centos-release-openshift-origin \
                       python-setuptools \
     && yum clean all
 
-RUN git clone https://github.com:/ansible/ansible.git
-RUN cd ansible \
-    && pip install -U setuptools \
-    && git checkout devel \
-    && python setup.py install \
-    && pip install jmespath
+RUN pip install \
+    https://github.com/ansible/ansible/archive/devel.tar.gz \
+    https://github.com/ansible/ansible-runner/archive/master.tar.gz \
+    jmespath
 
 RUN git clone https://github.com/openshift/openshift-restclient-python
 RUN cd openshift-restclient-python \
@@ -44,11 +44,6 @@ RUN git clone https://github.com/ansible/ansible-kubernetes-modules.git /etc/ans
 
 RUN git clone https://github.com/ansibleplaybookbundle/ansible-asb-modules.git /etc/ansible/roles/ansibleplaybookbundle.asb-modules
 
-RUN echo "localhost ansible_connection=local" > /etc/ansible/hosts \
-    && echo '[defaults]' > /etc/ansible/ansible.cfg \
-    && echo 'roles_path = /opt/ansible/roles' >> /etc/ansible/ansible.cfg \
-    && echo 'library = /usr/share/ansible/openshift' >> /etc/ansible/ansible.cfg
-
 COPY files/usr/bin/* /usr/bin/
 COPY files/opt/apb/. /opt/apb/
 

diff --git a/Dockerfile-latest b/Dockerfile-latest
@@ -1,4 +1,4 @@
-FROM centos:7
+FROM ansible/ansible-runner:latest
 MAINTAINER Ansible Playbook Bundle Community
 LABEL "com.redhat.apb.runtime"="2"
 
@@ -8,12 +8,12 @@ ENV USER_NAME=apb \
 ENV HOME=${BASE_DIR}
 
 RUN curl https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -o /etc/yum.repos.d/asb.repo
-RUN yum -y install epel-release centos-release-openshift-origin \
+RUN yum -y install epel-release centos-release-openshift-origin jq \
     && yum -y install --setopt=tsflags=nodocs origin-clients python-openshift ansible ansible-kubernetes-modules ansible-asb-modules apb-base-scripts \
     && yum clean all
 
 RUN mkdir -p /usr/share/ansible/openshift \
-             /etc/ansible /opt/ansible \
+             /etc/ansible /opt/apb /opt/ansible \
              ${BASE_DIR}/{etc,.kube,.ansible/tmp} \
              && useradd -u ${USER_UID} -r -g 0 -M -d ${BASE_DIR} -b ${BASE_DIR} -s /sbin/nologin -c "apb user" ${USER_NAME} \
              && chown -R ${USER_NAME}:0 /opt/{ansible,apb} \

diff --git a/Dockerfile-nightly b/Dockerfile-nightly
@@ -1,4 +1,4 @@
-FROM centos:7
+FROM ansible/ansible-runner:latest
 MAINTAINER Ansible Playbook Bundle Community
 LABEL "com.redhat.apb.runtime"="2"
 
@@ -8,12 +8,12 @@ ENV USER_NAME=apb \
 ENV HOME=${BASE_DIR}
 
 RUN curl https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-nightly/repo/epel-7/group_ansible-service-broker-ansible-service-broker-nightly-epel-7.repo -o /etc/yum.repos.d/asb.repo
-RUN yum -y install epel-release centos-release-openshift-origin \
+RUN yum -y install epel-release centos-release-openshift-origin jq \
     && yum -y install --setopt=tsflags=nodocs origin-clients python-openshift ansible ansible-kubernetes-modules ansible-asb-modules apb-base-scripts \
     && yum clean all
 
 RUN mkdir -p /usr/share/ansible/openshift \
-             /etc/ansible /opt/ansible \
+             /etc/ansible /opt/apb /opt/ansible \
              ${BASE_DIR}/{etc,.kube,.ansible/tmp} \
              && useradd -u ${USER_UID} -r -g 0 -M -d ${BASE_DIR} -b ${BASE_DIR} -s /sbin/nologin -c "apb user" ${USER_NAME} \
              && chown -R ${USER_NAME}:0 /opt/{ansible,apb} \

diff --git a/apb-base-scripts.spec b/apb-base-scripts.spec
@@ -25,8 +25,10 @@ mkdir -p %{buildroot}%{_bindir}
 mkdir -p %{buildroot}%{_sysconfdir}/ansible
 mkdir -p %{buildroot}%{_sysconfdir}/apb-secrets
 mkdir -p %{buildroot}/opt/apb/.kube
-install -m 644 files/opt/apb/ansible.cfg %{buildroot}/opt/apb
-install -m 644 files/opt/apb/hosts %{buildroot}/opt/apb
+mkdir -p %{buildroot}/opt/apb/inventory
+mkdir -p %{buildroot}/opt/apb/env
+install -m 644 files/opt/apb/.ansible.cfg %{buildroot}/opt/apb/.ansible.cfg
+install -m 644 files/opt/apb/inventory/hosts %{buildroot}/opt/apb/inventory/hosts
 install -m 775 files/opt/apb/.kube/config %{buildroot}/opt/apb/.kube/config
 install -m 755 files/usr/bin/test-retrieval-init %{buildroot}%{_bindir}
 install -m 755 files/usr/bin/test-retrieval %{buildroot}%{_bindir}
@@ -39,8 +41,9 @@ install -m 755 files/usr/bin/entrypoint.sh %{buildroot}%{_bindir}
 %{_bindir}/entrypoint.sh
 %dir %{_sysconfdir}/apb-secrets
 %dir %{_sysconfdir}/ansible
-/opt/apb/ansible.cfg
-/opt/apb/hosts
+%dir /opt/apb/env
+/opt/apb/.ansible.cfg
+/opt/apb/inventory/hosts
 /opt/apb/.kube/config
 
 %changelog

diff --git a/files/opt/apb/ansible.cfg → files/opt/apb/.ansible.cfg b/files/opt/apb/ansible.cfg → files/opt/apb/.ansible.cfg
@@ -1,4 +1,4 @@
 [defaults]
 retry_files_enabled = False
-inventory = /opt/apb/hosts
+inventory = /opt/apb/inventory/hosts
 roles_path = /etc/ansible/roles:/opt/ansible/roles
diff --git a/files/opt/apb/hosts → files/opt/apb/inventory/hosts b/files/opt/apb/hosts → files/opt/apb/inventory/hosts
diff --git a/files/usr/bin/entrypoint.sh b/files/usr/bin/entrypoint.sh
@@ -18,56 +18,78 @@ fi
 # https://github.com/openshift/source-to-image/issues/475
 #
 if [[ $@ == *"s2i/assemble"* ]]; then
-  echo "---> Performing S2I build... Skipping server startup"
-  exec "$@"
-  exit $?
+    echo "---> Performing S2I build... Skipping server startup"
+    exec "$@"
+    exit $?
+fi
+
+if ! whoami &> /dev/null; then
+    if [ -w /etc/passwd ]; then
+        echo "${USER_NAME:-apb}:x:$(id -u):0:${USER_NAME:-apb} user:${HOME}:/sbin/nologin" >> /etc/passwd
+    fi
 fi
 
 ACTION=$1
 shift
-playbooks=/opt/apb/actions
+PLAYBOOKS="/opt/apb/project"
+PASSWORDS="/opt/apb/env/passwords"
+EXTRAVARS="/opt/apb/env/extravars"
 CREDS="/var/tmp/bind-creds"
 TEST_RESULT="/var/tmp/test-result"
+SECRETS_DIR="/etc/apb-secrets"
+ROLE_NAME=$(echo $2 | jq -r .role_name 2>/dev/null || echo "null")
+ROLE_NAMESPACE=$(echo $2 | jq -r .role_namespace 2>/dev/null || echo "null")
 
-if ! whoami &> /dev/null; then
-  if [ -w /etc/passwd ]; then
-    echo "${USER_NAME:-apb}:x:$(id -u):0:${USER_NAME:-apb} user:${HOME}:/sbin/nologin" >> /etc/passwd
-  fi
-fi
-
-SECRETS_DIR=/etc/apb-secrets
+# Handle mounted secrets
 mounted_secrets=$(ls $SECRETS_DIR)
-
-extra_args=""
 if [[ ! -z "$mounted_secrets" ]] ; then
 
-    echo '---' > /tmp/secrets
-
+    echo '---' > $PASSWORDS
     for key in ${mounted_secrets} ; do
       for file in $(ls ${SECRETS_DIR}/${key}/..data); do
-        echo "$file: $(cat ${SECRETS_DIR}/${key}/..data/${file})" >> /tmp/secrets
+        echo "$file: $(cat ${SECRETS_DIR}/${key}/..data/${file})" >> $PASSWORDS
       done
     done
-    extra_args='--extra-vars no_log=true --extra-vars @/tmp/secrets'
 fi
 
-if [[ -e "$playbooks/$ACTION.yaml" ]]; then
-  ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles ansible-playbook -i /etc/ansible/hosts $playbooks/$ACTION.yaml "${@}" ${extra_args}
-elif [[ -e "$playbooks/$ACTION.yml" ]]; then
-  ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles ansible-playbook -i /etc/ansible/hosts $playbooks/$ACTION.yml  "${@}" ${extra_args}
+# Add extravars
+echo $2 > $EXTRAVARS
+
+# Install role from galaxy
+# Used when apb-base is the runner image for the ansible-galaxy adapter
+if [[ $ROLE_NAME != "null" ]] && [[ $ROLE_NAMESPACE != "null" ]]; then
+    PROPER_ROLE_NAME=${ROLE_NAME//_/-}
+    ansible-galaxy install -s https://galaxy-qa.ansible.com $ROLE_NAMESPACE.$ROLE_NAME -p /opt/ansible/roles
+    mv /opt/ansible/roles/$ROLE_NAMESPACE.$ROLE_NAME /opt/ansible/roles/$PROPER_ROLE_NAME
+    mv /opt/ansible/roles/$PROPER_ROLE_NAME/playbooks $PLAYBOOKS
+fi
+
+# Move the playbooks if necessary
+if [[ ! -d "/opt/apb/project" ]]; then
+    echo "DEPRECATED: APB playbooks should be stored at /opt/apb/project"
+    mv /opt/apb/actions $PLAYBOOKS
+fi
+
+# Determine the playbook to be executed
+if [[ -e "$PLAYBOOKS/$ACTION.yaml" ]]; then
+    PLAYBOOK="$ACTION.yaml"
+elif [[ -e "$PLAYBOOKS/$ACTION.yml" ]]; then
+    PLAYBOOK="$ACTION.yml"
 else
-  echo "'$ACTION' NOT IMPLEMENTED" # TODO
+  echo "'$ACTION' NOT IMPLEMENTED"
   exit 8 # action not found
 fi
 
-EXIT_CODE=$?
+# Invoke ansible-runner
+ansible-runner run --ident $ACTION --playbook $PLAYBOOK /opt/apb
+EXIT_CODE=$(cat /opt/apb/artifacts/$ACTION/rc)
 
 set +e
 rm -f /tmp/secrets
 set -e
 
 if [ -f $TEST_RESULT ]; then
-   test-retrieval-init
+    test-retrieval-init
 fi
 
 exit $EXIT_CODE