Install ansible (#14)

Signed-off-by: Christian Berendt <[email protected]>

.hadolint.yaml

@@ -0,0 +1,3 @@
+---
+ignored:
+  - DL3008

Containerfile

@@ -13,22 +13,109 @@ COPY --link charts /charts
 COPY --link playbooks/* /ansible/
 COPY --link roles /ansible/roles
 
+COPY --link files/ansible.cfg /etc/ansible/ansible.cfg
+COPY --link files/ara.env /ansible/ara.env
+
+COPY --link files/src /src
+
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # hadolint ignore=DL3003
 RUN <<EOF
+set -e
+set -x
+
+# show motd
+echo "[ ! -z \"\$TERM\" -a -r /etc/motd ] && cat /etc/motd" >> /etc/bash.bashrc
+
+# install required packages
+apt-get update
+apt-get install --no-install-recommends -y \
+  build-essential \
+  curl \
+  dumb-init \
+  git \
+  gnupg \
+  gnupg-agent \
+  iputils-ping \
+  jq \
+  libffi-dev \
+  libssh-dev \
+  libssl-dev \
+  libyaml-dev \
+  openssh-client \
+  procps \
+  rsync \
+  sshpass
+
+python3 -m pip install --no-cache-dir --upgrade 'pip==24.0'
+pip install --no-cache-dir -r /src/requirements.txt
+
 # add user
 groupadd -g "$GROUP_ID" dragon
 groupadd -g "$GROUP_ID_DOCKER" docker
 useradd -l -g dragon -G docker -u "$USER_ID" -m -d /ansible dragon
 
+# prepare release repository
+git clone https://github.com/osism/release /release
+
+# run preparations
+python3 /src/render-python-requirements.py
+
+# install required python packages
+pip install --no-cache-dir -r /requirements.txt
+
 # create required directories
 mkdir -p \
   /interface \
   /share
 
+# install helm
+curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
+apt-get update
+apt-get install --no-install-recommends -y \
+  helm
+
+# install kubectl
+KUBECTL_VERSION=1.29.1
+curl -Lo /usr/local/bin/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
+chmod +x /usr/local/bin/kubectl
+
+# prepare .kube directory
+mkdir -p /ansible/.kube
+ln -s /share/kubeconfig /ansible/.kube/config
+chown -R dragon: /ansible/.kube
+
+# copy ara configuration
+python3 -m ara.setup.env >> /ansible/ara.env
+
 # set correct permssions
 chown -R dragon: /ansible /share /interface
+
+# cleanup
+apt-get clean
+apt-get remove -y \
+  build-essential \
+  curl \
+  git \
+  gnupg \
+  libffi-dev \
+  libssh-dev \
+  libssl-dev \
+  libyaml-dev
+apt-get autoremove -y
+rm -rf \
+  /root/.cache \
+  /tmp/* \
+  /usr/share/doc/* \
+  /usr/share/man/* \
+  /var/lib/apt/lists/* \
+  /var/tmp/*
+
+pip install --no-cache-dir pyclean==3.0.0
+pyclean /usr
+pip uninstall -y pyclean
 EOF
 
 USER dragon

files/ansible.cfg

@@ -0,0 +1,18 @@
+[defaults]
+action_plugins = /ansible/action_plugins
+deprecation_warnings = false
+forks = 50
+host_key_checking = false
+log_path = /ansible/logs/ansible.log
+private_key_file = /ansible/secrets/id_rsa
+remote_tmp = /tmp
+retry_files_enabled = false
+roles_path = /ansible/roles:/ansible/galaxy
+
+# fact caching
+fact_caching = jsonfile
+fact_caching_connection = /ansible/cache
+gathering = smart
+
+[ssh_connection]
+pipelining = true

files/ara.env

@@ -0,0 +1,6 @@
+export ARA_DEFAULT_LABELS=osism-kubernetes
+export ARA_IGNORED_FACTS=ansible_env,ansible_all_ipv4_addresses
+export ARA_IGNORED_FILES=.ansible/tmp,vault.yaml,vault.yml
+export ARA_IGNORED_ARGUMENTS=vault_password_files
+export ARA_LOCALHOST_AS_HOSTNAME=true
+export ARA_LOCALHOST_AS_HOSTNAME_FORMAT=fqdn

files/src/render-python-requirements.py

@@ -0,0 +1,34 @@
+# SPDX-License-Identifier: Apache-2.0
+
+import os
+
+import jinja2
+import yaml
+
+# get environment parameters
+
+VERSION = os.environ.get("VERSION", "latest")
+
+# load versions files from release repository
+
+with open("/release/%s/base.yml" % VERSION, "rb") as fp:
+    versions = yaml.load(fp, Loader=yaml.FullLoader)
+
+# prepare jinja2 environment
+
+loader = jinja2.FileSystemLoader(searchpath="/src/templates/")
+environment = jinja2.Environment(loader=loader)
+
+# render requirements.txt
+
+template = environment.get_template("requirements.txt.j2")
+result = template.render(
+    {
+        "ansible_version": versions["ansible_version"],
+        "ansible_core_version": versions["ansible_core_version"],
+        "osism_projects": versions["osism_projects"],
+        "version": VERSION,
+    }
+)
+with open("/requirements.txt", "w+") as fp:
+    fp.write(result)

files/src/requirements.txt

@@ -0,0 +1,2 @@
+Jinja2==3.1.4
+PyYAML==6.0.1

files/src/templates/motd.j2

@@ -0,0 +1,10 @@
+
+ _____  ___  ____  ___  __  __
+(  _  )/ __)(_  _)/ __)(  \/  )
+ )(_)( \__ \ _)(_ \__ \ )    (
+(_____)(___/(____)(___/(_/\/\_)
+
+Ansible version: ANSIBLE_VERSION
+Container version: {{ manager_version }}
+
+

files/src/templates/requirements.txt.j2

@@ -0,0 +1,8 @@
+ansible-pylibssh==1.1.0
+{% if ansible_core_version.startswith(('<', '>', '=')) %}
+ansible-core{{ ansible_core_version }}
+{% else %}
+ansible-core=={{ ansible_core_version }}
+{% endif %}
+ara=={{ osism_projects['ara'] }}
+osism=={{ osism_projects['osism'] }}