diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..22537ae --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,3 @@ +--- +ignored: + - DL3008 diff --git a/Containerfile b/Containerfile index bac1fcb..62e2f8d 100644 --- a/Containerfile +++ b/Containerfile @@ -13,22 +13,109 @@ COPY --link charts /charts COPY --link playbooks/* /ansible/ COPY --link roles /ansible/roles +COPY --link files/ansible.cfg /etc/ansible/ansible.cfg +COPY --link files/ara.env /ansible/ara.env + +COPY --link files/src /src + SHELL ["/bin/bash", "-o", "pipefail", "-c"] # hadolint ignore=DL3003 RUN <> /etc/bash.bashrc + +# install required packages +apt-get update +apt-get install --no-install-recommends -y \ + build-essential \ + curl \ + dumb-init \ + git \ + gnupg \ + gnupg-agent \ + iputils-ping \ + jq \ + libffi-dev \ + libssh-dev \ + libssl-dev \ + libyaml-dev \ + openssh-client \ + procps \ + rsync \ + sshpass + +python3 -m pip install --no-cache-dir --upgrade 'pip==24.0' +pip install --no-cache-dir -r /src/requirements.txt + # add user groupadd -g "$GROUP_ID" dragon groupadd -g "$GROUP_ID_DOCKER" docker useradd -l -g dragon -G docker -u "$USER_ID" -m -d /ansible dragon +# prepare release repository +git clone https://github.com/osism/release /release + +# run preparations +python3 /src/render-python-requirements.py + +# install required python packages +pip install --no-cache-dir -r /requirements.txt + # create required directories mkdir -p \ /interface \ /share +# install helm +curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null +echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list +apt-get update +apt-get install --no-install-recommends -y \ + helm + +# install kubectl +KUBECTL_VERSION=1.29.1 +curl -Lo /usr/local/bin/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl +chmod +x /usr/local/bin/kubectl + +# prepare .kube directory +mkdir -p /ansible/.kube +ln -s /share/kubeconfig /ansible/.kube/config +chown -R dragon: /ansible/.kube + +# copy ara configuration +python3 -m ara.setup.env >> /ansible/ara.env + # set correct permssions chown -R dragon: /ansible /share /interface + +# cleanup +apt-get clean +apt-get remove -y \ + build-essential \ + curl \ + git \ + gnupg \ + libffi-dev \ + libssh-dev \ + libssl-dev \ + libyaml-dev +apt-get autoremove -y +rm -rf \ + /root/.cache \ + /tmp/* \ + /usr/share/doc/* \ + /usr/share/man/* \ + /var/lib/apt/lists/* \ + /var/tmp/* + +pip install --no-cache-dir pyclean==3.0.0 +pyclean /usr +pip uninstall -y pyclean EOF USER dragon diff --git a/files/ansible.cfg b/files/ansible.cfg new file mode 100644 index 0000000..f42f382 --- /dev/null +++ b/files/ansible.cfg @@ -0,0 +1,18 @@ +[defaults] +action_plugins = /ansible/action_plugins +deprecation_warnings = false +forks = 50 +host_key_checking = false +log_path = /ansible/logs/ansible.log +private_key_file = /ansible/secrets/id_rsa +remote_tmp = /tmp +retry_files_enabled = false +roles_path = /ansible/roles:/ansible/galaxy + +# fact caching +fact_caching = jsonfile +fact_caching_connection = /ansible/cache +gathering = smart + +[ssh_connection] +pipelining = true diff --git a/files/ara.env b/files/ara.env new file mode 100644 index 0000000..11645c7 --- /dev/null +++ b/files/ara.env @@ -0,0 +1,6 @@ +export ARA_DEFAULT_LABELS=osism-kubernetes +export ARA_IGNORED_FACTS=ansible_env,ansible_all_ipv4_addresses +export ARA_IGNORED_FILES=.ansible/tmp,vault.yaml,vault.yml +export ARA_IGNORED_ARGUMENTS=vault_password_files +export ARA_LOCALHOST_AS_HOSTNAME=true +export ARA_LOCALHOST_AS_HOSTNAME_FORMAT=fqdn diff --git a/files/src/render-python-requirements.py b/files/src/render-python-requirements.py new file mode 100644 index 0000000..0eae35d --- /dev/null +++ b/files/src/render-python-requirements.py @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: Apache-2.0 + +import os + +import jinja2 +import yaml + +# get environment parameters + +VERSION = os.environ.get("VERSION", "latest") + +# load versions files from release repository + +with open("/release/%s/base.yml" % VERSION, "rb") as fp: + versions = yaml.load(fp, Loader=yaml.FullLoader) + +# prepare jinja2 environment + +loader = jinja2.FileSystemLoader(searchpath="/src/templates/") +environment = jinja2.Environment(loader=loader) + +# render requirements.txt + +template = environment.get_template("requirements.txt.j2") +result = template.render( + { + "ansible_version": versions["ansible_version"], + "ansible_core_version": versions["ansible_core_version"], + "osism_projects": versions["osism_projects"], + "version": VERSION, + } +) +with open("/requirements.txt", "w+") as fp: + fp.write(result) diff --git a/files/src/requirements.txt b/files/src/requirements.txt new file mode 100644 index 0000000..28e8943 --- /dev/null +++ b/files/src/requirements.txt @@ -0,0 +1,2 @@ +Jinja2==3.1.4 +PyYAML==6.0.1 diff --git a/files/src/templates/motd.j2 b/files/src/templates/motd.j2 new file mode 100644 index 0000000..54f9bd2 --- /dev/null +++ b/files/src/templates/motd.j2 @@ -0,0 +1,10 @@ + + _____ ___ ____ ___ __ __ +( _ )/ __)(_ _)/ __)( \/ ) + )(_)( \__ \ _)(_ \__ \ ) ( +(_____)(___/(____)(___/(_/\/\_) + +Ansible version: ANSIBLE_VERSION +Container version: {{ manager_version }} + + diff --git a/files/src/templates/requirements.txt.j2 b/files/src/templates/requirements.txt.j2 new file mode 100644 index 0000000..b9882fe --- /dev/null +++ b/files/src/templates/requirements.txt.j2 @@ -0,0 +1,8 @@ +ansible-pylibssh==1.1.0 +{% if ansible_core_version.startswith(('<', '>', '=')) %} +ansible-core{{ ansible_core_version }} +{% else %} +ansible-core=={{ ansible_core_version }} +{% endif %} +ara=={{ osism_projects['ara'] }} +osism=={{ osism_projects['osism'] }}