Create docker images for pipelines
The easyest place to build docker images, is on the docker host, so create an unpriviledged
user acount which will create and upload the images to the registry.
log in as this user and create a directory structure like below for each image you want to build:
|-- ansible
| `-- ansible.cfg
|-- ansible-image
| |-- Dockerfile
| |-- files
| | |-- ansible.cfg
| | |-- ca.crt
| | `-- requirements.yml
| `-- pm_build.sh
As I am also creating pipeline images for ansible configuration as code pipelines, I have
the need to incorporate ansible collections in my images, therefore I use an ansible.cfg file.
You see this file in every "files" directory for an image.
When we would have the same file in each directory, this would mean that if a change to a token or
repository would have to be made, I have to do this in all the ansible.cfg files.
The files in the "files" directories, are 'hard' links to the ansible/ansible.cfg, so they all use
the same file. It has to be a hard link, or else this won't work.
Dockerfile
The Dockerfile specifies the image to be built.
FROM registry.redhat.io/ansible-automation-platform-24/ansible-python-toolkit-rhel9:latest
USER root
COPY files/ca.crt /etc/pki/ca-trust/source/anchors/ca.crt
COPY files/requirements.yml /tmp/requirements.yml
COPY files/ansible.cfg /etc/ansible/ansible.cfg
RUN pip install ansible-core ansible-lint ansible-builder pyyaml && \
microdnf -y install podman findutils fuse3-devel fuse-overlayfs && \
microdnf clean all && \
rm -rf /root/.ansible
RUN ansible-galaxy collection install -r /tmp/requirements.yml
RUN /usr/bin/chmod 777 -R /opt/ && \
/usr/bin/update-ca-trust
files
The files in the "files" directory are: - ansible.cfg is a hard link to the generic ansible.cfg in ~/ansible/ansible.cfg - ca.crt is a certificate for our own CA (easyrsa) - requirements.yaml lists the ansible collection to incorporate into the image.
The file ca.crt can be replaced by a hardlink, just as we did for the ansible.cfg.
pm_build.sh
The pm_build.sh script, creates and uploads the container-image to the local registry:
read -p "Enter registry username " user
read -s -p "Enter registry password " passwd
docker login -u ${user} -p ${passwd} registry.redhat.io
docker build -t ansible-image .
docker tag ansible-image <docker-host-fqdn>:5000/ansible-image:1.0
docker push <docker-host-fqdn>:5000/ansible-image:1.0
docker rmi ansible-image
As you can see, the script will ask you for the registry user and password.
For more images, just add directories and adapt the code to your needs..