Add ansible container #163
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will be used by the ansible pod so it can run as root and also start its services using systemd
carbonin
commented
Jun 21, 2017
images/miq-app/Dockerfile
Outdated
| @@ -76,7 +76,7 @@ RUN mkdir -p ${APP_ROOT} && \ | |||
|
|
|||
| ## Add ManageIQ source from local directory (dockerfile development) or from Github (official build) | |||
| #ADD . ${APP_ROOT} | |||
| RUN curl -L https://github.com/ManageIQ/manageiq/tarball/${REF} | tar vxz -C ${APP_ROOT} --strip 1 | |||
| RUN curl -L https://github.com/carbonin/manageiq/tarball/use_ansible_service_in_containers | tar vxz -C ${APP_ROOT} --strip 1 | |||
There was a problem hiding this comment.
This will go away once ManageIQ/manageiq#15423 is merged.
carbonin
force-pushed
the
add_ansible_container
branch
from
29859ca
to
d90d1c4
Compare
This pod will provide the "embedded" ansible service to manageiq. It will share the database service, but will create its own database when it is first deployed.
carbonin
force-pushed
the
add_ansible_container
branch
from
d90d1c4
to
e768183
Compare
This is required for jobs to run correctly. When not running as privileged job runs fail with a traceback saying that the bubblewrap package is not installed.
bdunne
requested changes
Jun 23, 2017
templates/miq-template-ext-db.yaml
Outdated
| value: "${ANSIBLE_SERVICE_NAME}" | ||
| - | ||
| name: "ANSIBLE_ADMIN_PASSWORD" | ||
| value: "${ANSIBLE_ADMIN_PASSWORD}" |
There was a problem hiding this comment.
Should we be pulling this value from the Ansible secret?
templates/miq-template.yaml
Outdated
| value: "${ANSIBLE_SERVICE_NAME}" | ||
| - | ||
| name: "ANSIBLE_ADMIN_PASSWORD" | ||
| value: "${ANSIBLE_ADMIN_PASSWORD}" |
|
Checked commits carbonin/manageiq-pods@a21b14f~...0be3f72 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
bdunne
approved these changes
Jun 26, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will add support for "embedded ansible" as a service in our project.
In combination with ManageIQ/manageiq#15423 this should allow the embedded ansible role to work in the podified application just as it does in the appliance.
We add the miq-sysadmin scc here so that the ansible pod can run systemd without requiring the full list of entitlements that the existing privileged scc grants.