This project manages the assets required to build and publish extremely lightweight RedHat Ansible OCI compliant container images that run on Docker, Podman, and Kubernetes.
All OCI compliant container images managed by this project have the following commonalities:
-
The Official Alpine Docker image is employed as the base image
-
Python 3 in installed and configured
-
Only the necessary APK packages and Python libraries are installed
-
Required Kerberos packages are installed on each variant
-
Ready to manage Active Directory domain-joined Windows and Linux hosts using Kerberos authentication over TLS encrypted WinRM and PSRP or SSH
-
Run as Docker containers, Podman containers, and in K8s
-
Maintain up-to-date Ansible container images for Windows host management and Linux host management
-
Strive for the smallest image size possible for efficient distribution to global on-premise datacenters and clouds
-
Solve enterprise problems such as securely managing Active Directory domain-joined Windows and Linux hosts
The following Ansible image variants are maintained by this project.
-
Ansible for Windows management (WinRM + KRB5)
-
Ansible for Windows management (WinRM + KRB5 for use with KRB5 Sidecar container)
-
Ansible for Windows management (PSRP + KRB5)
-
Ansible for Windows management (PSRP + KRB5 for use with KRB5 Sidecar container)
-
Ansible for Linux management (SSH + KRB5)
-
Ansible for Linux management (SSH + KRB5 for use with KRB5 Sidecar container)
TODO...
docker pull devestlabs/ansible:{{ VARIANT_TAG }}
NOTE: Replace {{ VARIANT_TAG }} with actual, valid tagname
example docker run command
docker run \
--rm -it \
-v /host/path/to/playbooks:/ansible/playbooks \
-v /host/path/to/inventory:/ansible/inventory devtestlabs/ansible:{{ VARIANT_TAG }} \
-i /ansible/inventory/hosts.yaml \
-c local --limit 'some-inventory-group-name' \
/ansible/playbooks/a-playbook.yaml \
-e 'ENV_VAR1=someVal ENV_VAR2=anotherVal'
NOTE: Replace {{ VARIANT_TAG }} with actual, valid tagname
NOTE: If you need to override Ansible's default behavior, you can bind mount the ansible.cfg file or pass in Ansible environment variables on the command line or in a Docker .env file.
TODO: Describe preflight, useful bind mounts, etc...
If you want to build your own image locally simply cd into dockerfiles/ansible:{{ VARIANT_TAG }}.
NOTE: Replace {{ VARIANT_TAG }} with the the actual directory name part.
In terminal, execute:
docker build -t ansible:{{ VARIANT_TAG }} .
NOTE: Replace {{ VARIANT_TAG }} with the the Docker image name part. You can name your local image whatever you want; mylocalrepo/ansible:123 for example.
For more information about the build command, see Docker Commandline Reference - build.
-
Document rootless container configuration using Podman
-
Document use with KRB5 Sidecar container
-
Refactor static Dockerfiles and possibly employ templating or parameterized HashiCorp Packer configuration to build variant images
-
https://docs.ansible.com/ansible/latest/plugins/connection/ssh.html
-
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html
-
https://docs.ansible.com/ansible/latest/plugins/connection/psrp.html
-
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
-
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#kerberos
-
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#winrm-encryption