search

ansible / ansible-container

DEPRECATED -- Ansible Container was a tool to build Docker images and orchestrate containers using only Ansible playbooks.
GNU Lesser General Public License v3.0
2.19k stars 392 forks source link

Environment Variables are not being passed as build arguments to the docker engine #946

Open mickfeech opened 6 years ago

mickfeech commented 6 years ago
ISSUE TYPE
container.yml
version: "2"
settings:
  conductor:
    base: centos:7
    environment:
        http_proxy: http://proxy.corp.com:80
        https_proxy: http://proxy.corp.com:80
        no_proxy: corp.com,localhost,127.0.0.1
services:
  xldcli:
    from: "registry.corp.com/base:latest"
    roles:
      - my-cli
registries:
  openshift:
    url: https://registry.apps.dev.corp.com
    namespace: my_utils
    repository_prefix: ''
OS / ENVIRONMENT
Ansible Container, version 0.9.3rc0
Linux, runner-f0cad82a-project-250-concurrent-0, 3.10.0-862.3.2.el7.x86_64, #1 SMP Tue May 15 18:22:15 EDT 2018, x86_64
2.7.5 (default, Feb 20 2018, 09:19:12) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] /usr/bin/python
{
  "ContainersPaused": 0, 
  "Labels": null, 
  "CgroupDriver": "systemd", 
  "ClusterAdvertise": "", 
  "ContainersRunning": 1, 
  "ContainerdCommit": {
    "Expected": "aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1", 
    "ID": ""
  }, 
  "InitBinary": "/usr/libexec/docker/docker-init-current", 
  "NGoroutines": 39, 
  "Swarm": {
    "Managers": 0, 
    "ControlAvailable": false, 
    "NodeID": "", 
    "Cluster": {
      "Spec": {
        "TaskDefaults": {}, 
        "Orchestration": {}, 
        "EncryptionConfig": {
          "AutoLockManagers": false
        }, 
        "Raft": {
          "HeartbeatTick": 0, 
          "ElectionTick": 0
        }, 
        "CAConfig": {}, 
        "Dispatcher": {}
      }, 
      "Version": {}, 
      "ID": "", 
      "CreatedAt": "0001-01-01T00:00:00Z", 
      "UpdatedAt": "0001-01-01T00:00:00Z"
    }, 
    "Nodes": 0, 
    "Error": "", 
    "RemoteManagers": null, 
    "LocalNodeState": "inactive", 
    "NodeAddr": ""
  }, 
  "LoggingDriver": "json-file", 
  "OSType": "linux", 
  "HttpProxy": "http://proxy.corp.com:80/", 
  "Runtimes": {
    "runc": {
      "path": "docker-runc"
    }, 
    "docker-runc": {
      "path": "/usr/libexec/docker/docker-runc-current"
    }
  }, 
  "DriverStatus": [
    [
      "Pool Name", 
      "docker--vg-docker--pool"
    ], 
    [
      "Pool Blocksize", 
      "524.3 kB"
    ], 
    [
      "Base Device Size", 
      "107.4 GB"
    ], 
    [
      "Backing Filesystem", 
      "xfs"
    ], 
    [
      "Data file", 
      ""
    ], 
    [
      "Metadata file", 
      ""
    ], 
    [
      "Data Space Used", 
      "31.08 GB"
    ], 
    [
      "Data Space Total", 
      "106.2 GB"
    ], 
    [
      "Data Space Available", 
      "75.1 GB"
    ], 
    [
      "Metadata Space Used", 
      "5.755 MB"
    ], 
    [
      "Metadata Space Total", 
      "109.1 MB"
    ], 
    [
      "Metadata Space Available", 
      "103.3 MB"
    ], 
    [
      "Thin Pool Minimum Free Space", 
      "10.62 GB"
    ], 
    [
      "Udev Sync Supported", 
      "true"
    ], 
    [
      "Deferred Removal Enabled", 
      "true"
    ], 
    [
      "Deferred Deletion Enabled", 
      "true"
    ], 
    [
      "Deferred Deleted Device Count", 
      "0"
    ], 
    [
      "Library Version", 
      "1.02.146-RHEL7 (2018-01-22)"
    ]
  ], 
  "OperatingSystem": "Red Hat Enterprise Linux", 
  "Containers": 12, 
  "HttpsProxy": "http://proxy.corp.com:80/", 
  "BridgeNfIp6tables": true, 
  "MemTotal": 25005211648, 
  "SecurityOptions": [
    "name=seccomp,profile=/etc/docker/seccomp.json", 
    "name=selinux"
  ], 
  "Driver": "devicemapper", 
  "IndexServerAddress": "https://registry.access.redhat.com/v1/", 
  "ClusterStore": "", 
  "InitCommit": {
    "Expected": "949e6facb77383876aeff8a6944dde66b3089574", 
    "ID": "5b117de7f824f3d3825737cf09581645abbe35d4"
  }, 
  "Isolation": "", 
  "Registries": [
    {
      "Name": "registry.access.redhat.com", 
      "Secure": false
    }, 
    {
      "Name": "registry.access.redhat.com", 
      "Secure": false
    }, 
    {
      "Name": "docker.io", 
      "Secure": true
    }
  ], 
  "SystemStatus": null, 
  "OomKillDisable": true, 
  "PkgVersion": "docker-1.13.1-63.git94f4240.el7.x86_64", 
  "SystemTime": "2018-07-11T09:50:59.381926155-04:00", 
  "Name": "myserver.corp.com", 
  "CPUSet": true, 
  "RegistryConfig": {
    "InsecureRegistryCIDRs": [
      "127.0.0.0/8"
    ], 
    "IndexConfigs": {
      "registry.access.redhat.com": {
        "Official": false, 
        "Name": "registry.access.redhat.com", 
        "Secure": false, 
        "Mirrors": []
      }, 
      "docker.io": {
        "Official": true, 
        "Name": "docker.io", 
        "Secure": true, 
        "Mirrors": null
      }
    }, 
    "Mirrors": []
  }, 
  "DefaultRuntime": "docker-runc", 
  "ContainersStopped": 11, 
  "NCPU": 9, 
  "NFd": 29, 
  "Architecture": "x86_64", 
  "KernelMemory": true, 
  "CpuCfsQuota": true, 
  "Debug": false, 
  "IndexServerName": "registry.access.redhat.com", 
  "ID": "GPQD:7DT6:3IMD:ECQX:TO4J:ROSI:Z76I:BKWS:CTWO:VQQI:VQ3P:73RL", 
  "IPv4Forwarding": true, 
  "KernelVersion": "3.10.0-862.3.2.el7.x86_64", 
  "BridgeNfIptables": true, 
  "NoProxy": "corp.com,localhost,127.0.0.1", 
  "LiveRestoreEnabled": false, 
  "ServerVersion": "1.13.1", 
  "CpuCfsPeriod": true, 
  "ExperimentalBuild": false, 
  "MemoryLimit": true, 
  "SwapLimit": true, 
  "Plugins": {
    "Volume": [
      "local"
    ], 
    "Network": [
      "bridge", 
      "host", 
      "macvlan", 
      "null", 
      "overlay"
    ], 
    "Authorization": [
      "rhel-push-plugin"
    ]
  }, 
  "Images": 11, 
  "DockerRootDir": "/var/lib/docker", 
  "NEventsListener": 0, 
  "CPUShares": true, 
  "RuncCommit": {
    "Expected": "9df8b306d01f59d3a8029be411de015b7304dd8f", 
    "ID": "e9c345b3f906d5dc5e8100b05ce37073a811c74a"
  }
}
{
  "KernelVersion": "3.10.0-862.3.2.el7.x86_64", 
  "PkgVersion": "docker-1.13.1-63.git94f4240.el7.x86_64", 
  "Arch": "amd64", 
  "BuildTime": "2018-04-30T15:45:42.898562214+00:00", 
  "ApiVersion": "1.26", 
  "Version": "1.13.1", 
  "MinAPIVersion": "1.12", 
  "GitCommit": "94f4240/1.13.1", 
  "Os": "linux", 
  "GoVersion": "go1.9.2"
}
SUMMARY

Have an ansible-requirements.txt file to install necessary python modules during build time. The proxy settings in the container.yml are not being passed as build-arguments to the downstream container build. This is necessary because we need to set http_proxy, no_proxy, and https_proxy in order to do these external builds. The builds are failing because it is unable to reach the external network because the necessary environment variables are not being passed back to the downstream build.

STEPS TO REPRODUCE
ansible-container build
EXPECTED RESULTS

Container builds

ACTUAL RESULTS

Without debugging

BuildError: The command '/bin/sh -c pip install --no-cache-dir -r /_ansible/build/ansible-requirements.txt && ansible-galaxy install -p /etc/ansible/roles -r /_ansible/build/requirements.yml && cp /_ansible/build/ansible.cfg /etc/ansible/ansible.cfg' returned a non-zero code: 1

With debugging

  Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fe5d448aa10>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/ansible-modules-hashivault/

  Could not find a version that satisfies the requirement ansible-modules-hashivault>=3.9.5 (from -r /_ansible/build/ansible-requirements.txt (line 3)) (from versions: )

No matching distribution found for ansible-modules-hashivault>=3.9.5 (from -r /_ansible/build/ansible-requirements.txt (line 3))

2018-07-11T02:23:28.583127 Cleaning up temporary directory [container.utils.temp] caller_file=/sources/ansible-container/container/utils/temp.py caller_func=__exit__ caller_line=22 path=/tmp/tmp5__sJy
2018-07-11T02:23:28.585547 Unknown exception Error building conductor image: The command '/bin/sh -c pip install --no-cache-dir -r /_ansible/build/ansible-requirements.txt && ansible-galaxy install -p /etc/ansible/roles -r /_ansible/build/requirements.yml && cp /_ansible/build/ansible.cfg /etc/ansible/ansible.cfg' returned a non-zero code: 1 [container.cli] caller_file=/usr/lib/python2.7/site-packages/structlog/stdlib.py caller_func=exception caller_line=95
Traceback (most recent call last):
  File "/sources/ansible-container/container/cli.py", line 304, in __call__
    getattr(core, u'hostcmd_{}'.format(args.subcommand))(**vars(args))
  File "/sources/ansible-container/container/__init__.py", line 28, in __wrapped__
    return fn(*args, **kwargs)
  File "/sources/ansible-container/container/core.py", line 184, in hostcmd_build
    environment=env_vars
  File "/sources/ansible-container/container/docker/engine.py", line 107, in __wrapped__
    return fn(self, *args, **kwargs)
  File "/sources/ansible-container/container/__init__.py", line 28, in __wrapped__
    return fn(*args, **kwargs)
  File "/sources/ansible-container/container/docker/engine.py", line 1140, in build_conductor_image
    "Error building conductor image: {0}".format(line['errorDetail']['message']))
AnsibleContainerException: Error building conductor image: The command '/bin/sh -c pip install --no-cache-dir -r /_ansible/build/ansible-requirements.txt && ansible-galaxy install -p /etc/ansible/roles -r /_ansible/build/requirements.yml && cp /_ansible/build/ansible.cfg /etc/ansible/ansible.cfg' returned a non-zero code: 1
l4r1k4 commented 5 years ago 
    environment:  # List or mapping of environment variables
      - DISTRO=bionic
      - TYPE=lamp

This is how I am using ENV vars. They are then successfully seen by ansible roles.