class: center, middle # DevConf.cz - Ansible and Buildah will 🎸 your containers ## Tomas Tomecek --- # `/who Tomáš Tomeček` -- ``` raise TimeoutError("I'm sorry, we don't have time for this.") ``` --- layout: false .left-column[ # What's Ansible? * Automation tool. * Definition language. * Can provision infrastructure. ] .right-column[ ``` --- - hosts: localhost vars: project_dir: /src tasks: - name: Install required packages dnf: name: - git - python3-pytest - python3-flexmock - name: copy entrypoint script copy: src: contrib/entry.sh dest: /entry.sh - name: Install the library pip: name: '{{ project_dir }}' ``` ] --- # What's Buildah? * Can build container images from dockerfiles. * Or from scratch. * Or you can script the build process yourself. ---- ``` $ buildah bud . STEP 1: FROM busybox STEP 2: RUN ls total 16K bin dev etc home proc root sys tmp usr var STEP 3: COPY ./README.md / STEP 4: CMD /entrypoint.sh ``` --- # How they work together? -- * Ansible connection plugins. ``` $ ansible-playbook -vvvvvv -c buildah ... TASK [Gathering Facts] ***************************************************
RUN [b'buildah', b'mount', b'--', b'buildah-container'] MOUNTPOINT b'/var/lib/containers/storage/overlay/89e0b96a0fa4651a87e7931...
RUN [b'buildah', b'run', b'--', b'buildah-container', \ b'/bin/sh', b'-c', b'( umask 77 && mkdir -p "` echo / tmp/ansible-tmp-\ 1547462832.3904593-53681476701867 `" && echo ansible-tmp-1547462832...
PUT /root/.ansible/tmp/ansible-local-\
RUN [b'buildah', b'run', b'--', b'buildah-container', \ ...
RUN [b'buildah', b'umount', b'--', b'buildah-container'] ``` ??? * Describe a connection plugin * List common plugins * Describe the output above --- # Let's give it a shot ``` $ buildah pull $BASE_IMAGE $ buildah from --name $CONT_NAME $BASE_IMAGE $ printf "$CONT_NAME \ ansible_connection=buildah \ ansible_python_interpreter=/usr/bin/python3" >inventory-container $ ansible-playbook -i inventory-container -c buildah ./recipe.yaml $ buildah commit --cmd '/entrypoint.sh' $CONT_NAME my-fancy-image $ buildah rm $(CONT_NAME) ``` ??? * We use this! --- class: center, middle # Someone could automate that script --- # ansible-bender *
[github.com/TomasTomecek/ansible-bender](https://github.com/TomasTomecek/ansible-bender) * Bends containers. And it's shiny. -- * Builds as first-class citizens. * Can move images to registry, file, dockerd... * Configurable layering and caching. ??? * It's not perfect, still a ton of work ahead. * rootless + ovl doesn't work * RFE: define build metadata in a file --- # Why? -- * Dockerfiles are a custom file format. * There is no spec. * You can only use Dockerfiles to build ~~docker~~ container images. -- * [There](https://www.youtube.com/watch?v=n9-JTUsAK9Y) were [no improvements](https://www.youtube.com/watch?v=3VZsjv217ow) for years. -- * Ansible-container project started this. -- * Build the way you want. * There are options. ??? * I'm not a docker hater. --- # Thank you! *
[github.com/TomasTomecek/speaks](https://github.com/TomasTomecek/speaks) *
[github.com/TomasTomecek/ansible-bender](https://github.com/TomasTomecek/ansible-bender) *
[@TomasTomec](https://twitter.com/TomasTomec) *
[blog.tomecek.net](https://blog.tomecek.net/)