Operator-sdk: Pass env variables to ansible-runner

Created on 20 Aug 2019 · 5Comments · Source: operator-framework/operator-sdk

Feature Request

env variables not passed to ansible-runner
I'm using the ipa modules for Ansible and the credentials can be passed by env variable to the module. When I pass the env variables like IPA_USER and IPA_HOST to the container, I can see them in the container, but ansible-runner does not appear to have them and therefore my task fails due to lack of credentials.

Provide environment variables to ansible-runner
I'd like to have the environment variables passed to ansible-runner so that ansible modules can take advantage of them and make configuration of those modules quick and flexible.

I foresee the potential of not wanting to pass all the variables. Perhaps any variable prepended by ANSIBLE_ could be passed without the prefix?

If I'm simply missing something that already exists to accomplish this effectively, I'd be glad to get some pointers and document.

languagansible

Source

flickerfly

Most helpful comment

Eventually, I figured out that you have to pass these to the "operator" container, not the "ansible" container. The Ansible container only seems to be displaying the logs of ansible runs. It doesn't actually run ansible.

flickerfly on 24 Sep 2019

👍3

All 5 comments

I also tried mounting a secret to /runner/env/envvars with the contents, but am getting the same error.

IPA_USER: username
IPA_PASS: password
IPA_HOST: some.dns.name

flickerfly on 21 Aug 2019

@flickerfly I'm not familiar with IPA at all, but I'm curious if these configurations belong in the operator, to be used globally across all CRs, or if it is possible/reasonable for different CRs to need to use different credentials, in which case, you could put them in the CR spec?

/cc @fabianvf

joelanford on 21 Aug 2019

In this case, the operator is building up resources around a project. I want developers to be able to create a CR, but not have credentials to directly add users and groups to the authentication database (what the ipa module does). So I can't put these in the CR spec or it will leak outside its intended bounds.

flickerfly on 21 Aug 2019

I'm trying to find another way to accomplish this. It would be handy to know how ansible-runner is run from within the container so I can trigger it manually. I tried to find a Dockerfile for the base image, but that doesn't seem to be around. Any help on that?

EDIT: This looks like what the operator container in the pod is running.
/usr/local/bin/ansible-operator run ansible --watches-file=/opt/ansible/watches.yaml MY_OPERATOR_METRICS_PORT=tcp://172.30.146.59:8383 HOSTNAME=my-operator-6c69655664-qgbjv KUBERNETES_PORT_443_TCP_PORT=443 KUBERNETES_PORT=tcp://172.30.0.1:443 KUBERNETES_SERVICE_PORT=443 OPERATOR_NAME=my-operator MY_OPERATOR_METRICS_PORT_8383_TCP=tcp://172.30.146.59:8383 KUBERNETES_PORT_53_TCP=tcp://172.30.0.1:53 KUBERNETES_SERVICE_HOST=172.30.0.1 POD_NAME=my-operator-6c69655664-qgbjv OPERATOR=/usr/local/bin/ansible-operator KUBERNETES_PORT_53_TCP_PORT=53 KUBERNETES_PORT_53_UDP=udp://172.30.0.1:53 MY_OPERATOR_METRICS_SERVICE_PORT_HTTP_METRICS=8383 KUBERNETES_SERVICE_PORT_DNS=53 USER_NAME=ansible-operator KUBERNETES_PORT_53_TCP_ADDR=172.30.0.1 MY_OPERATOR_METRICS_SERVICE_PORT=8383 KUBERNETES_PORT_53_UDP_ADDR=172.30.0.1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PWD=/ WATCH_NAMESPACE= KUBERNETES_PORT_53_UDP_PORT=53 USER_UID=1001 MY_OPERATOR_METRICS_SERVICE_HOST=172.30.146.59 MY_OPERATOR_METRICS_PORT_8383_TCP_ADDR=172.30.146.59 SHLVL=0 HOME=/opt/ansible KUBERNETES_PORT_53_UDP_PROTO=udp KUBERNETES_PORT_443_TCP_PROTO=tcp KUBERNETES_SERVICE_PORT_HTTPS=443 MY_OPERATOR_METRICS_PORT_8383_TCP_PORT=8383 KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1 KUBERNETES_SERVICE_PORT_DNS_TCP=53 KUBERNETES_PORT_53_TCP_PROTO=tcp KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443 container=oci MY_OPERATOR_METRICS_PORT_8383_TCP_PROTO=tcp

flickerfly on 21 Aug 2019

flickerfly on 24 Sep 2019

👍3

Was this page helpful?

0 / 5 - 0 ratings