Hi.
Is there any module that enables the execution of Openshift oc commands? I run playbooks within the awx-ee execution environment, which doesn’t have the oc CLI installed, so I cant use ansible builtin.shell: oc …
1 Like
Hi,
Haven’t tried it, but have a look on this collection: GitHub - openshift/community.okd: OKD/Openshift collection for Ansible.
Another way would be to install oc in your image, then run tasks using command or shell modules, as you initially planned to.
IIRC, you specifically need oc command to login, everything else could be done using kubectl, through the kubernetes.core collection or else.
2 Likes
Interesting question.
I think the most important and difficult part is the login. For example you can use the cki-project / ocp-sso-token · GitLab to login.
However reading the documentation bellow:
OKD Collection for Ansible | Using modules from the OKD Collection in your playbooks
---
plugin: community.okd.openshift
connections:
- namespaces:
- testing
Is it possible to login using only Ansible ? We have to define somewhere a plugins or connection_plugins and define there the OpenShift credentials ?
Another idea: If we define the corresponding variables ansible_kubectl_* somewhere ( group_vars/host_vars or inventory file ) is it supposed that Ansible should be able to login to OpenShift ? Should this work ?
2 Likes
Login is not the problem. I use community.okd module which allows login. But I need to execute oc command. Kubectl is not an option.
I installed oc cli in my custom EE image.
I think installing oc in your EE’s is probably your best bet for now.
Since kubernetes.core collection requires openshift-clients, you’ll get the kubectl plugin as well as the oc command.
For example, if building with UBI8-minimal or UBI9-minimal openshift-clients is not available in the default repos, which means an RPM install of openshift-clients is needed to support the kubernetes.core collection.
1 Like
You could do it from this previously linked collection, with this plugin specifically, though oc binary needs to be installed prior on control node. I see on your next comment you did precisely that, now you can keep using this collection’s plugins and modules, I guess.
Plugin community.okd.oc runs oc command in running pods (oc exec). I dont need that. The only thing I need is to run oc command on managed host. Managed host is localhost (EE) without oc binary installed.
Right ! I misread that. Other modules seems to directly talk to the API, so no strict oc command usage. So yeah, as others suggested, having oc installed in your EE container might be the way to go, whether by rebuilding your image to comport this binary, or installing it afterwards from a task in pre_tasks: or else.