{{tag>Ansible Docker CA}}

= Ansible Docker Execution Environment

Voir :
* [[notes_ansible_ansible-navigator|ansible-navigator]]
* https://ansible.readthedocs.io/projects/creator/installing/#initialize-execution-environment-project
* https://github.com/redhat-cop/ee_utilities/blob/devel/examples/ee_builder_base.yaml
* [[https://developers.redhat.com/articles/2023/05/08/how-create-execution-environments-using-ansible-builder|How to create execution environments using ansible-builder]]
* https://docs.ansible.com/automation-controller/latest/html/userguide/ee_reference.html
* https://blog.stephane-robert.info/post/ansible-execution-environnement-runner-builder/
* https://www.redhat.com/sysadmin/ansible-execution-environment-unconnected
* https://ansible.readthedocs.io/projects/builder/en/stable/definition/
* https://www.techtransit.org/install-ansible-navigator-execution-environment/
* https://www.dbi-services.com/blog/create-and-manage-ansible-execution-environments/
* https://www.redhat.com/en/blog/the-anatomy-of-automation-execution-environments
* https://infohub.delltechnologies.com/fr-fr/l/dell-powermax-ansible-modules-best-practices-1/creating-ansible-execution-environments-using-ansible-builder/

Voir aussi les execution-environment.yml :
* https://github.com/kennedymeadows/awx-ee-juniper/tree/main et https://www.keepitsimplesimon.io/posts/awx-execution-environments
* https://docs.ansible.com/automation-controller/latest/html/userguide/ee_reference.html
* https://access.redhat.com/documentation/fr-fr/red_hat_ansible_automation_platform/2.4/html-single/creating_and_consuming_execution_environments/index
* https://github.com/ansible-community/images
* https://github.com/ansiblejunky/ansible-execution-environment
* https://github.com/ansible/awx-ee/




== Installation

<code bash>
pip install --user ansible-builder>=3.0.0
</code>


== Utilisation

Fichiers :
* execution-environment.yml
* ansible.cfg
* requirements.txt
* requirements.yml
* bindep.txt


<code bash>
podman login --tls-verify=false registry.acme.fr -u admin
# podman login --tls-verify=false registry.acme.fr -u admin -p P@ssw0rd

# Créer le dossier context/ avec le Containerfile
ansible-builder create #--file execution-environment-dev.yml

# Créer l'image du container à partir du Containerfile généré
podman build -f context/Containerfile -t img01:0.9.1

# Ou pour générer directement l'image du container :
ansible-builder build --tag img01:0.9.1

podman images
podman image prune

podman tag localhost/img01:0.9.1 aahub.acme.local/img01:0.9.1
podman images
podman push aahub.acme.local/img01:0.9.1
ansible-navigator images --eei aahub.acme.local/img01:0.9.1

</code>




<code bash>
cd ansible-2.3_rhel5-repo/


vim context/Containerfile
vim requirements.txt
vim requirements.yml
vim bindep.txt
vim execution-environment.yml

ansible-builder build -v 3 --tag img-rhel5_0.1
podman build -f context/Containerfile -t img-rhel5_0.1

pip3 download psutils

podman push --tls-verify=false twr00210f.acme.local/img-rhel5_0.2 --log-level debug

ansible-navigator --eei twr00210f.acme.local/acme-provisioning-dell:latest --tls-verify=false
ansible-navigator --eei twr00210f.acme.local/acme-provisioning-dell:latest --pa='--tls-verify=false'
ansible-navigator --eei twr00210f.acme.local/acme-provisioning-dell:latest
export ANSIBLE_NAVIGATOR_PULL_ARGUMENT="tls-verify=false"

vim /etc/containers/registries.conf

ansible-navigator -m stdout run reboot_idrac.yml -i inv.yml --eei twr00210f.acme.local/acme-provisioning-dell:latest

ansible-builder introspect --help
podman build -f context/Containerfile -t ee-test:0.3
</code>

<code bash>
mkdir plop
cd plop
</code>

Nettoyage
<code bash>
podman image prune
podman rmi <image>
rm -rf ./context/
</code>

''ansible.cfg''
<code ini>
# Since Ansible 2.12 (core):
# To generate an example config file (a "disabled" one with all default settings, commented out):
#               $ ansible-config init --disabled > ansible.cfg
#
# Also you can now have a more complete file by including existing plugins:
# ansible-config init --disabled -t all > ansible.cfg

# For previous versions of Ansible you can check for examples in the 'stable' branches of each version
# Note that this file was always incomplete  and lagging changes to configuration settings

# for example, for 2.9: https://github.com/ansible/ansible/blob/stable-2.9/examples/ansible.cfg
[galaxy]
server_list = rh-certified_repo, published_repo, community_repo, galaxy

[galaxy_server.rh-certified_repo]
token=xxxxxxxxxxxxxx1
url=https://aahub.acme.local/api/galaxy/content/rh-certified/

[galaxy_server.published_repo]
token=xxxxxxxxxxxxxx2
url=https://aahub.acme.local/api/galaxy/content/published/

[galaxy_server.community_repo]
token=xxxxxxxxxxxxxx3
url=https://aahub.acme.local/api/galaxy/content/community/

[galaxy_server.galaxy]
url=https://galaxy.ansible.com/
</code>

''bindep.txt''
<code ->
python3-jmespath
</code>

''requirements.yml''
<code yaml>
---
collections:
  - ansible.windows
  - community.general
  - ansible.posix
  - awx.awx
</code>


''requirements.txt''
<code ->
hvac
kafka-python
</code>


''execution-environment.yml''
<code yaml>
---
version: 1

build_arg_defaults:
  ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "-c"
  EE_BASE_IMAGE: aahub.acme.local/ee-minimal-rhel8:latest
  EE_BUILDER_IMAGE: aahub.acme.local/ansible-builder-rhel8:latest

ansible_config: 'ansible.cfg'

dependencies:
  python: requirements.txt
  galaxy: requirements.yml
  system: bindep.txt

additional_build_steps:
  prepend:
    - RUN pip3 install --upgrade pip setuptools && echo "cacert ~/ca" > ~/.curlrc && mkdir -p ~/ca
    - COPY ./cert.crt ~/ca
    - RUN rpm --import https://srv1.acme.local/katello/api/v2/repositories/2406/gpg_key_content
</code>


''context/Containerfile''
<code bash>
ARG EE_BASE_IMAGE=aahub.acme.local/ee-minimal-rhel8:latest
ARG EE_BUILDER_IMAGE=aahub.acme.local/ansible-builder-rhel8:latest

FROM $EE_BASE_IMAGE as galaxy
ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=-c
USER root

ADD _build/ansible.cfg ~/.ansible.cfg

ADD _build /build
WORKDIR /build

RUN ansible-galaxy role install -r requirements.yml --roles-path "/usr/share/ansible/roles"
RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections"

FROM $EE_BUILDER_IMAGE as builder

COPY --from=galaxy /usr/share/ansible /usr/share/ansible

ADD _build/requirements.txt requirements.txt
RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
RUN assemble

FROM $EE_BASE_IMAGE
USER root
RUN pip3 install --upgrade pip setuptools && echo "cacert ~/ca" > ~/.curlrc && mkdir -p ~/ca
COPY ./cert.crt ~/ca
RUN rpm --import https://srv1.acme.local/katello/api/v2/repositories/2406/gpg_key_content

COPY --from=galaxy /usr/share/ansible /usr/share/ansible

COPY --from=builder /output/ /output/
RUN /output/install-from-bindep && rm -rf /output/wheels
</code>


<code yaml>
version: 3

dependencies:
  galaxy: requirements.yml
  python: requirements.txt
  system: bindep.txt

#  ansible_core:
#    package_pip: ansible-core==2.14.4
#
#  ansible_runner:
#    package_pip: ansible-runner
#
#  python_interpreter:
#    package_system: python39  # (optional) name of a Python interpreter OS package to install
#    python_path: /usr/bin/python3.9  # (optional) path to the Python interpreter to use

  exclude:
    python:
      - docker
    system:
      - python3-Cython

images:
  base_image:
    # name: quay.io/centos/centos:stream9
    # name: quay.io/ansible/ansible-runner:latest       # Obsoltete
    # name: ghcr.io/ansible-community/community-ee-minimal:2.16.0-1
    # name: quay.io/ansible/awx-ee:latest
    name: ghcr.io/ansible-community/community-ee-base:2.19.1-1

# additional_build_files:
#     - src: files/ansible.cfg
#       dest: configs

additional_build_steps:
#  prepend_galaxy:
#    - ADD _build/configs/ansible.cfg ~/.ansible.cfg
  prepend_base:
    # - RUN echo PLOP
  append_final:
    # - RUN groupadd --gid 1000 vscode
    # - RUN adduser --home-dir /vscode --create-home --gid 1000 --uid 1000 vscode
    - RUN ls -l

options:
  user: '1000'
</code>


------------

''execution-environment.yml''
<code yaml>
---

version: 3

dependencies:
  galaxy: requirements.yml
  python: requirements.txt
  system: bindep.txt

images:
  base_image:
    name: ghcr.io/ansible-community/community-ee-base:2.19.1-1

options:
  user: '1000'
</code>

''requirements.yml''
<code yaml>
---

collections:
  - ansible.utils
  - ansible.posix
  - ansible.windows
  - ansible.netcommon
  - community.general
  - community.windows
  - community.vmware
  - community.crypto
  - community.postgresql
  - community.mysql
  - community.network
  - kubernetes.core
  - containers.podman
  - awx.awx
  - vmware.vmware
  - vmware.vmware_rest
  - microsoft.ad
  # - fortinet.fortios
</code>

''requirements.txt''
<code ->
six
psutil
# pywinrm
jc
jmespath
</code>


''bindep.txt''
<code ->
git
rsync
curl
wget
psmisc
tar
unzip
gzip
#python38-wheel [platform:centos-8 platform:rhel-8]
iputils [platform:rpm]
bind-utils [platform:rpm]
#python3-jmespath [platform:rpm]
#net-snmp-utils [platform:rpm]
</code>

Exemple de fichier bindep.txt :
* https://github.com/openstack/openstack-ansible/blob/master/bindep.txt