Create Execution Environments for Ansible Automation Platform
Red Hat Ansible Automation Platform (AAP), the commercial variant of the AWX project, is used to orchestrate and execute Ansible content in large and distributed system landscapes. A web interface facilitates the use in teams, while the actual execution takes place in specially adapted Podman containers - also called Ansible Execution Environments (EEs). Thanks to predefined EEs, you can get started straight away - however, required dependencies (roles and collections defined in roles/requirements.yml and collections/requirements.yml) are downloaded first when the project is updated. If the project is updated every time it is started, the result is that the execution of the code is seriously delayed.
In my case, I therefore wanted to create an own EE and upload it to an internal container registry. For the creation of own EEs, Red Hat provides various container images in a dedicated container registry, which can only be used with a valid subscription.
First, the login in both registries should be configured and tested:
1$ podman login registry.redhat.io
2$ podman login registry.homelab.loc
If self-signed certificates are used, the --tls-verfiy=false parameter ensures that certificates are not validated.
Then the tool ansible-builder must be installed - ideally via dnf:
1# subscription-manager repos --enable ansible-automation-platform-2.4-for-rhel-9-x86_64-rpms
2# dnf install ansible-builder
Then create a separate folder for the EE:
1$ mkdir my-ee
In a new file execution-environment.yml the key data of the new EE are now specified:
1---
2version: 1
3
4build_arg_defaults:
5 EE_BASE_IMAGE: 'registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel9'
6 EE_BUILDER_IMAGE: 'registry.redhat.io/ansible-automation-platform-24/ansible-builder-rhel9'
7
8dependencies:
9 galaxy: requirements.yml
10 # python: requirements.txt
11 # system: bindep.txt
EE_BASE_IMAGE and EE_BUILDER_IMAGE reference the base container image and the image to build the image. Below dependencies, Ansible, Python and OS dependencies can be specified - some Ansible Collections require these.
I chose the ee-minimal-rhel9 image built on RHEL9, as the classic ansible-builder-rhel9 image did not work for me. It always tried to install the unavailable python39-devel package - in RHEL 9.2 only python311-devel is currently available.
It is advisable to check the exact container names and versions, as they may have changed since the article was published. This is where podman can help:
1$ podman search --format "table {{.Index}} {{.Name}}" registry.redhat.io/ansible-automation-platform-24
2INDEX NAME
3registry.redhat.io registry.redhat.io/ansible-automation-platform-24/ansible-builder-rhel8
4registry.redhat.io registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel8
5...
It is also worth looking at the Red Hat Ansible Automation Platform Life Cycle to find out the AAP version used. For example, AAP 2.4 uses Automation Controller version 4.4.
Required Ansible content is specified as follows:
requirements.yml:
1---
2collections:
3 - name: stdevel.uyuni
4 vesion: 0.1.1
5 - name: community.vmware
6 version: 3.6.0
7 - name: tribe29.checkmk
8 version: 0.22.0
Further details on the file format can be found on the following pages of the Ansible documentation: [click!] and [click!]
Python dependencies are specified via the common pip format:
requirements.txt:
1pydoge
2pygiertz == 0.6.1
Operating system dependencies can be specified according to bindep syntax:
bindep.txt
1libgiertz
2python-pinkepank [platform:dpkg]
3python3-pinkepank [platform:rpm]
If required, even pre- and post-scripts can be specified:
execution-environment.yml
1...
2
3additional_build_steps:
4 prepend:
5 - RUN cat /etc/os-release
6 append:
7 - yum install -y neofetch
The EE is created as follows:
1$ ansible-builder build -t my-ee:1.0.0 --verbosity 3
If successfully completed, the container image can then be uploaded:
1$ podman push LOCAL registry.homelab.loc/cstankow/my-ee:1.0.0
Finally, the EE can be defined and used in AAP.