Skip to content

Latest commit

 

History

History
220 lines (159 loc) · 7.63 KB

readme.adoc

File metadata and controls

220 lines (159 loc) · 7.63 KB

Ansible Execution environments

Naming convention

Supported Execution environments for agnosticd should be named using one of the following conventions:

  • ee-<python virtualenv> - Execution Environments for legacy python virtualenvs available on ../virtualenvs Ex: ee-ansible2.9-python3.6-2021-11-30

  • ee-<purpose> - execution environment customized for a particular purpose. For example, the <purpose> string could be to support a particular version of a cloud provider different from what is included in the multi-cloud environment. Ansible version should be 2.9+ and python version should be 3.6+. Ex: ee-multicloud. Version can be added as tag using semantic versioning.

Requirement:

  • podman or docker installed and configured on your workstation.

  • ansible-navigator installed, see below for instructions

Available public images are listed on Quay here:

Private Images (reference only)

Requirement:

Supported images, based on supported Execution Environments, are available in the private registry image-registry.apps.open.redhat.com.

To login to the registry, get a token using the OCP client as follows:

podman login -u unused -p $(oc whoami -t) image-registry.apps.open.redhat.com

List of support EE can be found on the production clusters by looking at images in the agnosticd namespace.

As of 2022-03-07, the list is:

oc get is -n agnosticd
NAME                                                 IMAGE REPOSITORY                                                                                                                               TAGS            UPDATED
ee-ansible2.9-python3.6-2021-01-22                   default-route-openshift-image-registry.apps.ocp-us-west-2.infra.open.redhat.com/agnosticd/ee-ansible2.9-python3.6-2021-01-22                   latest          6 hours ago
ee-ansible2.9-python3.6-2021-11-30                   default-route-openshift-image-registry.apps.ocp-us-west-2.infra.open.redhat.com/agnosticd/ee-ansible2.9-python3.6-2021-11-30                   latest          4 hours ago
ee-azure_open_envs-ansible2.9-python3.6-2022-01-10   default-route-openshift-image-registry.apps.ocp-us-west-2.infra.open.redhat.com/agnosticd/ee-azure_open_envs-ansible2.9-python3.6-2022-01-10   latest          6 hours ago
ee-equinix_metal-ansible2.9-python3.6-2021-07-02     default-route-openshift-image-registry.apps.ocp-us-west-2.infra.open.redhat.com/agnosticd/ee-equinix_metal-ansible2.9-python3.6-2021-07-02     latest          6 hours ago
ee-equinix_metal-ansible2.9-python3.6-2021-11-03     default-route-openshift-image-registry.apps.ocp-us-west-2.infra.open.redhat.com/agnosticd/ee-equinix_metal-ansible2.9-python3.6-2021-11-03     latest          4 hours ago
ee-multicloud                                        default-route-openshift-image-registry.apps.ocp-us-west-2.infra.open.redhat.com/agnosticd/ee-multicloud                                        v0.0.4,v0.0.3   7 hours ago

ansible-navigator

ansible-navigator is the preferred tool for running AgnosticD. With this CLI tool, you can use the supported agnosticd images. It has both a static stdout mode and an interactive mode.

Installation

See Upstream project: https://github.com/ansible/ansible-navigator for complete instructions.

You can use requirements-ee.txt or just install it with pip:

pip3 install 'ansible-navigator[ansible-core]'

Usage with agnosticd

To use Execution Environments, you need to run agnosticd with ansible-navigator.

Example with test-empty-config
# Run from agnosticd directory
cd agnosticd

ansible-navigator run ansible/main.yml \
--eei quay.io/agnosticd/ee-multicloud:latest \
-e @ansible/configs/test-empty-config/sample_vars.yml
Note
On Mac, you probably want to change the container engine to docker, using --ce docker
Example with community image and a secrets directory
ansible-navigator run ansible/main.yml \
--eei quay.io/agnosticd/ee-multicloud:latest \
--eev ~/secrets:/secrets \
-e @ansible/configs/test-empty-config/sample_vars_ec2.yml \
-e @/secrets/dev.yml
Note
Add --mode stdout option to mimic ansible-playbook simple output.
Example with test-empty-config With AWS
# Run from agnosticd directory
cd agnosticd

ansible-navigator run ansible/main.yml \
--eei quay.io/agnosticd/ee-multicloud:latest \
--eev ~/secrets:/secrets \
-e @ansible/configs/test-empty-config/sample_vars_ec2.yml \
-e @/secrets/dev.yml

Some of the arguments in the above example can be setup in a config file, in your home directory.

~/.ansible-navigator.yaml
ansible-navigator:
  execution-environment:
    image: quay.io/agnosticd/ee-multicloud:latest
    volume-mounts:
      - src: /home/fridim/vars
        dest: /vars
      - src: /home/fridim/secrets
        dest: /secrets
      - src: /tmp
        dest: /tmp
  mode: stdout

Then the command is much simpler:

Run agnosticd with EE and a configured ansible-navigator
ansible-navigator run ansible/main.yml \
-e @ansible/configs/test-empty-config/sample_vars_ec2.yml \
-e @/secrets/dev.yml

Please refer to upstream documentation for configuring ansible-navigator.

Build

To build a new version of ee-multicloud, you can simply open a PR to update its file:

  • Containerfile

  • requirements.txt (python modules)

  • requirements.yml (ansible collections)

  • …​

A GitHub workflow will automatically create the image and push it to Quay using a tag pr-1234 with 1234 being the id of the Pull Request.

Alternatively, you can build from your local machine:

cd ee-multicloud-public
podman build . -t ee-multicloud:mytag

Build supported images (reference only)

Requirements:

Setup your workstation
mkdir -p ~/virtualenvs/ansible-builder
python3 -mvenv ~/virtualenvs/ansible-builder
. ~/virtualenvs/ansible-builder/bin/activate
pip install --upgrade pip
pip install -r requirements-ee.txt
Login to necessary registries
podman login quay.io
podman login registry.redhat.io
podman login -u unused -p $(oc whoami -t) image-registry.apps.open.redhat.com

Execution environment images should always target specific dated versions.

Example
ansible-builder build --tag ee-ansible2.9-python3.6-2021-10-29

Push to the private registry

  • PROD image-registry.apps.open.redhat.com

Login to the registry
# prod
podman login -u unused -p $(oc whoami -t) image-registry.apps.open.redhat.com
Push a tag
registry=image-registry.apps.open.redhat.com

#replace with the image tag you want to push
name=ee-ansible2.9-python3.6-2021-10-29
podman push $name $registry/agnosticd/$name

name=ee-multicloud:v0.1.1
podman push $name $registry/agnosticd/$name