Let’s take a step back and talk about what Execution Environments are to fully appreciate the concepts.<\/p>\n\n\n\n
Execution Environments: A Quick Guide<\/h2>\n\n\n\n
Before the dawn of the Execution Environments, the Ansible Automation Platform execution system was executing jobs inside bubble wrap to separate processes. There were plenty of issues with this approach, including the requirement for all container-running jobs to execute in privileged mode on Red Hat OpenShift and Kubernetes.<\/p>\n\n\n\n
There were other problems, too. Users had a difficult time managing Ansible module dependencies and customised Python virtual environments while using Ansible Content Collections. The concept of Execution Environments, essentially container images which can be used as Ansible control nodes, is the answer to these issues.<\/p>\n\n\n\n
The Dawn of Ansible<\/h2>\n\n\n\n
Ansible Builder was created to automate the creation of Execution Environments so developers, contributors and consumers may benefit from this novel idea (it\u2019s even better when the experts are able to implement the automation solution<\/a>!). It accomplishes this by utilising both the user-specified dependency information and those defined in other Ansible Content Collections. The container image build will use Ansible Builder to create a directory which serves as the build context and contains the Container file and any additional files required to be added to the image.<\/p>\n\n\n\n The easiest way to install the ansible-builder is to run the following command:<\/p>\n\n\n\n (Note: If you have Ansible Automation Platform Hub nodes, the builder should be already installed there.)<\/p>\n\n\n\n The “definition” in the realm of Ansible Builder is a YAML file which lists the dependencies at the Collection-level, the base image source and additional components which have to be overridden in the Execution Environment. The definition file is used as the input argument by the ansible-builder build command. It outputs the build context required to create an Execution Environment image, which is then utilised to actually build the final image. The same build context created during the build can be shared with other users to create environments with specific Ansible Collections.<\/p>\n\n\n\n The following example presents a definition file:<\/p>\n\n\n\n The ansible-builder build command will default to execution-environment.yml file. To override this behaviour, specify a different definition file, using -f (or \u2014file) flag.<\/p>\n\n\n\n The elements which would be listed in the dependencies section might either be an absolute path or a relative path from the directory of the Execution Environment definition’s folder.<\/p>\n\n\n\n In essence, all the collections\u2019 python dependencies should be added to the requirements.txt file. The python dependencies can be found on the Ansible page describing given module\/collection. <\/p>\n\n\n\n Similarly, to collections, it is possible to test the file using pip3 install -r requirements.txt<\/p>\n\n\n\n If there are any cross-platform requirements, they will be specified in the bindep requirements file. These are handled by bindep before being forwarded to dnf.<\/p>\n\n\n\n The additional build steps section allows you to specify additional commands you can run either before (prepend) or after (append) the main build steps. The syntax must be either a list (as demonstrated by the sample definition file’s append section) or a multi-line text (as demonstrated in the prepend section).<\/p>\n\n\n\n Let’s run the build command and see what happens! The following execution-environment.yml file will be used to build an execution image with collections required to manage podman containers and to use ansible posix modules.<\/p>\n\n\n\n Ideally, you will create a separate directory with all the files described above. The following command will default to the execution-environment.yml file. The tag indicates the name of the image going to be built. The image is available.<\/p>\n\n\n\n You will use it to configure the Execution Environment on the controller.<\/p>\n\n\n\n Now you\u2019ve had chance to undertake this brief introduction on Ansible Builder, this officially concludes the guide. It really isn\u2019t that bad of a process!<\/p>\n\n\n\n As always, if you have any questions on Ansible (or any other tech queries), please contact us<\/a>.<\/p>\n\n\n\n Happy automating!<\/p>\n\n\n\nInstallation<\/h2>\n\n\n\n
pip3 install ansible-builder <\/code><\/pre>\n\n\n\nHow to Create Ansible Builder Definition<\/h2>\n\n\n\n
---\nversion: 1\ndependencies:\n galaxy: requirements.yml\n python: requirements.txt\n system: bindep.txt\n \nadditional_build_steps:\n prepend: |\n RUN pip3 install --upgrade pip setuptools\n append:\n - RUN ls -la \/etc\n<\/code><\/pre>\n\n\n\n---\ncollections:\n - ansible.posix\n - containers.podman\n<\/code><\/pre>\n\n\n\nansible-galaxy collection install -r requirements.yml<\/code><\/pre>\n\n\n\n# requirements.txt\npsutil\nansible >= 2.13\nfirewall >= 0.2\n<\/code><\/pre>\n\n\n\ngcc\npython3-libselinux [platform:redhat]\npython3 [platform:dpkg]\n<\/code><\/pre>\n\n\n\n---\nversion: 1\ndependencies:\n galaxy: requirements.yml\n python: requirements.txt\n system: bindep.txt\n \nadditional_build_steps:\n prepend: |\n RUN pip3 install --upgrade pip setuptools\n append:\n - RUN ls -la \/etc\n<\/code><\/pre>\n\n\n\nStart the Build<\/h2>\n\n\n\n
(Note: On Fedora and Red Hat servers, the ansible-builder will default to podman container engine. If another runtime should be used, it can be specific with \u2014container-runtime switch: \u2014container-runtime docker.)<\/p>\n\n\n\nLet's run the build command and see what happens! The following execution-environment.yml file will be used to build an execution image with collections required to manage podman containers and to use ansible posix modules. \nIdeally, you will create a separate directory with all the files described above. The following command will default to the execution-environment.yml file. The tag indicates the name of the image going to be built. \n(Note: On Fedora and Red Hat servers, the ansible-builder will default to podman container engine. If another runtime should be used, it can be specific with \u2014container-runtime switch: \u2014container-runtime docker.)\n<\/code><\/pre>\n\n\n\n[root@aap01 builder-firewalld-container]# podman images \nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost\/podman_ee_image latest bffa0e361ef8 28 minutes ago 1.38 GB\n<none> <none> b45f24b19dd2 30 minutes ago 1.39 GB\n<none> <none> 660c1af33d3b 32 minutes ago 819 MB\n<none> <none> 9e080b619dd9 47 minutes ago 782 MB\n<none> <none> 11cb3941f6c4 47 minutes ago 819 MB\n<none> <none> a961697e193a 53 minutes ago 782 MB\n<none> <none> 54d20e308bfd 54 minutes ago 819 MB\nlocalhost\/vmware_ee_image latest 591c14387c0a 8 days ago 1.68 GB\n<none> <none> 38a134fd1b95 8 days ago 1.72 GB\n<none> <none> 89b0325abbfd 8 days ago 824 MB\nquay.io\/ansible\/ansible-runner latest bec0dc171168 2 months ago 816 MB\nquay.io\/ansible\/ansible-builder latest b0348faa7f41 4 months ago 779 MB\n<\/code><\/pre>\n\n\n\npodman inspect localhost\/podman_ee_image<\/code><\/pre>\n\n\n\npodman login aap02.example.net\npodman push <Image Id> aap02.example.net\/podman_ee_image\npodman push bffa0e361ef8 aap02.example.net\/podman_ee_image\nGetting image source signatures\nCopying blob aadc47c09f66 skipped: already exists \nCopying blob e0808177f5c4 skipped: already exists \nCopying blob 699491b2659e skipped: already exists \nCopying blob 6da2fb060681 skipped: already exists \nCopying blob 5fa5c1c78a8e skipped: already exists \nCopying blob 101e6c349551 skipped: already exists \nCopying blob f8fd3a54d485 skipped: already exists \nCopying blob d4df4b7e8eaf skipped: already exists \nCopying blob 7dfd83b5170b skipped: already exists \nCopying blob 32ad5db2dab5 skipped: already exists \nCopying blob aa621dba5e87 skipped: already exists \nCopying blob d32c18715b98 skipped: already exists \nCopying blob a39c6baf08b1 skipped: already exists \nCopying blob 1d211ae75d27 skipped: already exists \nCopying blob 869dbc4797e2 skipped: already exists \nCopying blob c3eeed63d6a9 skipped: already exists \nCopying blob 2d4417eff75b skipped: already exists \nCopying blob 22e51cce938f skipped: already exists \nCopying blob 0e35fc86ad8c skipped: already exists \nCopying blob 73373610159e skipped: already exists \nCopying blob de0c9bd7ced9 skipped: already exists \nCopying blob 5f70bf18a086 skipped: already exists \nCopying config bffa0e361e done \nWriting manifest to image destination\nStoring signatures\n<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/09\/image-25.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/09\/image-26-1024x356.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/09\/image-27-1024x403.png\")
<\/figure>\n\n\n\naap02.example.net\/podman_ee_image:latest<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/09\/image-28-1024x339.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/09\/image-29-1024x322.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2022\/09\/image-30-1024x333.png\")
<\/figure>\n\n\n\nConclusion<\/h2>\n\n\n\n