Recent Posts

To configure the Ansible execution environments

The ability to build and deploy Python virtual environments for automation has been replaced by Ansible execution environments. Unlike legacy virtual environments, execution environments are container images that make it possible to incorporate system-level dependencies and collection-based content. Each execution environment allows you to have a customized image to run jobs, and each of them contain only what we need when running the job, nothing more. https://docs.ansible.com/automation-controller/4.0.0/html/userguide/execution_environments.html


For the connected environments, we follow the below steps to complete the Ansible execution environments configuration and the testing:


Step 1: To Create a Container Registry credential.


Step 2: To configure the execution environments from the existing one.


Step 3: To execute an ad-hoc command on the target host.


For a disconnected or a restricted environments , we can use the below solution for the enterprise level for the image registry for the Ansible execution environments.

  • Red Hat satellite server.

  • Red Hat Quay container image registry.

  • Ansible Automation Hub


Or, for a lab environment, we can create a local docker image registry for the time being.

Lets create a local docker image registry using podman.


In case of internet access limitation, We can download the necessary container image and load it to the system, as below.


[root@bastion ~]# podman pull docker.io/library/registry:2
Trying to pull docker.io/library/registry:2...
Getting image source signatures
Copying blob 6f7e10a4e907 done  
Copying blob b215d0b40846 done  
Copying blob 429305b6c15c done  
Copying blob 6a428f9f83b0 done  
Copying blob 90cad49de35d done  
Copying config b2cb11db9d done  
Writing manifest to image destination
Storing signatures
b2cb11db9d3d60af38d9d6841d3b8b053e5972c0b7e4e6351e9ea4374ed37d8c
[root@bastion ~]# podman images
REPOSITORY                                                            TAG         IMAGE ID      CREATED       SIZE
docker.io/library/registry                                            2           b2cb11db9d3d  2 months ago  26.8 MB

[root@bastion ~]# podman save -o docker.io.library.registry2.tar b2cb11db9d3d
[root@ansible4 ~]# scp root@bastion:/root/images/docker.io.library.registry2.tar .
[root@ansible4 ~]# podman load -i docker.io.library.registry2.tar 
[root@ansible4 ~]# podman tag b2cb11db9d3d docker.io/library/registry:2 

Step 4: To create a directory for the image repo location in the Controller Node.

[root@ansible4 ~]# mkdir -p /var/lib/registry

Step 5: To create a container that will run as the image registry.

[root@ansible4 ~]# podman run --privileged -d --name image-registry -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always registry:2
[root@ansible4 ~]# podman images
REPOSITORY                                                            TAG         IMAGE ID      CREATED       SIZE
registry.redhat.io/ansible-automation-platform-20-access/ee-29-rhel8  latest      e61302ef4941  2 weeks ago   794 MB
docker.io/library/registry                                            2           b2cb11db9d3d  2 months ago  26.8 MB
[root@ansible4 ~]# podman ps -a
CONTAINER ID  IMAGE                         COMMAND               CREATED        STATUS            PORTS                   NAMES
117fe15fb674  docker.io/library/registry:2  /etc/docker/regis...  2 minutes ago  Up 2 minutes ago  0.0.0.0:5000->5000/tcp  registry

Step 5: To enable insecure image registry to ignore the verification of self-signed ssl certificates.

[root@ansible4 ~]# sudo vi /etc/containers/registries.conf
# Registries that do not use TLS when pulling images or uses self-signed
# certificates.
[registries.insecure]
registries = ['localhost:5000']

Step 6: To restart the podman service.

[root@ansible4 ~]# sudo systemctl restart podman
[root@ansible4 ~]# sudo systemctl status podman
 podman.service - Podman API Service
   Loaded: loaded (/usr/lib/systemd/system/podman.service; static; vendor preset: disabled)
   Active: inactive (dead) since Wed 2021-11-03 19:36:50 +08; 387ms ago
     Docs: man:podman-system-service(1)
  Process: 26979 ExecStart=/usr/bin/podman $LOGGING system service (code=exited, status=0/SUCCESS)
 Main PID: 26979 (code=exited, status=0/SUCCESS)

:::::::::::::CUTSOMEOUTPUT:::::::::::::

Step 6: To login and pull the image file into a system that is connected to the internet.

[root@bastion ~]# podman login registry.redhat.io
Username: mh2xxx
Password:
Login Succeeded!
[root@bastion images]# podman search ee-29-rhel8
INDEX      NAME                                                                             DESCRIPTION                                      STARS   OFFICIAL  AUTOMATED
redhat.io  registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8 
Ansible Automation Platform minimal executio...  0     
[root@bastion images]# podman pull registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8:latest
Trying to pull registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 725b8f697ed5 done  
Copying blob 94249d6f79d2 done  
Copying blob ba04c4096899 done  
Copying blob dde93efae2ff done  
Copying config e61302ef49 done  
Writing manifest to image destination
Storing signatures
e61302ef4941f4a2b2562d70a9cfb1ba346ed0ebe6862b1259d57f101c0caacb

Step 7: To save that image file in a tarball.

[root@bastion images]# podman images
REPOSITORY                                                                                             TAG     IMAGE ID      CREATED       SIZE
registry.redhat.io/ansible-automation-platform-20-early-access/ee-supported-rhel8                      latest  a5abcbcfe2ea  2 weeks ago   1 GB
registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8                             latest  e61302ef4941  2 weeks ago   794 MB
registry.redhat.io/ansible-automation-platform-20-early-access/ee-minimal-rhel8                        latest  1691165f01f7  2 weeks ago
[root@bastion images]# podman save -o ee-29-rhel8.tar e61302ef4941

Step 8: To copy and load that image file from the tarball.

[root@ansible4 ~]# scp root@bastion:/root/images/ee-29-rhel8.tar .
root@192.168.121.170's password: 
Permission denied, please try again.
root@192.168.121.170's password: 
ee-29-rhel8.tar                                                                                       100%  757MB 437.2MB/s   00:01    
[root@ansible4 ~]# podman load -i ee-29-rhel8.tar
Getting image source signatures
Copying blob 54e42005468d done  
Copying blob 0b911edbb97f done  
Copying blob 651388d6b512 done  
Copying blob eac4dc81f86d done  
Copying config e61302ef49 done  
Writing manifest to image destination
Storing signatures
Loaded image(s): sha256:e61302ef4941f4a2b2562d70a9cfb1ba346ed0ebe6862b1259d57f101c0caacb
[root@ansible4 ~]# podman images
REPOSITORY  TAG         IMAGE ID      CREATED      SIZE
<none>      <none>      e61302ef4941  2 weeks ago  794 MB
registry.redhat.io/ansible-automation-platform-20-access/ee-29-rhel8  latest      e61302ef4941  2 weeks ago   794 MB
docker.io/library/registry                                            2           b2cb11db9d3d  2 months ago  26.8 MB

Step 9: To tag that image file and push to the local image registry.

[root@ansible4 ~]# podman tag e61302ef4941 localhost:5000/ee-29-rhel8
[root@ansible4 ~]# podman images
REPOSITORY                                                            TAG         IMAGE ID      CREATED       SIZE
registry.redhat.io/ansible-automation-platform-20-access/ee-29-rhel8  latest      e61302ef4941  2 weeks ago   794 MB
localhost:5000/ee-29-rhel8                                            latest      e61302ef4941  2 weeks ago   794 MB
docker.io/library/registry                                            2           b2cb11db9d3d  2 months ago  26.8 MB
[root@ansible4 ~]# podman push localhost:5000/ee-29-rhel8
Getting image source signatures
Copying blob 0b911edbb97f done  
Copying blob 54e42005468d done  
Copying blob 651388d6b512 done  
Copying blob eac4dc81f86d done  
Copying config e61302ef49 done  
Writing manifest to image destination
Storing signatures
[root@ansible4 ~]# podman search ee-29-rhel8
[root@ansible4 ~]# podman search localhost:5000/ee-29-rhel8
INDEX           NAME                        DESCRIPTION  STARS       OFFICIAL    AUTOMATED
localhost:5000  localhost:5000/ee-29-rhel8               0                       

Step 10: To make sure the local image registry container will start automatically using systemd.

[root@ansible4 ~]# podman generate systemd \
>     --new --name image-registry \
>     > /etc/systemd/system/image-registry.service
[root@ansible4 ~]# ls -al /etc/systemd/system/image-registry.service
-rw-r--r--. 1 root root 1015 Nov  3 20:09 /etc/systemd/system/image-registry.service

[root@ansible4 ~]# cat /etc/systemd/system/image-registry.service
# container-image-registry.service
# autogenerated by Podman 3.2.3
# Wed Nov  3 20:09:41 +08 2021

[Unit]
Description=Podman container-image-registry.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
RequiresMountsFor=%t/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-image-registry.pid %t/container-image-registry.ctr-id
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-image-registry.pid --cidfile %t/container-image-registry.ctr-id --cgroups=no-conmon --replace --privileged -d --name image-registry -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always registry:2
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-image-registry.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-image-registry.ctr-id
PIDFile=%t/container-image-registry.pid
Type=forking

[Install]
WantedBy=multi-user.target default.target
[root@ansible4 ~]# systemctl enable image-registry
Created symlink /etc/systemd/system/multi-user.target.wants/image-registry.service → /etc/systemd/system/image-registry.service.
Created symlink /etc/systemd/system/default.target.wants/image-registry.service → /etc/systemd/system/image-registry.service.

Step 11: To configure the execution environments from the existing one.


Step 12: To execute an ad-hoc command on the target host.

Now its working. Let's install and configure the Ansible Automation Hub that could be the better option for the enterprise.




782 views0 comments