To configure the Ansible execution environments
The ability to build and deploy Python virtual environments for automation has been replaced by Ansible execution environments. Unlike legacy virtual environments, execution environments are container images that make it possible to incorporate system-level dependencies and collection-based content. Each execution environment allows you to have a customized image to run jobs, and each of them contain only what we need when running the job, nothing more. https://docs.ansible.com/automation-controller/4.0.0/html/userguide/execution_environments.html
For the connected environments, we follow the below steps to complete the Ansible execution environments configuration and the testing:
Step 1: To Create a Container Registry credential.
Step 2: To configure the execution environments from the existing one.
Step 3: To execute an ad-hoc command on the target host.
For a disconnected or a restricted environments , we can use the below solution for the enterprise level for the image registry for the Ansible execution environments.
Red Hat satellite server.
Red Hat Quay container image registry.
Ansible Automation Hub
Or, for a lab environment, we can create a local docker image registry for the time being.
Lets create a local docker image registry using podman.
In case of internet access limitation, We can download the necessary container image and load it to the system, as below.
[root@bastion ~]# podman pull docker.io/library/registry:2
Trying to pull docker.io/library/registry:2...
Getting image source signatures
Copying blob 6f7e10a4e907 done
Copying blob b215d0b40846 done
Copying blob 429305b6c15c done
Copying blob 6a428f9f83b0 done
Copying blob 90cad49de35d done
Copying config b2cb11db9d done
Writing manifest to image destination
Storing signatures
b2cb11db9d3d60af38d9d6841d3b8b053e5972c0b7e4e6351e9ea4374ed37d8c
[root@bastion ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/registry 2 b2cb11db9d3d 2 months ago 26.8 MB
[root@bastion ~]# podman save -o docker.io.library.registry2.tar b2cb11db9d3d
[root@ansible4 ~]# scp root@bastion:/root/images/docker.io.library.registry2.tar .
[root@ansible4 ~]# podman load -i docker.io.library.registry2.tar
[root@ansible4 ~]# podman tag b2cb11db9d3d docker.io/library/registry:2
Step 4: To create a directory for the image repo location in the Controller Node.
[root@ansible4 ~]# mkdir -p /var/lib/registry
Step 5: To create a container that will run as the image registry.
[root@ansible4 ~]# podman run --privileged -d --name image-registry -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always registry:2
[root@ansible4 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/ansible-automation-platform-20-access/ee-29-rhel8 latest e61302ef4941 2 weeks ago 794 MB
docker.io/library/registry 2 b2cb11db9d3d 2 months ago 26.8 MB
[root@ansible4 ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
117fe15fb674 docker.io/library/registry:2 /etc/docker/regis... 2 minutes ago Up 2 minutes ago 0.0.0.0:5000->5000/tcp registry
Step 5: To enable insecure image registry to ignore the verification of self-signed ssl certificates.
[root@ansible4 ~]# sudo vi /etc/containers/registries.conf
# Registries that do not use TLS when pulling images or uses self-signed
# certificates.
[registries.insecure]
registries = ['localhost:5000']
Step 6: To restart the podman service.
[root@ansible4 ~]# sudo systemctl restart podman
[root@ansible4 ~]# sudo systemctl status podman
● podman.service - Podman API Service
Loaded: loaded (/usr/lib/systemd/system/podman.service; static; vendor preset: disabled)
Active: inactive (dead) since Wed 2021-11-03 19:36:50 +08; 387ms ago
Docs: man:podman-system-service(1)
Process: 26979 ExecStart=/usr/bin/podman $LOGGING system service (code=exited, status=0/SUCCESS)
Main PID: 26979 (code=exited, status=0/SUCCESS)
:::::::::::::CUTSOMEOUTPUT:::::::::::::
Step 6: To login and pull the image file into a system that is connected to the internet.
[root@bastion ~]# podman login registry.redhat.io
Username: mh2xxx
Password:
Login Succeeded!
[root@bastion images]# podman search ee-29-rhel8
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
redhat.io registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8
Ansible Automation Platform minimal executio... 0
[root@bastion images]# podman pull registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8:latest
Trying to pull registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 725b8f697ed5 done
Copying blob 94249d6f79d2 done
Copying blob ba04c4096899 done
Copying blob dde93efae2ff done
Copying config e61302ef49 done
Writing manifest to image destination
Storing signatures
e61302ef4941f4a2b2562d70a9cfb1ba346ed0ebe6862b1259d57f101c0caacb
Step 7: To save that image file in a tarball.
[root@bastion images]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/ansible-automation-platform-20-early-access/ee-supported-rhel8 latest a5abcbcfe2ea 2 weeks ago 1 GB
registry.redhat.io/ansible-automation-platform-20-early-access/ee-29-rhel8 latest e61302ef4941 2 weeks ago 794 MB
registry.redhat.io/ansible-automation-platform-20-early-access/ee-minimal-rhel8 latest 1691165f01f7 2 weeks ago
[root@bastion images]# podman save -o ee-29-rhel8.tar e61302ef4941
Step 8: To copy and load that image file from the tarball.
[root@ansible4 ~]# scp root@bastion:/root/images/ee-29-rhel8.tar .
root@192.168.121.170's password:
Permission denied, please try again.
root@192.168.121.170's password:
ee-29-rhel8.tar 100% 757MB 437.2MB/s 00:01
[root@ansible4 ~]# podman load -i ee-29-rhel8.tar
Getting image source signatures
Copying blob 54e42005468d done
Copying blob 0b911edbb97f done
Copying blob 651388d6b512 done
Copying blob eac4dc81f86d done
Copying config e61302ef49 done
Writing manifest to image destination
Storing signatures
Loaded image(s): sha256:e61302ef4941f4a2b2562d70a9cfb1ba346ed0ebe6862b1259d57f101c0caacb
[root@ansible4 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> e61302ef4941 2 weeks ago 794 MB
registry.redhat.io/ansible-automation-platform-20-access/ee-29-rhel8 latest e61302ef4941 2 weeks ago 794 MB
docker.io/library/registry 2 b2cb11db9d3d 2 months ago 26.8 MB
Step 9: To tag that image file and push to the local image registry.
[root@ansible4 ~]# podman tag e61302ef4941 localhost:5000/ee-29-rhel8
[root@ansible4 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/ansible-automation-platform-20-access/ee-29-rhel8 latest e61302ef4941 2 weeks ago 794 MB
localhost:5000/ee-29-rhel8 latest e61302ef4941 2 weeks ago 794 MB
docker.io/library/registry 2 b2cb11db9d3d 2 months ago 26.8 MB
[root@ansible4 ~]# podman push localhost:5000/ee-29-rhel8
Getting image source signatures
Copying blob 0b911edbb97f done
Copying blob 54e42005468d done
Copying blob 651388d6b512 done
Copying blob eac4dc81f86d done
Copying config e61302ef49 done
Writing manifest to image destination
Storing signatures
[root@ansible4 ~]# podman search ee-29-rhel8
[root@ansible4 ~]# podman search localhost:5000/ee-29-rhel8
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
localhost:5000 localhost:5000/ee-29-rhel8 0
Step 10: To make sure the local image registry container will start automatically using systemd.
[root@ansible4 ~]# podman generate systemd \
> --new --name image-registry \
> > /etc/systemd/system/image-registry.service
[root@ansible4 ~]# ls -al /etc/systemd/system/image-registry.service
-rw-r--r--. 1 root root 1015 Nov 3 20:09 /etc/systemd/system/image-registry.service
[root@ansible4 ~]# cat /etc/systemd/system/image-registry.service
# container-image-registry.service
# autogenerated by Podman 3.2.3
# Wed Nov 3 20:09:41 +08 2021
[Unit]
Description=Podman container-image-registry.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-image-registry.pid %t/container-image-registry.ctr-id
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-image-registry.pid --cidfile %t/container-image-registry.ctr-id --cgroups=no-conmon --replace --privileged -d --name image-registry -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always registry:2
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-image-registry.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-image-registry.ctr-id
PIDFile=%t/container-image-registry.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target
[root@ansible4 ~]# systemctl enable image-registry
Created symlink /etc/systemd/system/multi-user.target.wants/image-registry.service → /etc/systemd/system/image-registry.service.
Created symlink /etc/systemd/system/default.target.wants/image-registry.service → /etc/systemd/system/image-registry.service.
Step 11: To configure the execution environments from the existing one.
Step 12: To execute an ad-hoc command on the target host.
Now its working. Let's install and configure the Ansible Automation Hub that could be the better option for the enterprise.
Comments