Building Ansible Tower (RHAAP) execution environments for OpenShift

Oren Oichman
6 min readDec 26, 2022

--

Automation for everyone

I Often find myself wandering what is automation and how to achieve it in the most generic and efficient way and more often then none I don’t come up with a clear answer. Our IT world is a very complex organism that keeps changes as we move forward and grow. As much as we want it to be , there is no clear answer to the question “what is the best path for automation” but there is a light in the end of the (Encrypted) tunnel.

Centralize and distribute

A question which is old as the age of IT time , what should we do … centralize ore distribute … well why not both if we can especially for our automation needs.

Red Hat Ansible Automation Platform (AWX for those who want to look at the open source version) enable us to centralize all our automation under a very reach and easy to use platform and distribute it by splitting it’s components how we want and in the proximity we need it to be.

Flexibility

Just like most flexible platforms Red Hat Ansible Automation Platform (RHAAP) is container based and as such platform if we need to work with a new Ansible module we need to make sure we have a container image that contain the module.

Ansible with OpenShift/Kubernetes

Ansible is an agent less automation platform and as such we need to add a module for ansible so it will be able to talk to OpenShift. luckily this module is already available which is the kubernetes.core.k8s and can be found at the official module site here. By using the module we can manage any given Kubernetes/OpenShift cluster just like any other target.

This Tutorial

In this Tutorial we will go over the steps to enable Ansible automation to work with OpenShift by adding a custom execution environment container image to be used by playbooks referring to the kubernetes.core.k8s module.

Where to start

In order to create the image for RHAAP we will need the following components :

  • RHAAP deployed
  • entitled RHEL 8 os installed and running
  • ansible-builder

We will start from the RHEL 8 machine to create the container which is running the Openshift Module.

This tutorial assumes that you are running a RHEL 8 with the latest updates and the system is register (entitled)

To make sure we have ansible-builder installed we will run the following steps :

Enable the repositories

$ subscription-manager repos \
--enable=ansible-automation-platform-2.3-for-rhel-8-x86_64-rpms

$ subscription-manager repos \
--enable="rhocp-4.11-for-rhel-8-x86_64-rpms"

install ansible-builder

$ dnf install -y ansible-builder

working directory and registry

for tutorial refers we will create a new directory and create our files under this directory :

# mkdir ~/ansible-ocp && cd ~/ansible-ocp
# export REGISTRY="<your registry"

Make sure you set the REGISTRY to your own registry and repository accordingly.

Once you have completed this part you can skip the “ansible-builder OCI” part which describes how to install and run ansible-builder from a container.

Ansible-builder OCI

If you are running AWX you can create a container that will run ansible-builder

building the image

First let’s create the following Containerfile (with you favorite editor)

FROM python:3.8-slim

# RUN adduser --disabled-password -u 1001 --home /opt/app-root/ slim

ENV HOME=/opt/app-root/ \
PATH="${PATH}:/root/.local/bin"
RUN mkdir -p /opt/app-root/src
COPY run-builder.sh /usr/bin/

RUN pip install pip --upgrade && \
pip install ansible-builder

LABEL \
name="awx/ansible-builder" \
summary="AWX execution environment tool" \
description="A containerized ansible-builder image"

WORKDIR /opt/app-root/

CMD [ "/usr/bin/run-builder.sh" ]

Now let’s create the run-builder.sh file (with you favorite editor)

$ echo '#!/bin/bash

if [[ -z "${ARG1}" ]]; then
echo "ARG1 environment variable NOT configured"
exit 1
fi

if [[ -z "${TAG}" ]]; then
echo "TAG environment variable NOT configured"
exit 1
fi

ansible-builder $ARG1 --tag $TAG' > run-builder.sh

Now let’s build the container

# podman build -f Containerfile -t ${REGISTRY}/ansible-builder:latest

Now that we have ansible-builder available we can start the execution environment .

New images

At the center of our solution we will create 2 new images. One for the builder image and one for the base image.

The builder image

We will start by creating a new container file named “Containerfile.builder” with the following content :

FROM registry.redhat.io/ansible-automation-platform-23/ansible-builder-rhel8

RUN rm -f /etc/yum.repos.d/*
COPY redhat.repo /etc/yum.repos.d/
RUN pip3 install openshift kubernetes && \
microdnf install -y python38-pytz \
python38-pyyaml python38-requests \
openshift-clients --enablerepo=rhocp-4.11-for-rhel-8-x86_64-rpms

And copy the redhat.repo file to the current directory

# cp /etc/yum.repos.d/redhat.repo . 

Now let’s create the image :

# podman build -f Containerfile.builder -t ${REGISTRY}/ansible-builder

The base Image

The process is the same process we created the builder image. First we will create the container file named : “Containerfile.ee-minimal” and with your favorite editor add the following content :

FROM registry.redhat.io/ansible-automation-platform-23/ee-minimal-rhel8

RUN rm -f /etc/yum.repos.d/*
COPY redhat.repo /etc/yum.repos.d/
RUN pip3 install openshift kubernetes && \
microdnf install -y python38-pytz \
python38-pyyaml python38-requests \
openshift-clients --enablerepo=rhocp-4.10-for-rhel-8-x86_64-rpms

And let’s create the image :

# podman build -f Containerfile.ee-minimal -t ${REGISTRY}/ee-minimal

Now that both image are ready we can move on and start the build.

For ansible-builder to run we need to create a file named : “execution-environment.yml” with the following content :

---
version: 1
build_arg_defaults:
EE_BASE_IMAGE: '${REGISTRY}/ee-minimal'
EE_BUILDER_IMAGE: '${REGISTRY}/ansible-builder'

dependencies:
galaxy: requirements.yml

additional_build_steps:
prepend: |
RUN rm -f /etc/yum.repos.d/redhat.repo

As you notice the dependencies refers a file called “requirements.yml” let’s go ahead and create this file as well and make sure it has a reference for the ansible kubernetes module.

With your favorite editor create the following file name “requirements.yml” with the following content :

---
collections:
- name: awx.awx
- name: kubernetes.core

Now that everything is set we can create the ee (execution environment ) image for our automation platform :

# ansible-builder build --tag ${REGISTRY}/ansible-k8s

Once the process has completed you can push the image to your registry and all we need to do is to update our automation platform by the UI admin.

RHAAP UI

In the RHAAP User interface go down on the left to “execution environment)

Click on it and then click on the “Add” button at the middle of the page.

In the next page we will add the details of our recently created image :

And that should be it. ckick again on the “Save” button and you will see your execution environment ready for use :

If you need extra reading about how to write playbook for OpenShift I suggest reading the following tutorial here or you can find a very good example at my github page here

A big thank you to Sagi Zigman and Andrew block for helping with the setup. I would have not be able to get it done without you !!!

If you have any question feel free to responed/ leave a comment.
You can find me on linkedin at : https://www.linkedin.com/in/orenoichman
Or twitter at : https://twitter.com/ooichman

--

--