Skip to content

Ansible Execution Environment

This docker container is designed to be used with Ansible AWX/Tower or from within the Gitlab CI/CD Environment. Included in the container are the following projects from us:

This container can be found at dockerhub at https://hub.docker.com/r/nofusscomputing/ansible-ee and for use from docker with docker pull nofusscomputing/ansible-ee. versioning and git tags are in accordance with semver.

The docker container is built from the python-slim image with a few extra items added to suit the containers intent. Please refer to the dockerfile. we currently build containers for amd64, armv7 and aarch640.

Features

Included features are only included if a role that we create requires it. Currently we use the pythonx.xx-{debian release} as abase image which makes available the debian packages should you require additional features/sofware not specified below.

  • custom ansible.cfg

  • environmental variable ANSIBLE_PLAYBOOK_DIR set pointing to /etc/ansible/playbooks.

  • Galaxy Collections included

    • Any collection installed with ansible-core

    • awx.awx

    • kubernetes.core

    • community.general

    • ansible.posix

    • community.docker

  • Additional Software within container

    • git

    • openssh-client

    • obviously, since its a python container, python.

Docker Tags

We use the following tags for our docker containers

  • latest This is the latest stable code from the master branch, and will always match the newest non rc git and dockerhub tag. Built on merge from development to master branch.

  • \d.\d\.d i.e. 1.0.0 This layout of tag is the latest git tag from the master branch. Built on merge from development to master branch after the gitlab release job runs.

  • dev This tag is from the latet build from the development branch, this is considered unstable. on every merge to this branch, the container is built and pushed to this tag on dockerhub.

    Info

    We use this tag within our gitlab-ci roles. Eventhough it's considered unstable, using it for our CI jobs enables an extra gate in our release cycle to find and fix issues prior to releaseing to stable.

  • \d.\d.\drc\d i.e. 1.0.0.rc0 This tag is used on the development branch as a means to take a snapshot of the code. Built on the gitlab release job being triggered on the development branch.

Dockerfile

dockerfile
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
ARG release_name=bookworm

ARG kubernetes_version=1.29


FROM --platform=$TARGETPLATFORM quay.io/ansible/receptor:v1.4.4 as receptor


FROM --platform=$TARGETPLATFORM python:3.11-slim-${release_name} as prep


ARG kubernetes_version


ENV DEBIAN_FRONTEND noninteractive


RUN apt update; \
  apt install -y \
    curl \
    gpg


RUN curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null; \
  echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" > /etc/apt/sources.list.d/helm.list; \
  cat /etc/apt/sources.list.d/helm.list;


RUN curl -fsSL https://pkgs.k8s.io/core:/stable:/v${kubernetes_version}/deb/Release.key | gpg --dearmor | tee /usr/share/keyrings/kubernetes.gpg > /dev/null; \
  echo "deb [signed-by=/usr/share/keyrings/kubernetes.gpg] https://pkgs.k8s.io/core:/stable:/v${kubernetes_version}/deb/ /" > /etc/apt/sources.list.d/kubernetes.list; \
  cat /etc/apt/sources.list.d/kubernetes.list;


FROM --platform=$TARGETPLATFORM python:3.11-slim-${release_name}


# Ansible chucks a wobbler without. see: https://github.com/ansible/ansible/issues/78283
ENV LC_ALL en_US.UTF-8

ENV DEBIAN_FRONTEND noninteractive

ENV ANSIBLE_PLAYBOOK_DIR=/etc/ansible/playbooks

ENV ANSIBLE_COLLECTIONS_PATH=/etc/ansible/collections


COPY includes /


# Ref: https://github.com/opencontainers/image-spec/blob/d86384efdb8c30770a92415c100f57a9bffbb64e/annotations.md
LABEL \
  # org.opencontainers.image.authors="{contributor url}" \
  org.opencontainers.image.vendor="No Fuss Computing" \
  # org.opencontainers.image.url="{dockerhub url}" \
  # org.opencontainers.image.documentation="{docs url}" \
  # org.opencontainers.image.source="{repo url}" \
  # org.opencontainers.image.revision="{git commit sha at time of build}" \
  org.opencontainers.image.title="No Fuss Computings Ansible Execution Environment" \
  org.opencontainers.image.description="An ansible execution environment for awx/tower and CI/CD pipelines" \
  org.opencontainers.image.vendor="No Fuss Computing"
  # org.opencontainers.image.version="{git tag}"


RUN apt update \
    # SoF fixing dpkg ldconfig not found error
  && cd /tmp \
  && apt-get download \
    libc-bin \
  && dpkg --extract $(ls | grep libc-bin_ | grep -a '.deb') /tmp/deb \
  && cp /tmp/deb/sbin/ldconfig /sbin/ \
  && rm -Rf /tmp/deb \
  && rm $(ls | grep libc-bin_ | grep -a '.deb') \
  && apt-get install -y --reinstall \
    libc-bin \
    # EoF fixing dpkg ldconfig not found error
    # Set Locale to en_US as ansible requires a locale for it to function without chucking a tantrum!!
  && apt install -y \
    locales \
    apt-transport-https \
  && sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen \
  && locale-gen;


COPY --from=prep --chmod=644 /etc/apt/sources.list.d/helm.list /etc/apt/sources.list.d/helm.list

COPY --from=prep --chmod=644 /usr/share/keyrings/helm.gpg /usr/share/keyrings/helm.gpg

COPY --from=prep --chmod=644 /etc/apt/sources.list.d/kubernetes.list /etc/apt/sources.list.d/kubernetes.list

COPY --from=prep --chmod=644 /usr/share/keyrings/kubernetes.gpg /usr/share/keyrings/kubernetes.gpg


RUN apt update; \
  apt list --upgradable \
  && apt upgrade --no-install-recommends -y \
  && apt-get install --no-install-recommends -y \
    openssh-client \
    git \
    helm \
    kubectl \
    sshpass \
    postgresql-common \
    postgresql-client \
    mariadb-client \
    mariadb-client-core \
  && mkdir -p /etc/ansible/roles \
  && mkdir -p /etc/ansible/collections \
  && mkdir -p /workdir \
  && apt list --installed \
    # see issue https://gitlab.com/nofusscomputing/projects/ansible/execution_environment/-/issues/9 for following two lines
  && apt remove -y \
    python3* \
    libpython3*; \
  helm plugin install https://github.com/databus23/helm-diff; \
  rm -rf /var/lib/apt/lists/*


WORKDIR /workdir


COPY requirements.txt /tmp/requirements.txt

COPY --from=receptor /usr/bin/receptor /usr/bin/receptor

RUN pip install --upgrade pip; \
  mkdir -p /var/run/receptor; \
  mkdir -p /etc/receptor; \
  chmod 777 /etc/receptor; \
  git config --global --add safe.directory '*'

RUN pip install --index-url https://gitlab.com/api/v4/projects/45741845/packages/pypi/simple -r /tmp/requirements.txt


RUN ansible-galaxy collection install \
    awx.awx==24.0.0 \
    # ansible.posix.authorized_key for SSH
    ansible.posix==1.5.4 \
    ansible.utils==3.1.0 \
    community.crypto==2.18.0 \
    community.dns==2.8.1 \
    # docker managment
    community.docker==3.8.0 \
    # community.general.gitlab_*
    community.general==8.4.0 \
    community.mysql==3.9.0 \
    community.postgresql==3.4.0 \
    netbox.netbox==3.17.0 \
    theforeman.foreman==4.0.0; \
  ansible-galaxy collection install --pre \
    nofusscomputing.glpi==0.1.0-a1 \
    nofusscomputing.kubernetes==1.12.0 \
    nofusscomputing.netbox==0.4.0

This dockerfile is only used to build the python packages for cross platform compilation.

dockerfile-build_cache
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
FROM --platform=$TARGETPLATFORM python:3.11-bookworm as wheelbuild

ARG CI_JOB_TOKEN
ARG CI_API_V4_URL
ARG CI_PROJECT_ID


ENV LC_ALL en_US.UTF-8

ENV PATH /usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.cargo/bin::~/.cargo/bin

ENV DEBIAN_FRONTEND noninteractive


RUN dpkg-reconfigure debconf -f noninteractive


RUN apt update

# SoF fixing dpkg ldconfig not found error
# Download Binary
RUN cd /tmp \
  && apt-get download \
    libc-bin

RUN ls -la

# Extract Binary
RUN cd /tmp; \
  dpkg --extract $(ls | grep libc-bin_ | grep -a '.deb') /tmp/deb; ls -laR

# # Extracted?
# RUN ls -laR

# Copy to home location
RUN cp /tmp/deb/sbin/ldconfig /sbin/

# Confirm present
RUN ls -l /sbin/ldconfig

# Confirm can be found 
RUN which ldconfig

# Cleanup
# RUN rm -Rf /tmp/deb \
#   && rm libc-bin_*.deb

# Should re-install without issue
RUN apt-get install -y --reinstall \
    libc-bin 
# EoF fixing dpkg ldconfig not found error
# Set Locale to en_US as ansible requires a locale for it to function without chucking a tantrum!!


RUN apt install -yq \
    build-essential \
    cargo \
    curl \
    git \
    libffi-dev \
    libpq-dev \
    libssl-dev \
    mariadb-client \
    mariadb-client-core \
    openssh-client \
    pkg-config \
    postgresql-client \
    postgresql-common \
    python3-dev \
    rustc


RUN rustc --version \
  && cargo --version



RUN pip install --upgrade pip


RUN pip install --upgrade \
    setuptools \
    wheel \
    setuptools-rust \
    twine


COPY requirements.txt /tmp/requirements.txt


RUN mkdir -p /tmp/python_modules /tmp/python_builds


RUN cd /tmp/python_modules \
  && pip download --dest . --check-build-dependencies \
    -r /tmp/requirements.txt


RUN cd /tmp/python_modules \
  # && export PATH=$PATH:~/.cargo/bin \
  && echo "[DEBUG] PATH=$PATH" \
  && pip wheel --wheel-dir /tmp/python_builds --find-links . *.whl; \
  pip wheel --wheel-dir /tmp/python_builds --find-links . *.tar.gz;

RUN cd /tmp; \
  ls -laR


RUN TWINE_PASSWORD=${CI_JOB_TOKEN} TWINE_USERNAME=gitlab-ci-token python -m twine upload --verbose --skip-existing --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi /tmp/python_builds/*

ansible config file

This ansible config file is included within this docker container.

/etc/ansible/ansible.cfg
1
2
3
4
[defaults]
collections_path=/etc/ansible/collections
roles_path=/etc/ansible/roles:/workdir/roles:/workdir/ansible-roles
log_path=/ansible.log

About:

This page forms part of our Project Ansible-EE.

Page Metadata
Version: ToDo: place files short git commit here
Date Created: 2023-06-05
Date Edited: 2024-01-14

Contribution:

Would You like to contribute to our Ansible-EE project? You can assist in the following ways:

 

ToDo: Add the page list of contributors