GitLab is nowadays a widely used CICD tool. Ansible Tower (AWX) uses an execution environment image for environment consistency and security to run the ansible jobs in AWX. This article presents an example GitLab pipeline setup for building and pushing the AWX EE image to the image registry.
EE image manifest
Docker file:
FROM ubuntu:20.04
ARG DEBIAN_FRONTEND=noninteractive
ENV BASIC_PACKAGES="git curl unzip tar python3.9 python3-pip"
RUN apt-get update -o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false -yq && apt-get install -yq software-properties-common && add-apt-repository ppa:deadsnakes/ppa
RUN apt-get update -yq && apt-get install -yq $BASIC_PACKAGES
RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1
ADD requirements.txt requirements.txt
RUN pip3 install --no-cache-dir --upgrade pip &&
pip3 install --no-cache-dir -r requirements.txt
ADD requirements.yml requirements.yml
RUN ansible-galaxy collection install -r requirements.yml
RUN rm -rf /var/lib/apt/lists/* && apt-get clean
RUN mkdir /runner
CMD [ "ansible-runner", "worker", "--private-data-dir=/runner" ]
requirements.txt file:
ansible==2.9.27
ansible-runner
requirements.yml file:
---
collections:
- awx.awx
- cloud.common
Configuring GitLab pipeline for automated EE image
Below is an example of a .gitlab-ci.yml file for building and pushing an EE image t to the docker image registry. The pipeline consists of two stages i.e. build-image and push-image.
The build-image stage builds the docker image from Dockerfile and outputs the ansible and python versions installed in the image. This stage will only run if any changes are made to any of the Dockefile, requirements, or .gitlab-ci.yml files.
The push-image stage will apply the latest tag to the image, and authenticate to the docker registry. This authentication step requires that DOCKER_USER and DOCKER_PASSWORD are defined in the GitLab CICD variables. This stage will only run on the main branch of the GitLab repository.
stages:
- build-image
- push-image
variables:
REGISTRY: your_image_registry_url
AWX_REG_IMAGE_CUSTOM: $REGISTRY/custom-ee
build-Custom-EE-image:
stage: build-image
script:
- docker build -t "$AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG" . -f Dockerfile
- docker run --rm $AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG ansible --version
- docker run --rm $AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG python3 --version
rules:
- changes:
- Dockerfile
- requirements.txt
- requirements.yml
- .gitlab-ci.yml
push-CUSTOM-EE-image:
stage: push-image
script:
- docker build -t "$AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG" . -f Dockerfile
- docker tag "$AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG" "$AWX_REG_IMAGE_CUSTOM:latest"
- echo $DOCKER_PASSWORD | docker login -u $DOCKER_USER --password-stdin $REGISTRY
- docker push "$AWX_REG_IMAGE_CUSTOM:latest"
rules:
- if: $CI_COMMIT_BRANCH == "main"
Summary
In this article presents an example of an automated GitLab pipeline setup for building and pushing AWX EE image to the docker image registry. It is possible to install the python-pip packages and ansible collections using the requirement files and also control the ansible and python versions as specified in the configuration files.
The build-image stage builds the docker image from Dockerfile and outputs the ansible and python versions installed in the image. This stage will only run if any changes are made to any of the Dockefile, requirements, or .gitlab-ci.yml files.
The push-image stage will apply the latest tag to the image, and authenticate to the docker registry. This authentication step requires that DOCKER_USER and DOCKER_PASSWORD are defined in the GitLab CICD variables. This stage will only run on the main branch of the GitLab repository.
Writer // KUMORION BLOG //
Shankar Lal
Enthusiastic DevOps learner and sometimes like to write about his experiences for community awareness.