hero-web01

Admin

AWX: Create AWX Execution Environment using GitLab CICD

GitLab is nowadays a widely used CICD tool. Ansible Tower (AWX) uses an execution environment image for environment consistency and security to run the ansible jobs in AWX. This article presents an example GitLab pipeline setup for building and pushing the AWX EE image to the image registry.

 

EE image manifest

Docker file:

				
					FROM ubuntu:20.04
ARG DEBIAN_FRONTEND=noninteractive
ENV BASIC_PACKAGES="git curl unzip tar python3.9 python3-pip"

RUN apt-get update -o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false -yq && apt-get install -yq software-properties-common && add-apt-repository ppa:deadsnakes/ppa

RUN apt-get update -yq && apt-get install -yq $BASIC_PACKAGES

RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1
 
ADD requirements.txt requirements.txt

RUN pip3 install --no-cache-dir --upgrade pip && \
    pip3 install --no-cache-dir -r requirements.txt

ADD requirements.yml requirements.yml

RUN ansible-galaxy collection install -r requirements.yml

RUN rm -rf /var/lib/apt/lists/* && apt-get clean

RUN mkdir /runner

CMD [ "ansible-runner", "worker", "--private-data-dir=/runner" ]
				
			

requirements.txt file:

				
					ansible==2.9.27
ansible-runner
				
			

requirements.yml file:

				
					---
collections:
  - awx.awx
  - cloud.common
				
			

Configuring GitLab pipeline for automated EE image

Below is an example of a .gitlab-ci.yml file for building and pushing an EE image t to the docker image registry. The pipeline consists of two stages i.e. build-image and push-image.

The build-image stage builds the docker image from Dockerfile and outputs the ansible and python versions installed in the image. This stage will only run if any changes are made to any of the Dockefile, requirements, or .gitlab-ci.yml files.

The push-image stage will apply the latest tag to the image, and authenticate to the docker registry. This authentication step requires that DOCKER_USER and DOCKER_PASSWORD are defined in the GitLab CICD variables. This stage will only run on the main branch of the GitLab repository.

				
					stages:
  - build-image
  - push-image

variables:
  REGISTRY: your_image_registry_url
  AWX_REG_IMAGE_CUSTOM: $REGISTRY/custom-ee
build-Custom-EE-image:
  stage: build-image
  script:
    - docker build -t "$AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG" . -f Dockerfile
    - docker run --rm $AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG ansible --version
    - docker run --rm $AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG python3 --version
  rules:
    - changes:
        - Dockerfile
        - requirements.txt
        - requirements.yml
        - .gitlab-ci.yml
push-CUSTOM-EE-image:
  stage: push-image
  script:
    - docker build -t "$AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG" . -f Dockerfile
    - docker tag "$AWX_REG_IMAGE_CUSTOM:$CI_COMMIT_REF_SLUG" "$AWX_REG_IMAGE_CUSTOM:latest"
    - echo $DOCKER_PASSWORD | docker login -u $DOCKER_USER --password-stdin $REGISTRY
    - docker push "$AWX_REG_IMAGE_CUSTOM:latest"
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
				
			

Summary

In this article presents an example of an automated GitLab pipeline setup for building and pushing AWX EE image to the docker image registry. It is possible to install the python-pip packages and ansible collections using the requirement files and also control the ansible and python versions as specified in the configuration files.

The build-image stage builds the docker image from Dockerfile and outputs the ansible and python versions installed in the image. This stage will only run if any changes are made to any of the Dockefile, requirements, or .gitlab-ci.yml files.

The push-image stage will apply the latest tag to the image, and authenticate to the docker registry. This authentication step requires that DOCKER_USER and DOCKER_PASSWORD are defined in the GitLab CICD variables. This stage will only run on the main branch of the GitLab repository.

Writer // KUMORION BLOG //
Shankar Lal

Enthusiastic DevOps learner and sometimes like to write about his experiences for community awareness.

Copyright ©2024 . All rights reserved.