DO374 - ch09s09

Bookmark this page

Lab: Creating Content Collections and Execution Environments

Create an Ansible Content Collection, upload it to private automation hub, create an automation execution environment that includes the collection, and then use that automation execution environment to run a playbook from automation controller.

Outcomes

Create an Ansible Content Collection that includes roles and plug-ins.
Create a custom automation execution environment.
Upload an Ansible Content Collection and an automation execution environment to private automation hub.
Configure automation controller to use a custom automation execution environment from private automation hub.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command creates the /home/student/create-review directory, prepares automation controller and private automation hub for the exercise, and creates a Git repository that includes a playbook to test your work. The command also provides the lab-resources.txt file that lists all the resources that you configure during the exercise. You can use that file to copy and then paste those resources.

[student@workstation ~]$ lab start create-review

Procedure 9.5. Instructions

You can access the private automation hub web UI at https://hub.lab.example.com using student as the username and redhat123 as the password. You can access the automation controller web UI at https://controller.lab.example.com using admin as the username and redhat as the password.

On the workstation machine, in the /home/student/create-review directory, create an Ansible Content Collection named training.web that includes two roles and a lookup plug-in.
The two roles are available in the /home/student/create-review/roles/ directory. You have to copy them to the correct location in the collection after you create the skeleton directories for the collection.
The firewall role depends on the ansible.posix collection (version >=1.0.0). Configure your collection to specify this dependency.
The lookup plug-in creates a QR (Quick Response) code in PNG (Portable Network Graphics) format. It is available in the /home/student/create-review/lookup.tgz file. Extract that archive into the correct location in your collection. It also requires the Pillow and qrcode Python packages. Configure your collection to specify those two Python dependencies.
The collection requires Ansible version 2.9.10 or later.
Build the collection and then copy the resulting .tar.gz file to the /home/student/create-review/ directory.
Change to the /home/student/create-review/ directory and then run the ansible-galaxy collection init command to create the collection:
[student@workstation ~]$ cd ~/create-review/ [student@workstation create-review]$ ansible-galaxy collection init training.web - Collection training.web was created successfully
Copy the two roles in the ~/create-review/roles/ directory to the ~/create-review/training/web/roles/ directory:
[student@workstation create-review]$ ls roles/ apache firewall [student@workstation create-review]$ cp -r roles/* training/web/roles/
Edit the training/web/galaxy.yml file to declare the ansible.posix collection as a required dependency of your new collection:
...output omitted... # Collections that this collection requires to be installed for it to be usable. The key of the dict is the # collection label 'namespace.name'. The value is a version range # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version # range specifiers can be set and are separated by ',' dependencies: ansible.posix: '>=1.0.0' ...output omitted...
In the ~/create-review directory, extract the lookup.tgz file containing the lookup plug-in into the training/web/plugins/ directory:
[student@workstation create-review]$ tar xf lookup.tgz -C training/web/plugins/
To declare the Python package dependencies, create the training/web/requirements.txt file with the following content:
Pillow qrcode
Create the ~/create-review/training/web/meta/ directory.
[student@workstation create-review]$ mkdir training/web/meta
Create the ~/create-review/training/web/meta/runtime.yml file with the following content:
--- requires_ansible: '>=2.9.10'
In the ~/create-review/training/web directory, build the collection.
[student@workstation create-review]$ cd training/web/ [student@workstation web]$ ansible-galaxy collection build Created collection for training.web at /home/student/create-review/training/web/training-web-1.0.0.tar.gz
Copy the resulting training-web-1.0.0.tar.gz file from the ~/create-review/training/web directory to the /home/student/create-review/ directory.
[student@workstation web]$ cp training-web-1.0.0.tar.gz ~/create-review/
Publish the training.web collection to your private automation hub.
Use the private automation hub web UI to create a collection namespace named training and configure the Content Developers group to be namespace owners of the collection.
Upload the training.web collection to that namespace, and approve the collection after you upload it.
Navigate to https://hub.lab.example.com and log in as student using redhat123 as the password.
Navigate to Collections → Namespaces and click Create.
Create the namespace using the following information and then click Create.
Field Value
Name training
Namespace owners Content Developers
Upload the collection. Click Upload collection, select the /home/student/create-review/training-web-1.0.0.tar.gz file, and then click Upload. Wait for the upload to complete.
Approve the collection. Navigate to Collections → Approval and then click Approve.
Confirm that the collection is published. Navigate to Collections → Collections and then select Published in Filter by repository. The web UI displays the web collection.
Click web and then click the Contents tab. Confirm that the page lists the two roles, apache and firewall, and the qrcode lookup plug-in.
Install the ansible-builder package on the workstation machine. The student user can run commands with escalated privileges. Use student as the sudo password.
[student@workstation web]$ sudo yum install ansible-builder [sudo] password for student: student ...output omitted...
Prepare the configuration files to build a custom automation execution environment so that the training.web collection is included in it.
- On workstation, create the ~/create-review/ee-build directory to store the configuration files.
- Create an ee-build/execution-environment.yml file to control the build process. An example file is available in the /home/student/create-review/ directory. If you use that example file, then you must remove the parameters that you do not need.
  - Set the hub.lab.example.com/ee-minimal-rhel8:latest container image as the base image.
  - Set the hub.lab.example.com/ansible-builder-rhel8:latest container image as the builder image.
- Copy the ~/create-review/ansible.cfg file to the ~/create-review/ee-build/ directory. That file configures access to the private automation hub at https://hub.lab.example.com so that the build process can retrieve the training.web and the ansible.posix collections.
- Get a token from the private automation hub web UI, and edit that ansible.cfg file to update both token parameters. Use the same token from private automation hub for both parameters.
- Create the ee-build/requirements.yml file and configure it to install the training.web collection into the automation execution environment.
Change to the ~/create-review directory and create the ee-build/ directory.
[student@workstation web]$ cd ~/create-review/ [student@workstation create-review]$ mkdir ee-build
Copy the execution-environment.yml example file into the ee-build/ directory.
[student@workstation create-review]$ cp execution-environment.yml ee-build/
Edit the ee-build/execution-environment.yml file.
Set the EE_BASE_IMAGE parameter to hub.lab.example.com/ee-minimal-rhel8:latest and the EE_BUILDER_IMAGE parameter to hub.lab.example.com/ansible-builder-rhel8:latest.
Remove the python and system parameters from the dependencies section. The training.web collection already provides the list of required Python packages and it does not depend on any RPM packages.
The completed ee-build/execution-environment.yml file should consist of the following content:
--- version: 1 build_arg_defaults: EE_BASE_IMAGE: hub.lab.example.com/ee-minimal-rhel8:latest EE_BUILDER_IMAGE: hub.lab.example.com/ansible-builder-rhel8:latest ansible_config: ansible.cfg dependencies: galaxy: requirements.yml
Copy the ~/create-review/ansible.cfg file into the ee-build/ directory.
[student@workstation create-review]$ cd ee-build [student@workstation ee-build]$ cp ~/create-review/ansible.cfg .
You update the token parameters in that file in the next step.
Retrieve the API token from the private automation hub web UI at https://hub.lab.example.com.
Navigate to Collections → API token management, click Load token, and then click the Copy to clipboard icon.
Edit the ~/create-review/ee-build/ansible.cfg file to update the two token parameter lines by replacing each #FIXME# string with the copied token. Your token is probably different from the one that is displayed in the following example.
[galaxy] server_list = published_repo, rh-certified_repo # Published collections (for training.web) [galaxy_server.published_repo] url=https://hub.lab.example.com/api/galaxy/content/published/ token=c6aec560d9d0a8006dc6d8f258092e09a53fd7bd # Certified collections (for ansible.posix) [galaxy_server.rh-certified_repo] url=https://hub.lab.example.com/api/galaxy/content/rh-certified/ token=c6aec560d9d0a8006dc6d8f258092e09a53fd7bd
In the ~/create-review/ee-build/ directory, create the requirements.yml file to list the training.web collection that you want in the new automation execution environment. The completed ee-build/requirements.yml file should consist of the following content:
--- collections: - name: training.web
Configure the container image to include your private automation hub's TLS CA certificate.
In the ~/create-review/ee-build/ directory, use the ansible-builder command to create the ee-build/context/ directory by performing the first stage of the build process.
Add the lab environment's TLS CA certificate to the container image. This enables the build process to retrieve collections from the lab environment's private automation hub. You have been provided with two files to help you do this, which should be used as follows:
- Copy ~/create-review/Containerfile to ~/create-review/ee-build/context/Containerfile.
- Copy /etc/pki/tls/certs/classroom-ca.pem to ~/create-review/ee-build/context/classroom-ca.pem.
Run the ansible-builder create command from the ee-build/ directory:
[student@workstation ee-build]$ ansible-builder create Complete! The build context can be found at: /home/student/create-review/ee-build/context
Copy the /home/student/create-review/Containerfile and /etc/pki/tls/certs/classroom-ca.pem files into the context/ directory.
[student@workstation ee-build]$ cp ~/create-review/Containerfile context/ [student@workstation ee-build]$ cp /etc/pki/tls/certs/classroom-ca.pem context/
Build the automation execution environment container image and use hub.lab.example.com/review/ee-training-rhel8:v1.0 as the tag. Push the container image to the hub.lab.example.com container registry.
Important
You must log in to the hub.lab.example.com container registry to download and push container images. Log in as student using redhat123 as the password.
Log in to the hub.lab.example.com container registry:
[student@workstation ee-build]$ podman login hub.lab.example.com Username: student Password: redhat123 Login Succeeded!
Run the podman build command from the ee-build/ directory. Add the -t option to specify the hub.lab.example.com/review/ee-training-rhel8:v1.0 tag.
[student@workstation ee-build]$ podman build -f context/Containerfile \ > -t hub.lab.example.com/review/ee-training-rhel8:v1.0 context
Confirm that the new container image is available locally. Your container image ID is different from the one displayed in the following output.
[student@workstation ee-build]$ podman images REPOSITORY TAG IMAGE ID ... hub.lab.example.com/review/ee-training-rhel8 v1.0 c418503ae3ac ... ...output omitted...
Push the container image to your private automation hub:
[student@workstation ee-build]$ podman push \ > hub.lab.example.com/review/ee-training-rhel8:v1.0 ...output omitted...

Field	Value
Name	`training`
Namespace owners	`Content Developers`

Use the automation controller web UI to create an execution environment resource that uses the following settings:

Field	Value
Name	`Training Review`
Image	`hub.lab.example.com/review/ee-training-rhel8:v1.0`
Pull	`Always pull the container before running.`
Organization	`Default`
Registry credential	`Automation Hub Container Registry`

Navigate to https://controller.lab.example.com and log in as admin using redhat as the password.
Navigate to Administration → Execution Environments and click Add.
Create the automation execution environment with the settings in the preceding table. When finished, click Save.

Create an automation controller job template that uses the following settings:
Field Value
Name Deploy QR Codes
Inventory Development
Project QR Codes
Execution environment Training Review
Playbook test.yml
Credentials Developers
Note
The lab command created the Development inventory, the QR Codes project, and the Developers machine credential.
Navigate to Resources → Templates and click Add → Add job template.
Create the job template with the settings in the preceding table. When finished, click Save.
Start a job that uses the Deploy QR Codes job template and verify that the job completes successfully. If successful, then navigating to http://serverf.lab.example.com displays a QR code image.
Navigate to Resources → Templates and click the Launch Template icon for the Deploy QR Codes job template. Wait for the job to complete.
Click the Details tab for the job. The job displays the Successful status.
Confirm the successful execution of the job by opening a web browser and navigating to http://serverf.lab.example.com. If the job completed correctly, then the web page displays a QR code image.

Field	Value
Name	`Deploy QR Codes`
Inventory	`Development`
Project	`QR Codes`
Execution environment	`Training Review`
Playbook	`test.yml`
Credentials	`Developers`

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade create-review

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish create-review

This concludes the section.

Discuss Developing Advanced Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Developing Advanced Automation with Red Hat Ansible Automation (DO374) group!

Deanna

12 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Developing Advanced Automation with Red Hat Ansible Automation Platform! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO374.Read more about Developing Advanced Automation with Red Hat Ansible Automation Platform here.

2367

Revision: do374-2.2-82dc0d7

Developing Advanced Automation with Red Hat Ansible Automation Platform

Lab: Creating Content Collections and Execution Environments

Important

Note