DO457 - ch06s09

Bookmark this page

Getting Roles and Modules from Ansible Content Collections

Objectives

Obtain a set of related roles, supplementary modules, and other content from an Ansible Content Collection and use them in a playbook.

Ansible Content Collections

When Ansible was first developed, all the modules that it used were included as part of the core software package. As the number of modules increased, it became harder for the upstream project to manage all these modules. Every module required a unique name and synchronizing module updates with updates to the core Ansible code.

With Ansible Content Collections, Ansible code updates are separated from updates to modules and plug-ins. An Ansible Content Collection provides a set of related modules, roles, and other plug-ins that you can use in your playbooks. This approach enables vendors and developers to maintain and distribute their collections at their own pace, independently of Ansible releases.

For example:

The ansible.netcommon content collection provides modules and plug-ins that you can use to help automate the management of network, security, and cloud devices.
The cisco.ios content collection, supported and maintained by Cisco, provides modules and plug-ins that manage Cisco IOS network appliances.
The network.ospf content collection provides a role that enables you to manage Open Shortest Path First (OSPF) resources and perform Shortest Path First (SPF) health checks on devices.

Ansible Content Collections also provide flexibility. You can install only the content you need instead of installing all supported modules.

You can also select a specific version of a collection (possibly an earlier or later one) or choose between a version of a collection supported by Red Hat or vendors, or one provided by the community.

Ansible 2.9 and later support Ansible Content Collections. Upstream Ansible unbundled most modules from the core Ansible code in Ansible Base 2.10 and Ansible Core 2.11 and placed them in collections. Red Hat Ansible Automation Platform 2.3 provides automation execution environments based on Ansible Core 2.14 that inherit this feature.

Note

You can develop your own collections to provide custom roles and modules to your teams. You can learn more about how to create Ansible Content Collections in the course Developing Advanced Automation with Red Hat Ansible Automation Platform (DO374).

Namespaces for Ansible Content Collections

To make it easier to specify collections and their contents by name, collection names are organized into namespaces. Vendors, partners, developers, and content creators can use namespaces to assign unique names to their collections without conflicting with other collections.

The namespace is the first part of a collection name. For example, all the collections in the network namespace have names such as network.ospf, network.bgp, and network.vpn. Likewise, Ansible Content Collections that Red Hat directly maintains and supports might use the redhat namespace, and have names such as redhat.rhv, redhat.satellite, and redhat.insights.

Selecting Sources of Ansible Content Collections

Regardless of whether you are using ansible-navigator with the minimal automation execution environment or ansible-playbook on bare metal Ansible Core, you always have at least one Ansible Content Collection available to you: ansible.builtin.

In addition, your automation execution environment might have additional collections built into it. For example, the default automation execution environment used by Red Hat Ansible Automation Platform 2.3, ee-supported-rhel8, contains 30 collections.

If you need additional Ansible Content Collections, you can add them to the collections subdirectory of your Ansible project. You might obtain Ansible Content Collections from several sources:

Automation Hub

Automation hub is a service provided by Red Hat to distribute Red Hat Certified Ansible Content Collections that are supported by Red Hat and ecosystem partners. As an end customer, you can open a support ticket with Red Hat for these Ansible Content Collections to be addressed by Red Hat and the ecosystem partner.

You need a valid Red Hat Ansible Automation Platform subscription to access automation hub. Use the automation hub web UI at https://console.redhat.com/ansible/automation-hub/ to browse these collections.

Private automation hub

Your organization might have its own on-site private automation hub, and might also use that hub to distribute its own Ansible Content Collections. Private automation hub is included with Red Hat Ansible Automation Platform.

Ansible Galaxy

Ansible Galaxy is a community-supported website that hosts Ansible Content Collections that have been submitted by various Ansible developers and users. Ansible Galaxy is a public library that provides no formal support guarantees and is not curated by Red Hat. For example, the community.network, community.asa, and community.ciscosmb collections are all available from that platform.

Use the Ansible Galaxy web UI at https://galaxy.ansible.com/ to search for collections.

Third-party Git repository or archive file

You can also download Ansible Content Collections from a Git repository or a local or remote .tar file, similar to how you can download roles.

Installing Ansible Content Collections

Before your playbooks can use content from an Ansible Content Collection, you must ensure that the collection is available in your automation execution environment.

The Ansible configuration collections_paths setting specifies a colon-separated list of paths on the system where Ansible looks for installed collections.

You can set this directive in the ansible.cfg configuration file.

Important

The following example shows the collections_paths setting in an ansible.cfg file.

[defaults]
collections_paths = ./collections:/usr/share/ansible/collections

If you remove the /usr/share/ansible/collections path from the collections_paths setting, then the ansible-navigator command cannot find the Ansible Content Collections provided inside the automation execution environment.

The following example uses the ansible-galaxy collection install command to download and install the network.ospf Ansible Content Collection. The -p collections option installs the collection in the local collections subdirectory.

[user@controlnode ~]$ ansible-galaxy collection install network.ospf \
-p collections

Important

You must specify the -p collections option or the ansible-galaxy command installs the collection based on your current collections_paths setting, or into your ~/.ansible/collections/ directory on the control node by default. The ansible-navigator command does not load the ~/.ansible/collections/ directory into the automation execution environment.

The ansible-galaxy command can also install a collection from a local or a remote .tar file, or a Git repository. A Git repository must have a valid galaxy.yml or MANIFEST.json file that provides metadata about the collection, such as its namespace and version number. For example, see the ansible.netcommon collection at https://github.com/ansible-collections/ansible.netcommon.

[user@controlnode ~]$ ansible-galaxy collection install \
/tmp/ansible-netcommon-5.1.0.tar.gz -p collections
...output omitted...
[user@controlnode ~]$ ansible-galaxy collection install \
http://www.example.com/network-bgp-2.0.0.tar.gz -p collections
...output omitted...
[user@controlnode ~]$ ansible-galaxy collection install \
git@git.example.com:organization/repo_name.git -p collections

Installing Ansible Content Collections with a Requirements File

If your Ansible project needs additional Ansible Content Collections, you can create a collections/requirements.yml file in the project directory that lists all the collections that the project requires. Automation controller detects this file and automatically installs the specified collections before running your playbooks.

A requirements file for Ansible Content Collections is a YAML file that consists of a collections dictionary key that has the list of collections to install as its value. Each list item can also specify the particular version of the collection to install, as shown in the following example:

---
collections: 
  - name: network.ospf 

  - name: network.base
    version: 2.0.0 

  - name: /tmp/ansible-netcommon-5.1.0.tar.gz 

  - name: http://www.example.com/network-bgp-2.0.0.tar.gz 

  - name: git+https://github.com:redhat-cop/network.vpn.git 
    version: main

	Specifies the list of collections that the Ansible project requires.
	Installs the `network.ospf` Ansible Content Collection from the first available source. The next part of this section covers how to configure sources.
	Installs version `2.0.0` of the `network.base` Ansible Content Collection from the first available source. It is a good practice to specify the version whenever you can.
	Installs an Ansible Content Collection from the specified local `.tar.gz` file.
	Installs an Ansible Content Collection from the `.tar.gz` file at the specified remote URL.
	Installs the `network.vpn` Ansible Content Collection from a public Git repository, selecting the version in the `main` branch. The version directive can be a branch, tag, or commit hash. The `ansible-galaxy` command can then use the `collections/requirements.yml` file to install the required collections. Specify the requirements file with the `--requirements-file` (or the `-r`) option, and use the `-p collections` option to install the Ansible Content Collection into the `collections` subdirectory.

[user@controlnode ~]$ ansible-galaxy collection install \
-r collections/requirements.yml -p collections

Configuring Ansible Content Collection Sources

By default, the ansible-galaxy command uses Ansible Galaxy at https://galaxy.ansible.com/ to download Ansible Content Collections. You might not want to use this source, preferring automation hub or your own private automation hub. Alternatively, you might want to try automation hub first, and then try Ansible Galaxy.

You can configure the sources that ansible-galaxy uses to get Ansible Content Collections in your Ansible project's ansible.cfg file. The relevant parts of that file might look like the following example:

...output omitted...
[galaxy]
server_list = automation_hub, galaxy  

[galaxy_server.automation_hub]
url=https://console.redhat.com/api/automation-hub/  
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token 
token=eyJh...Jf0o 

[galaxy_server.galaxy]
url=https://galaxy.ansible.com/

	The list all the repositories that the `ansible-galaxy` command must use, in order. For each name you specify, add a `[galaxy_server.name]` section to this file that provides the connection parameters. This example configures the `ansible-galaxy` command to get Ansible Content Collections from automation hub first (`[galaxy_server.automation_hub]`). If a collection is not available from that source, then the `ansible-galaxy` command tries to get the collection from the Ansible Galaxy website (`[galaxy_server.galaxy]`).
	The URL to access the repository.
	The URL for authentication.
	To access automation hub, you need an authentication token associated with your account. Use the automation hub web UI at `https://console.redhat.com/ansible/automation-hub/token/` to generate that token. For more details on that process, refer to the links in the References section.

Instead of a token, you can use the username and password parameters to provide your customer portal username and password.

...output omitted...
[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
username=operator1
password=Sup3r53cR3t
...output omitted...

However, you might not want to expose your credentials in the ansible.cfg file because the file could potentially get committed when using version control.

It is preferable to remove the authentication parameters from the ansible.cfg file and define them in environment variables, as shown in the following example:

export ANSIBLE_GALAXY_SERVER_<SERVER_ID>_<KEY>=value

server_id: Server identifier in uppercase. The server identifier is the name you used in the server_list parameter and in the name of the [galaxy_server.server_id] section.
key: Name of the parameter in uppercase.

The following example provides the token parameter as an environment variable:

[user@controlnode ~]$ cat ansible.cfg
...output omitted...
[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
[user@controlnode ~]$ export \
ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN='eyJh...Jf0o'
[user@controlnode ~]$ ansible-galaxy collection install ansible.netcommon \
-p collections

Using Resources from Ansible Content Collections

After you install an Ansible Content Collection in your Ansible project, you can use it with that project's Ansible Playbooks.

You can use the ansible-navigator collections -m interactive command in your Ansible project directory to list all the collections that are installed in your automation execution environment. This includes the Ansible Content Collections in your project's collections subdirectory.

You can select the line number of the collection in the interactive mode of ansible-navigator to view its contents. Then, you can select the line number of a module, role, or other plug-in to see its documentation. You can also use other tools, such as ansible-navigator doc, with the fully qualified collection name of a module to view that module's documentation.

The following playbook invokes the cli_config module from the ansible.netcommon collection for a task.

---
- name: Update the configuration on junos1.lab.example.com
  hosts: junos1.lab.example.com

  tasks:
    - name: Ensure the proper configuration is in place
      ansible.netcommon.cli_config:
        replace: /var/home/ansible/junos01.cfg

The following playbook uses the run role from the network.ospf collection.

- name: Perform health checks
  hosts: ios
  gather_facts: false

  tasks:
  - name: OSPF Manager
    ansible.builtin.include_role:
      name: network.ospf.run
    vars:
      actions:
        - name: health_check
          vars:
            details: true
            checks:
              - name: all_neighbors_up
              - name: all_neighbors_down
              - name: min_neighbors_up
                min_count: 1
              - name: ospf_status_summary

References

Ansible Automation Platform Certified Content

Ansible Certified Content Frequently Asked Questions

Using collections - Ansible Documentation

Galaxy User Guide - Ansible Documentation

Discuss Network Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.3-7cfa22a