From 0698aaf234b0260da1c940e959134796b8e23861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20H=C3=A4hnel?= Date: Fri, 13 Oct 2023 13:37:50 +0000 Subject: [PATCH] DEV-1229 Switch to ansible-builder v3 --- .gitlab-ci.yml | 56 +++++++++++------------ ansible-builder/bindep.txt | 3 +- ansible-builder/context/.gitignore | 1 + ansible-builder/context/Dockerfile | 45 ------------------ ansible-builder/context/run.sh | 2 - ansible-builder/execution-environment.yml | 44 ++++++++++++++---- 6 files changed, 66 insertions(+), 85 deletions(-) delete mode 100644 ansible-builder/context/Dockerfile delete mode 100755 ansible-builder/context/run.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5fadcee..1cdb319 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,10 +4,10 @@ variables: ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_FORCE_COLOR: "true" -image: docker.dev-at.de/smardigo/smardigo-ci-ansible +image: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest services: - - name: docker-cache.dev-at.de/docker:19-dind + - name: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest alias: docker stages: @@ -24,11 +24,11 @@ stages: ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=lint -### _ _ _ -### | (_) | | -### | |_ _ __ | |_ +### _ _ _ +### | (_) | | +### | |_ _ __ | |_ ### | | | '_ \| __| -### | | | | | | |_ +### | | | | | | |_ ### |_|_|_| |_|\__| ### ############################################################################### @@ -47,13 +47,13 @@ lint-job: ############################################################################### ### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible-builder -### _ _ _ _ _ _ _ -### (_) | | | | | (_) | | | -### __ _ _ __ ___ _| |__ | | ___ ______| |__ _ _ _| | __| | ___ _ __ +### _ _ _ _ _ _ _ +### (_) | | | | | (_) | | | +### __ _ _ __ ___ _| |__ | | ___ ______| |__ _ _ _| | __| | ___ _ __ ### / _` | '_ \/ __| | '_ \| |/ _ \______| '_ \| | | | | |/ _` |/ _ \ '__| -### | (_| | | | \__ \ | |_) | | __/ | |_) | |_| | | | (_| | __/ | -### \__,_|_| |_|___/_|_.__/|_|\___| |_.__/ \__,_|_|_|\__,_|\___|_| -### +### | (_| | | | \__ \ | |_) | | __/ | |_) | |_| | | | (_| | __/ | +### \__,_|_| |_|___/_|_.__/|_|\___| |_.__/ \__,_|_|_|\__,_|\___|_| +### ############################################################################### .builder-job: @@ -62,8 +62,8 @@ lint-job: - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME" script: - cp $SSH_KEY_GITLAB_CI_BUILDER_FILE ansible-builder/context/id_ed25519 - - echo "Running docker build to build awx execution environment" - - docker build -f ansible-builder/context/Dockerfile -t ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest . + - echo "Running ansible-builder to build awx execution environment" + - ansible-builder build -f ansible-builder/context/Dockerfile --tag ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest -c ansible-builder/context - docker push ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest except: - schedules @@ -147,22 +147,22 @@ builder-job-prodnso-manual: ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml -### _ _ +### _ _ ### | | | | ### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | ### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | ### \__ \ __/ |_| |_| | |_) | |_| | | | | | | | ### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| -### | | __/ | -### |_| |___/ -### +### | | __/ | +### |_| |___/ +### ############################################################################### .run-setup: extends: .run-ansible stage: run-setup before_script: - - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME" + - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME" script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) @@ -237,18 +237,17 @@ run-setup-demompmx: only: - prodnso - ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml -### _ +### _ ### | | ### __ ___ __ _ __ _ _ _ __ ___ | | ### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| | ### \ V /| |_) | | | || |_| | | | | | | | ### \_/ | .__/|_| |_(_)__, |_| |_| |_|_| -### | | __/ | -### |_| |___/ -### +### | | __/ | +### |_| |___/ +### ############################################################################### .vpn-config-update: @@ -256,7 +255,7 @@ run-setup-demompmx: # A resource group ensures a job is mutually exclusive across different pipelines for the same project. stage: run-update script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' + - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh @@ -307,7 +306,6 @@ run-vpn-update-prodnso: only: - prodnso - ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml ### @@ -786,14 +784,14 @@ run-patchday-all-k8s-demompmx: ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml ### -### _ _ _ __ _ _ _ _ +### _ _ _ __ _ _ _ _ ### | | | | | | / _(_) | | | | | ### | |__ ___| | ___ _ _ __| |______| |_ _ _ __ _____ ____ _| | | _ _ _ __ ___ | | ### | '_ \ / __| |/ _ \| | | |/ _` |______| _| | '__/ _ \ \ /\ / / _` | | || | | | '_ ` _ \| | ### | | | | (__| | (_) | |_| | (_| | | | | | | | __/\ V V / (_| | | || |_| | | | | | | | ### |_| |_|\___|_|\___/ \__,_|\__,_| |_| |_|_| \___| \_/\_/ \__,_|_|_(_)__, |_| |_| |_|_| -### __/ | -### |___/ +### __/ | +### |___/ ### ############################################################################### diff --git a/ansible-builder/bindep.txt b/ansible-builder/bindep.txt index db1a0d7..ea7e4f4 100644 --- a/ansible-builder/bindep.txt +++ b/ansible-builder/bindep.txt @@ -1,4 +1,5 @@ -python38-devel [platform:rpm compile] +git-core [platform:rpm] subversion [platform:rpm] subversion [platform:dpkg] git-lfs [platform:rpm] +epel-release [platform:rpm] diff --git a/ansible-builder/context/.gitignore b/ansible-builder/context/.gitignore index ba65b13..dba20b5 100644 --- a/ansible-builder/context/.gitignore +++ b/ansible-builder/context/.gitignore @@ -1 +1,2 @@ /_build/ +Dockerfile \ No newline at end of file diff --git a/ansible-builder/context/Dockerfile b/ansible-builder/context/Dockerfile deleted file mode 100644 index d476d97..0000000 --- a/ansible-builder/context/Dockerfile +++ /dev/null @@ -1,45 +0,0 @@ -ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.12-latest -ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest - -FROM $EE_BASE_IMAGE as galaxy -ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS= -USER root - -RUN mkdir -p /root/.ssh -ADD ansible-builder/context/id_ed25519 /root/.ssh/id_ed25519 -RUN chmod -R 700 /root/.ssh - - -RUN mkdir /build -WORKDIR /build -ADD galaxy-requirements.yml requirements.yml -ADD pip-requirements requirements.txt -ADD ansible-builder/bindep.txt bindep.txt - -RUN ssh-keyscan git.dev-at.de >> /root/.ssh/known_hosts -RUN eval $(ssh-agent) && ssh-add /root/.ssh/id_ed25519 && ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles -RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections --server https://old-galaxy.ansible.com - -FROM $EE_BUILDER_IMAGE as builder - -COPY --from=galaxy /usr/share/ansible /usr/share/ansible - -ADD pip-requirements requirements.txt -ADD ansible-builder/bindep.txt bindep.txt -RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt -RUN assemble - -FROM $EE_BASE_IMAGE -USER root - -COPY --from=galaxy /usr/share/ansible /usr/share/ansible - -COPY --from=builder /output/ /output/ -RUN /output/install-from-bindep && rm -rf /output/wheels -RUN alternatives --set python /usr/bin/python3 -COPY --from=quay.io/project-receptor/receptor:0.9.7 /usr/bin/receptor /usr/bin/receptor -RUN mkdir -p /var/run/receptor -ADD ansible-builder/context/run.sh /run.sh -CMD /run.sh -USER 1000 -RUN git lfs install diff --git a/ansible-builder/context/run.sh b/ansible-builder/context/run.sh deleted file mode 100755 index e96b122..0000000 --- a/ansible-builder/context/run.sh +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/bash -ansible-runner worker --private-data-dir=/runner diff --git a/ansible-builder/execution-environment.yml b/ansible-builder/execution-environment.yml index ed47ce0..703959f 100644 --- a/ansible-builder/execution-environment.yml +++ b/ansible-builder/execution-environment.yml @@ -1,16 +1,44 @@ --- -version: 1 +version: 3 + +build_arg_defaults: + ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "--pre" + dependencies: + ansible_core: + package_pip: ansible-core~=2.12 + ansible_runner: + package_pip: ansible-runner galaxy: ../galaxy-requirements.yml python: ../pip-requirements + python_interpreter: + package_system: "python311" + python_path: "/usr/bin/python3.11" system: bindep.txt +images: + base_image: + name: quay.io/centos/centos:stream9-minimal + +additional_build_files: + - src: ../ansible.cfg + dest: configs + +options: + package_manager_path: /usr/bin/microdnf + additional_build_steps: - append: - - RUN alternatives --set python /usr/bin/python3 - - COPY --from=quay.io/project-receptor/receptor:0.9.7 /usr/bin/receptor /usr/bin/receptor + append_base: + - RUN $PYCMD -m pip install -U pip + prepend_galaxy: + - ADD _build/configs/ansible.cfg ~/.ansible.cfg + - RUN microdnf install -y git-lfs openssh-clients + - RUN mkdir -p /root/.ssh + - ADD id_ed25519 /root/.ssh/id_ed25519 + - RUN chmod -R 700 /root/.ssh + - RUN ssh-keyscan git.dev-at.de >> /root/.ssh/known_hosts + - RUN eval $(ssh-agent) && ssh-add /root/.ssh/id_ed25519 + append_final: + - COPY --from=quay.io/ansible/receptor:devel /usr/bin/receptor /usr/bin/receptor - RUN mkdir -p /var/run/receptor - - ADD run.sh /run.sh - - CMD /run.sh - - USER 1000 - - RUN git lfs install + - RUN git lfs install --system