DEV-1229 Switch to ansible-builder v3

2 years ago · 0698aaf234
parent 2ea8479002
commit 0698aaf234
6 changed files with 66 additions and 85 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -4,10 +4,10 @@ variables:
  ANSIBLE_HOST_KEY_CHECKING: "false"
  ANSIBLE_FORCE_COLOR: "true"
-image: docker.dev-at.de/smardigo/smardigo-ci-ansible
+image: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest
 services:
-  - name: docker-cache.dev-at.de/docker:19-dind
+  - name: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest
    alias: docker
 stages:
@ -24,11 +24,11 @@ stages:
 ###############################################################################
 ###   http://patorjk.com/software/taag/#p=display&f=Doom&t=lint
-###    _ _       _   
+###    _ _       _
-###   | (_)     | |  
+###   | (_)     | |
-###   | |_ _ __ | |_ 
+###   | |_ _ __ | |_
 ###   | | | '_ \| __|
-###   | | | | | | |_ 
+###   | | | | | | |_
 ###   |_|_|_| |_|\__|
 ###
 ###############################################################################
@ -47,13 +47,13 @@ lint-job:
 ###############################################################################
 ###   https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible-builder
-###                    _ _     _             _           _ _     _           
+###                    _ _     _             _           _ _     _
-###                   (_) |   | |           | |         (_) |   | |          
+###                   (_) |   | |           | |         (_) |   | |
-###     __ _ _ __  ___ _| |__ | | ___ ______| |__  _   _ _| | __| | ___ _ __ 
+###     __ _ _ __  ___ _| |__ | | ___ ______| |__  _   _ _| | __| | ___ _ __
 ###    / _` | '_ \/ __| | '_ \| |/ _ \______| '_ \| | | | | |/ _` |/ _ \ '__|
-###   | (_| | | | \__ \ | |_) | |  __/      | |_) | |_| | | | (_| |  __/ |   
+###   | (_| | | | \__ \ | |_) | |  __/      | |_) | |_| | | | (_| |  __/ |
-###    \__,_|_| |_|___/_|_.__/|_|\___|      |_.__/ \__,_|_|_|\__,_|\___|_|   
+###    \__,_|_| |_|___/_|_.__/|_|\___|      |_.__/ \__,_|_|_|\__,_|\___|_|
-###                                                                          
+###
 ###############################################################################
 .builder-job:
@ -62,8 +62,8 @@ lint-job:
    - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME"
  script:
    - cp $SSH_KEY_GITLAB_CI_BUILDER_FILE ansible-builder/context/id_ed25519
-    - echo "Running docker build to build awx execution environment"
+    - echo "Running ansible-builder to build awx execution environment"
-    - docker build -f ansible-builder/context/Dockerfile -t ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest .
+    - ansible-builder build -f ansible-builder/context/Dockerfile --tag ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest -c ansible-builder/context
    - docker push ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest
  except:
    - schedules
@ -147,22 +147,22 @@ builder-job-prodnso-manual:
 ###############################################################################
 ###   http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml
-###             _                               _ 
+###             _                               _
 ###            | |                             | |
 ###    ___  ___| |_ _   _ _ __  _   _ _ __ ___ | |
 ###   / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| |
 ###   \__ \  __/ |_| |_| | |_) | |_| | | | | | | |
 ###   |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_|
-###                      | |     __/ |            
+###                      | |     __/ |
-###                      |_|    |___/             
+###                      |_|    |___/
-###  
+###
 ###############################################################################
 .run-setup:
  extends: .run-ansible
  stage: run-setup
  before_script:
-    - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME"  
+    - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME"
  script:
    - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
    - eval $(ssh-agent -s)
@ -237,18 +237,17 @@ run-setup-demompmx:
  only:
    - prodnso
 ###############################################################################
 ###   http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml
-###                                       _ 
+###                                       _
 ###                                      | |
 ###   __   ___ __  _ __   _   _ _ __ ___ | |
 ###   \ \ / / '_ \| '_ \ | | | | '_ ` _ \| |
 ###    \ V /| |_) | | | || |_| | | | | | | |
 ###     \_/ | .__/|_| |_(_)__, |_| |_| |_|_|
-###         | |            __/ |            
+###         | |            __/ |
-###         |_|           |___/             
+###         |_|           |___/
-###   
+###
 ###############################################################################
 .vpn-config-update:
@ -256,7 +255,7 @@ run-setup-demompmx:
  # A resource group ensures a job is mutually exclusive across different pipelines for the same project.
  stage: run-update
  script:
-    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
+    - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
    - eval $(ssh-agent -s)
    - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
    - mkdir -p ~/.ssh
@ -307,7 +306,6 @@ run-vpn-update-prodnso:
  only:
    - prodnso
 ###############################################################################
 ###   http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml
 ###
@ -786,14 +784,14 @@ run-patchday-all-k8s-demompmx:
 ###############################################################################
 ###   http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml
 ###
-###    _          _                 _         __ _                        _ _                  _ 
+###    _          _                 _         __ _                        _ _                  _
 ###   | |        | |               | |       / _(_)                      | | |                | |
 ###   | |__   ___| | ___  _   _  __| |______| |_ _ _ __ _____      ____ _| | | _   _ _ __ ___ | |
 ###   | '_ \ / __| |/ _ \| | | |/ _` |______|  _| | '__/ _ \ \ /\ / / _` | | || | | | '_ ` _ \| |
 ###   | | | | (__| | (_) | |_| | (_| |      | | | | | |  __/\ V  V / (_| | | || |_| | | | | | | |
 ###   |_| |_|\___|_|\___/ \__,_|\__,_|      |_| |_|_|  \___| \_/\_/ \__,_|_|_(_)__, |_| |_| |_|_|
-###                                                                             __/ |            
+###                                                                             __/ |
-###                                                                            |___/             
+###                                                                            |___/
 ###
 ###############################################################################
--- a/ansible-builder/bindep.txt
+++ b/ansible-builder/bindep.txt
@ -1,4 +1,5 @@
-python38-devel [platform:rpm compile]
+git-core [platform:rpm]
 subversion [platform:rpm]
 subversion [platform:dpkg]
 git-lfs [platform:rpm]
 epel-release [platform:rpm]
--- a/ansible-builder/context/.gitignore
+++ b/ansible-builder/context/.gitignore
@ -1 +1,2 @@
 /_build/
 Dockerfile
--- a/ansible-builder/context/Dockerfile
+++ b/ansible-builder/context/Dockerfile
@ -1,45 +0,0 @@
 ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.12-latest
 ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
 FROM $EE_BASE_IMAGE as galaxy
 ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
 USER root
 RUN mkdir -p /root/.ssh
 ADD ansible-builder/context/id_ed25519 /root/.ssh/id_ed25519
 RUN chmod -R 700 /root/.ssh
 RUN mkdir /build
 WORKDIR /build
 ADD galaxy-requirements.yml requirements.yml
 ADD pip-requirements requirements.txt
 ADD ansible-builder/bindep.txt bindep.txt
 RUN ssh-keyscan git.dev-at.de >> /root/.ssh/known_hosts
 RUN eval $(ssh-agent) && ssh-add /root/.ssh/id_ed25519 && ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles
 RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections --server https://old-galaxy.ansible.com
 FROM $EE_BUILDER_IMAGE as builder
 COPY --from=galaxy /usr/share/ansible /usr/share/ansible
 ADD pip-requirements requirements.txt
 ADD ansible-builder/bindep.txt bindep.txt
 RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
 RUN assemble
 FROM $EE_BASE_IMAGE
 USER root
 COPY --from=galaxy /usr/share/ansible /usr/share/ansible
 COPY --from=builder /output/ /output/
 RUN /output/install-from-bindep && rm -rf /output/wheels
 RUN alternatives --set python /usr/bin/python3
 COPY --from=quay.io/project-receptor/receptor:0.9.7 /usr/bin/receptor /usr/bin/receptor
 RUN mkdir -p /var/run/receptor
 ADD ansible-builder/context/run.sh /run.sh
 CMD /run.sh
 USER 1000
 RUN git lfs install
--- a/ansible-builder/context/run.sh
+++ b/ansible-builder/context/run.sh
@ -1,2 +0,0 @@
 #! /bin/bash
 ansible-runner worker --private-data-dir=/runner
--- a/ansible-builder/execution-environment.yml
+++ b/ansible-builder/execution-environment.yml
@ -1,16 +1,44 @@
 ---
-version: 1
+version: 3
 build_arg_defaults:
  ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "--pre"
 dependencies:
  ansible_core:
    package_pip: ansible-core~=2.12
  ansible_runner:
    package_pip: ansible-runner
  galaxy: ../galaxy-requirements.yml
  python: ../pip-requirements
  python_interpreter:
    package_system: "python311"
    python_path: "/usr/bin/python3.11"
  system: bindep.txt
 images:
  base_image:
    name: quay.io/centos/centos:stream9-minimal
 additional_build_files:
  - src: ../ansible.cfg
    dest: configs
 options:
  package_manager_path: /usr/bin/microdnf
 additional_build_steps:
-  append:
+  append_base:
-    - RUN alternatives --set python /usr/bin/python3
+    - RUN $PYCMD -m pip install -U pip
-    - COPY --from=quay.io/project-receptor/receptor:0.9.7 /usr/bin/receptor /usr/bin/receptor
+  prepend_galaxy:
    - ADD _build/configs/ansible.cfg ~/.ansible.cfg
    - RUN microdnf install -y git-lfs openssh-clients
    - RUN mkdir -p /root/.ssh
    - ADD id_ed25519 /root/.ssh/id_ed25519
    - RUN chmod -R 700 /root/.ssh
    - RUN ssh-keyscan git.dev-at.de >> /root/.ssh/known_hosts
    - RUN eval $(ssh-agent) && ssh-add /root/.ssh/id_ed25519
  append_final:
    - COPY --from=quay.io/ansible/receptor:devel /usr/bin/receptor /usr/bin/receptor
    - RUN mkdir -p /var/run/receptor
-    - ADD run.sh /run.sh
+    - RUN git lfs install --system
    - CMD /run.sh
    - USER 1000 
    - RUN git lfs install
		`@ -1,2 +0,0 @@`
			`#! /bin/bash`
			`ansible-runner worker --private-data-dir=/runner`