Enabling the Ansible Runner Capability on the Site Controller

The Site controller can execute Ansible tasks, typically provided via the Extension mechanism. It is disabled by default for security reasons and must be enabled in order for it to execute workflow tasks of type Ansible.

On the Site Controller VM execute:

  1. Create a transient job directory

mkdir -p /opt/metalsoft/ansible-jobs
  1. Add the ansible runner pod: Edit the docker-compose.yaml file and add the ansible runner pod and uncomment the following entries in the services section:


  ansible-runner:
    container_name: ansible-runner
    network_mode: host
    hostname: ansible-runner-qa02-os10-b9425
    image: registry.metalsoft.dev/sc/sc-ansible-playbook-runner:openshift
    restart: always
    environment:
      - TZ=Etc/UTC
      - ANSIBLE_RUNNER=enabled
      - ANSIBLE_RUNNER_HOME=/opt/metalsoft/ansible-jobs
      - ANSIBLE_RUNNER_ARCHIVES_FOLDER=/opt/metalsoft/ansible-archives
    volumes:
      - /opt/metalsoft/ansible-jobs:/opt/metalsoft/ansible-jobs
      - /opt/metalsoft/nfs-storage:/iso
  1. Enable the ansible runner capability in the ms-agent section:

environment:
      - ANSIBLE_RUNNER=enabled
volumes:
      - /opt/metalsoft/ansible-jobs:/opt/metalsoft/ansible-jobs
  1. Restart the site controller:

docker compose up -d
  1. Verify that the capability is active: In the Admin go to Sites > site > Site Controllers and look for the ANSIBLE_RUNNER=true entry

  2. Customizing the image

Sometimes it is required to add additional packages to the Ansible Runner image that are not provided by MetalSoft. This is done by building a new image derived from the MetalSoft provided one. You need to run these commands from a VM that has access to the internet or to repositories holding the packages that need to be installed on the ansible-runner image. The machine should also have Docker installed. It does not need to run, we are using only the docker build command. It could be

a. Create a file called Dockerfile

FROM registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17

RUN pip install --upgrade infoblox-client jmespath && \
ansible-galaxy collection install infoblox.nios_modules

b. Build the image In the same directory with the Dockerfile run:

$ docker build -t registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox .

c. (optional) Check within the newly built image if the package was added: To see what was added you can for example do the following to list the ansible-galaxy collections:

$ docker run --rm --name test1 -it registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox bash -c "ansible-galaxy collection list|grep infoblox"
infoblox.nios_modules                    1.8.0

d-1. (For non-airgapped) Push the image to the repository When the image looks good, push the image to the repository. Replace registry.metalsoft.io with your registry URL.

docker push registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox

d-2. (For air-gapped) Generate the image and copy it to the Site Controller

docker save -o name_of.tar registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox

Transfer the image to the site controller and on the Site Controller run:

docker load -i  name_of.tar

e. Edit the Docker-compose.yaml file and update the image URL:

  ...
  ansible-runner:
    container_name: ansible-runner
    network_mode: host
    hostname: ansible-runner-dc-demo-10-255-146-149-290
    image: registry.metalsoft.dev/sc/sc-ansible-playbook-runner:${TAG} #replace this        
    restart: always
  ...

f. Restart the site controller:

docker compose down
docker compose up -d