Enabling the Ansible Runner Capability on the Site Controller¶
The Site controller can execute Ansible tasks, typically provided via the Extension mechanism. It is disabled by default for security reasons and must be enabled in order for it to execute workflow tasks of type Ansible.
On the Site Controller VM execute:
Create a transient job directory
mkdir -p /opt/metalsoft/ansible-jobs
Add the ansible runner pod: Edit the
docker-compose.yaml
file and add the ansible runner pod and uncomment the following entries in theservices
section:
ansible-runner:
container_name: ansible-runner
network_mode: host
hostname: ansible-runner-qa02-os10-b9425
image: registry.metalsoft.dev/sc/sc-ansible-playbook-runner:openshift
restart: always
environment:
- TZ=Etc/UTC
- ANSIBLE_RUNNER=enabled
- ANSIBLE_RUNNER_HOME=/opt/metalsoft/ansible-jobs
- ANSIBLE_RUNNER_ARCHIVES_FOLDER=/opt/metalsoft/ansible-archives
volumes:
- /opt/metalsoft/ansible-jobs:/opt/metalsoft/ansible-jobs
- /opt/metalsoft/nfs-storage:/iso
Enable the ansible runner capability in the
ms-agent
section:
environment:
- ANSIBLE_RUNNER=enabled
volumes:
- /opt/metalsoft/ansible-jobs:/opt/metalsoft/ansible-jobs
Restart the site controller:
docker compose up -d
Verify that the capability is active: In the Admin go to Sites > site > Site Controllers and look for the
ANSIBLE_RUNNER=true
entryCustomizing the image
Sometimes it is required to add additional packages to the Ansible Runner image that are not provided by MetalSoft. This is done by building a new image derived from the MetalSoft provided one. You need to run these commands from a VM that has access to the internet or to repositories holding the packages that need to be installed on the ansible-runner
image. The machine should also have Docker installed. It does not need to run, we are using only the docker build
command. It could be
a. Create a file called Dockerfile
FROM registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17
RUN pip install --upgrade infoblox-client jmespath && \
ansible-galaxy collection install infoblox.nios_modules
b. Build the image
In the same directory with the Dockerfile
run:
$ docker build -t registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox .
c. (optional) Check within the newly built image if the package was added: To see what was added you can for example do the following to list the ansible-galaxy collections:
$ docker run --rm --name test1 -it registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox bash -c "ansible-galaxy collection list|grep infoblox"
infoblox.nios_modules 1.8.0
d-1. (For non-airgapped) Push the image to the repository
When the image looks good, push the image to the repository. Replace registry.metalsoft.io
with your registry URL.
docker push registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox
d-2. (For air-gapped) Generate the image and copy it to the Site Controller
docker save -o name_of.tar registry.metalsoft.dev/sc/sc-ansible-playbook-runner:v7.0.17-infoblox
Transfer the image to the site controller and on the Site Controller run:
docker load -i name_of.tar
e. Edit the Docker-compose.yaml
file and update the image URL:
...
ansible-runner:
container_name: ansible-runner
network_mode: host
hostname: ansible-runner-dc-demo-10-255-146-149-290
image: registry.metalsoft.dev/sc/sc-ansible-playbook-runner:${TAG} #replace this
restart: always
...
f. Restart the site controller:
docker compose down
docker compose up -d