Host your own on-premise Ansible Galaxy

Brian Bouterse
Senior Principal Software Engineer

bmbouter@redhat.com

slides: https://hackmd.io/@pulp/ansible-containers#/

Agenda

  • Setting up an On-Premise Galaxy

    • with UI
    • without UI

  • Syncing in collections/roles from galaxy.ansible.com

  • Installing collections/roles using CLI

  • Uploading collections via ansible CLI

  • Organizing content in repositories

Software

Galaxy NG - https://github.com/ansible/galaxy_ng/

  • A fork+rewrite of original Galaxy code
  • Has a UI
  • Developed by the same team that runs galaxy.ansible.com
  • Only Collection support
  • GPLv2

pulp_ansible - https://github.com/pulp/pulp_ansible

  • The backend of galaxy NG
  • API and CLI Only, No-UI
  • Collection and Role Support
  • GPLV2

Deploy Galaxy NG

Pulling down the container

podman pull pulp/pulp-galaxy-ng

Create settings files

mkdir galaxy_ng
cd galaxy_ng
mkdir settings pulp_storage pgsql containers

echo "CONTENT_ORIGIN='http://$(hostname):8080'
ANSIBLE_API_HOSTNAME='http://$(hostname):8080'
ANSIBLE_CONTENT_HOSTNAME='http://$(hostname):8080/pulp/content'"  >> settings/settings.py

Start the container with SELinux

  • Running on port 8080
  • http only (currently)
  • Usable with either podman or docker commands
podman run --detach \
             --publish 8080:80 \
             --name galaxy_ng \
             --volume ./settings:/etc/pulp:Z \
             --volume ./pulp_storage:/var/lib/pulp:Z \
             --volume ./pgsql:/var/lib/pgsql:Z \
             --volume ./containers:/var/lib/containers:Z \
             --device /dev/fuse \
             pulp/pulp-galaxy-ng

Start the container without SELinux

podman run --detach \
             --publish 8080:80 \
             --name galaxy_ng \
             --volume ./settings:/etc/pulp \
             --volume ./pulp_storage:/var/lib/pulp \
             --volume ./pgsql:/var/lib/pgsql \
             --volume ./containers:/var/lib/containers \
             --device /dev/fuse \
             pulp/pulp-galaxy-ng

Load required initial data

DATA_FIXTURE_URL="https://raw.githubusercontent.com/ansible/galaxy_ng/master/dev/automation-hub/initial_data.json"
curl $DATA_FIXTURE_URL | podman exec -i galaxy_ng bash -c "cat > /tmp/initial_data.json"
podman exec galaxy_ng bash -c "/usr/local/bin/pulpcore-manager loaddata /tmp/initial_data.json"

Assign an admin password

podman exec -it galaxy_ng bash -c 'pulpcore-manager reset-admin-password'

Basics

Accessing the UI: http://localhost:8080
Showing the logs: podman logs -f galaxy_ng

Use Galaxy NG

  1. Show the Repositories
  2. Show the Remotes
  3. Sync Content

Two requirements file examples

---
collections:
# With just the collection name
- pulp.pulp_installer
- ansible.posix

---
collections:
# With just the collection name
- amazon.aws

Gotchas

  • It does not currently provide dependency resolution
  • Every time you sync, it overwrites the previous content
  • Don't have a ~/.netrc file or it won't use your token

Configuring the CLI

  1. Get the config file from the UI
  2. Add the token from the UI
  3. Install with a command like: ansible-galaxy collection install -p ./ pulp.pulp_installer

Uploading content from the UI

  1. Have a local collection, e.g. https://galaxy.ansible.com/newswangerd/collection_demo
  2. Create a "namespace" in the UI
  3. Upload a built collection
  4. Go through the approval workflow

You can turn off the approval workflow

Add this to settings.py:

galaxy_require_content_approval=False

https://github.com/ansible/galaxy_ng/wiki/Enabling-auto-certification

Users, Groups, Permissions

Uploading content from the CLI

  1. Same as from the UI, except use the ansible-galaxy collection publish command

Deploy Pulp_Ansible

Pulling down the container

podman pull pulp/pulp

Create settings files

mkdir pulp
cd pulp
mkdir settings pulp_storage pgsql containers

echo "CONTENT_ORIGIN='http://$(hostname):8080'
ANSIBLE_API_HOSTNAME='http://$(hostname):8080'
ANSIBLE_CONTENT_HOSTNAME='http://$(hostname):8080/pulp/content'
TOKEN_AUTH_DISABLED=True" >> settings/settings.py

Start the container with SELinux

  • Running on port 8080
  • http only (currently)
  • Usable with either podman or docker commands
podman run --detach \
             --publish 8080:80 \
             --name pulp \
             --volume ./settings:/etc/pulp:Z \
             --volume ./pulp_storage:/var/lib/pulp:Z \
             --volume ./pgsql:/var/lib/pgsql:Z \
             --volume ./containers:/var/lib/containers:Z \
             --device /dev/fuse \
             pulp/pulp

Start the container without SELinux

podman run --detach \
             --publish 8080:80 \
             --name pulp \
             --volume ./settings:/etc/pulp \
             --volume ./pulp_storage:/var/lib/pulp \
             --volume ./pgsql:/var/lib/pgsql \
             --volume ./containers:/var/lib/containers \
             --device /dev/fuse \
             pulp/pulp

Assign an admin password

podman exec -it pulp bash -c 'pulpcore-manager reset-admin-password'

Installing pulp-cli

pip install pulp-cli

https://github.com/pulp/pulp-cli

Point pulp-cli at your container

pulp config create
pulp config edit

  1. Point to "http://localhost:8080"
  2. Add username, password

Basics

Showing the logs: podman logs -f pulp
Status check: pulp status
API Documentation: http://localhost:8080/pulp/api/v3/docs/

Create an Ansible Repository

  • pulp ansible repository create --name myrepo
  • pulp ansible repository list

Create an Ansible Remote

  • pulp ansible remote -t collection create --name basic --url https://galaxy.ansible.com --requirements-file ~/Documents/Presentations/container_demo/basic.yml
  • pulp ansible remote list

Create an Ansible Distribution

  • pulp ansible distribution create --name mydistro --base-path foo --repository myrepo
  • pulp ansible distribution list

View it through the Galaxy API

http://localhost.localdomain:8080/pulp_ansible/galaxy/foo/api/v3/collections/

Sync content using the Remote into the Repo

pulp ansible repository sync --name myrepo --remote basic

Installing using the CLI

  1. Get the client URL for this repo from the distribution list: pulp ansible distribution list
  2. Install with a command like: ansible-galaxy collection install -s http://localhost.localdomain:8080/pulp_ansible/galaxy/foo/ -p ./ pulp.pulp_installer

Uploading from the CLI (part 1)

  • Get the client URL for this repo from the distribution list: pulp ansible distribution list
  • Have a tarball, e.g. https://galaxy.ansible.com/newswangerd/collection_demo

Uploading from the CLI (part 2)

  • Upload the tarball with ansible-galaxy collection publish -s http://localhost.localdomain:8080/pulp_ansible/galaxy/foo/ newswangerd-collection_demo-1.0.10.tar.gz
  • View it's availability in the repository: http://localhost.localdomain:8080/pulp_ansible/galaxy/foo/api/v3/collections/

Creating a remote for Role content

  1. First a word about the galaxy Role API
  2. pulp ansible remote -t role create --name someroles --url https://galaxy.ansible.com/api/v1/roles/?namespace__name=elastic

Syncing Roles

pulp ansible repository sync --name myrepo --remote someroles

Viewing them: http://localhost.localdomain:8080/pulp_ansible/galaxy/foo/api/v1/roles/

Installing Roles from the CLI

  1. Get the client URL for this repo from the distribution list: pulp ansible distribution list
  2. Install with a command like: ansible-galaxy role install -s http://localhost.localdomain:8080/pulp_ansible/galaxy/foo/ -p ./ elasticsearch,6.2.4

Configuring the CLI permanently

Use an ansible.cfg like:

[galaxy]
server: http://localhost.localdomain:8080/pulp_ansible/galaxy/foo/

Then ansible-galaxy role install -p ./ elasticsearch,6.2.4

Copying Content between Repositories

Not demo-ing but see these docs: https://docs.pulpproject.org/pulp_ansible/workflows/copy.html

Getting Help

Feedback

Brian Bouterse
bmbouter@redhat.com

Select a repo