Closed christophercollins closed 9 months ago
Hi @christophercollins - I lead CrowdStrike's technical relationship with Red Hat. I was able to reproduce this and will reach out to our friends at Red Hat to assist!
@evanstoner Thanks for the quick look into this and look forward to where this ends up. Appreciate it :)
@christophercollins I did some more messing around with this and got it to work building the image. We are still going to wait on what the RH folks tell us, but in the meantime, you can try to see if the following workaround is suitable:
(Based off this article)
example execution-environment.yml
:
---
version: 1
dependencies:
galaxy: requirements.yml
python: requirements.txt
system: bindep.txt
example requirements.yml
:
---
collections:
- name: crowdstrike.falcon
requirements.txt
from our collection:
aiohttp==3.8.5
crowdstrike-falconpy==1.3.0
example bindep.txt
that seems to be working:
findutils [platform:centos-8 platform:rhel-8]
systemd-devel [platform:centos-8 platform:rhel-8]
gcc [platform:centos-8 platform:rhel-8]
make [platform:centos-8 platform:rhel-8]
python38-devel [platform:centos-8 platform:rhel-8]
python38-cffi [platform:centos-8 platform:rhel-8]
python38-cryptography [platform:centos-8 platform:rhel-8]
python38-pycparser [platform:centos-8 platform:rhel-8]
@carlosmmatos Thanks for looking into it. Part of the issue definitely was a few missing packages in the bindep.txt file that I needed. The image does build after that but with an issue/extra context I think I should bring up. I'll try to be as concise as possible but apologies if this is a bit verbose :)
An issue I see here is that typically when building execution environments we usually set the base image that ansible builder layers on top of to RedHat's supported one (which is required for official support I believe) which is provided behind the customer portal and is "registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest" that contains a supported installation of ansible in the image as well as a bunch of pre-installed collections (AWS, Azure, ansible.posix, etc). There's also a minimal version that doesn't have any default collections installed but has just a supported version of ansible. In ansible-builder you specify the image you want to use like:
version: 1
build_arg_defaults:
EE_BASE_IMAGE: "registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8"
dependencies:
galaxy: requirements.yml
python: requirements.txt
system: bindep.txt
When you build with no image specified it defaults to "quay.io/ansible/ansible-runner:latest" which is quite different than the supported one. One issue is it has ansible-core 2.12.x which is unsupported by the crowd strike collection so I had to also add ansible==6.7.0
to the requirements.txt file so it would upgrade to at least 2.13.0 which you do support. After that I could use it.
I did manage to get it running with the supported base image but with a minor change. If I have everything the same that works using the ansible-builder default image, but change the base image being used to their supported version, it still would fail at the compile process during the pip installs, but after I went into the container I saw the issue is that it is using python3.9.16 in the supported base execution environment image so I had to change the one bindep package to be python39-devel [platform:centos-8 platform:rhel-8]
so 39 instead of 38 and it finally built and I can use it using the supported execution environment :)
Hey @christophercollins just wanted to loop back on this before closing it. Glad you got it working. We made some changes in #436 to remove the dependency we had on EDA which was causing these systemd errors and forcing us to add bindeps to the EE.
I wanted to share what I used for a recent build for an EE:
[!NOTE] Side note - this is different if using EDA with their own DE image
execution-environment.yml
version: 3
images:
base_image:
name: 'registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel9:latest'
dependencies:
galaxy:
collections:
- crowdstrike.falcon
- community.general
python: requirements.txt
python_interpreter:
package_system: "python39"
options:
package_manager_path: /usr/bin/microdnf
requirements.txt
aiohttp==3.8.5
crowdstrike-falconpy==1.3.0
Thank you very much for your assistance with getting this all sorted. Very much appreciate it. :)
Hello,
Is the crowdstrike collection supported for adding to an AAP execution environment container? When I run ansible-builder I get the bellow error and it seems to me to be an issue with one of the python package dependencies not working with something that doesn't have systemd, but I am not sure. Has this been attempted/tested by the development team? Thanks!