Community execution environments

[cidrblock]

Summary

Discuss community EE's:

1) prebuilt and published? 2) just sample manifest files? 3) discipline specific?

Additional thoughts:

This does not need to be a voting issue, probably best a conversation to surface thoughts and questions.

Some possible discussion topics:

What would the goal of embracing EEs be within the community:

• Encourage the use of EEs with navigator and AWX?
• Experience and familiarity?
• Alternate packaging format for community edition Ansible?

How far down the EE path?

• Full build and publish to quay? (plug and play)
• Reference definition files?
• Common repo for definitions? (EE def as code)
• A schema "describing" each EE
• Grouping and scope of EEs?
• Testing and validation?
• Frequency of build, if build?
• naming convention, labels (eg source URL to definition)
• What would the suggested base image be

From comments:

• doc implications/impact
• Encourage/suggest a requirements.txt per collection to aid in EE creation
• ansible-builder support for test removal during build to minimize size

Maybe related:

• Can/Should the community assist in the definition/default EE for ansible-navigator?

Should one or more steering committee members sponsor this effort and represent it moving forward?

[samccann]

As we consider this, we should also consider the docs impact. What if anything do we need for community EE docs. Is it just a list of what collections are included and go find the full docs on docs.ansible.com (based on the full Ansible package release) or something else?

[cidrblock]

Revisit closer to fest

[tomoliveri]

I've had some thoughts on this topic, and think its really worth investing some time in. I've put together an 'all in one', which is actually 'as many as I can get working' https://github.com/tomoliveri/ansible_aio_ee

You're spot on @cidrblock not all community collections include their requirements.txt, which makes things tricky.

It would be really brilliant to be able to allow people to add an execution environment image from quay.io/ansible_ee/collectionname And have those images all automatically generated.

Collections have massively increased the barrier to entry for Ansible, we should really invest some effort in mitigating that pain.

[felixfontein]

When we discussed this in the community meeting, the main result was "this really needs better docs". Also for larger collections such as community.general, creating something like requirements.txt / bindep.txt is a huge undertaking that needs better tooling.

[tomoliveri]

I’ll work on automating scanning collections for requirements within plugins/modules (documentation) and automatically produce pull requests for their (commented / formatted) requirements.txt

Doesn’t solve the documentation problem but it’s a step towards it.

On Sun, 8 Aug 2021 at 1:01 am, Felix Fontein @.***> wrote:

When we discussed this in the community meeting, the main result was "this really needs better docs". Also for larger collections such as community.general, creating something like requirements.txt / bindep.txt is a huge undertaking that needs better tooling.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ansible-community/community-topics/issues/31#issuecomment-894665647, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXPEU2GC3J2PR3J4C73AG3T3VDGJANCNFSM477HMSVQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

[felixfontein]

I’ll work on automating scanning collections for requirements within plugins/modules (documentation) and automatically produce pull requests for their (commented / formatted) requirements.txt

That generally won't work well, since these are free-text fields (also if not, they sometimes use system package names, sometimes use Python package names). Also many modules cannot be run in the EE but must be run on the remote system, and thus their requirements must not be included in requirements.txt.

[tadeboro]

I did some thinking about this topic a while back when I was making sure one of the certified collections I help maintain had all relevant metadata needed when building an execution environment. And the conclusion I came to at that time w that maintaining execution environments is not something collection maintainers should or actually can do.

Collection maintainers have no control over the playbooks and roles users write. And while packing up the collection into an execution environment is relatively simple, such containers are of little use to playbook authors if they need to use content from more than a single collection. This reason, combined with the fact that it is not possible to use more than one execution environment to run a playbook, severely limits the usefulness of prebuilt execution environments.

In my opinion, maintainers should do their best to equip collections with the correct metadata, and leave execution environment building to users. But even that might be a tall order for large collections such as the community.general where there is a lot of content with possibly incompatible control node requirements.

[pabelanger]

IMO, what would need to happen is something like: https://github.com/ansible/network-ee Which is the meta data for execution enviornments, along with a set of collections. Once that is created, testing would need to be setup, build atop of the community ee. Obviously you'd never add all the collections to start, but as each collection that wants to be part of the community EE, you'd likely want to build a gating system to ensure all the required dependencies installed.

The main thing that is missing upstream right now, is a global constraint system. I'm working on a proposal to push that upstream to redhat maintained collection content, which could also be used by community if wanted.

[felixfontein]

Now that AnsibleFest is happening: are the promised better docs available by now?

[felixfontein]

Today I randomly stumbled about some docs which look promising:

• https://docs.ansible.com/automation-controller/latest/html/userguide/execution_environments.html
• https://docs.ansible.com/automation-controller/latest/html/userguide/ee_reference.html

These also link to more information on the bindep.txt files: https://docs.opendev.org/opendev/bindep/latest/readme.html

[felixfontein]

There are a couple of community connections having EE support by now (not all of these available in releases yet):

• community.hashi_vault: https://github.com/ansible-collections/community.hashi_vault/pull/105
• community.dns: https://github.com/ansible-collections/community.dns/pull/93
• community.hrobot: https://github.com/ansible-collections/community.hrobot/pull/45
• community.routeros: https://github.com/ansible-collections/community.routeros/pull/83
• community.docker: https://github.com/ansible-collections/community.docker/pull/336

Right now testing EEs with AZP seems to be (next to) impossible since AZP tests are run inside docker containers, which makes using ansible-navigator run impossible. But with GHA testing works fine.

[felixfontein]

For community.general I've added two propositions on how we can make it EE ready here: https://github.com/ansible-collections/community.general/issues/4512 Please comment on these! Obviously it won't be an easy ride (see @tadeboro's comment: [...] where there is a lot of content with possibly incompatible control node requirements), but it might be worth a try.

[russoz]

Herding the dependency cats is insane IMO. I think we should make it as easy as possible for devs to create their own EE containers, with only the specific dependencies they need.

[samccann]

We now have a pair of community-ees so closing out this community topic.

For future discussions/enhancement suggestions, please open a forum topic as the new place to discuss in the Ansible community and thanks!