search

ansible / ansible-navigator

A text-based user interface (TUI) for Ansible.
https://ansible.readthedocs.io/projects/navigator/
Apache License 2.0
391 stars 101 forks source link

How-to run container-in-container #1091

Open richm opened 2 years ago

richm commented 2 years ago
ISSUE TYPE
SUMMARY

Our team uses containers to run CI/test workflows. This means we need to be able to run ansible-navigator/ansible-runner in a container, which then runs other EE containers in that container. Is there any guidance or how-tos about how to do this?

timway commented 2 years ago

This may help for those looking to write these bits. Using the podman/stable image on quay.io it is possible to quickly show a container that is capable of running ansible-navigator with process isolation via podman.

This was done on Fedora 36 running podman rootless.

On the host system you launch quay.io/podman/stable:v4.1.1 with some additional capabilities and other options. This would be the image a CICD system would launch for example so you may need to extend this image to include additional tools prior to even doing this.

cd `mktemp -d`

cat << EOF > playbook.yml
---
- hosts: localhost

  tasks:
    - ansible.builtin.debug:
        msg: Hello World
EOF

cat << EOF > ansible-navigator.yml
---
ansible-navigator:
  ansible:
    playbook:
      path: playbook.yml
  execution-environment:
    image: quay.io/ansible/creator-ee:v0.6.0
EOF

podman run \
    --cap-add=sys_admin,mknod \
    --device=/dev/fuse \
    --security-opt label=disable \
    --volume .:/cicd-workspace \
    --rm -it \
    quay.io/podman/stable:v4.1.1 \
    bash

With this you'll be tossed into an interactive terminal as root inside the container. To use ansible-navigator we install it via pypi. These steps could also be moved to a Containerfile so the image launched by a CICD system is ready to go.

dnf --assumeyes install python3-virtualenv python3.8
virtualenv --python /usr/bin/python3.8 /ansible-navigator
source /ansible-navigator/bin/activate
python -m pip install ansible-navigator==2.1.0
deactivate

In the very first step a volume was mounted for the current working directory. A configuration file for ansible-navigator was added to it and a very simple playbook. This can now be executed inside our container.

cd /cicd-workspace
/ansible-navigator/bin/ansible-navigator run

The creator-ee is used here but it could be extended to include configuration like the podman/stable image has to allow further container functionality inside the EE as well. Another issue is tracking that too already.

Reference: https://www.redhat.com/sysadmin/podman-inside-container