Lack of variable for container registry port

[benblasco]

Summary

The ee_builder role does not have a variable where one can separately define the port used for the ee_registry. This may be required in scenarios such as the container based install, which uses port 81/444 instead of 443 for automation hub. See README for the containerised installer here: https://gitlab.cee.redhat.com/ansible/aap-containerized-installer/-/tree/main

There is a variable defined called ee_registry_dest that is used by infra.ee_utilities.ee_builder.

This is typically defined as a hostname or a reference back to the AAP inventory, e.g.

ee_registry_dest: "{{ ah_host }}"

Is it valid to override the variable with something like the following?

ee_registry_dest: "{{ ah_host }}:444"

Issue Type

• Bug Report

Ansible, Collection, Docker/Podman details

[bblasco@bblasco-x1 workshop_project]$ ansible --version
ansible [core 2.14.8]
  config file = /home/bblasco/git/workshop_project/ansible.cfg
  configured module search path = ['/home/bblasco/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /home/bblasco/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.4 (main, Jun  7 2023, 00:00:00) [GCC 13.1.1 20230511 (Red Hat 13.1.1-2)] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

[bblasco@bblasco-x1 workshop_project]$ ansible-galaxy collection list                                                                    [91/4877]

# /usr/lib/python3.11/site-packages/ansible_collections
Collection                    Version 
----------------------------- ------- 
amazon.aws                    5.5.1   
ansible.netcommon             4.1.0   
ansible.posix                 1.5.4                     
ansible.utils                 2.10.3   
ansible.windows               1.14.0   
arista.eos                    6.0.1    
awx.awx                       21.14.0  
azure.azcollection            1.16.0   
check_point.mgmt              4.0.0    
chocolatey.chocolatey         1.4.0    
cisco.aci                     2.6.0    
cisco.asa                     4.0.1    
cisco.dnac                    6.7.2    
cisco.intersight              1.0.27   
cisco.ios                     4.6.1    
cisco.iosxr                   4.1.0    
cisco.ise                     2.5.12  
cisco.meraki                  2.15.1  
cisco.mso                     2.4.0   
cisco.nso                     1.0.3   
cisco.nxos                    4.4.0   
cisco.ucs                     1.8.0   
cloud.common                  2.1.3   
cloudscale_ch.cloud           2.3.1   
community.aws                 5.5.0   
community.azure               2.0.0   
community.ciscosmb            1.0.6   
community.crypto              2.14.0  
community.digitalocean        1.23.0  
community.dns                 2.5.5   
community.docker              3.4.7   
community.fortios             1.0.0   
community.general             6.6.2   
community.google              1.0.0                                                                                                      [53/4877]
community.grafana             1.5.4   
community.hashi_vault         4.2.1   
community.hrobot              1.8.0   
community.libvirt             1.2.0   
community.mongodb             1.6.0   
community.mysql               3.7.2   
community.network             5.0.0   
community.okd                 2.3.0   
community.postgresql          2.4.2   
community.proxysql            1.5.1   
community.rabbitmq            1.2.3   
community.routeros            2.8.2   
community.sap                 1.0.0   
community.sap_libs            1.4.1   
community.skydive             1.0.0   
community.sops                1.6.2   
community.vmware              3.7.0   
community.windows             1.13.0  
community.zabbix              1.9.3   
containers.podman             1.10.2  
cyberark.conjur               1.2.0   
cyberark.pas                  1.0.19  
dellemc.enterprise_sonic      2.0.0   
dellemc.openmanage            6.3.0   
dellemc.os10                  1.1.1   
dellemc.os6                   1.0.7   
dellemc.os9                   1.0.4   
dellemc.powerflex             1.6.0   
dellemc.unity                 1.6.0   
f5networks.f5_modules         1.25.0  
fortinet.fortimanager         2.2.0   
fortinet.fortios              2.3.0   
frr.frr                       2.0.2   
gluster.gluster               1.0.2   
google.cloud                  1.1.3   
grafana.grafana               1.1.1   
hetzner.hcloud                1.11.0  
hpe.nimble                    1.1.4                                                                                                      [15/4877]
ibm.qradar                    2.1.0   
ibm.spectrum_virtualize       1.12.0  
infinidat.infinibox           1.3.12  
infoblox.nios_modules         1.5.0   
inspur.ispim                  1.3.0   
inspur.sm                     2.3.0   
junipernetworks.junos         4.1.0   
kubernetes.core               2.4.0   
lowlydba.sqlserver            1.3.1   
mellanox.onyx                 1.0.0   
microsoft.ad                  1.2.0   
netapp.aws                    21.7.0  
netapp.azure                  21.10.0
netapp.cloudmanager           21.22.0
netapp.elementsw              21.7.0  
netapp.ontap                  22.7.0  
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0  
netapp_eseries.santricity     1.4.0   
netbox.netbox                 3.13.0  
ngine_io.cloudstack           2.3.0   
ngine_io.exoscale             1.0.0   
ngine_io.vultr                1.1.3   
openstack.cloud               1.10.0  
openvswitch.openvswitch       2.1.1   
ovirt.ovirt                   2.4.1   
purestorage.flasharray        1.19.1  
purestorage.flashblade        1.11.0  
purestorage.fusion            1.5.0   
sensu.sensu_go                1.13.2  
splunk.es                     2.1.0   
t_systems_mms.icinga_director 1.33.1  
theforeman.foreman            3.11.0  
vmware.vmware_rest            2.3.1   
vultr.cloud                   1.8.0   
vyos.vyos                     4.1.0   
wti.remote                    1.0.5   

# /home/bblasco/.ansible/collections/ansible_collections
Collection                      Version
------------------------------- -------
ansible.containerized_installer 1.1.1  
ansible.controller              4.4.0  
ansible.posix                   1.5.4  
community.crypto                2.14.1 
community.general               7.2.1  
community.postgresql            3.0.0  
containers.podman               1.10.2 
fedora.linux_system_roles       1.51.0 
infra.ee_utilities              2.0.8  
redhatinsights.insights         1.0.8  

[bblasco@bblasco-x1 workshop_project]$ podman --version
podman version 4.6.0

• ansible installation method: one of source, pip, OS package, EE OS package

OS / ENVIRONMENT

Ansible installed on Fedora 38 host, automating against RHEL 9.2

Desired Behavior

It would be good to have a separate variable for the registry port in case adding a port number to the ee_registry_dest variable has other unforeseen impacts.

Actual Behavior

Please give some details of what is actually happening. Include a minimum complete verifiable example with:

• playbook / task
• configuration file / list
• error

STEPS TO REPRODUCE

Run through this exercise on a containerised AAP install:

https://aap2.demoredhat.com/exercises/ansible_config_as_code/1-ee/

ansible-playbook -i inventory.yml -l builder playbooks/build_ee.yml  -vvv

[bblasco@bblasco-x1 workshop_project]$ cat group_vars/all/auth.yml 
---
controller_hostname: "{{ controller_host | default(groups['automationcontroller'][0]) }}"
controller_username: "{{ controller_user | default('admin') }}"
controller_password: "{{ controller_pass }}"
controller_validate_certs: false

ah_host: "{{ ah_hostname | default(groups['automationhub'][0]) }}"
ah_username: "{{ ah_user | default('admin') }}"
ah_password: "{{ ah_pass }}"
ah_path_prefix: 'galaxy'  # this is for private automation hub
ah_validate_certs: false

ee_registry_username: "{{ ah_username }}"
ee_registry_password: "{{ ah_password }}"
#ee_registry_dest: "{{ ah_host }}"
ee_registry_dest: "{{ ah_host }}"
...

Error message when the registry TCP port is not defined (truncated for brevity)

fatal: [aap.opti.blasco.id.au]: FAILED! => {                                                                                             [22/2085]
    "changed": false,
    "invocation": {
        "module_args": {
            "arch": null,
            "auth_file": null,
            "build": {
                "annotation": null,
                "cache": true,
                "extra_args": null,
                "file": null,
                "force_rm": false,
                "format": "oci",
                "rm": true,
                "volume": null
            },
            "ca_cert_dir": null,
            "executable": "podman",
            "force": false,
            "name": "config_as_code",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "path": null,
            "pull": false,
            "push": true,
            "push_args": {
                "compress": null,
                "dest": "aap.opti.blasco.id.au",
                "format": null,
                "remove_signatures": null,
                "sign_by": null,
                "transport": null
            },
            "state": "present",
            "tag": "latest",
            "username": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "validate_certs": false
        }
    },
       "msg": "Failed to push image config_as_code:latest: Getting image source signatures\nCopying blob sha256:699491b2659e9ec089b2484d8e91dd4aae206
510dbfdd9313ada5e1a0382e91c\nCopying blob sha256:aadc47c09f66ee89512816702bc9d52b3ba07218c1439fe6db90073baf239acb\nCopying blob sha256:5fa5c1c78a8
ee75e4110787664ba1bcff70b3aba0610b8347abe8b97d7965bc6\nCopying blob sha256:6da2fb060681490d0a4a3098038f270d8dd9d767aa67b953f6bbc22043660847\nCopyi
ng blob sha256:101e6c3495512ae1ef4c2d3c006fbb4b84b55a83bc8506076898ba612180987c\nCopying blob sha256:e0808177f5c4c2730293a9360de45d30e2560c519f997
e8cc1ca065f467e96fc\nCopying blob sha256:f8fd3a54d48519507c599ffa2cbdb166bd2002d90064617f22364fa3a023a838\nCopying blob sha256:d4df4b7e8eaf736fa82
e5f5181c41210a19888af820aa062d4ce6aa7174a2eef\nCopying blob sha256:7dfd83b5170b6dbd93a86fa9fb83907b7d61a927d99f5a86100d66cff7df9000\nCopying blob 
sha256:aa621dba5e8775fa865521bfbaf5eec46fdb40d25e66e4db04b03b0907417c0a\nCopying blob sha256:a39c6baf08b1dfa3a51382f3a3c66e0caad68299a5780340e56bb
47ec67ba798\nCopying blob sha256:1d211ae75d278611f94f1e277defaade3d374b2655fade5dfca5961505352c4d\nCopying blob sha256:32ad5db2dab571a9127abad63c2
6af1d560fe7629f3b3cbad973a1134a34b59d\nCopying blob sha256:d32c18715b984a5da60a892f7036993117142dd2a1094c068a7c103ca6827ddc\nCopying blob sha256:2
2e51cce938f662c1e55d33b0c8570ddd178e2b914e0bfbcf05c23e51131227d\nCopying blob sha256:869dbc4797e2590916b1a924df1806bf08e6cd44c8faca37e8dae3e254740
169\nCopying blob sha256:2d4417eff75beaaad46aa2655feaff1c55d471f9ea0710cebc927cf6ff2f5922\nCopying blob sha256:fe22d5e2e704494e428204c4e4cfa7f04e6
0e7ce21ffffdccd23ec7507e973a7\nCopying blob sha256:f3b23fbd1ce026e547668eb3a0de06c6eeacfdf474b3a570cade049f787b6214\nCopying blob sha256:9e44123f9
ca4f3572ef4dce29a00c86435c2c8eefa2d1bb4073d5dd1ce4088a2\nError: trying to reuse blob sha256:101e6c3495512ae1ef4c2d3c006fbb4b84b55a83bc8506076898ba
612180987c at destination: pinging container registry aap.opti.blasco.id.au: StatusCode: 404, \n\n\n\n<!DOCTYPE html>\n<html>\n  <head>\n    \n\n 
     \n ...\n"
}

[benblasco]

The desired outcome for the above can either:

• Add a variable to override the standard registry port of 443, or
• Document that it is valid to add a port number to the ee_registry_dest variable

[djdanielsson]

sorry I forgot to reply to this, couldn't you just put the port at the end of the ee_registry_dest var?

[sean-m-sullivan]

This is the answer I've tested, the dest var, and things like ah_host can contain port variables.

[benblasco]

Hi folks, apologis for not responding much much sooner. I ended up setting the variable as follows:

ah_host: "{{ ah_hostname | default(groups['automationhub'][0]) }}:444"
ee_registry_dest: "{{ ah_host }}"

I can't remember why I set it at the ah_host level, but I believe it was to cover off the port number being relevant in contexts beyond just hub as a container registry.