One tiny piece to get it to work

So if you ever tried to build your docker images with a pipeline possibly you have found some errors that it can’t connect to docker. Well this is correct since an container normally cannot connect to it. What can you then do to make it work? Well actually it is pretty easy!

First of all I won’t go through installing gitlab runner or adding it to a project and so on but lets keep it simple. There is 1 trick to make it work and that is to make sure the following is in the /etc/gitlab-runner/config.toml

volumes = ["/var/run/docker.sock:/var/run/docker.sock","/cache"]

That way the container can reach the docker socket.

A word of advice

Always think about security! With this the docker container can do more then it would normally do. Isolate the runner maybe and of course: Monitor it!

And that was all

Well it was pretty short but that was all =) took me a while to figure it out a bit but hopefully it helps somebody!

Well what do you need?

So What is needed you ask? Well not so much actually..

• A build host or your PC or laptop.
• Ansible-builder installed
• Docker or podman installed and confgured.
• A place to place your image, like a registry or in oour case lets use gitlab =)

Not that long of a list I presume? If you use self hosted gitlab make sure you enable the container registry option.

Lets start building!

So lets get started!
First we need ansible-builder installed.. How we do that you ask?
pip3 install ansible-builder And that is all to get it installed.. I won’t go through on how to install docker or podman since there are quite allot of good guides for that. But just make sure you have it up and running.

So lets start a simple build shall we?
First lets make a new directory and create a new file called execution-environment.yml

mkdir eebuild
touch eebuild/execution-environment.yml 

Now lets edit the yml file we just created in your favorite editor.
You can copy what I stated bellow or just make it how you want, we will go through the items step by step

---
version: 3
images:
  base_image:
    name: quay.io/centos/centos:stream9
dependencies:
  ansible_core:
    package_pip: ansible-core>=2.15.0rc2,<2.16
  ansible_runner:
    package_pip: ansible-runner
  galaxy: |
    ---
    collections:
      - name: awx.awx
      - name: ansible.posix
      - name: ansible.windows
      - name: community.general
  system: |
    git-core [platform:rpm]
    python3.9-devel [platform:rpm compile]
    libcurl-devel [platform:rpm compile]
    krb5-devel [platform:rpm compile]
    krb5-workstation [platform:rpm]
    subversion [platform:rpm]
    subversion [platform:dpkg]
    git-lfs [platform:rpm]
    sshpass [platform:rpm]
    rsync [platform:rpm]
    epel-release [platform:rpm]
    python-unversioned-command [platform:rpm]
    unzip [platform:rpm]
    podman-remote [platform:rpm]
    cmake [platform:rpm compile]
    gcc [platform:rpm compile]
    gcc-c++ [platform:rpm compile]
    make [platform:rpm compile]
    openssl-devel [platform:rpm compile]
  python: |
    ncclient
    paramiko
    pykerberos
    pyOpenSSL
    pypsrp[kerberos,credssp]
    pywinrm[kerberos,credssp]
    toml
    pexpect>=4.5
    python-daemon
    pyyaml
    six
    receptorctl
    python-tss-sdk
additional_build_steps:
  append_base:
    - RUN $PYCMD -m pip install -U pip
  append_final:
    - COPY --from=quay.io/ansible/receptor:devel /usr/bin/receptor /usr/bin/receptor
    - RUN mkdir -p /var/run/receptor
    - RUN git lfs install --system

So lets go through a couple of items..
First of all at the base_image you state which image you want to use, I for now use the centos stream9 image.. It isn’t as bad as many people say, it just works.
Then the next interesting part is the Galaxy part.
You can do this a couple of ways, or as I have stated here in one file. Or you can create a yml file and point to that one.
Same goes for system and python. For further information please take a look at RedHats documentation: Ansible builder docs.

We created the files, but now lets really start building!

So we created the files we needed and a special directory. Awesome! we are halfway there.. Now lets start building!! So we go to the directory and then we start the command:

ansible-builder build -v3 -t <name-for-image> --container-runtime=docker

Replace the with a real name like: awesome-first-image.
The –container-runtime=docker is only needed when you use docker for your build. When using podman you don’t need to define it. Now with the build command it will create the image also. With the -v3 we get allot more logging, who doesn’t love allot of text on their screen to make them look busy? You don’t want to have it also build and create the image and only create the docker or podman files?

ansible-builder create .....  

This will only create a Containerfile without a image.

Now we created and build a image.. How do we use it and where to put it?

Well good question if I ask so my self.. You can use a registry for that. In this case we will use gitlab since I have it and I don’t want to setup anything else for now.
So lets login to gitlab and creat a repo.. Done it? Great job, I am proud of you..
Now inside the repo Go to: deploy –> container registry. Follow the steps that for creating a Personal access token if needed and lets go for it.
Now we have the repo ready and the image build, in this example I will use docker commands as example, podman commands can be found in their docs.

docker login registry.gitlab.com # with this we login to the docker registry.. 
docker build -t registry.gitlab.com/jeffrey44113/awesomerepoforaimage . # only needed if you want to build the image again, always fun to do of course but don't forget to cd into the context directory if you want to do it
docker push registry.gitlab.com/jeffrey44113/awesomerepoforaimage # with this you push the created image to the registry

If you pushed the image refresh the page in gitlab and you should see the image located there.
Well done! now the image is ready to be used!

Now what about the AWX part?

Well that is actually the easiest part.
Go to AWX and login with a account hat has the rights for the administration part. Go to: Administration –> Execution Environments –> Add –> Fill in a good name like: The most awesome image eva. At the image part we will then place in the image name like: registry.gitlab.com/jeffrey44113/awesomerepoforaimage:latest.
For the pull options and registry credentials, use it if you prefer too. For now we will use the defaults.
Save it and you should have a beautiful new EE.

Now to use it you can define it in your job template or if you want your organisation to use that specific Execution Environment then:
Go to Access –> Organizations –> Select the Organization you want to edit –> Edit –> Select the Execution enviroment we just created.

And thats all folks

Well that is all you need to create your own EE, it isn’t difficult and the docs actually explains it better then I ever can do so do read it for sure!
And well it has been quite some time since I last time had made a post for this site. Reasons are more personal and I was busy mostly with my self last year.
I do hope to write a bit more and also more interesting subjects like Kubernetes, more AWX and also about how I am developing my own ansible modules for suse manager. Now lets just hope everything goes as plan for once and hope this post helped a bit!
See you next time.