You have tested running a Playbook that depends on the Podman collection with ansible-navigator in your custom Execution Environment. Now it’s time to use the custom EE with the Podman collection in Automation Controller.
Automation Hub Container Registry points to PAH
You can find the Authentication URL on your private automation hub by navigating to Execution Environments, select the EE you want to use and then in Details.
Execution Environments and add the new EE
Get the image location from your PAH: In Execution Environments click the image.
This time we’ll run the Playbook you used before, but in your custom EE! That means we shouldn’t have to use a requirements.yml file to automatically load the needed collection because containers.podman is already included in the EE.
https://github.com/ansible-learnfest/ee-flow.git with the branch wo-requirements. This branch contains no requirement.yml to automatically add the collection. If you want to double check, have a look a the Job output and you’ll notice that no collection was installed during project sync.Using Private Automation Hub chapter, or just create a copy of it. We want to make one change in the copied job template:
ee-ansible-demo you just created in the previous section of this lab.node3.<LABID>.internal and disable node1.<LABID>.internal.Now that you have learned how all the stages of building, testing, pushing and using a custom Execution Environment work, do it without help from the guide. Here are your tasks:
enforce-selinux.yml in https://github.com/ansible-learnfest/playbooks-challenge.git should be run with your custom EE against your managed nodes.So this is what you have to do:
ansible.cfg like this (fill in your AH token):[galaxy]
server_list = automation_hub
[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=my_ah_token
ansible-builder in the definition file to read the ansible.cfg file:[...]
dependencies:
galaxy: requirements.yml
python: requirements.txt
system: bindep.txt
ansible_config: /path/to/ansible.cfg
[...]
ansible-navigator inspect the new image to contain the needed collectionenforce-selinux.yml Playbook and the new version of the EEYou can disable automation controller’s feature to automatically download and install Ansible Collections by navigating to Settings -> Job Settings. Here you can disable Enable Collection(s) Download and Enable Role Download. By doing so, you force the automation controller to only use collections which are already part of the execution environment. This can be useful to make sure the collection inside the EE is not overridden by a newer version provided by your private automation hub or Ansible Galaxy. This gives you more predictable and reproducible Ansible Playbook execution.