-
Ansible Automation Platform - 用 Ansible Navigator 开发测试 Playbook
《OpenShift / RHEL / DevSecOps / Ansible 汇总目录》
请参考 《Ansible Automation Platform - 功能构成》一文了解什么是 Ansible Navigator 和 Execution Environment。
安装最新版 Ansible Navigator
Ansible Navigator 需要本地有 docker 或 podman 的容器运行环境以及 Python 3 环境。我们以 podman 为例说明如何安装 Ansible Navigator。
用 root 用户在 /etc/yum.repos.d 目录中创建内容如下的 ansible.repo 文件。
[ansible-tower] name=Ansible Tower Repository - $releasever $basearch baseurl=http://releases.ansible.com/ansible-tower/rpm/epel-7-$basearch enabled=0 gpgcheck=0 [ansible-tower-dependencies] name=Ansible Tower Dependencies Repository - $releasever $basearch baseurl=http://releases.ansible.com/ansible-tower/rpm/dependencies/3.8/epel-7-$basearch enabled=0 gpgcheck=0- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
用一般用户执行命令安装 podman 和 python3-pip。
$ sudo dnf install podman $ sudo dnf install python3-pip- 1
- 2
执行以下命令,从输出的结果确认最新的 ansible-navigator 版本,然后安装最新版本即可。
$ python3 -m pip install ansible-navigator=1.1.1 --user Collecting ansible-navigator==1.1.1 Could not find a version that satisfies the requirement ansible-navigator==2.0.1 (from versions: 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 1.0.0a1, 1.0.0a2, 1.0.0b1, 1.0.0rc1, 1.0.0rc2, 1.0.0, 1.1.0, 2.0.0a0, 2.0.0a1) $ python3 -m pip install ansible-navigator=2.0.0a1 --user- 1
- 2
- 3
- 4
最后设置环境变量。
$ echo 'export PATH=$HOME/.local/bin:$PATH' >> ~/.profile $ source ~/.profile- 1
- 2
了解 ansible-navigator 命令
新版 Ansible Automation Platform 为 Ansible Playbook 的开发人员提供了 ansible-navigator 命令,它可以替代以前 ansible、ansible-vault、ansible-config、ansible-inventory 等多个命令。原有命令和 ansible-navigator 命令对应关系如下:
ansible command ansible-navigator command ansible ansible-navigator exec – ansible ansible-builder ansible-navigator builder ansible-config ansible-navigator config ansible-doc ansible-navigator doc ansible-inventory ansible-navigator inventory ansible-galaxy ansible-navigator exec -- ansible-galaxy ansible-lint ansible-navigator lint ansible-playbook ansible-navigator run ansible-test ansible-navigator exec -- ansible-test ansible-vault ansible-navigator exec -- ansible-vault 使用 ansible-navigator 命令
下载 EE 镜像
由于 ansible-navigator 将使用容器运行 Playbook,因此首次运行 ansible-navigator 命令会自动下载 Ansible Execution Environment 用到的 quay.io/ansible/creator-ee 镜像。
$ ansible-navigator -------------------------------------------------------------------- Execution environment image and pull policy overview -------------------------------------------------------------------- Execution environment image name: quay.io/ansible/ansible-navigator-demo-ee:v0.9.1 Execution environment image tag: v0.9.1 Execution environment pull arguments: None Execution environment pull policy: tag Execution environment pull needed: True -------------------------------------------------------------------- Updating the execution environment -------------------------------------------------------------------- Running the command: podman pull quay.io/ansible/creator-ee:v0.9.1 Trying to pull quay.io/ansible/creator-ee:v0.9.1... Getting image source signatures Copying blob f0a2109a2528 done Copying blob 48ce73c7e477 done Copying blob 9f45cf1cd9f2 done Copying blob bfd1401568a8 done Copying blob fee18ea417d6 done Copying blob d476c80a44d7 done Copying blob 4aebe424f143 done Copying blob efc5b38d83d9 done Copying blob 410787409650 done Copying blob edb89913e580 done Copying blob 6b561e91716e done Copying blob 34d2a1249074 done Copying blob 1cb646aa85f3 done Copying blob 764ac4e7ad9b done Copying blob 0a1c53b5e37b done Copying blob 229587a136fc done Copying blob 29a5ca154d1a done Copying blob ff219ea64e3c done Copying blob 0c6ae578cad8 done Copying blob 6959376cbaa5 done Copying blob 986b929179dc done Copying blob 6b720af45b2e done Copying config d1524b4410 done Writing manifest to image destination Storing signatures d1524b4410d034b784fc0f32d6051cf384f676b16d690286297374923014cfd4- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
确认本地已有 quay.io/ansible/creator-ee 镜像了。
$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/ansible/creator-ee v0.9.1 d1524b4410d0 5 weeks ago 1.4 GB- 1
- 2
- 3
执行 ansible-navigator 命令也可看到本地镜像。
$ ansible-navigator images Image Tag Execution environment Created Size 0│creator-ee v0.9.1 True 5 weeks ago 1.4 GB- 1
- 2
- 3
查看 ansible-navigator 的 EE 中 ansible 的运行环境版本。
$ ansible-navigator exec -- ansible --version ansible [core 2.13.4] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.8.13 (default, Jun 24 2022, 15:27:57) [GCC 8.5.0 20210514 (Red Hat 8.5.0-13)] jinja version = 3.1.2 libyaml = True- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
查看 EE 镜像中包含的 Collection
可执行 ansible-navigator 命令查看缺省 EE 镜像中包含了多个 Collection。
$ ansible-navigator collections Name Version Shadowed Type Path 0│ansible.builtin 2.13.4 False contained /usr/local/lib/python3.8/site-packages/ansible 1│ansible.posix 1.4.0 False contained /usr/share/ansible/collections/ansible_collections/ansible/posix 2│ansible.windows 1.11.1 False contained /usr/share/ansible/collections/ansible_collections/ansible/windows 3│awx.awx 21.7.0 False contained /usr/share/ansible/collections/ansible_collections/awx/awx 4│containers.podman 1.9.4 False contained /usr/share/ansible/collections/ansible_collections/containers/podman 5│kubernetes.core 2.3.2 False contained /usr/share/ansible/collections/ansible_collections/kubernetes/core 6│redhatinsights.insights 1.0.7 False contained /usr/share/ansible/collections/ansible_collections/redhatinsights/insights 7│theforeman.foreman 3.6.0 False contained /usr/share/ansible/collections/ansible_collections/theforeman/foreman- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
运行 Playbook
创建内容如下的 test.yml 剧本。
--- - name: this is just a test hosts: localhost gather_facts: true tasks: - name: ping test ansible.builtin.ping:- 1
- 2
- 3
- 4
- 5
- 6
- 7
然后用 ansible-navigator 执行 test.yml 剧本。
$ ansible-navigator run ./test.yml -m stdout- 1
提示输入变量
创建内容如下的 var-promote.yml 剧本,其中包含输入变量提示。
--- - name: Input password from promote hosts: localhost gather_facts: false vars_prompt: - name: my_password prompt: Enter password confirm: yes tasks: - name: Print password ansible.builtin.debug: msg: 'Your password is {{ my_password }}'- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
执行以下命令运行剧本。
$ ansible-navigator run var-promote.yml -m stdout --playbook-artifact-enable false --ask-pass- 1
指定运行 Playbook 使用的 EE 镜像
注意:执行以下 Playbook 需要有一个 Ansible Controller 环境。
先执行以下命令登录 registry.redhat.io 后下载 ee-supported-rhel8 镜像, 它可以运行 ansible.controller 集合中的模块。$ podman login registry.redhat.io $ podman pull registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest- 1
- 2
创建内容如下的 add-inventory.yml 剧本。vars 中的三个变量为 Ansible Controller 的访问地址和登录用户,可修改为适合自己环境的内容。
- name: Create Inventory once piece at a time hosts: localhost gather_facts: false vars: ansible_controller_username: admin ansible_controller_password: Rxg0P30I1GMVmIkAPv01NbooEJaPDmd0 ansible_controller_host: https://my-ansible-controller-ansible-automation-platform.apps-crc.testing collections: - ansible.controller tasks: - name: Add inventory inventory: name: Book Inventory description: Create Inventory once piece at a time organization: Default state: present controller_host: "{{ ansible_controller_host }}" controller_username: "{{ ansible_controller_username }}" controller_password: "{{ ansible_controller_password }}" validate_certs: false - name: Add host host: name: ansible-client01 description: "ansible-client01" inventory: Book Inventory variables: hosts_var: 192.168.203.118 state: present controller_host: "{{ ansible_controller_host }}" controller_username: "{{ ansible_controller_username }}" controller_password: "{{ ansible_controller_password }}" validate_certs: false - name: Add group group: name: Linux-VM inventory: Book Inventory hosts: - ansible-client01 state: present controller_host: "{{ ansible_controller_host }}" controller_username: "{{ ansible_controller_username }}" controller_password: "{{ ansible_controller_password }}" validate_certs: false- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
执行命令运行 add-inventory.yml 剧本,其中指定使用 ee-supported-rhel8 镜像运行该剧本。
$ ansible-navigator run add-inventory.yml -m stdout --eei registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest- 1
指定默认使用的 EE 镜像
执行以下命令,在当前用户 HOME 中创建内容如下的 .ansible-navigator.yml 文件,其中设置了默认使用的 EE 镜像。
--- $ cat > ~/.ansible-navigator.yml << EOF ansible-navigator: execution-environment: image: registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest EOF- 1
- 2
- 3
- 4
- 5
- 6
执行命令,确认当前运行 ansible-navigator 使用的 EE 镜像,其中标记为 “primary” 为目前使用的 EE 镜像。
$ ansible-navigator images --- NAME TAG EXECUTION ENVIRONMENT CREATED SIZE 0│creator-ee v0.9.1 True 15 months ago 1.35 GB 1│ee-supported-rhel8 (primary) latest True 6 days ago 1.64 GB- 1
- 2
- 3
- 4
Execution Environment 镜像差异说明
查看 RedHat 官方 EE 中包含的 Collection
运行以下命令,可以查看一个 EE 镜像中包含的 Collection 列表。
$ podman run -it --rm registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8 ansible-galaxy collection list # /usr/share/ansible/collections/ansible_collections Collection Version ----------------------- ------- amazon.aws 3.2.0 ansible.controller 4.2.1 ansible.netcommon 3.1.1 ansible.network 1.2.0 ansible.posix 1.3.0 ansible.security 1.0.0 ansible.utils 2.6.1 ansible.windows 1.9.0 ansible.yang 1.0.0 arista.eos 5.0.0 cisco.asa 3.0.0 cisco.ios 3.0.0 cisco.iosxr 3.0.0 cisco.nxos 3.0.0 cloud.common 2.1.1 frr.frr 2.0.0 ibm.qradar 2.0.0 junipernetworks.junos 3.0.0 kubernetes.core 2.2.3 openvswitch.openvswitch 2.1.0 redhat.insights 1.0.7 redhat.openshift 2.1.0 redhat.rhv 1.6.5 redhat.satellite 3.3.0 servicenow.itsm 1.3.3 splunk.es 2.0.0 trendmicro.deepsec 2.0.0 vmware.vmware_rest 2.1.5 vyos.vyos 3.0.0- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
也可以运行以下命令查看一个 EE 镜像中包含的 Collection 列表。
NAME VERSION SHADOWED TYPE PATH 0│amazon.aws 3.2.0 False contained /usr/share/ansible/collections/ansible_collections/amazon/aws/ 1│ansible.controller 4.2.1 False contained /usr/share/ansible/collections/ansible_collections/ansible/controller/ 2│ansible.netcommon 3.1.1 False contained /usr/share/ansible/collections/ansible_collections/ansible/netcommon/ 3│ansible.network 1.2.0 False contained /usr/share/ansible/collections/ansible_collections/ansible/network/ 4│ansible.posix 1.3.0 False contained /usr/share/ansible/collections/ansible_collections/ansible/posix/ 5│ansible.security 1.0.0 False contained /usr/share/ansible/collections/ansible_collections/ansible/security/ 6│ansible.utils 2.6.1 False contained /usr/share/ansible/collections/ansible_collections/ansible/utils/ 7│ansible.windows 1.9.0 False contained /usr/share/ansible/collections/ansible_collections/ansible/windows/ 8│ansible.yang 1.0.0 False contained /usr/share/ansible/collections/ansible_collections/ansible/yang/ 9│arista.eos 5.0.0 False contained /usr/share/ansible/collections/ansible_collections/arista/eos/ 10│cisco.asa 3.0.0 False contained /usr/share/ansible/collections/ansible_collections/cisco/asa/ 11│cisco.ios 3.0.0 False contained /usr/share/ansible/collections/ansible_collections/cisco/ios/ 12│cisco.iosxr 3.0.0 False contained /usr/share/ansible/collections/ansible_collections/cisco/iosxr/ 13│cisco.nxos 3.0.0 False contained /usr/share/ansible/collections/ansible_collections/cisco/nxos/ 14│cloud.common 2.1.1 False contained /usr/share/ansible/collections/ansible_collections/cloud/common/ 15│frr.frr 2.0.0 False contained /usr/share/ansible/collections/ansible_collections/frr/frr/ 16│ibm.qradar 2.0.0 False contained /usr/share/ansible/collections/ansible_collections/ibm/qradar/ 17│junipernetworks.junos 3.0.0 False contained /usr/share/ansible/collections/ansible_collections/junipernetworks/junos/ 18│kubernetes.core 2.2.3 False contained /usr/share/ansible/collections/ansible_collections/kubernetes/core/ 19│openvswitch.openvswitch 2.1.0 False contained /usr/share/ansible/collections/ansible_collections/openvswitch/openvswitch/ 20│redhat.insights 1.0.7 False contained /usr/share/ansible/collections/ansible_collections/redhat/insights/ 21│redhat.openshift 2.1.0 False contained /usr/share/ansible/collections/ansible_collections/redhat/openshift/ 22│redhat.rhv 1.6.5 False contained /usr/share/ansible/collections/ansible_collections/redhat/rhv/ 23│redhat.satellite 3.3.0 False contained /usr/share/ansible/collections/ansible_collections/redhat/satellite/ 24│servicenow.itsm 1.3.3 False contained /usr/share/ansible/collections/ansible_collections/servicenow/itsm/ 25│splunk.es 2.0.0 False contained /usr/share/ansible/collections/ansible_collections/splunk/es/ 26│trendmicro.deepsec 2.0.0 False contained /usr/share/ansible/collections/ansible_collections/trendmicro/deepsec/ 27│vmware.vmware_rest 2.1.5 False contained /usr/share/ansible/collections/ansible_collections/vmware/vmware_rest/ 28│vyos.vyos 3.0.0 False contained /usr/share/ansible/collections/ansible_collections/vyos/vyos/- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
查看 quay.io 的 EE 中包含的 Collection
执行以下命令查看一个 EE 镜像中包含的 Collection 列表。
$ ansible-navigator collections --eei quay.io/ansible/creator-ee:v0.9.1 Name Version Shadowed Type Path 0│ansible.builtin 2.13.4 False contained /usr/local/lib/python3.8/site-packages/ansible 1│ansible.posix 1.4.0 False contained /usr/share/ansible/collections/ansible_collections/ansible/posix 2│ansible.windows 1.11.1 False contained /usr/share/ansible/collections/ansible_collections/ansible/windows 3│awx.awx 21.7.0 False contained /usr/share/ansible/collections/ansible_collections/awx/awx 4│containers.podman 1.9.4 False contained /usr/share/ansible/collections/ansible_collections/containers/podman 5│kubernetes.core 2.3.2 False contained /usr/share/ansible/collections/ansible_collections/kubernetes/core 6│redhatinsights.insights 1.0.7 False contained /usr/share/ansible/collections/ansible_collections/redhatinsights/insights 7│theforeman.foreman 3.6.0 False contained /usr/share/ansible/collections/ansible_collections/theforeman/foreman- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
从上面我们可以看到 ansible-navigator 缺省使用的 EE 镜像来自 quay.io 网站,这是 RedHat 官方(redhat.)提供镜像的上游开源镜像源,它其中包含的 Collection 和 RedHat 官方提供的会在数量上、版本和名称上稍有差异。
错误处理
如果在使用 ansible-navigator 运行 Playbook 出现以下错误:
$ ansible-navigator run add-inventory-ee.yml -m stdout --eei registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest 。。。 。。。 Error: copying system image from manifest list: Source image rejected: None of the signatures were accepted, reasons: open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory; open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory; open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory; open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory; open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory; open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory; open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory; open /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory- 1
- 2
- 3
- 4
可以去掉 /etc/containers/policy.json 文件中带有 “/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta” 的 keyPaths 配置。
$ more /etc/containers/policy.json { "default": [ { "type": "insecureAcceptAnything" } ], "transports": { "docker": { "registry.access.redhat.com": [ { "type": "signedBy", "keyType": "GPGKeys", "keyPaths": ["/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta"] } ], "registry.redhat.io": [ { "type": "signedBy", "keyType": "GPGKeys", "keyPaths": ["/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta"] } ] }, "docker-daemon": { "": [ { "type": "insecureAcceptAnything" } ] } } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
ansible-navigator 命令 FAQ
https://ansible-navigator.readthedocs.io/en/latest/faq/
-
相关阅读:
TensorFlow模型训练常见案例
2024水科技大会暨技术装备成果展览会——城镇雨污分流及污水处理提质增效论坛(五)
Java 基础入门,小白提升路线图
【小程序源码】视频壁纸支持多种分类短视频另外也有静态壁纸
requests正常scrapy异常---终极解决方案
哈希表及其封装
HarmonyOS/OpenHarmony应用开发-FA卡片开发体验
【uni-app】uni-app之云开发uniCloud跨全栈开发笔记总结,包括一个 schema自动生成代码小案例(附详细截图)
Excel的简单操作基础
【图像分类】【深度学习】【Pytorch版本】ResNet模型算法详解
- 原文地址:https://blog.csdn.net/weixin_43902588/article/details/127756952
