AWX building custom execution environment

AWX default execution environment is pretty strong but in some cases it is not enough.

There days I wanted to run a play which require json_query for filtering out some outputs. All went well during tests from localhost so when I’ve wanted to run it using AWX I’ve got a super nice error:

fatal: [localhost]: FAILED! => {"msg": "template error while templating string: Could not load \"json_query\": 'Invalid plugin FQCN (community.general.json_query): unable to locate collection community.general'. String: {{ awx_hetzner_inventory.json.results | json_query(hosts_query) }}. Could not load \"json_query\": 'Invalid plugin FQCN (community.general.json_query): unable to locate collection community.general'"

Well this was the time when I saw a miss in default AWX EE and something challenged me to fix it.

First of all we need to setup our working environment. This include some dependencies like:

• Install Docker engine using the following link: https://docs.docker.com/engine/install/ubuntu/
• Install Ansible builder: pip install ansible-builder

Now we need to create execution-environment.yml;

---
version: 3
images:
  base_image:
    name: quay.io/centos/centos:stream9
dependencies:
  ansible_core:
    # Require minimum of 2.15 to get ansible-inventory --limit option
    package_pip: ansible-core>=2.15.0rc2,<2.16
  ansible_runner:
    package_pip: ansible-runner
  galaxy: |
    ---
    collections:
      - name: awx.awx
      - name: azure.azcollection
      - name: amazon.aws
      - name: theforeman.foreman
      - name: google.cloud
      - name: openstack.cloud
      - name: community.vmware
      - name: ovirt.ovirt
      - name: kubernetes.core
      - name: ansible.posix
      - name: ansible.windows
      - name: redhatinsights.insights
      - name: ansible.posix
      - name: community.aws
      - name: community.general
      - name: hetzner.hcloud
      - name: ansible.netcommon
      - name: community.docker
      - name: community.hashi_vault
      - name: community.zabbix
      - name: netbox.netbox
      - name: fortinet.fortios
      - name: community.mysql
      - name: community.postgresql
  system: |
    git-core [platform:rpm]
    python3.9-devel [platform:rpm compile]
    libcurl-devel [platform:rpm compile]
    krb5-devel [platform:rpm compile]
    krb5-workstation [platform:rpm]
    subversion [platform:rpm]
    subversion [platform:dpkg]
    git-lfs [platform:rpm]
    sshpass [platform:rpm]
    rsync [platform:rpm]
    epel-release [platform:rpm]
    python-unversioned-command [platform:rpm]
    unzip [platform:rpm]
  python: |
    git+https://github.com/ansible/ansible-sign
    ncclient
    paramiko
    pykerberos
    pyOpenSSL
    pypsrp[kerberos,credssp]
    pywinrm[kerberos,credssp]
    toml
    pexpect>=4.5
    python-daemon
    pyyaml
    six
additional_build_steps:
  append_base:
    - RUN $PYCMD -m pip install -U pip
  append_final:
    - COPY --from=quay.io/ansible/receptor:devel /usr/bin/receptor /usr/bin/receptor
    - RUN mkdir -p /var/run/receptor
    - RUN git lfs install --system

Then we will need to add requirements.txt:

git+https://github.com/ansible/ansible-builder.git@devel#egg=ansible-builder

With these steps done we can start not building image using command:

ansible-builder build --tag=custom-awx-ee --container-runtime=docker -v3

When this build is finished we will push it to our internal registry:

docker login registry_url
docker tag custom-awx-ee:latest registry_url/devops/awx-ee:latest
docker push registry_url/devops/awx-ee

Need help automating your infrastructure?
→ Check out our DevOps Services