community-ansible-dev-tools

A container image for Ansible Development Tools (ADT).

The ADT python package provides an easy way to install and discover the best tools available to create and test ansible content. More details on ADT can be found in https://ansible.readthedocs.io/projects/dev-tools/.

This image is built on top of Fedora 39 minimal and has container-in-container support with podman.

Installation

podman pull ghcr.io/ansible/community-ansible-dev-tools:latest

Usage

Using this as a VS code Dev Container

Dev Containers provide you with a containerized development environment in VS code. Details on what they are and how to use them can be found in Developing inside a Container.

This image can be used as an image for a Dev Container where you build and consume Ansible content.

This repository comes with a sample .devcontainer directory with 2 subdirectories - podman and docker each having it's own devcontainer.json file.

You can simply copy over the .devcontainer directory to your Ansible project and start using it!

Using this with Github Codespaces

To use this image with Github Codespaces, copy the devcontainer.json in this repo to your project and push to Github.

Note: If you are planning to start writing a new Ansible playbook project or collection, use Ansible Creator to scaffold it for you and your project/collection will already have all the .devcontainer files ready.

Using this image as an EE

This image can also be used as an Ansible Execution Environment (EE). If you're not familiar with what an EE is, checkout the documentation in Getting started with EE. It is shipped with the following Ansible collections:

• ansible.netcommon
• ansible.posix
• ansible.scm
• ansible.utils

You can also create a new EE based on this with more Ansible collections (or Python/System packages) of your choice by using Ansible Builder. Read this documentation to know about ansible-builder.

The below example shows how to make a custom EE that adds the amazon.aws and cisco.nxos collections as well as the ansible-pylibssh python package to this image.

1. Create an execution-environment.yml file with the following content.

   ---
   version: 3
   
   images:
     base_image: ghcr.io/ansible/community-ansible-dev-tools-container:latest
   
   dependencies:
     galaxy: requirements.yml
     python: requirements.txt

2. Populate requirements.txt and requirements.yml with the respective contents.

   requirements.txt

   ansible-pylibssh==1.1.0

   requirements.yml

   ---
   collections:
   - name: amazon.aws
   - name: cisco.nxos

3. Use ansible-builder to create the new EE.

   ansible-builder build -t custom-ee:latest --prune-images -v3

Once this image is built, you can use ansible-navigator to reference this image and run your playbooks!

Using with podman from the command-line

If you want to use this image with podman the following command to run the container.

podman run 	-it --rm \
 --cap-add=SYS_ADMIN \
 --cap-add=SYS_RESOURCE \
 --device "/dev/fuse" \
 --hostname=ansible-dev-container \
 --name=ansible-dev-container \
 --security-opt "apparmor=unconfined" \
 --security-opt "label=disable" \
 --security-opt "seccomp=unconfined" \
 --user=root \
 --userns=host \
 -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK \
 -v ansible-dev-tools-container-storage:/var/lib/containers \
 -v $HOME/.gitconfig:/root/.gitconfig \
 -v $PWD:/workdir \
 -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK \
 ghcr.io/ansible/community-ansible-dev-tools:latest

Note:

• The security-opt and cap-add options are used to allow podman to run in the container.
• The device option is used to allow the container to access the /dev/fuse device.
• userns=host maps the default user account to root user in container.
• This command will mount the current directory to /workdir in the container
• The SSH agent socket is also mounted to the container to allow for SSH key forwarding.
• The user's .gitconfig is mounted to the container to allow for git operations.
• The ansible-dev-tools-container-storage volume is mounted to the container to store the nested container images on the host.

Signing git commits (SSH)

If the user.signingkey in the gitconfig points directly public key on the file system that key may not be available in the container.

If only one key is preset, the ssh-add command can be used for key retrieval in the user's gitconfig:

[gpg "ssh"]
	defaultKeyCommand = ssh-add -L

Alternatively, the public key can added in-line in the gitconfig

[user]
  email = u[email protected]
  name = User's fullname
  signingkey = key:: ssh-rsa AAAAB3N

Layering ADT and container-in-container support on a custom image

In order to add the Ansible Devtools package and the container-in-container support with podman using a custom EE or another container image, you can use to the final Containerfile from this repository. Update the FROM instruction to point to your preferred image and build it using podman or docker.

Note: The container-in-container support is added with the help of the podman image definition. For more information, read How to use Podman inside of a container.

Related Links

• adt
• ansible-builder
• ansible-creator
• podman

Code of Conduct

We ask all of our community members and contributors to adhere to the Ansible code of conduct.

License

GNU General Public License v3.0 or later.

See LICENSE to see the full text.