cancel
Showing results for 
Search instead for 
Did you mean: 
DeepakRamanath
Flight Engineer
Flight Engineer
  • 544 Views

Containerfile with ansible-builder

Jump to solution

I'm currently doing the Review-3 lab and noticed that when 

ansible-builder create

 

command is issued, a context directory gets generated with a Containerfile in it. When this is the case, what is the rationale behind providing an example Containerfile? As a test, I just used this auto generated Containerfile and the image creation was successful.

1 Solution

Accepted Solutions
Travis
Moderator
Moderator
  • 538 Views

@DeepakRamanath -

The DO374 course uses a slightly older version of AAP (2.0) which means that the version of ansible-builder is also older. At the time, the configuration file didn't allow you to specify everything and truly customize the container image being built and it also required 3 resource files to specify collection requirements, Python requirements, and system dependencies (RPMs and OS packages) that were needed. 

The true reason for doing the "multi-stage" build is so that you can build from the Containerfile and have the SSL certificates included. The newer version of ansible-builder allows you to do much more customizations with the container image including additional custom files, additional packages, as well as specifying some of your dependencies directly in the file.

https://ansible.readthedocs.io/projects/builder/en/latest/definition/#version-3-sample-file

It might not matter as much for this lab as I believe certificates are available for retrieving the collections, etc. it could matter more in a production environment where you must take care of SSL certificates as you should be verifying you have a proper and secure SSL connection.

The ansible-builder create can allow a two-step process and you can modify both the Containerfile and contents of the context directory. However, once you do that, you must then build with the podman command as the building with the ansible-builder command will wipeout and undo customizations and changes you made outside the regular config file instructions (the YAML files and TXT files you created).

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

4 Replies
Travis
Moderator
Moderator
  • 539 Views

@DeepakRamanath -

The DO374 course uses a slightly older version of AAP (2.0) which means that the version of ansible-builder is also older. At the time, the configuration file didn't allow you to specify everything and truly customize the container image being built and it also required 3 resource files to specify collection requirements, Python requirements, and system dependencies (RPMs and OS packages) that were needed. 

The true reason for doing the "multi-stage" build is so that you can build from the Containerfile and have the SSL certificates included. The newer version of ansible-builder allows you to do much more customizations with the container image including additional custom files, additional packages, as well as specifying some of your dependencies directly in the file.

https://ansible.readthedocs.io/projects/builder/en/latest/definition/#version-3-sample-file

It might not matter as much for this lab as I believe certificates are available for retrieving the collections, etc. it could matter more in a production environment where you must take care of SSL certificates as you should be verifying you have a proper and secure SSL connection.

The ansible-builder create can allow a two-step process and you can modify both the Containerfile and contents of the context directory. However, once you do that, you must then build with the podman command as the building with the ansible-builder command will wipeout and undo customizations and changes you made outside the regular config file instructions (the YAML files and TXT files you created).

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
DeepakRamanath
Flight Engineer
Flight Engineer
  • 509 Views

Thanks Travis.

In the exam if we were to be asked this, can we still use the way we learn in the lab? Have requirements.txt for Python and bindep.txt for system dependencies?

Travis
Moderator
Moderator
  • 462 Views

@DeepakRamanath -

As you know, we can't answer or even discuss specific exam questions. However, what I can state which is also part of the information you're given is that each course is based on specific RHEL and AAP versions. If the course has a corresponding exam, the exam is based on the same RHEL and AAP versions. Additionally, when using "newer" technologies, these are often backwards compatible with older standards and versions (until things get deprecated and removed) so even when I've used the newer "upstream" ansible-builder command, I was still able to buid the EE based on what I had done for demos for students in this course.

Again, with all RH certifcation exams, we are interested in the end state and the outcomes, so there are often multiple ways to get there. Keep in mind also from a practical standpoint, EEs are just containers based on a container image and as you saw in the course, we do show a little bit behind the curtain with Podman. I've actually taken the supported EEs in the past, started as a container using Podman and used the ansible-galaxy command to install roles and collections in the EE and I saved the running container as a new container image for my new EE that includes the "supported" plus the X, Y, Z that I added. Not elegant way of doing things, but it is quick, easy, and fast.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
DeepakRamanath
Flight Engineer
Flight Engineer
  • 361 Views

Thank you for your explanation.

0 Kudos
Join the discussion
You must log in to join this conversation.