In Chapter 1.7, Implementing Recommended Ansible Practices at the very end of the video (29m, 15 sec) the instructor makes a comment that ansible.posix.firewalld is not a part of ansible.buildtin and installs using ansible-galaxy command on the control node.
Kindly clarify.
I'm not certain I fully understand your question as it is framed, but I think you are wanting to know ... why do you install collections on Automation Controller or on a system that you are running ansible-navigator from when the expectation is that the colleciton will be in the Ansible Execution Environment?
You are correct in that when and if execution environments have the collections installed, there is no need to install a collection locally as it is builtin as part of the EE and therefore can be leveraged within playbooks. However, it might not always be the case that an execution environment contains all the collections, modules, and other things needed to run and execute a specific playbook. For this reason, we have the requirements.yml file that allows us to install collections and roles for use in our project (regardless of if they exist in the execution environment or not).
In the case of "workstation" running the playbook with ansible-navigator we are installing them locally to the project's directory and they are available then to run with our playbook in the execution environment. In the case of Automation Controller, the defined project will scan the project directory for a collections/requirements.yml and a roles/requirements.yml file to install any roles or collection dependencies.
When I've delivered the course, we I typically suggest using things like the rhel8-supported EE as it has most of the collections, modules, plugins that we need and we then only need to use the EE and there is no need to install additional collections and roles. However, I setup a fake scenario and now we need a new module that is in our custom collection that we've built ... do we create a custom EE or do we just install the collection locally into our project? In most cases (at first) we just install the collectiosn and roles in our projects. However, after we see we are using our custom collection and modules more and more often, we then make the decision to build and create a custom execution environment.
The purpose and goal of the DO374 is to expose some best practices on developing Ansible playbooks, working with Git, working with teams, as well as to introduce AAP 2.x where ansible-core no longer has all batteries included. Red Hat does provide multiple EEs where a bunch of content collections and modules already exist, but something like "minimal" wouldn't have the collections and modules that the "rhel8-supported" would. So we show you how to develop playbooks locally and eventually prepare them for Automation Controller. By the time you get to Chapter 9, you will be building your own collection and execution environment and from there, you and your team decide how to move forward with Ansible development projects. Do you build a new EE each time you change something small or for development or do you install collections and modules locally for development and testing and then after you see it will not change and everything works promote it to your custom execution environment image?
Hello @DeepakRamanath
Far from being an expert, well , ansible.posix.firewalld (and not ansible.posix.firewall) is a module plugin and , it is under (embedded-created) ansible.posix Collection
https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html#plugins-in-ansible-posi...
As mentioned, there is another different collection (ansible.builtin https://docs.ansible.com/ansible/latest/collections/ansible/builtin/index.html#plugins-in-ansible-bu...) that comes (bundles already) with Ansible Core.
Having Execution Environments separated from control node is the way of
-creating exactly a container image with the desired collections+stuff and nothing else
-being able to decouple specific EEs to be used by specific managed hosts
I feel my originial question was ill framed a bit and therefore making a second attempt at it.
I'm not certain I fully understand your question as it is framed, but I think you are wanting to know ... why do you install collections on Automation Controller or on a system that you are running ansible-navigator from when the expectation is that the colleciton will be in the Ansible Execution Environment?
You are correct in that when and if execution environments have the collections installed, there is no need to install a collection locally as it is builtin as part of the EE and therefore can be leveraged within playbooks. However, it might not always be the case that an execution environment contains all the collections, modules, and other things needed to run and execute a specific playbook. For this reason, we have the requirements.yml file that allows us to install collections and roles for use in our project (regardless of if they exist in the execution environment or not).
In the case of "workstation" running the playbook with ansible-navigator we are installing them locally to the project's directory and they are available then to run with our playbook in the execution environment. In the case of Automation Controller, the defined project will scan the project directory for a collections/requirements.yml and a roles/requirements.yml file to install any roles or collection dependencies.
When I've delivered the course, we I typically suggest using things like the rhel8-supported EE as it has most of the collections, modules, plugins that we need and we then only need to use the EE and there is no need to install additional collections and roles. However, I setup a fake scenario and now we need a new module that is in our custom collection that we've built ... do we create a custom EE or do we just install the collection locally into our project? In most cases (at first) we just install the collectiosn and roles in our projects. However, after we see we are using our custom collection and modules more and more often, we then make the decision to build and create a custom execution environment.
The purpose and goal of the DO374 is to expose some best practices on developing Ansible playbooks, working with Git, working with teams, as well as to introduce AAP 2.x where ansible-core no longer has all batteries included. Red Hat does provide multiple EEs where a bunch of content collections and modules already exist, but something like "minimal" wouldn't have the collections and modules that the "rhel8-supported" would. So we show you how to develop playbooks locally and eventually prepare them for Automation Controller. By the time you get to Chapter 9, you will be building your own collection and execution environment and from there, you and your team decide how to move forward with Ansible development projects. Do you build a new EE each time you change something small or for development or do you install collections and modules locally for development and testing and then after you see it will not change and everything works promote it to your custom execution environment image?
Travis, if I could, I give you 5 kudos on the response.
Eloquently explained!!!!
Hi @Travis,
Thanks for your detailed response.
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.