cancel
Showing results for 
Search instead for 
Did you mean: 
DeepakRamanath
Flight Engineer
Flight Engineer
  • 605 Views

Why collections need to be installed on control node?

Jump to solution

In Chapter 1.7, Implementing Recommended Ansible Practices at the very end of the video (29m, 15 sec) the instructor makes a comment that ansible.posix.firewalld is not a part of ansible.buildtin and installs using ansible-galaxy command on the control node.

If collections (regardless which one) are used in the Ansible Execution Environment, why do we need to install collections on the ansible controller?
 

Kindly clarify.

Labels (1)
1 Solution

Accepted Solutions
Travis
Moderator
Moderator
  • 529 Views

@DeepakRamanath -

I'm not certain I fully understand your question as it is framed, but I think you are wanting to know ... why do you install collections on Automation Controller or on a system that you are running ansible-navigator from when the expectation is that the colleciton will be in the Ansible Execution Environment?

You are correct in that when and if execution environments have the collections installed, there is no need to install a collection locally as it is builtin as part of the EE and therefore can be leveraged within playbooks. However, it might not always be the case that an execution environment contains all the collections, modules, and other things needed to run and execute a specific playbook. For this reason, we have the requirements.yml file that allows us to install collections and roles for use in our project (regardless of if they exist in the execution environment or not). 

In the case of "workstation" running the playbook with ansible-navigator we are installing them locally to the project's directory and they are available then to run with our playbook in the execution environment. In the case of Automation Controller, the defined project will scan the project directory for a collections/requirements.yml and a roles/requirements.yml file to install any roles or collection dependencies.

When I've delivered the course, we I typically suggest using things like the rhel8-supported EE as it has most of the collections, modules, plugins that we need and we then only need to use the EE and there is no need to install additional collections and roles. However, I setup a fake scenario and now we need a new module that is in our custom collection that we've built ... do we create a custom EE or do we just install the collection locally into our project? In most cases (at first) we just install the collectiosn and roles in our projects. However, after we see we are using our custom collection and modules more and more often, we then make the decision to build and create a custom execution environment.

The purpose and goal of the DO374 is to expose some best practices on developing Ansible playbooks, working with Git, working with teams, as well as to introduce AAP 2.x where ansible-core no longer has all batteries included. Red Hat does provide multiple EEs where a bunch of content collections and modules already exist, but something like "minimal" wouldn't have the collections and modules that the "rhel8-supported" would. So we show you how to develop playbooks locally and eventually prepare them for Automation Controller. By the time you get to Chapter 9, you will be building your own collection and execution environment and from there, you and your team decide how to move forward with Ansible development projects. Do you build a new EE each time you change something small or for development or do you install collections and modules locally for development and testing and then after you see it will not change and everything works promote it to your custom execution environment image?

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

5 Replies
javierbarea
Mission Specialist
Mission Specialist
  • 598 Views

Hello @DeepakRamanath  

Far from being an expert, well , ansible.posix.firewalld (and not ansible.posix.firewall) is a module plugin and , it is under (embedded-created) ansible.posix Collection 
https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html#plugins-in-ansible-posi...
As mentioned, there is another different collection (ansible.builtin  https://docs.ansible.com/ansible/latest/collections/ansible/builtin/index.html#plugins-in-ansible-bu...) that comes (bundles already) with Ansible Core.

Having Execution Environments separated from control node is the way of
-creating exactly a container image with the desired collections+stuff and nothing else
-being able to decouple specific EEs to be used by specific managed hosts

DeepakRamanath
Flight Engineer
Flight Engineer
  • 553 Views

I feel my originial question was ill framed a bit and therefore making a second attempt at it.

If collections (regardless which one) are used in the Ansible Execution Environment, why do we need to install collections on the ansible control node?
 
Travis
Moderator
Moderator
  • 530 Views

@DeepakRamanath -

I'm not certain I fully understand your question as it is framed, but I think you are wanting to know ... why do you install collections on Automation Controller or on a system that you are running ansible-navigator from when the expectation is that the colleciton will be in the Ansible Execution Environment?

You are correct in that when and if execution environments have the collections installed, there is no need to install a collection locally as it is builtin as part of the EE and therefore can be leveraged within playbooks. However, it might not always be the case that an execution environment contains all the collections, modules, and other things needed to run and execute a specific playbook. For this reason, we have the requirements.yml file that allows us to install collections and roles for use in our project (regardless of if they exist in the execution environment or not). 

In the case of "workstation" running the playbook with ansible-navigator we are installing them locally to the project's directory and they are available then to run with our playbook in the execution environment. In the case of Automation Controller, the defined project will scan the project directory for a collections/requirements.yml and a roles/requirements.yml file to install any roles or collection dependencies.

When I've delivered the course, we I typically suggest using things like the rhel8-supported EE as it has most of the collections, modules, plugins that we need and we then only need to use the EE and there is no need to install additional collections and roles. However, I setup a fake scenario and now we need a new module that is in our custom collection that we've built ... do we create a custom EE or do we just install the collection locally into our project? In most cases (at first) we just install the collectiosn and roles in our projects. However, after we see we are using our custom collection and modules more and more often, we then make the decision to build and create a custom execution environment.

The purpose and goal of the DO374 is to expose some best practices on developing Ansible playbooks, working with Git, working with teams, as well as to introduce AAP 2.x where ansible-core no longer has all batteries included. Red Hat does provide multiple EEs where a bunch of content collections and modules already exist, but something like "minimal" wouldn't have the collections and modules that the "rhel8-supported" would. So we show you how to develop playbooks locally and eventually prepare them for Automation Controller. By the time you get to Chapter 9, you will be building your own collection and execution environment and from there, you and your team decide how to move forward with Ansible development projects. Do you build a new EE each time you change something small or for development or do you install collections and modules locally for development and testing and then after you see it will not change and everything works promote it to your custom execution environment image?

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
Trevor
Starfighter Starfighter
Starfighter
  • 514 Views

Travis, if I could, I give you 5 kudos on the response.
Eloquently explained!!!!

Trevor "Red Hat Evangelist" Chandler
0 Kudos
DeepakRamanath
Flight Engineer
Flight Engineer
  • 466 Views

Hi @Travis,

Thanks for your detailed response. 

0 Kudos
Join the discussion
You must log in to join this conversation.