ansible-builder icon indicating copy to clipboard operation
ansible-builder copied to clipboard
verified publisher icon ansible

Add support for outputting SRPM

Open shanemcd opened this issue 4 years ago • 5 comments

Background

Several teams at Red Hat want to use Ansible Builder to create custom distributions of Ansible content. Red Hat's build and delivery system is built upon RPMs being the source of truth when it comes to any content being shipped.

Proposal

In order to provide other Red Hat teams with something they can feed into the existing build pipelines, we should explore adding support for Ansible Builder to output a SRPM instead of a container image.

An SRPM is essentially an archive (think tar or zip) containing a spec file and optional additional sources.

A fairly simple spec file can actually be found in this repo.

Of note, are the lines that start with Requires:

https://github.com/ansible/ansible-builder/blob/bfaadaf51bd3ed86517b9321bb86c76a6f628108/packaging/rpm/ansible-builder.spec.j2#L19

These are packages that will be installed as dependencies by dnf prior to installing our package.

More background

We may want to consider using some existing EE mechanisms in order to produce the SRPM. In particular, how dependencies are discovered and resolved:

https://github.com/ansible/awx-ee/blob/049b9018196e447024afeee8858337620b8c234d/Containerfile#L19

This would mean that the process of generating the SPRM would happen in a container, which I think is fine.

This would essentially mean keep the first stage and augmenting the second stage of the build:

https://github.com/ansible/awx-ee/blob/049b9018196e447024afeee8858337620b8c234d/Containerfile#L22-L34

Instead of producing a full EE, it could write a SRPM either inside of the container image build and copied out, or upon invocation of the resulting container image and writing to a volume mount (or copying out).

shanemcd avatar Aug 11 '21 20:08 shanemcd

We had also discussed the need for skipping the pip dependencies. I think our lives will be made easier by the fact that ansible-builder introspect already has separate options for --write-bindep and --write-pip.

shanemcd avatar Aug 11 '21 20:08 shanemcd

Oh, and perhaps this is obvious to some, but it is probably worth being explicit: we will need to put the collections / roles inside of the SRPM as well.

shanemcd avatar Aug 11 '21 20:08 shanemcd

FYI, RPM Packaging Guide: https://rpm-packaging-guide.github.io

Shrews avatar Aug 18 '21 16:08 Shrews

Ideally, we could reuse an existing tool, something like renderspec (https://docs.openstack.org/renderspec/latest/index.html). If collections could include their spec files themself, builder could call renderspec (like we do for bindep) to produce the RPMs.

https://opendev.org/openstack/rpm-packaging/ has a lot of example of how to use the tool.

This means moving off the work to the collection owner, but we do that today with bindep.txt / requirements.txt files.

pabelanger avatar Aug 18 '21 20:08 pabelanger

I think seeing some examples of how the other teams would expect (or like) to use builder in their processes (from execution on the command line, to anticipated output) might be useful for design purposes.

Shrews avatar Aug 20 '21 15:08 Shrews