ansible-builder icon indicating copy to clipboard operation
ansible-builder copied to clipboard

Published 20 hours ago verified publisher icon ansible

[PoC] Allow to skip ensurepip; make package manager use more flexible

Open felixfontein opened this issue 2 years ago • 5 comments

This allows to create a Debian based execution environment:

---
version: 3

build_arg_defaults:
  PKGMGR_CLEAN_ALL_COMMAND: clean
  PKGMGR_CACHE_LOCATION: /var/lib/apt/lists/*
  # I was too lazy to figure out what to put here, so for now don't delete anything
  PKGMGR_CLEANUP_LOCATIONS: ' '
  PKGMGR_INSTALL_COMMAND: install -y --no-install-recommends

options:
  package_manager_path: /usr/bin/apt
  disable_ensurepip: true

dependencies:
  ansible_core:
    package_pip: ansible-core==2.15.0
  ansible_runner:
    package_pip: ansible-runner
  galaxy: requirements.yml

images:
  base_image:
    name: docker.io/library/debian:bullseye

additional_build_steps:
  prepend_base:
    - RUN apt-get update && apt-get install -y --no-install-recommends python3-pip python3-venv python3-wheel python3-cryptography

I've tried this with requirements.yml:

collections:
  - community.crypto
  - community.docker
  - community.general
  - community.sops

and got a nice Debian Bullseye based EE having these three collections. (community.sops installs gnupg via bindep; community.docker installs some Python dependencies; community.crypto installs both Python and binary dependencies.)

felixfontein avatar May 21 '23 07:05 felixfontein

I ran this with:

ansible-builder build --tag test-ee --container-runtime docker --verbosity 3
ansible-navigator run -vv --mode stdout --ce docker --eei test-ee:latest test.yml

where test.yml is a minimal playbook.

felixfontein avatar May 21 '23 07:05 felixfontein

If it's better to split this up into two separate PRs, please tell me.

felixfontein avatar Jun 04 '23 17:06 felixfontein

Yep, I suspected we weren't too far off, but I'd explicitly avoided trying to make this work because it has a much bigger blast radius than "look ma, Debian base image!" :laughing:

Captured some stream-of-consciousness ideas for discussion at #553...

nitzmahone avatar Jun 05 '23 17:06 nitzmahone

What's the status on this? ensurepip is one of the reasons I build EE's manually due to latest pip being unable to install/upgrade package requirements that conflict with system installed packages. (pep668)

Edit: I see now that there's an environment variable that can be set and an option to skip ensurepip was added to devel #627, but somehow was not included in 3.0.1 release.

Still, this PR adds a lot of desirable flexibility besides the ensurepip issue.

Denney-tech avatar Apr 30 '24 17:04 Denney-tech

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Jul 26 '24 12:07 sonarqubecloud[bot]