First commit

This lays out the foundation of what this repository of
community-maintained images might look like.

Notably lacking are CI jobs that builds, test and publishes the
container images which will come later if we settle and agree with the
framework.

- Adds an example ansible-test image based on centos-stream8
- Adds an example EE image based on ansible-runner

README.md

@@ -0,0 +1,20 @@
+# ansible-community images
+
+Container image definitions meant for [ansible-test](https://www.ansible.com/blog/introduction-to-ansible-test) and [Execution Environments](https://www.ansible.com/blog/whats-new-in-ansible-automation-platform-2-automation-execution-environments).
+
+⚠️ **Please note that this repository is very much a proof of concept and a work in progress at this time.** ⚠️
+
+## Important
+
+Images provided by this repository are tailored for development, testing and CI purposes.
+They are maintained by the community and are not supported for production use: they can and will break or run out of maintenance.
+
+You are encouraged to use (or fork) the examples provided here in order to learn how to build and customize your own images tailored to your needs.
+
+Thank you !
+
+## Contributing
+
+Issues and pull requests to update or add new images (regardless of operating system or distribution) are welcome !
+
+Images should ideally be very similar in order to provide a consistent testing experience so please have a look at the existing images before submitting a new one.

ansible-test/README.md

@@ -0,0 +1,57 @@
+# ansible-community ansible-test images
+
+## About ansible-test
+
+ansible-test provides ways to test ansible itself as well as ansible-core and ansible collections with [unit tests](https://docs.ansible.com/ansible/latest/dev_guide/testing_units.html#testing-units), [sanity tests](https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html#testing-sanity) and [integration tests](https://docs.ansible.com/ansible/latest/dev_guide/testing_integration.html#testing-integration).
+
+Since integration tests can result in changes to a system (such as installing packages or changing files and configuration), it may be preferred to run them inside a container image to avoid making unnecessary changes to the host on which the tests are run.
+Container images also happen to be useful and convenient for quickly testing different operating systems and versions of python.
+
+Some container images are provided and supported by ansible-test, such as the following (from the devel branch at time of writing):
+
+```bash
+ansible-test integration --help
+# [...]
+target docker images and supported python version (choose one):
+  base (3.10, 2.7, 3.5, 3.6, 3.7, 3.8, 3.9)
+  default (3.10, 2.7, 3.5, 3.6, 3.7, 3.8, 3.9)
+  alpine3 (3.9)
+  centos7 (2.7)
+  fedora34 (3.9)
+  fedora35 (3.10)
+  opensuse15py2 (2.7)
+  opensuse15 (3.6)
+  ubuntu1804 (3.6)
+  ubuntu2004 (3.8)
+  {image}  # python must be specified for custom images
+# [...]
+```
+
+ansible-test supports specifying custom images instead and the purpose of this repository is to provide suitable images for it.
+
+## Important
+
+Images provided by this repository are tailored for development, testing and CI purposes.
+They are maintained by the community and are not supported for production use: they can and will break or run out of maintenance.
+
+You are encouraged to use (or fork) the examples provided here in order to learn how to build and customize your own images tailored to your needs.
+
+Thank you !
+
+## Building and using images from this repository
+
+Example:
+
+```bash
+dnf -y install podman buildah
+./centos-stream8/build.sh
+
+pip install ansible-core --user
+git clone https://github.com/ansible-collections/community.general ansible_collections/community/general
+cd ansible_collections/community/general
+ansible-test integration --python 3.8 --docker localhost/test-image:centos-stream8 ini_file
+```
+
+## Available images
+
+- [test-image:centos-stream8](https://quay.io/ansible-community/test-image:centos-stream8): A centos-stream8 image with python38 inspired by the [centos8 ansible-test image](https://github.com/ansible/distro-test-containers/blob/c4fe28818f5a33b675652637e3057bafe50039ee/centos8-test-container/Dockerfile)

ansible-test/centos-stream8/build.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Builds a centos-stream8 image suitable for use with ansible-test
+# Based on https://github.com/ansible/distro-test-containers/blob/c4fe28818f5a33b675652637e3057bafe50039ee/centos8-test-container/Dockerfile
+
+SCRIPT_DIR=$(cd `dirname $0` && pwd -P)
+DEPENDENCIES="$(cat ${SCRIPT_DIR}/dependencies.txt | tr '\n' ' ')"
+
+build=$(buildah from quay.io/centos/centos:stream8)
+buildah run "${build}" -- /bin/bash -c "dnf update -y && dnf install --allowerasing -y ${DEPENDENCIES} && dnf clean all"
+
+# Extra python dependencies
+buildah run --volume ${SCRIPT_DIR}:/tmp/src:z "${build}" -- /bin/bash -c "pip3 install -r /tmp/src/requirements.txt"
+
+# Cows are a good reminder that these are not for production use :)
+buildah run "${build}" -- /bin/bash -c "dnf -y install epel-release && dnf -y install cowsay && dnf -y remove epel-release && dnf clean all"
+buildah config --env ANSIBLE_NOCOWS=0 "${build}"
+
+# Ansible-specific setup: Generate new SSH host keys, remove requiretty, set up a default inventory
+buildah run "${build}" -- /bin/bash -c "ssh-keygen -A && sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers"
+buildah run "${build}" -- /bin/bash -c "mkdir -p /etc/ansible && echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts"
+
+# Save space by removing some unnecessary files (~50MB)
+buildah run "${build}" -- /bin/bash -c "rm -rf /usr/share/man/* /usr/share/doc/* /usr/share/fonts/*"
+buildah run "${build}" -- /bin/bash -c "find /usr/lib/locale -mindepth 1 -maxdepth 1 -type d -not \( -name 'en_US.utf8' -o -name 'POSIX' \) -exec rm -rf '{}' +"
+
+# TODO: What is the container env variable used for ?
+buildah config --env container=docker "${build}"
+buildah config --cmd "/usr/sbin/init" "${build}"
+buildah commit "${build}" "${1:-localhost/test-image:centos-stream8}"

ansible-test/centos-stream8/dependencies.txt

@@ -0,0 +1,32 @@
+acl
+asciidoc
+bzip2
+coreutils
+file
+gcc
+git
+glibc-langpack-en
+iproute
+libffi
+libffi-devel
+libuser
+make
+net-tools
+openssh-clients
+openssh-server
+openssl-devel
+python38
+python38-cffi
+python38-cryptography
+python38-devel
+python38-lxml
+python38-pip
+python38-setuptools
+python38-wheel
+rpm-build
+rubygems
+sshpass
+subversion
+sudo
+unzip
+which

ansible-test/centos-stream8/requirements.txt

@@ -0,0 +1,3 @@
+coverage
+# include ara for optional test and CI reporting
+ara

execution-environments/2.12-with-ansible5/ansible.cfg

@@ -0,0 +1,19 @@
+[defaults]
+# Cows are a reminder that these are not for production use :)
+no_cows = 0
+
+# profile_tasks adds dates and durations to ansible console output
+callback_whitelist = ansible.posix.profile_tasks
+
+# A bit of tuning
+forks = 50
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = tmp/
+fact_caching_timeout = 3600
+
+[ssh_connection]
+pipelining = True
+control_path = %(directory)s/%%h-%%r
+ssh_args = -o ControlMaster=auto -o ControlPersist=270s -o ServerAliveInterval=30 -o GSSAPIAuthentication=no
+retries = 3

execution-environments/2.12-with-ansible5/bindep.txt

@@ -0,0 +1,5 @@
+python38 [platform:rpm]
+python38-devel [platform:rpm]
+python38-pip [platform:rpm]
+procps-ng [platform:rpm]
+git [default]

execution-environments/2.12-with-ansible5/context/Containerfile

@@ -0,0 +1,25 @@
+ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.12-devel
+ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
+
+FROM $EE_BASE_IMAGE as galaxy
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
+USER root
+
+ADD _build/ansible.cfg ~/.ansible.cfg
+
+ADD _build /build
+WORKDIR /build
+
+
+FROM $EE_BUILDER_IMAGE as builder
+ADD _build/requirements.txt requirements.txt
+ADD _build/bindep.txt bindep.txt
+RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
+RUN assemble
+
+FROM $EE_BASE_IMAGE
+USER root
+COPY --from=builder /output/ /output/
+RUN /output/install-from-bindep && rm -rf /output/wheels
+RUN pip3 install ansible
+RUN dnf -y install epel-release && dnf --enablerepo=epel -y install cowsay && dnf -y remove epel-release

execution-environments/2.12-with-ansible5/context/_build/ansible.cfg

@@ -0,0 +1,19 @@
+[defaults]
+# Cows are a reminder that these are not for production use :)
+no_cows = 0
+
+# profile_tasks adds dates and durations to ansible console output
+callback_whitelist = ansible.posix.profile_tasks
+
+# A bit of tuning
+forks = 50
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = tmp/
+fact_caching_timeout = 3600
+
+[ssh_connection]
+pipelining = True
+control_path = %(directory)s/%%h-%%r
+ssh_args = -o ControlMaster=auto -o ControlPersist=270s -o ServerAliveInterval=30 -o GSSAPIAuthentication=no
+retries = 3

execution-environments/2.12-with-ansible5/context/_build/bindep.txt

@@ -0,0 +1,5 @@
+python38 [platform:rpm]
+python38-devel [platform:rpm]
+python38-pip [platform:rpm]
+procps-ng [platform:rpm]
+git [default]

execution-environments/2.12-with-ansible5/context/_build/requirements.txt

@@ -0,0 +1,2 @@
+# include ara for optional test and CI reporting
+ara

execution-environments/2.12-with-ansible5/execution-environment.yml

@@ -0,0 +1,18 @@
+---
+version: 1
+build_arg_defaults:
+  EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.12-devel'
+
+ansible_config: 'ansible.cfg'
+
+dependencies:
+  system: bindep.txt
+  python: requirements.txt
+
+additional_build_steps:
+  append:
+    # The ansible package contains a curated set of Ansible collections in addition to ansible-core, include it in the EE
+    # here since it can't be in requirements.txt for now: https://github.com/ansible/ansible-builder/issues/323
+    - RUN pip3 install ansible
+    # Cows are a reminder that these are not for production use :)
+    - RUN dnf -y install epel-release && dnf --enablerepo=epel -y install cowsay && dnf -y remove epel-release

execution-environments/2.12-with-ansible5/requirements.txt

@@ -0,0 +1,2 @@
+# include ara for optional test and CI reporting
+ara

execution-environments/2.12-with-ansible5/tests.yml

@@ -0,0 +1,43 @@
+- name: Basic integration tests
+  hosts: localhost
+  gather_facts: false
+  pre_tasks:
+    - name: Collect some facts
+      ansible.builtin.setup:
+        gather_subset:
+          - "!all"
+          - "!any"
+          - date_time
+          - distribution
+          - dns
+          - kernel
+          - python
+
+    - name: Print running Ansible processes
+      ansible.builtin.shell: ps fauxwww | grep -i ansible
+      changed_when: false
+
+    - name: Retrieve the installed version of ansible-core
+      ansible.builtin.shell: pip show ansible-core | awk "/Version/ {print $2}"
+      changed_when: false
+      register: _installed_ansible_core
+
+    - name: Retrieve the installed version of ansible with pip
+      ansible.builtin.shell: pip show ansible | awk "/Version/ {print $2}"
+      changed_when: false
+      register: _ansible_version_pypi
+
+    - name: Retrieve the builtin reported version of ansible
+      ansible.builtin.command: python3 -c "from ansible_collections.ansible_release import ansible_version; print(ansible_version)"
+      changed_when: false
+      register: _ansible_version_builtin
+  tasks:
+    - name: Validate image
+      assert:
+        that:
+          - ansible_distribution == "CentOS"
+          - ansible_distribution_release == "Stream"
+          - ansible_distribution_version == "8"
+          - ansible_python_version is version("3.8.0", ">=")
+          # - query("community.general.collection_version", "community.general") is version("4.4.0", ">=")
+          # ...

execution-environments/README.md

@@ -0,0 +1,40 @@
+# ansible-community execution environment images
+
+## About Execution Environments
+
+Execution environments (EE) are container images from which your Ansible commands and playbooks run from.
+They are meant to include the Ansible collections, packages and dependencies you need for running Ansible modules and playbooks.
+
+They can be used by [AWX](https://github.com/ansible/awx), [Automation Controller](https://docs.ansible.com/automation-controller/latest/html/administration/index.html) (previously known as Tower) and [ansible-navigator](https://github.com/ansible/ansible-navigator).
+
+They can be built using [ansible-builder](https://github.com/ansible/ansible-builder/) with either [docker or podman](https://ansible-builder.readthedocs.io/en/latest/usage/#container-runtime) using [execution environment definitions](https://ansible-builder.readthedocs.io/en/latest/definition/) provided by this repository.
+
+## Important
+
+Images provided by this repository are tailored for development, testing and CI purposes.
+They are maintained by the community and are not supported for production use: they can and will break or run out of maintenance.
+
+You are encouraged to use (or fork) the examples provided here in order to learn how to build and customize your own images tailored to your needs.
+
+Thank you !
+
+## Building and using images from this repository
+
+Example:
+
+```bash
+dnf -y install podman
+pip install --user ansible-builder ansible-navigator
+
+cd 2.12-with_ansible5
+
+ansible-builder build -v 3 -t test-ee:2.12-with-ansible5
+
+ansible-navigator --pull-policy never \
+    --execution-environment-image test-ee:2.12-with-ansible5 \
+    run tests.yml
+```
+
+## Available images
+
+- [test-ee:2.12-with-ansible5](https://quay.io/ansible-community/test-ee:2.12-with-ansible5): [ansible-runner:stable-2.12-devel](https://quay.io/ansible/ansible-runner:stable-2.12-devel) with some extra packages, including ``pip install "ansible>=5,<6" ara``