I am trying to set up a CI pipeline to automatically test my collection using the ansible-test CLI command. I want to run the sanity tests first, but I am having trouble due to some restrictions in my environment.
I downloaded the Ansible Test utility container, which is used when the --docker flag is provided, and pushed this image to my private registry.
When I use the command “ansible-test sanity --docker IMAGE,” I receive an error stating that this is an unknown environment and that I should use the “–python” flag. When I do, it tries to download the same image from quay.io again.
Another approach I tried was using the command with the --local flag. In this case, the command attempts to download a bootstrap script named “get-pip-23.1.2.py,” but it fails again because I can’t download anything from the internet in my environment.
I downloaded the script from a machine with internet access and put it in the desired location.
Now, it tries to download some requirements and fails again.
My question is: What is your approach to dealing with an air-gapped environment? How do you handle this?
I thought about building a new image for the CI job with the necessary requirements and running it locally.
When I think about Tox, it’s frustrating to build a new image for every case.
I do not have a solution but I’d also be interested in a solution for this. I’ve just migrated my Ansible repositories to Codeberg - currently I’m installing ansible-test on every container run. Having a dedicated bigger container image with ansible-test and all the required dependencies would be awesome. A Containerfile would also be fine to re-create it on demand.
While you can run most of ansible in air gaped environments, ansible-test itself is not designed for such things as it is not really a ‘production’ tool, but a development one.
You can avoid most internet access by using the local or venv options or redirecting to a local quay mirror and preinstalling test requirements, listed in the various requirements.txt files.
Note that not only core tests have requirements, collections can also add their own and would require preinstallation to prevent ansible-test from attempting to install them.
Is there a production tool that I can use in an air-gapped environment?
I thought I could use the manually downloaded Docker image, which is used when I provide the --docker flag, because every Python package is installed within this image, except the collection requirements.
Why is it not possible to use the same image in a private registry? Would that not accomplish the same thing?
ansible-test has an option --prime-containers that pulls required containers without running tests, this can be used to pull the actually needed containers so they can be transferred over to an air-gapped machine.
It would be nice if there’s an option that also creates venvs without running tests, that could be used with --requirements etc. to set up needed environments. I’m not aware of one existing yet.