How to run collection insede EE when its install is a python script?

Get Help
1

Hello,

Im trying to create an execution environment to run a particular ansible collection but failing to do so. The collection is this Forcepoint collection. As you can see, it has a nonstandard way of installing all the modules and i cannot get it to work in an execution environment for the life of me (yes, skill issue, I know…).

Here is my execution-environment.yml file:

version: 3

images:
    base_image:
      name:  [myautomationhub]/ee-minimal-rhel8:latest

depedencies:
  ansible-core:
    package_pip: ansible-core==2.14.4
  ansible_runner:
    package_pip: ansible-runner
  python:
    - six
    - psutil
    - pip
options:
  package_manager_path: /usr/bin/microdnf

additional_build_files:
  - src: /path/to/folder/forcepoint_repo_unzipped
    dest: forcepoint

additional_build_steps:
  prepend_base:
    - RUN mkdir -p /opt/forcepoint
    - COPY _build/forcepoint/ /opt/forcepoint

  append_final:
    - RUN python3 -p pip install -r /opt/forcepoint/requirements.txt
    - RUN python3 /opt/forcepoint/install.py

Sorry if the code formatting is off, it is correct in the EE yml.

2

Hi. Can you share what kind of error’s you’re getting when trying to use this EE? That will help to diagnose what isn’t happening as expected.

3

It’s not finding the modules, the common “couldn’t resolve module/action”. If I would have to guess why it is not working, it’s because for some reason the EE does not find the collection after installing it with the python script.

If i follow the installation instructions and install the collection to a test virtual machine with clean ansible installation, it works with the playbook im testing it with, so the module name is correct.

4

I wasn’t able to get an image to build using the contents you shared, but these few tweaks did make one successfully. Do you have any test-code that you could share that we can run against it?

---
version: 3

images:
  base_image:
    name: ghcr.io/ansible-community/community-ee-base:latest

dependencies:
  python:
    - ansible-runner
    - ansible-core==2.14.4
    - six
    - psutil
    - pip
options:
  package_manager_path: /usr/bin/microdnf

additional_build_files:
  - src: src/fp-NGFW-SMC
    dest: forcepoint

additional_build_steps:
  prepend_base:
    - RUN mkdir -p /opt/forcepoint
    - COPY _build/forcepoint/ /opt/forcepoint

  append_final:
    - RUN python3 -m pip install -r /opt/forcepoint/requirements.txt
    - RUN python3 /opt/forcepoint/install.py
5

Here is an example from the repository itself:

- name: Obtain facts about Network Elements
  hosts: localhost
  gather_facts: no
  tasks:
  - name: Retrieve all Group level objects, limit of 50
    network_element_facts:
      element: group
      limit: 50

It should fail at connecting, since no api keys are provided. Im assuming that you do not have a spare forcepoint firewall lying around in your house :smiley:

But it should not throw errors about missing module if your EE build worked.

6

Also you did download the repository contents to the folder

src/forcepoint

in your EE build?

7

I downloaded the .zip from github and extracted it to src/fp-NFGW-SMC

8

I managed to solve the issue with some AI assistance. Asked ChatGPT to walk me trough the install.py file line by line in detail.

Turns out that the install.py script does not copy the modules located in the library-folder to the default modules path. I just set /etc/ansible/ansible.cfg to:

[defaults]
library = /opt/forcepoint/library
module_utils = /opt/forcepoint/module_utils

It sure feels dumb now that it was such a simple fix, but this is what happens when you don’t know any python :man_shrugging:

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.