The various presentations I've seen about Execution Environments talk about the benefits for testing: you can run your playbooks locally in the same environment that AWX does. That sounded cool, so I got ansible-builder to build my environment (eventually!) and push it to our Docker registry.
Now - how do I get ansible-runner to actually use it? I set my runner/env/settings to use process_isolation, and gave it my container image, but it still seems to be running locally with bwrap. e.g. "az account list" run from the playbook gives my locally-configured list of accounts.
ansible-runner run --playbook test-playbook.yaml runner -v
The only example I could find was https://github.com/AlanCoding/awx-ee-test which also has "process_isolation_executable: docker" but if I include that, docker complains about command-line options that are meant for bwrap (--die-with-parent).
How is it supposed to be done? Enabling our users to test their awx-bound playbooks before committing would be very useful!
I am looking into previous posts on this ML and found yours.
Did you eventually succeed in doing what you wanted? I am interested in doing the same but have difficulties finding which arguments to pass to ansible-runner.
Ideally I would like to know how it is invoked by AWX so that I can replicate that on my host.
Thanks for your answer. In my case, I am interested in using ansible-runner to run the jobs on the commandline with the same environment than on AWX.
I have added more information and my findings in the relevant thread at https://groups.google.com/g/awx-project/c/vYBIfSEq3vo
If I understsnd correctly you want to loop through a job template with different inventory on command line. You can Use awx-cli to call the awx api. You can then script and call awx-cli in your workflow. You are then free to use any language you want to.
Thanks for taking the time to chime into the discussion (and for documenting your findings on your blog btw, I found it very useful too!).
I have replied to your comments inline below.
If I understsnd correctly you want to loop through a job template with different inventory on command line.
No, this is not exactly what I would like to do.
What I am doing is integrating existing Ansible jobs into AWX. They currently run (without AWX) on each developer machine (each developer might have a different version of Ansible and environment, etc). So I am bringing the developer environment into a custom EE on AWX. This isolates the dependencies required to run our playbooks and allows them to run into AWX.
What I want to do is to be able to run on my machine, without AWX, a given job that ran on AWX. I understand this is possible by passing the correct commandline arguments to ansible-runner (especially the EE) after cloning our playbook project repository. This is because with an EE, everything necessary to run the playbook is contained in the EE image itself.
Running locally would:
allow any dev in our team to run the job on their machine (as they did previously). This would ease the transition to AWX.
permit anyone to run the job locally on their machine with the guarantee that it behaves the same than on AWX.
allow any new developer to ramp up and easily run the jobs w/o suffering environment setup issues (as all is contained in the EE).
considerably shorten the debugging cycle when jobs run on AWX. For instance, right now, when something fails in AWX, I have to rerun the entire playbook since I have not found a way to use ansible-playbook --start-at with the UI to only rerun the part of the job which failed.
Yes, this is exactly what I am looking at. What I need help on is how/where to find the actual arguments used within AWX to build a matching ansible-runner commandline that I can run locally.
The Runner doc mentions it’s the Python interface which is used within AWX so not directly ansible-runner. I am looking at the logs on my nodes to see if I can find that.
Vincent is onto the path which I would recommend. There are a bit too many moving parts to easily replicate on your own, but I would like to simplify it.
So the best option is to set AWX_CLEANUP_PATHS to False, run a job and then copy the folder back to your machine. This might not yet totally work because of some pipes waiting for a read (but I don’t remember the result from my last experimentation), and those can require some manual tweaking. I would like to allow re-running it out-of-the-box if it doesn’t work now.
Thanks for confirming this is the right path, this really helps! I will keep on checking AWX_CLEANUP_PATHS (via the operator, I see someone else has asked a similar question on how to change settings for an existing operator deployment).
In the meantime, through a stuck job, I have found that Runner is launched in Receptor mode on the job pod which is started. Indeed, the started pod runs ansible-runner worker --private-data-dir=/runner , as described at https://ansible-runner.readthedocs.io/en/stable/remote_jobs/#. I think this is related to the pipe issues you mentioned as in this case one ansible-runner streams the job while the other pends on its payload before running it.
This was through a stuck job so I could login on the node and see the /runner directory which indeed contains what is needed here. I think AWX_CLEANUP_PATHS would be close to what I need. Ideally I could publish the associated instructions so that a developer can rerun locally a job which failed in AWX, with the same settings.