main-ee/execution-environment.yml at main · ssimpson89/main-ee · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
version: 3
images:
  base_image:
    name: rockylinux/rockylinux:9-minimal
options:
  package_manager_path: /usr/bin/microdnf
dependencies:
  python_interpreter:
    package_system: python3.11
    python_path: /usr/bin/python3.11
  ansible_core:
    # Avoid Ansible 2.17 and above as it dropped support for Python 3.6, so it will not work with dnf on EL8 or below machines
    package_pip: ansible-core>=2.16.14,<2.17
  ansible_runner:
    package_pip: ansible-runner
  galaxy: |
    ---
    collections:
      - name: amazon.aws
        version: "9.5.0"
      - name: ansible.posix
        version: ">=2.0.0"
      - name: ansible.utils
        version: ">=6.0.0"
      - name: ansible.windows
        version: ">=3.1.0"
      - name: awx.awx
        version: "24.6.1"
      - name: azure.azcollection
        version: ">=3.6.0"
      - name: community.aws
        version: "9.3.0"
      - name: community.general
        version: ">=11.0.0"
      - name: community.windows
        version: ">=3.0.0"
      - name: community.vmware
        version: "4.8.6"
      - name: kubernetes.core
        version: ">=6.0.0"
      - name: microsoft.ad
        version: ">=1.9.1"
      - name: google.cloud
        version: ">=1.6.0"
      - name: openstack.cloud
        version: ">=2.4.1"
      - name: ovirt.ovirt
        version: ">=3.2.1"
      - name: theforeman.foreman
        version: ">=5.4.0"
      - name: vultr.cloud
        version: ">=1.13.0"
      - name: community.libvirt
        version: ">=1.3.1"
      - name: community.proxmox
        version: ">=1.0.1"
  system: |
    crypto-policies-scripts
    epel-release [platform:rpm]
    findutils [platform:rpm]
    gcc [platform:rpm]
    gcc-c++ [platform:rpm]
    git-core [platform:rpm]
    git-lfs [platform:rpm]
    krb5-devel [platform:rpm compile]
    krb5-workstation [platform:rpm]
    libcurl-devel [platform:rpm compile]
    podman-remote [platform:rpm]
    python3.11-devel [platform:rpm compile]
    python3.11-rpm [platform:rpm epel]
    python-unversioned-command [platform:rpm]
    rsync [platform:rpm]
    sshpass [platform:rpm]
    subversion [platform:rpm]
    sudo [platform:rpm]
    unzip [platform:rpm]
    libxcrypt-compat [platform:rpm]
    google-cloud-cli [platform:rpm]
    cmake [platform:rpm compile]
    openssl-devel [platform:rpm compile]
    libffi-devel [platform:rpm compile]
  python: |
    ansible-sign
    jmespath
    ncclient
    paramiko
    pexpect>=4.5
    pykerberos
    pyOpenSSL
    pypsrp[kerberos,credssp]
    python-daemon
    pywinrm[kerberos,credssp]
    pyyaml
    receptorctl
    requests-credssp
    six
    toml
    boto3
    proxmoxer
    google-auth
    requests
    passlib
  exclude:
    system:
      - python3
      - python3-devel
      - python3-rpm
additional_build_files:
  - src: includes/sudoers
    dest: configs
  - src: includes/update-ca-trust
    dest: files
  - src: includes/google-cloud-cli.repo
    dest: configs
additional_build_steps:
  append_base:
    - RUN $PYCMD -m pip install -U pip
    - ENV CFLAGS="-Wno-error=incompatible-pointer-types"
    - ADD _build/configs/google-cloud-cli.repo /etc/yum.repos.d/google-cloud-cli.repo
    - RUN chmod 644 /etc/yum.repos.d/google-cloud-cli.repo
    - RUN curl https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo | tee /etc/yum.repos.d/terraform.repo
    - RUN $PKGMGR install -y terraform
  append_final:
    - COPY --from=quay.io/ansible/receptor:devel /usr/bin/receptor /usr/bin/receptor
    - RUN mkdir -p /var/run/receptor
    - RUN git lfs install --system
    - ADD _build/configs/sudoers /etc/sudoers
    - RUN chmod 440 /etc/sudoers
    - RUN mkdir -p /runner
    - RUN useradd -G wheel -M -u 1000 -d /runner ascender
    - RUN chown -R ascender:wheel /runner
    # Symlink podman-remote to podman to allow podman to run Ascender jobs via receptor
    - RUN ln -s /usr/bin/podman-remote /usr/bin/podman
    # Update crypto policies to allow SHA1 for older servers (EL 7 & 8)
    - RUN update-crypto-policies --set DEFAULT:SHA1
    # Create user site-packages directory - Allowing lookup plugins to use modules installed via pip
    - RUN mkdir -p $($PYCMD -m site --user-site | sed "s|$HOME|$(pwd)|")
    - RUN chmod -R ug+rwx $($PYCMD -m site --user-site | sed "s|$HOME|$(pwd)|" | cut -d '/' -f1,2,3)
    # SymLink `python` -> `python3.11` and `python3` -> `python3.11` and `pip3` -> `pip3.11`
    - >-
      RUN alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1
      && alternatives --install /usr/bin/python python /usr/bin/python3.11 1
      && alternatives --install /usr/bin/pip3 pip3 /usr/bin/pip3.11 1
    - RUN microdnf update -y && microdnf clean all
    - COPY --chmod=755 _build/files/update-ca-trust /usr/bin/update-ca-trust