Build Red Hat OpenStack VMware Migration Toolkit Execution Environment with Ansible Builder

Installation on Bastion Host

To install ansible-builder on the bastion host:

sudo dnf install ansible-builder -y

Using Private Automation Hub

For complete information on managing certification-validated content, see: https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/managing_automation_content/managing-cert-valid-content

Creating the Offline Token in Automation Hub

Procedure

Navigate to Ansible Automation Platform on the Red Hat Hybrid Cloud Console at https://console.redhat.com/ansible/automation-hub/token/

  1. From the navigation panel, select Automation HubConnect to Hub

  2. Under Offline token, click Load Token

  3. Click the Copy to clipboard icon to copy the offline token

  4. Paste the token into a file and store in a secure location

Example Token (Sample)
eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0NzQzYTkzMC03YmJiLTRkZGQtOTgzMS00ODcxNGRlZDc0YjUifQ.eyJpYXQiOjE3NTg2MTI2ODAsImp0aSI6ImIzZGE2YzVhLWEwZDEtNDQzNC1iNWE5LWJhZTJjYWZlNDY1MSIsImlzcyI6Imh0dHBzOi8vc3NvLnJlZGhhdC5jb20vYXV0aC9yZWFsbXMvcmVkaGF0LWV4dGVybmFsIiwiYXVkIjoiaHR0cHM6Ly9zc28ucmVkaGF0LmNvbS9hdXRoL3JlYWxtcy9yZWRoYXQtZXh0ZXJuYWwiLCJzdWIiOiI3MjQ0NjQ1IiwidHlwIjoiT2ZmbGluZSIsImF6cCI6ImNsb3VkLXNlcnZpY2VzIiwibm9uY2UiOiI2NTQxZDExMC1mNGY3LTQ3OWUtODA3NS0yNzY4MGY4NmU3MTEiLCJzaWQiOiI4YjVkOGM2Mi1iNDRkLTQ0NTQtODMxMS1iMzNjZDgyNWZjNDAiLCJzY29wZSI6Im9wZW5pZCBhcGkuY29uc29sZSBiYXNpYyBhcGkuaWFtLnNlcnZpY2VfYWNjb3VudHMgcm9sZXMgd2ViLW9yaWdpbnMgY2xpZW50X3R5cGUucHJlX2tjMjUgYXBpLmFza19yZWRfaGF0IG9mZmxpbmVfYWNjZXNzIn0.KDTfApEOcT5WrrWU8cCvambPhslQThKsZsh_eCDnH_-lBs-uF80gAe32A4vBXIdrLJDNSqwfsB-Lx1nZr5x2aQ
Never share or expose your actual authentication tokens. The token above is a sample for reference only.

Creating Execution Environments

For detailed information on creating and using execution environments, see: https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/creating_and_using_execution_environments/assembly-using-builder

Execution Environment Configuration

In the bastion, create the main execution environment configuration file:

execution-environment.yml
cat << EOF > execution-environment.yml
---
version: 3

images:
  base_image:
    name: registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel9:latest

options:
  package_manager_path: /usr/bin/microdnf

dependencies:
  ansible_runner:
    package_pip: ansible-runner
  ansible_core:
    package_pip: ansible-core
  python: requirements.txt
  system: binddep.txt
  galaxy: requirements.yml
  python_interpreter:
    package_system: "python3"
    python_path: "/usr/bin/python3.11"
additional_build_steps:
  prepend_base:
    - "RUN mkdir -p /etc/sudoers.d"
    - "RUN echo 'cloud-user ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud-user"
EOF

Python Requirements

In the bastion, create the Python dependencies file:

requirements.txt
cat << EOF > requirements.txt
requests
pyVim
pyVmomi
EOF

Ansible Collections Requirements

In the bastion, create the Ansible collections requirements file:

requirements.yml
cat << EOF > requirements.yml
collections:
  - name: vmware.vmware
    version: 2.4.0
  - name: vmware.vmware_rest
    version: 4.9.0
  - name: os_migrate.vmware_migration_kit
    version: ">2.1.0"
EOF

System Dependencies

In the bastion, create the system package dependencies file:

binddep.txt
cat << EOF > binddep.txt
openssh-clients
sshpass
python3
python3-pip
python3-dnf
rsync
gcc
python3-devel
git
EOF

Creating ansible.cfg

In the bastion, create the configuration file:

ansible.cfg (Public Hub)
cat << EOF > ansible.cfg
[galaxy]
server_list = automation_hub

[galaxy_server.automation_hub]
url=https://console.redhat.com/api/automation-hub/content/published/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=
EOF

Authenticate to registry.redhat.io

podman login registry.redhat.io

Building the Execution Environment

To build the execution environment with a custom tag:

ansible-builder build --tag rhospvmt-ee:latest

Pushing to Container Registry

First, push your execution environment to a container registry that your AAP can access:

Push to AAP’s Internal Registry

In this lab, we will push the execution environment to the AAP’s internal registry.

# Tag your current image for AAP internal registry
podman tag localhost/rhospvmt-ee:latest \
  aap-aap.apps.cluster-my-guid.dynamic.redhatworkshops.io/rhospvmt-ee:latest

Log in to the AAP’s internal registry using the admin credentials and password: {aap_controller_admin_password}

# Log in to AAP registry using admin credentials
podman login aap-aap.apps.cluster-my-guid.dynamic.redhatworkshops.io -u admin -p {aap_controller_admin_password}
# Push to registry
podman push aap-aap.apps.cluster-my-guid.dynamic.redhatworkshops.io/rhospvmt-ee:latest

Push to OCP Container Registry

Another option is to push the execution environment to the OCP container registry.

Ensure the default route is enabled and accessible.

oc patch configs.imageregistry.operator.openshift.io/cluster \
  --type merge -p '{"spec":{"defaultRoute":true}}'

Get the default route hostname

REG_ROUTE=$(oc get route default-route -n openshift-image-registry -o jsonpath='{.spec.host}')
PROJECT=aap

In the OpenShift web console: click your username (top right) → Copy login command → Display Token → copy the oc login command. Paste the command into the bastion and execute it.

Podman login to the OCP container registry:

podman login $REG_ROUTE \
  -u $(oc whoami) \
  -p $(oc whoami -t)

Tag the execution environment:

podman tag rhospvmt-ee:latest $REG_ROUTE/$PROJECT/rhospvmt-ee:latest

Push the execution environment to the OCP container registry:

podman push --tls-verify=false $REG_ROUTE/$PROJECT/rhospvmt-ee:latest

Your execution environment URL is:

default-route-openshift-image-registry.apps.cluster-my-guid.dynamic.redhatworkshops.io/aap/rhospvmt-ee:latest