RFC: Importing Ansible roles from VCS

As an user I want to be able to store my Ansible roles in git and I want to be able to simply put the URL to the repo in the GUI and import Ansible roles in this way.

This would save me the hassle of copying the roles by hand on the foreman system itself.

Thoughts on this?

1 Like

That makes a lot of sense indeed. I think (hope) that it’s common practice to have git repo in /etc/ansbile/roles on the smart-proxy machine. So one manages the git repo externally and just syncs the current list to Foreman from the smart-proxy. IIRC we also can import playbooks in the similar fashion, if we find any. There were some thoughts originally on using Pulp/Katello integration for the Ansible roles, but I the design got too complicated when multi-tenancy was considered.

One question I have is, whether you expect Foreman to read such VCS and the put it on all relevant smart-proxies with the continuous maintenance of it or you’d rather let it setup the /etc/ansible/roles one-time and then it’s up to the user to update the content there. Or something completely different :slight_smile:

@nofaralfasi and @aruzicka any thoughts on this?

How would/should the repo look like? One consolidated repo with all the Ansible roles and collections? I don’t think this is good practice.

In my opinion having a requirements.yaml to populate your Ansible environment is a good idea. For those more into Puppet: It works like a Puppetfile.

So the format is not the best for an easy end user experience. So having a nice wizard to create entries for the user and simply create and then use the file in the backend would help. For the power user an upload of the file would allow to avoid using the GUI.

There is also automatic dependency solving included here. I am not sure if we could switch this off if the user does not want this.

A wizard would also simplify using different sources like galaxy for external ones, github or gitlab for internal ones or test branches and also if there is some Katello integration those synced to Pulp. So it could solve multiple use cases.

With the file also an update on changes, on demand and with a scheduled job should be quite easy.

I made a pull-request implementing this functionality into the foreman_ansible and smart_proxy_ansible plugins:

Foreman-Ansible Pull-Request
Smartproxy-Ansible Pull-Request