Building EEs with environment variables for Galaxy configuration
Ansible Builder version 3 schema allows users to perform complex scenarios such as specifying custom Galaxy configurations. You can use this approach to pass sensitive information, such as authentication tokens, into the EE build without leaking them into the final EE image.
In the example below, we will take a look at
Using Galaxy Server environment variables
---
version: 3
images:
base_image:
# Needs login
name: registry.redhat.io/ansible-automation-platform-23/ee-minimal-rhel8:latest
dependencies:
# No need to specify ansible-core or ansible-runner dependencies
# because they are included in the base image.
# Collections to be installed using Galaxy
galaxy:
collections:
- ansible.utils
additional_build_steps:
prepend_galaxy:
# Environment variables used for Galaxy client configurations
- ENV ANSIBLE_GALAXY_SERVER_LIST=automation_hub
- ENV ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_URL=https://console.redhat.com/api/automation-hub/content/xxxxxxx-synclist/
- ENV ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_AUTH_URL=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
# define a custom build arg env passthru - we still also have to pass
# `--build-arg ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN` to get it to pick it up from the env
- ARG ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN
options:
package_manager_path: /usr/bin/microdnf # downstream images use non-standard package manager
You can provide environment variables such as ANSIBLE_GALAXY_SERVER_LIST
, ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_URL
and ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_AUTH_URL
using the ENV
directive.
See configuring Galaxy client for more details.
For security reasons, we do not want to store sensitive information in this case ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN. You can use ARG directive to receive sensitive information from the user as input. –build-args can be used to provide this information while invoking the ansible-builder command.
See also
- Execution Environment Definition version 3
The detailed documentation about EE definition version 3