Comments (4)
@diademiemi
Hi,
Our goal here is to run Receptor in a Kubernetes cluster so we can host execution and/or hop nodes in Kubernetes.
The current AWX implementation assumes that the execution nodes are running as the hosts where Ansible Runner is running locally and Podman is installed.
So in the first place it's hard to run execution nodes in Kubernetes cluster since if we select execution nodes for some job templates AWX sends request to ansible runner on the execution nodes to run execition environment by creating container on the Podman, instead of Kubernetes.
Alternatively, I recommend you this to achieve similar goals; we can define Container Group with credentials for the remote Kubernetes cluster. This allows us to run EE on remote Kubernetes cluster: https://ansible.readthedocs.io/projects/awx/en/latest/administration/containers_instance_groups.html#create-a-container-group
Running hop node on Kubernetes cluster is not so hard, since hop node never be used to invoke any commands. No podman nor ansible runner are required. In addition, the feature "in-cluster hop node" called AWXMeshIngress will be implemented in the next release: #14640
Here are my answer for your questions for your technical interest:
worktype
is just a name. The documentation useskubeit
not because it is required for Kubernetes work, but simply as one example, given a simple name.- AWX sends
ansible-runner
worktype to run health check. This will invokeansible-runner worker --worker-info
on the execution nodes. - Running jobs on Instance Groups means that AWX requests to remote Ansible Runner to run playbooks with process isolation by podman. Ansible Runner has an ability to run
ansible-playbook
in isolated environment (means running it in Podman container), so in this case EE container is created by Ansible Runner. - Running jobs on Container Groups* means that AWX requests to remote Ansible Runner to run playbook locally. Receptor has an ability to create Pod with custom specification on Kubernetes cluster, so in this case EE container that run Ansible Runner is created by Receptor (
kubernetes-runtime-auth
worktype orkubernetes-incluster-auth
worktype).
If you have further insterest, my blog article may helps you (sorry it is in Japanese, so please use some translator): https://blog.kurokobo.com/archives/4847
Or ask further questions on the forum: https://forum.ansible.com/
from awx.
It would be appropriate to improve the error message, perhaps in an enhancement request on the Receptor side.
from awx.
as @kurokobo mentioned, container groups are designed to achieve running jobs on remote k8s clusters
AWX expects execution node to have a work-command
called ansible-runner
for health checks
but when running jobs, AWX also uses this same work command. So even if you have a proper kubeit
work-kubernetes setup in the config, AWX is not going to utilize it sadly. That would require a bit of changes in AWX to get that working.
Is there a use case for this that container groups doesn't cover?
from awx.
Thank you for the detailed response! I understand a lot better now what this is doing under the hood
I'll be checking out the AWXMeshIngress and Container Groups feature today and tomorrow and I'll get back to you for if this covers our usecase.
from awx.
Related Issues (20)
- Unable to specify empty value for credential (multiple modules)
- Unable to specify empty value for execution_environment (ansible.controller.inventory_source)
- No ability to specify null values for source_project (ansible.controller.inventory_source)
- Inventory and Host modules are not idempotent in --check mode HOT 4
- Modules that take password are not idempotent in --check mode HOT 2
- Unformatted help text is popped out when peers for intances are changed HOT 6
- Large netbox dynamic inventory ouput doesn't allow sync hosts HOT 2
- When job is running, selected EE is not visible in the UI, it appears only after it finishes HOT 8
- Is there a way to get the awx user info in the launch job vars? HOT 1
- Atomic on provision_instance masks errors HOT 2
- Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. HOT 1
- AWX Jobs Failing with "Task was canceled due to receiving a shutdown signal." HOT 2
- fork (for job adhoc command) start with high value (512) and finish with default value of 5 HOT 2
- Add `/api/v2/` link to service-index navigation view
- Error on project update since 23.9.0 ("No file was found when using first_found." on "Fetch galaxy roles and collections from requirements") HOT 12
- Add docker DNS resolver configuration option HOT 2
- [DOCS] Add terraform inventory source to Inventories chapter of Userguide HOT 4
- Allow Vault Credentials for Project SCM Type Inventories to process inventory plugin parameters HOT 1
- Postpone "Last Login" update
- AWX Community Meeting Agenda - March 2024 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awx.