adding ansible playbook pieces

Signed-off-by: greg pereira <[email protected]>

.github/workflows/ai-lab-remote-rhel-build.yaml

@@ -20,8 +20,11 @@ env:
   TF_VAR_ami_id: ${{ secrets.AMI_ID }}
 
 jobs:
-  ai-lab-podman-remote:
+  rhel9-milvus:
     runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      max-parallel: 1
     steps:
         - name: Setup Terraform
           uses: hashicorp/[email protected]
@@ -39,20 +42,55 @@ jobs:
 
         - name: Terraform Apply
           run: terraform apply -auto-approve
+
+        - name: Set up Python
+          uses: actions/[email protected]
+          with:
+            python-version: '3.11'
 
-        - name: Terraform Output
-          id: terraform-output
+        - name: Install Ansible
           run: |
-            echo "id=$(terraform output id | xargs)" >> $GITHUB_OUTPUT
-            echo "url=$(terraform output host | xargs)" >> $GITHUB_OUTPUT
-            echo "ssh_public_key=$(terraform output ssh_public_key | xargs)" >> $GITHUB_OUTPUT
-            echo "pem_filename=$(terraform output pem_filename | xargs)" >> $GITHUB_OUTPUT
+            python3 -m pip install --upgrade pip
+            pip install ansible
+
+        - name: Ansible Collections
+          working-directory: build/ci/rhel-ansible
+          run: ansible-galaxy install -r requirements.yaml
 
-        - name: Install podman remote
+        - name: Install jq and build inventory
           run: |
-            sudo apt-get install -y podman podman-remote
             sudo apt-get install -y jq
+            PUBLIC_IP=$(terraform output -json | jq -r '.public_ip.value')
+            # PUBLIC_IP=$(terraform output -json | jq -r '.public_ip.value' | cut -d "\"" -f 2)
+            echo "public_ip=$PUBLIC_IP" >> $GITHUB_OUTPUT
+            echo "[test_environments]" > build/ci/rhel-ansible/inventory.ini
+            echo "test_environment_host ansible_host=${PUBLIC_IP}" >> build/ci/rhel-ansible/inventory.ini
+            cat build/ci/rhel-ansible/inventory.ini
+
+        - name: Provision
+          working-directory: build/ci/rhel-ansible
+          run: |
+            ansible-playbook playbook.yaml \
+              -i inventory.ini \
+              --private-key=/home/runner/.ssh/id_rsa
+              # -i inventory.ini \
+              # --private-key=$HOME/.ssh/id_rsa \
+              # --extra-vars "registry_user=${{ secrets.REGISTRY_USER }}" \
+              # --extra-vars "registry_pass=${{ secrets.REGISTRY_PASS }}" \
+              # --extra-vars "subman_user=${{ secrets.SUBMAN_USER }}" \
+              # --extra-vars "subman_pass=${{ secrets.SUBMAN_PASS }}"
+
+        - name: Setup tmate session
+          if: ${{ failure() }}
+          uses: mxschmitt/[email protected]
+          timeout-minutes: 10
+          with:
+            detached: false
+            limit-access-to-actor: true
 
         - name: Terraform Destroy
           if: always()
           run: terraform destroy -auto-approve
+
+        - name: Wait for 30 seconds for destroy to work
+          run: sleep 30

build/ci/rhel-ansible/ansible.cfg

@@ -0,0 +1,4 @@
+[ssh_connection]
+ssh_common_args = -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ;
+[defaults]
+host_key_checking = False

build/ci/rhel-ansible/playbook.yaml

@@ -0,0 +1,95 @@
+---
+- name: Building rhel9-milvus
+  hosts: test_environments
+  remote_user: ec2-user
+  become: true
+  gather_facts: false
+
+  tasks:
+
+  - name: Wait until the instance is ready
+    ansible.builtin.wait_for_connection:
+    delay: 15
+    timeout: 180
+
+  - name: Gather facts for first time
+    ansible.builtin.setup:
+
+  - name: Required packages
+    ansible.builtin.dnf:
+      name:
+      - docker
+      state: present
+      disable_gpg_check: true
+
+  - name: Log in to DockerHub
+    community.docker.docker_login:
+      username: "{{ registry_user }}"
+      password: "{{ registry_pass }}"
+      registry: quay.io
+
+  - name: Register to subscription manager
+    ansible.builtin.shell: |
+      subscription-manager register --username "{{ subman_user }}" --password "{{ subman_pass }}"
+    
+
+  - name: Build the Bootc Image
+    async: 1000
+    poll: 0
+    register: build_result
+    ansible.builtin.shell: |
+      podman build . \
+        -f /tmp/Containerfile \
+        -t quay.io/ai-lab/derived_image:latest \
+        --build-arg "sshpubkey={{ ssh_public_key }}" \
+        --authfile=/etc/containers/auth.json \
+        --pull=never > /tmp/build.log 2>&1
+
+        # --retry=5 \
+        # --retry-delay=15
+
+  - name: Check on Build Bootc Image
+    async_status:
+      jid: "{{ build_result.ansible_job_id }}"
+    register: job_result
+    until: job_result.finished
+    retries: 100
+    delay: 10
+
+  - name: Install the Bootc Image
+    async: 1000
+    poll: 0
+    register: install_result
+    ansible.builtin.shell: |
+      podman run \
+        --authfile=/etc/containers/auth.json \
+        --privileged \
+        --pid=host \
+        --pull=never \
+        --rm \
+        --security-opt label=type:unconfined_t \
+        -v /:/target \
+        -v /var/lib/containers:/var/lib/containers quay.io/ai-lab/derived_image:latest \
+        bootc install to-existing-root --karg=console=ttyS0,115200n8 --karg=systemd.journald.forward_to_console=1
+
+        # --retry=5 \
+        # --retry-delay=15 \
+
+  - name: Check on Install Bootc Image
+    async_status:
+      jid: "{{ install_result.ansible_job_id }}"
+    register: job_result
+    until: job_result.finished
+    retries: 100
+    delay: 10
+
+  - name: Remove the host from the known_host file
+    ansible.builtin.known_hosts:
+      name: "{{ inventory_hostname }}"
+      state: absent
+    delegate_to: localhost
+
+  - name: Reboot
+    ansible.builtin.shell: systemctl reboot
+    ignore_errors: true
+    ignore_unreachable: true

build/ci/rhel-ansible/requirements.yaml

@@ -0,0 +1,3 @@
+---
+collections:
+  - name: community.docker