Build Red Hat OpenStack VMware Migration Toolkit Execution Environment with Ansible Builder

Installation on Bastion Host

To install ansible-builder on the bastion host:

sudo dnf install ansible-builder -y

Using Private Automation Hub

For complete information on managing certification-validated content, see: https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/managing_automation_content/managing-cert-valid-content

Creating the Offline Token in Automation Hub

Procedure

Navigate to Ansible Automation Platform on the Red Hat Hybrid Cloud Console at https://console.redhat.com/ansible/automation-hub/token/

  1. From the navigation panel, select Automation HubConnect to Hub

  2. Under Offline token, click Load Token

  3. Click the Copy to clipboard icon to copy the offline token

  4. Paste the token into a file and store in a secure location

Example Token (Sample)
eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0NzQzYTkzMC03YmJiLTRkZGQtOTgzMS00ODcxNGRlZDc0YjUifQ.eyJpYXQiOjE3NTg2MTI2ODAsImp0aSI6ImIzZGE2YzVhLWEwZDEtNDQzNC1iNWE5LWJhZTJjYWZlNDY1MSIsImlzcyI6Imh0dHBzOi8vc3NvLnJlZGhhdC5jb20vYXV0aC9yZWFsbXMvcmVkaGF0LWV4dGVybmFsIiwiYXVkIjoiaHR0cHM6Ly9zc28ucmVkaGF0LmNvbS9hdXRoL3JlYWxtcy9yZWRoYXQtZXh0ZXJuYWwiLCJzdWIiOiI3MjQ0NjQ1IiwidHlwIjoiT2ZmbGluZSIsImF6cCI6ImNsb3VkLXNlcnZpY2VzIiwibm9uY2UiOiI2NTQxZDExMC1mNGY3LTQ3OWUtODA3NS0yNzY4MGY4NmU3MTEiLCJzaWQiOiI4YjVkOGM2Mi1iNDRkLTQ0NTQtODMxMS1iMzNjZDgyNWZjNDAiLCJzY29wZSI6Im9wZW5pZCBhcGkuY29uc29sZSBiYXNpYyBhcGkuaWFtLnNlcnZpY2VfYWNjb3VudHMgcm9sZXMgd2ViLW9yaWdpbnMgY2xpZW50X3R5cGUucHJlX2tjMjUgYXBpLmFza19yZWRfaGF0IG9mZmxpbmVfYWNjZXNzIn0.KDTfApEOcT5WrrWU8cCvambPhslQThKsZsh_eCDnH_-lBs-uF80gAe32A4vBXIdrLJDNSqwfsB-Lx1nZr5x2aQ
Never share or expose your actual authentication tokens. The token above is a sample for reference only.

Creating Execution Environments

For detailed information on creating and using execution environments, see: https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/creating_and_using_execution_environments/assembly-using-builder

Execution Environment Configuration

In the bastion, create the main execution environment configuration file:

execution-environment.yml
cat << EOF > execution-environment.yml
---
version: 3

images:
  base_image:
    name: registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel9:latest

options:
  package_manager_path: /usr/bin/microdnf

dependencies:
  ansible_runner:
    package_pip: ansible-runner
  ansible_core:
    package_pip: ansible-core
  python: requirements.txt
  system: binddep.txt
  galaxy: requirements.yml
  python_interpreter:
    package_system: "python3"
    python_path: "/usr/bin/python3.11"
additional_build_steps:
  prepend_base:
    - "RUN mkdir -p /etc/sudoers.d"
    - "RUN echo 'cloud-user ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud-user"
EOF

Python Requirements

In the bastion, create the Python dependencies file:

requirements.txt
cat << EOF > requirements.txt
requests
pyVim
pyVmomi
EOF

Ansible Collections Requirements

In the bastion, create the Ansible collections requirements file:

requirements.yml
cat << EOF > requirements.yml
collections:
  - name: vmware.vmware
    version: 2.4.0
  - name: vmware.vmware_rest
    version: 4.9.0
  - name: os_migrate.vmware_migration_kit
    version: ">1.0.0"
EOF

System Dependencies

In the bastion, create the system package dependencies file:

binddep.txt
cat << EOF > binddep.txt
openssh-clients
sshpass
python3
python3-pip
python3-dnf
rsync
gcc
python3-devel
git
EOF

Creating ansible.cfg

In the bastion, create the configuration file:

ansible.cfg (Public Hub)
cat << EOF > ansible.cfg
[galaxy]
server_list = automation_hub

[galaxy_server.automation_hub]
url=https://console.redhat.com/api/automation-hub/content/published/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=
EOF

Authenticate to registry.redhat.io

podman login registry.redhat.io

Building the Execution Environment

To build the execution environment with a custom tag:

ansible-builder build --tag rhospvmt-ee:latest

Pushing to Container Registry

First, push your execution environment to a container registry that your AAP can access:

Push to AAP’s Internal Registry

In this lab, we will push the execution environment to the AAP’s internal registry.

# Tag your current image for AAP internal registry
podman tag localhost/rhospvmt-ee:latest \
  aap-aap.apps.cluster-my-guid.dynamic.redhatworkshops.io/rhospvmt-ee:latest

Log in to the AAP’s internal registry using the admin credentials and password: {aap_controller_admin_password}

# Log in to AAP registry using admin credentials
podman login aap-aap.apps.cluster-my-guid.dynamic.redhatworkshops.io -u admin -p {aap_controller_admin_password}
# Push to registry
podman push aap-aap.apps.cluster-my-guid.dynamic.redhatworkshops.io/rhospvmt-ee:latest

Push to OCP Container Registry

Another option is to push the execution environment to the OCP container registry.

Ensure the default route is enabled and accessible.

oc patch configs.imageregistry.operator.openshift.io/cluster \
  --type merge -p '{"spec":{"defaultRoute":true}}'

Get the default route hostname

REG_ROUTE=$(oc get route default-route -n openshift-image-registry -o jsonpath='{.spec.host}')

In the OpenShift web console: click your username (top right) → Copy login command → Display Token → copy the oc login command. Paste the command into the bastion and execute it.

Podman login to the OCP container registry:

podman login $REG_ROUTE \
  -u $(oc whoami) \
  -p $(oc whoami -t)

Tag the execution environment:

podman tag rhospvmt-ee:latest $REG_ROUTE/aap/rhospvmt-ee:latest

Push the execution environment to the OCP container registry:

podman push --tls-verify=false $REG_ROUTE/aap/rhospvmt-ee:latest

Your execution environment URL is:

default-route-openshift-image-registry.apps.cluster-my-guid.dynamic.redhatworkshops.io/aap/rhospvmt-ee:latest

Using AAP UI to Create Execution Environment

After pushing your execution environment to the AAP registry, you can easily configure it for use in the controller through the AAP web interface.

Step 1: Access Automation Content

  1. Log into your AAP web interface

  2. Navigate to Automation ContentExecution Environments

  3. You should see your pushed execution environment listed (e.g., rhospvmt-ee)

Step 2: Use in Controller

  1. Locate your execution environment in the list

  2. Click the three vertical dots (⋮) menu next to your execution environment

  3. Select Use in Controller

  4. You will be redirected to the execution environment creation page with the following fields:

    • Name: VMware Migration toolkit execution environment

    • Image: This field is pre-filled with your pushed EE image path

    • Description: Optional description field

  5. Click Create Execution Environment to complete the configuration

Step 3: Verify Configuration

After clicking "Create Execution Environment":

  1. You will be automatically redirected to Automation ExecutionInfrastructureExecution Environments.

  2. Verify your execution environment appears in the list with:

    • Name: VMware Migration toolkit execution environment

    • Image: Full registry path to your pushed image

    • Status: Should show as available

The execution environment is now available in the AAP controller and can be used to run migration playbooks.