 So, let's get right into it. All of the stuff that I'm showing today is all the commands are available here at this URL. I'll go ahead and just paste this into the chat as well here. And that way you can follow along and please do ask questions as we go. That way we can try to get them answered and you can probably do this along with me. Our agenda today, we are going to set up an on-premise galaxy. We're going to do this with a user interface and without a user interface. We're going to sync some collections and roles from galaxy.ansible.com. We're going to install those collections and roles using the command line interface. That's the Ansible Galaxy command line interface. And we're going to upload collections using that same CLI and we're going to organize some content and repositories. So, before we get into it, the software that we're going to use today, there's two of them. One of them is Galaxy NG. Galaxy, this stands for Next Generation. It's the next version of Galaxy. Galaxy runs right now at galaxy.ansible.com. This version does not run at that website today. And Galaxy NG is a fork and rewrite of the original code that does run at that website. It has a user interface. It is developed by the same team that runs galaxy.ansible.com. It only has collection support and it is GPLv2. As Sear has, there are interesting questions in the chat because I won't be looking at it. Please just interrupt me and call them out if you wouldn't mind. The second piece of software is Pulp Ansible. You can see it's available here. And this is the back end of Galaxy NG. It has an API and its own command line interface only. It does not have a UI. It has collection and role support and it is GPLv2. So, why don't we go ahead and deploy Galaxy NG? So, to do that, you're going to want to pull down the container. I'm using Podman. You can use Podman or Docker. And I'm actually going to actually copy the commands out of here because if I copy them out of the other place, it doesn't work so good. So, here we go. Yeah, this is right. So, I'm going to Podman pull the container down. I've already fetched it, so I already had all the layers here. And next, we're actually, I think I'm just going to present from here. So, just be easier for everyone. So, next we're going to create some settings files. So, to run these containers, you need some settings. You need a couple of directories. And so someplace on your file system, I'm doing my demo out of here. I'm going to run these three commands and it just makes a folder, it makes a folder and then some subfolders. And then we're going to put in a settings file. It doesn't need very many settings in the settings file, but it does need a few. And so, you can read more about the settings in the documentation. So, now we have a settings file. You can see that here. And now that we have a settings file, we're ready to start the container. I have two examples here. One's with SC Linux and the other is without SC Linux. And I'm running SC Linux. So, I'm going to use this one. And this is a Podman run. This just runs the container that we downloaded. And at this point, the next thing you want to do is load some initial data. So, Galaxy and G expects some things in the database. And right now the way that's loaded is by loading it as a fixture. And so what these three commands do is they just populate the database with some data. This data is required. So, you can do this. You can see while we're loading at these URLs if that's interesting. So, it's loading it right now. Okay, it installed those 21 things into the database. And the last thing we're going to do before we start really looking into it is set the admin password. So, the default username is admin and I'm going to set the password password. Okay, so at this point we are good to actually take a look at what we have started here. And this is the, this is at the URL localhost 8080, which is the port that I started this container on. And I'm going to put in admin and password because I just said that. And here you can see this is what the user interface looks like. So, a couple of things I want to just show you around just a little bit here. Galaxy and G has a notion of repositories and it has three of them. There's the published repository. This is for collections because it only supports collections. This is for collections that are uploaded. So, we'll see uploaded stuff right here. Red Hat certified. This is for content that was pulled in from cloud or redhat.com. We're not going to be demoing that today, but if you bring in certified content, it will land here and community. And this is where content that comes down from ansible.galaxy.com lands. So, if you look through these you'll see that there's there's no content in this installation right now in any of these areas. So, the other area is in repo management. This is a pretty important area. You can see there's the community and published and have certified area along with some other staging and rejected stuff that we'll talk about in a little bit. And I want to draw your attention to this remote section up here. So, remotes is how you sync in content from cloud from galaxy dot ansible.com. I'm going to do that here with the community remote. And so, yeah, so I'm going through this use galaxy and G section here. I want to also show the logs you can use podman logs command here to show the logs. I'm going to do that over here. So, maybe this is a little smaller. So, these are the logs so we can see stuff happening as we use it. So, what we have here is we have, let's say that we this ansible galaxy. The command line interface uses requirements files in order to fetch and specify what should be fetched from other places like galaxy dot ansible.com. And so the tooling here uses that same data. So for example, this is a requirements file that will install the pulp installer, which is happens to be a question, and also the ansible POSIX collection. So these are any collections that you can find out on galaxy dot ansible.com. So like anything that's out, anything that's out here, for example, you can put them in a requirements file, and then you can go into galaxy and G and you can go to edit in the community area, and you can give it a requirements file. And I already have that same example I just showed you here stored as basic.yaml. So, why don't we give it that file, and then we're going to tell it to sync. And you can see on the logs that it's doing some things. There it goes. So it's fetching. It's actually pulling down a lot of content from galaxy dot ansible.com. And you can see here that it is completed. And so since we've synced in this content, what we can do is we can go to the community area here. And oh look, here's the content that we brought in. So we've just successfully synced some content from a public source. There's a few gotchas that I just want to call out. It does not currently provide dependency resolution so you need to make sure that like so for instance, the pulp installer actually depends on this other collection. But because there's no automatic dependency resolution, I need to also include that second collection here in the actual requirements file. So just make sure that your requirements file includes what you want but also the dependencies of what you want. Also, every time you sync it overwrites the previous content in there. So if I replaced it with a requirements file like this that syncs something totally different. If you want to sync and reload this page, these would be gone and it would be replaced by whatever's there. So if you want more, you should add it to what's already there in your requirements file and if you want less, you should remove it because it overwrites previous content. So you should not have a, when you use the Ansible to Galaxy CLI it's made to look for a net RC file so don't have a net RC file. When you're trying to use a CLI with galaxy and G in terms of fetching and pushing content to it so I'm going to take my own advice here and actually remove my net RC. So I'm going to go back up to restore this later so don't have a net RC file that's that's my tip for you. Okay, so let's configure the galaxy CLI because bringing content into galaxy and G is only helpful if we can then distribute that through our organization. So to do this, you connect a CLI to a particular repository so if you want to publish content you can add to that if you want certified content you can add to that. In this case, there are 74 items in the community repository. And so under CLI configuration here there's a this is a copy. Actually, I think it's because I'm zoomed in it's not going to like that. Yeah, so I copy this to the clipboard. And what I do you can configure this system wide or a lot of different ways. So what I'm going to do is edit this ansible CFG file here. This is just a normal CLI config file, and I'm just pasting in what I just copied and you can see it's pointing the CLI at my container. And notice it needs a token, you have to have a token order to receive content, because that content is protected. And so let's go get a token, you do that with the API token area here, load token, it'll only show this to you once. So, and you can just load more, and it removes the other ones and gives you the new ones so I just copied this token. And I'm going to go ahead and put it in this computer here. Okay, so our CLI is now connected effectively to this repository. And we're going to go back to our notes. And we're going to install content from that we just sink down so we'll install this pulp underscore installer collection. And we'll do that with a command like this. And then we go to collection install. So that's pretty typical dash P slash this says just do it in the local current directory just to keep it simple. And I'm telling it what to install. So let me go run this command. Okay, it installed that it also installed the dependency. And if you look here in Ansible collections. You can see that the collection was indeed installed here along with the Ansible POSIX one. So that's how you install content so you can have this connected to a lot of machines and you can control what's in the repository and available and then you can distribute that content to a lot of places in this way. You can also upload content directly from the user interface. So for this, you want to have a any kind of collection, a pre built collection, and you can go on galaxy.antsible.com and download them. You can also make your own with the Ansible Galaxy build command. So in either case you want to have a built collection. And so I'm going to use this collection demo one as my demo collection. And I already have it saved here. So I already have this built collection locally. Now what you need to do is you need to create a namespace for it. I think this part's a little confusing, but it is the current state of things. So this is the namespace and this is the name of the collection. So what I need is to make a namespace called new swine or D so that I can then upload this collection into it. Over in Galaxy NG, go into my namespaces, creating a namespace. And from here, I can then upload a collection using this button right up here. And indeed, if I give it the new swine or D collection, the business namespace new swine or D collection demos the name of the collection upload. So this goes through an import process which runs a bunch of linking checks and a variety of other checks that it does on content. It's showing us a bunch of scary red stuff here, but that's because there are just some quality problems with this particular item that I've uploaded. The thing that I want to really call out is that it does reach a green done here. Some exceptions are fatal and it just will not import that content. But in this case, even with all the red, it did import this content. So you might expect because it's uploaded that it'll be here in the published area. Oh wait, it's not here. And that's because by default, Galaxy NG has an approval process for all things that are uploaded. And so it goes down to this approval area. And it says, oh, we have something for review. It's version 1.0.10. It needs review. I can look at the import logs. I could reject the collection. I could approve the collection. So this is a way for some group of people in your organization to review what's being uploaded and make sure that it's safe to be distributed through this, through Galaxy NG. In this case, I will approve it. And there are now no more approvals. And if you look here at the published area, you'll see the collection demo is now available. If I hook the CLI up to this repository, because this is in the published area. So over here you can see there's one item available. Then I could install this one just the same. So that is how you upload and promote and approve content. The approval workflow is optional. And you can go back to that settings file we made in the beginning and just turn it off if you want. And there are docs about doing that. The last thing I want to show for Galaxy NG is it has to do with users and groups and permissions. And so one of the things that it has, it's pretty great, is this notion of users and groups. Right now, these are only built-in users. There's been discussion and definitely requests to have this connected to something like LDAP. That's on the roadmap, but it is currently not available. You can create more users here. But the really important thing, I think, is that say that we made a new group. So for this group, which we can put multiple users into, we can edit the permissions. And this says, oh, I can add, change, or upload to a namespace. Or I can modify the content that's contained in these repositories. Or I can change users and groups, or I can change what's on the remote. These are the settings that we configured early on. I can change what's on the remote or I can not change what's on the remote. And this is great because you probably want to have a lot of users who are able to consume content. You want to have some collections that is, you want to have some users probably who are able to upload collections. For example, you know, they can actually upload into a namespace. And you probably want to have some users who are just able to approve and make those changes. So this permissions model is pretty strong. It also has a little bit more work to do, I think, but this is how you use permissions in Galaxy NG. So you can also use, you can also upload content to Galaxy NG directly from the command line interface. And you do that with the AnsibleGalaxyCollectionPublish command. You have to have that CLI configured, just like we did earlier, and have another collection to upload a built collection. I'm not going to demo that just for the sake of time, but I will stop to look to see if there are any questions. Okay, I don't see any. And so that is the Galaxy NG portion of the talk. Feel free to ask any questions at any point. But at this point, what we want to do is we want to go and deploy Pulp Ansible. So this is the second piece of software. Pulp Ansible is the back end for Galaxy NG, like we said. And you can do that with by pulling down the Pulp Pulp container. So let's go ahead and do that. Meanwhile, I'm going to go ahead and just remove, stop my other container because I want to reuse that port. Okay, yeah, so I just stopped the Galaxy NG just because I wanted to use the same port again. But you can run them together at the same time if you want. Okay, so this was the Podman Pulp Pulp. This is a Sentos 8 based container, and it's got Pulp Ansible contained inside of it. So why don't we go ahead and we're going to do a very similar thing. We're going to make some directories and then we're going to make a settings file. It's almost the same as the other one. So let's do that. So that's our, those are our little folders. And this is our settings file. And here, now we have settings file. Let's go ahead and start that container. So we'll do that here with the ESC Linux version. You can use either one that you want. That's great. We do not need to populate this with initial data because Pulp Ansible doesn't need that. It's just an empty thing when you start it. But we do need to set the password. So let's go ahead and set the password again. I'm setting this to password. The admin user name is admin. And the next thing that we're going to do in order to interact well with because Pulp Ansible is an API and if you wanted to use the API request by request, it could be a little cumbersome. So there's a really great tool called Pulp CLI. And so let's go ahead and get Pulp CLI working. You can just pip install Pulp CLI. It's really simple. And I have already done that here. So you can see I'm running Pulp CLI version 040. And it's contained inside this virtual app here. You can also install a system like that's up to you. So you need a config file. So you can use the Pulp config create command, which I'm going to see if I can attempt to copy here. I already have one just for the purposes of this demo, I will overwrite that. So then we're going to edit that config, because what we need to do is make sure that this is pointing to our container. It's HTTP is the way you talk to this container for now. That's something that we definitely want to improve. Normal non containerized installations of Pulp run on HTTPS. So that's something that's important for us to fix. But it's important if you want to get it working right now to make it HTTP local host port 8080. That's my container port and username admin password admin. So those are the values that I just set. So at this point Pulp CLI is installed and configured. Let's just pull up the the Pulp logs here just so we can see what's going on. We'll do that here. Great. So these are the running logs tailing from the container running Pulp Ansible. And next we're going to run a Pulp status. This Pulp command is the CLI command itself. So I'm telling the CLI inspect the status of this container that we just connected it to. So this long kind of Jsonny output, basically saying that everything's fine. And that's just a normal reasonable way to check if everything is good between the CLI and the container you're talking to. I have, I think maybe five, maybe 10 minutes. I'm not entirely clear. So I will try to get through this part of the content and then we'll have some questions. So Pulp Ansible organizes content in repositories. So the first thing that we want to do is create a repository and I'm going to name this repository my repo. So that is done you can see my repo has been made. And you can use the list command for a lot of these options to list out what was just made. So that's something you can do. Then I'm going to create a remote. So this is just like the remote that we saw configured to the user interface of Galaxy NG. So this is a requirements file only this is a path to the requirements file. And it takes a collection type remote because Pulp Ansible can sync and support collections animals. We're going to be creating that remote. We're going to name it basic because that's just the name that I'm choosing. We're going to be syncing it from galaxy.ansible.com. And we're going to be giving it this requirements file the same one that we had before. So it creates the remote. You can see the requirements file contents are here again it's Pulp installer and Ansible POSIX these are the collections that we wanted to sync. But we haven't actually synced anything yet. So we'll come back to that in a second. What we need to do next is create what's called a distribution and a distribution is what makes a repository available at a particular URL. And the URL is called the base path. And it's foo and you'll see this a little bit later when we actually look at the contents after we sync them in this repository. So just to go through this command, it says Pulp that's the CLI Ansible distribution that's the thing that we're going to create. We're going to call it my distro it's just the name. And we're going to associate that distro with the repository my repo and this is what we made a few steps earlier up here. So let's go ahead and do that. And it created the distribution so that's great. And at this point, we can you can actually see the distribution. And if you look at this URL, the thing I need to tell you is that there is a bug in this particular version, which if there is no content it gives you this error. And so when we fix that by you will be able to see the content. But there's nothing in it so it's not really that interesting to see what we are going to do is put some content into it now. And we will do this by telling the repository to sync. And we will say, sync the repository my repo with the remote basic. Let's do that. Asir what's my cutoff time. Perfect. Okay, perfect. That's great. Perfect. So we have performed that sync. If you can just let me know maybe three to five minutes before we're out of time that would be great. So we have just performed this sync again using we're thinking into the repository my repo we're thinking using the remote basic and this is what defines earlier what we want to sync. And now if we go back to this URL that wasn't working. We can see that it did indeed bring down those two collections and you can see their details here this is the Ansible POSIX collections is the pulp installer collection. And that's, that's a great thing. So, now kind of similar to what we did on with the user interface now that we've synced down some content into the container we want to be able to use the the Ansible Galaxy CLI to install that content. So the way to do this is to use the, what I like to do is use the list of distributions so remember a distribution is what it's poses content at a particular URL. And if you do this, you will see that there's this attribute on a called client URL. And this is the attribute that you want to give to your CLI that tells it how to talk to this particular repository so you have multiple repositories made available by one or more distributions and you hook your CLI is up to them. So this foo portion of the URL here this corresponds with the base path that we used earlier when we made the distribution right here. So if you have more distributions this is basically how you namespace them. So after determining where you want to what you want to connect your CLI to, for example with this client URL shown by distribution list, you probably want you can run this install command here directly. We're going to say Ansible Galaxy collection install. Use this dash s is a convenient way on the command line just to point it at this without having to deal with any config files dash p slash this is dot slash this is saying install it right here in this folder just makes it convenient for me. And we're going to we're going to actually install this the PULP installer. The same thing we did on the galaxy and G side this is just confusing Ansible Galaxy CLI with PULP Ansible directly. So one thing I do want to do here is remove my Ansible collections, because I want it gone because I'm going to attempt to reinstall it now so you can see it's gone. And perform the install. And it installed both PULP installer and the dependency Ansible positives, you can see them once again here. So this is how you can use a CLI to install content from your PULP Ansible container. You can also upload content so this is kind of similar to what we did with the galaxy and G side only now with PULP Ansible. Once again, you want to make sure that you know where you're uploading to the distribution list is a great way to see that and you want to have a tarball. So we're going to again use the new swine or D collection which I already have saved here. And again, this could be a collection that you've built yourself from your own code that you didn't feel comfortable publishing to galaxy dot Ansible.com. And you upload it with a command like this. So this says Ansible Galaxy collection publish and then where to publish it. Okay, here, you can see this has the dash, the food on the end of it. And then just the path to the collection that we're publishing. Now, perfect, perfect. Well, so with that, then I'm going to kind of breeze through the rest of this content without actually fully demoing it. All the commands are here, you can run through them as you wish but I think it's important that we kind of cover all the area. So you can upload content using the CLI. So it's great. Directly into pulp Ansible. But I think we should talk about role content role content is really important because it's the most part of the majority of content that's out there so all the same things that we just saw with roles you can do with collections you can do with roles to and I want to point out that if you look on it doesn't have a requirements file. And so when you make a remote you actually give it you actually give it a URL. See this command pulp Ansible remote dash t roll that says I'm going to make a remote to sync roles and dash dash URL and this single thing has a lot of information in it is the thing I really need to tell you. So if you go to galaxy danceable.com. You can give you could literally give it this URL, and it would literally mirror all 2666 pages worth of roles, or you can give it these argument parameters and restrict more closely what you would like to sync. So play around with the API that's available here to determine what you would like to sync and then give that command to give that command to the remote in pulp Ansible and it will sync it and you can use this actually mirror all a galaxy if you want to. Similarly, you can upload. No, you can actually the CLI itself doesn't support upload so that's why we don't support that but you can install content from pulp Ansible role content that is, you can also hook a sale have to a permanently. The last thing to last two things I want to say, there's all these docs on copying collections and roles in between repositories and this is a great way to create automated workflows to organize your content. You can use this, but these are the calls that you would make. And the last thing I want to say is, if you'd like any help with this, please reach out to these mailing lists, where you can come visit pulp on a free node, and come file bugs and ask questions or goals to make this as easy as possible. So, also if you have any feedback for me, you can email me here.