Why ansible-core depends on ansible in Nixpkgs?

Yajo · January 18, 2023, 10:59am

As seen here and here, the Ansible Core package depends on Ansible.

This is weird, because it is generally expected to be the other way around. Ansible is supposed to be a distribution of Ansible Core + official collections. But with NixOS, those collections are always available for Ansible Core. That was unexpected to me.

I’ve searched through blame and found how this happened, but couldn’t find why. I’m curious…

CC @hexa

hexa · January 19, 2023, 12:28pm

Because the collections would need to be installed into the same python environment that ansible-core exists in, or the libraries will not be found.

If both packages where entirely separate this would not work, and I think users would be surprised:

{ pkgs
, ...
}:
{
  environment.systemPackages = with pkgs; [
    ansible # or python3Packages.ansible-core
    python3Packages.ansible-collection
  ];
}

Instead you’d have to override ansible-core like this to inject the collections package.

{
  nixpkgs.overlays = [
    (self: super: {
      ansible = python3.pkgs.ansible-core.overridePythonAttrs (oldAttrs: {
        propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [
          python3.pkgs.ansible-collections # plus potential overrides on the collections package
        ];
      });
    })
  ];
}

This isn’t really discoverable for users, so I made the swap.

In general ansible in nixpkgs needs more maintenanence, since it should probably accept all kinds of collections, which I’m not sure it currently does.

Yajo · January 19, 2023, 7:29pm

The code you wrote is what I was expecting to see in nixpkgs: one ansible-core derivation, and another ansible derivation which just does the thing you did in the overlay. It can be done without an overlay, right?

The complicated part is that sometimes collections are not python packages, but are installed through Ansible Galaxy instead. And there are roles which equally are supposed to be installed like that too, but have a slightly different logic.

IMHO it would make sense to have something like ansible-core.withCollections, ansible-core.withRoles and ansible.withPackages (which would be basically python3.withPackages). I guess all of them should be chainable.

Any idea how that could be done?

hexa · January 20, 2023, 2:46pm

I removed myself from ansible maintenance, because I couldn’t find time to deal with that.

For work I now use direnv, a shell.nix with a shellHook managing the environment with pip (requirements.txt) as well as ansible-collection (requirements.yml), which draws a bridge to a setup that my colleagues can also use.

It’s not ideal, but here I am.

Yajo · January 24, 2023, 12:11pm

I just launched Moduon / Ansible Nix Bundler · GitLab as a prototype. Seems to work for now.