Story #2345

Feature Request: Add support for private Ansible Galaxy in Pulp

Added by jchristi almost 4 years ago. Updated over 1 year ago.

Start date:
Due date:
% Done:


Estimated time:
Platform Release:
Sprint Candidate:
Pulp 2


User Story
As a pulp user, I would like to be able to host a private instance of Ansible Galaxy with Pulp so that my organization can share and reuse Ansible roles across teams without having to use the public (ie, if our code contains sensitive information, or organization-specific stuff, etc).

User role
Administrator of Pulp installation or Ansible playbook developer or similar sysadmin/developer/devops/IT role.

An IT organization that makes use of configuration management, deployment orchestration, and/or automated provision with Ansible may have certain parts of their Ansible code that they want to share across teams but do not want to distribute publicly on (ie. security, privacy, IP concerns, not useful outside organization, etc). While use of git repositories provides a basic means of sharing code, it is not as elegant as a package manager like Ansible's galaxy (similar to Puppet's puppet forge, Python's pip, Ruby's rubygems, and NodeJS's npm), which allows for project dependencies to be defined and packaged in a standard way so that they can be easily downloaded and used without having to include the packages themselves in the project source code. Fine grained dependency management is obtained by versioning of packages and specifying which versions of those packages to use in a dependent project. An IT organization desiring this capability for Ansible roles may already make use of Pulp for package management for other technologies (RPM, Puppet, Python, etc) and could re-use their existing infrastructure to accomplish the same functionality for Ansible.

There are two main functionalities: (1) a completely private repository and (2) a mirror of Ansible galaxy similar to the puppet forge mirror functionality currently in Pulp. The two probably need to be implemented together so that a single URL can be provided to ansible-galaxy CLI as the location to fetch packages (roles) from.

Now that Ansible Galaxy is open source this greatly increases the ease of implementation for integration into Pulp.

One potential issue is that ansible galaxy currently appears to depend on use of as the storage mechanism for ansible roles (verification needed). This raises the question of should Pulp become the storage mechanism or should it mimic current functionality of acting only as a front-end to a separate back-end git repository. It seems like galaxy does not do much heavy lifting itself, choosing to rely on ansible-galaxy CLI for dependency resolution and and git for storage and version tagging,

Note: It is entirely possible that the use of a front-end is really superfluous since it appears that package management can be achieved with just the ansible-galaxy CLI + git repositories (I haven't verified this or fully thought this through and welcome feedback).

Done Criteria

  • Ansible playbook developer can pull dependencies from Pulp by specifying a custom endpoint
  • Pulp is not necessarily required to host the packages itself if suitable forwarding to an appropriate git server is possible and sufficient.
  • Access to public ansible roles is possible either via mirroring/local caching or forwarding

Additional Information


#1 Updated by jchristi almost 4 years ago

  • Description updated (diff)

#2 Updated by jchristi almost 4 years ago

  • Description updated (diff)

#3 Updated by jchristi almost 4 years ago

  • Description updated (diff)

#4 Updated by bmbouter almost 3 years ago

jchristi, daviddavis and I are exploring making an Ansible plugin to manage Ansible roles for Pulp3. Would you be interested in testing and collaborating on such a thing?

#5 Updated by bmbouter almost 3 years ago

We wrote some rough-cut Ansible plugin use cases here:

#6 Updated by jchristi almost 3 years ago

bmbouter sure, I can collaborate on this. As for my use case, I really don't need the git storage backend as long as there is support for forwarding to a private gitlab instance (which I believe the latest galaxy source code can).

#7 Updated by bmbouter over 2 years ago

  • Status changed from NEW to CLOSED - CURRENTRELEASE

This is done! Would you be willing to try it? Send us bugz!

#8 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF