Watched Pluralsight <<Managing Ansible with Red Hat Ansible Tower>>
This is a brief introduction for Tower, to see details please check official documents.
Need to know:
- Create project to set the runtime environment(Python virtual env), playbook directory.
- Add template, associated with project, set verbosity, concurrent job, prompt, etc.
- Launch job from template, may be provide extra variables in prompt.
- Check job status and log from job dashboard.
Step 1,2,3 could be done by running playbook on Tower.
Introduction
Tower is a kind of control node that also provides a central web UI, authentation and API for Ansible. The new version of Tower is called as Ansible Automation Platform.
Tower installation needs license.
Red Hat Ansible Tower official web site: https://access.redhat.com/products/ansible-tower-red-hat
I use Tower version 3.7.4:
https://docs.ansible.com/ansible-tower/3.7.4/html/quickinstall/index.html
Need to apply subscription in order to login the Tower web UI, get trial free license from there: https://docs.ansible.com/ansible-tower/3.7.4/html/installandreference/updates_support.html#trial-evaluation
Tower install package download:
https://releases.ansible.com/ansible-tower/setup/
For example, I am using bundled(self-contained) installer ansible-tower-setup-bundle-3.7.4-1.tar.gz, can be used without netwrork connection.
The installation may fail due to lack of necessary packages, just install it, for example:
1 | sudo yum install -y rsync |
For Tower single node installation, extract the tar.gz and edit the inventory file(Tower is installed through Ansible as well) to fill passwords:
1 | admin_password='admin' |
Then install by running:
1 | sudo ./setup.sh |
The playbook location: /var/lib/awx/projects, you can put playbooks and ansible.cfg and others info in a tar.gz package and place it under this path (should not need to manually manage these directories).
Tower REST API:
1 | # check api version |
There are 4 main components for Tower:
- Nginx: provide web server for UI and API
- PostgreSQL: internal relational database server
- supervisord: process control system that manages the application: running jobs, etc
- rabbitmq-server: AMQP message broker supporting signalling by application components
- memcached: local caching service
These services communicate with each other using normal network protocols:
- Nginx: 80/tcp,443/tcp
- PostgreSQL: 5432/tcp
- Rabbitmq-server: beam listens on 5672/tcp, 15672/tcp, 25672/tcp
In the single machine installation, only need to expose 80/tcp and 443/tcp.
There are some wrapper systemctl commands for Tower:
1 | ansible-tower-service status |
Dashboard
To have a overview of Tower dashboard and setup: https://www.youtube.com/watch?v=ToXoDdUOzj8
- create a project, SCM TYPE set to
Manualwhich means you will put your playbook folder in the/var/lib/awx/<any folder>/my-playbookdirectory. SetANSIBLE ENVIRONMENTto a virtual python env folder. - create inventory.
- create templates, set the PROJECT, PLAYBOOK path, JOB TYPE, INVENTORY, ENABLE CURRENT JOBS, etc
- launch the template job w/o extra vars from console or from Tower API.
Manual Quick Debug
Sometimes I would like to run playbook in CLI, that’s easy to do:
- upload playbook in one of the Tower VM path
/var/lib/awx/projects/my-playbook. - source the python venv, for example the venv is put in
/var/lib/awx/venv. - run playbook from inside the
my-playbookdirectory, otherwise you may encounter strange issue(if you check the process launched by Tower, it runs this way), for example
1 | source /var/lib/awx/venv/my-venv/bin/activate |
Search Job Log
It is useful to accurately locate the job specific task logs, in the job log search bar, it can do target and fuzzy search:
1 | task:"<task name>" |
Other search bars have similar syntax.