Ansible Tower

Watched Pluralsight <<Managing Ansible with Red Hat Ansible Tower>>

This is a brief introduction for Tower, to see details please check official documents.

Need to know:

  1. Create project to set the runtime environment(Python virtual env), playbook directory.
  2. Add template, associated with project, set verbosity, concurrent job, prompt, etc.
  3. Launch job from template, may be provide extra variables in prompt.
  4. Check job status and log from job dashboard.

Step 1,2,3 could be done by running playbook on Tower.

Introduction

Tower is a kind of control node that also provides a central web UI, authentation and API for Ansible. The new version of Tower is called as Ansible Automation Platform.

Tower installation needs license.

Red Hat Ansible Tower official web site: https://access.redhat.com/products/ansible-tower-red-hat

I use Tower version 3.7.4: https://docs.ansible.com/ansible-tower/3.7.4/html/quickinstall/index.html

Need to apply subscription in order to login the Tower web UI, get trial free license from there: https://docs.ansible.com/ansible-tower/3.7.4/html/installandreference/updates_support.html#trial-evaluation

Tower install package download: https://releases.ansible.com/ansible-tower/setup/ For example, I am using bundled(self-contained) installer ansible-tower-setup-bundle-3.7.4-1.tar.gz, can be used without netwrork connection.

The installation may fail due to lack of necessary packages, just install it, for example:

1
sudo yum install -y rsync

For Tower single node installation, extract the tar.gz and edit the inventory file(Tower is installed through Ansible as well) to fill passwords:

1
2
3
admin_password='admin'
pg_password='admin'
rabbitmq_password='admin'

Then install by running:

1
sudo ./setup.sh

The playbook location: /var/lib/awx/projects, you can put playbooks and ansible.cfg and others info in a tar.gz package and place it under this path (should not need to manually manage these directories).

Tower REST API:

1
2
# check api version
curl -XGET -k https://localhost/api/

There are 4 main components for Tower:

  • Nginx: provide web server for UI and API
  • PostgreSQL: internal relational database server
  • supervisord: process control system that manages the application: running jobs, etc
  • rabbitmq-server: AMQP message broker supporting signalling by application components
  • memcached: local caching service

These services communicate with each other using normal network protocols:

  • Nginx: 80/tcp,443/tcp
  • PostgreSQL: 5432/tcp
  • Rabbitmq-server: beam listens on 5672/tcp, 15672/tcp, 25672/tcp

In the single machine installation, only need to expose 80/tcp and 443/tcp.

There are some wrapper systemctl commands for Tower:

1
2
3
4
ansible-tower-service status
ansible-tower-service start
ansible-tower-service stop
ansible-tower-service restart

Dashboard

To have a overview of Tower dashboard and setup: https://www.youtube.com/watch?v=ToXoDdUOzj8

  1. create a project, SCM TYPE set to Manual which means you will put your playbook folder in the /var/lib/awx/<any folder>/my-playbook directory. Set ANSIBLE ENVIRONMENT to a virtual python env folder.
  2. create inventory.
  3. create templates, set the PROJECT, PLAYBOOK path, JOB TYPE, INVENTORY, ENABLE CURRENT JOBS, etc
  4. launch the template job w/o extra vars from console or from Tower API.

Manual Quick Debug

Sometimes I would like to run playbook in CLI, that’s easy to do:

  1. upload playbook in one of the Tower VM path /var/lib/awx/projects/my-playbook.
  2. source the python venv, for example the venv is put in /var/lib/awx/venv.
  3. run playbook from inside the my-playbook directory, otherwise you may encounter strange issue(if you check the process launched by Tower, it runs this way), for example
1
2
3
4
5
6
7
8
source /var/lib/awx/venv/my-venv/bin/activate
cd /var/lib/awx/projects/my-playbook

# no inventory means run on localhost
ansible-playbook playbook_v1.yml \
-e @var.json \
-e "endpoint=http://example.com/xs73s93jsdfsf" \
-vvv

Search Job Log

It is useful to accurately locate the job specific task logs, in the job log search bar, it can do target and fuzzy search:

1
task:"<task name>"

Other search bars have similar syntax.

0%