Setting up Ansible Tower
There are multiple ways to install the Ansible Tower trial version. The simplest way to get set up is by using their existing images from https://www.ansible.com/tower-trial.
You can also set up manually using their bundle installation. Please have a look at the requirements before installing at http://docs.ansible.com/ansible-tower/3.1.4/html/installandreference/index.html.
Run the following commands to install Ansible Tower in the Ubuntu 16.04 operating system:
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ wget https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz
$ tar xvzf ansible-tower-setup-latest.tar.gz
$ cd ansible-tower-setup-<tower_version>
Then edit the inventory file for updating password and other variables and run the setup. The inventory file contains admin_password for the tower administrator login account, pg_host and pg_port are Postgres database it will be required if we are setting up multi-node setup. Then finally rabbitmq details for queuing operations.
[tower]
localhost ansible_connection=local
[database]
[all:vars]
admin_password='strongpassword'
pg_host='' # postgres.domain.com
pg_port='' #5432
pg_database='awx'
pg_username='awx'
pg_password='postgrespasswordforuserawx'
rabbitmq_port=5672
rabbitmq_vhost=tower
rabbitmq_username=tower
rabbitmq_password='giverabitmqpasswordhere'
rabbitmq_cookie=cookiemonster
# Needs to be true for fqdns and ip addresses
rabbitmq_use_long_name=false
$ sudo ./setup.sh
If you have Vagrant installed, you can simply download their Vagrant box to get going.
Make sure you have Vagrant installed in your host system before running the following command:
$ vagrant init ansible/tower
$ vagrant up
$ vagrant ssh
It will prompt you to enter IP address, username, and password to login to the Ansible Tower dashboard.
Then navigate the browser to https://10.42.0.42 and accept the SSL error to proceed. This SSL error can be fixed by providing the valid certificates in the configuration at /etc/tower and need to restart the Ansible Tower service. Enter the login credentials to access the Ansible Tower dashboard:
Once you log in, it will prompt you for the Ansible Tower license:
Ansible Tower also provides Role-Based Authentication Control (RBAC), which provides a granular level of control for different users and groups to manage Tower. The following screenshot shows a new user being created with the System Administrator privilege:
To add inventory into Ansible Tower, we can simply enter it manually, we can also use a dynamic script to gather inventory from cloud providers by providing the authentication (or) access key. The following screenshot shows how we can add the inventory into Ansible Tower, we can also provide variables for different hosts by providing it in YAML or JSON format:
We can also add credentials (or) keys to the tower by providing them in credential management, which can be reused as well.
Secrets store in Ansible Tower are encrypted with a symmetric key unique to each Ansible Tower cluster. Once stored in the Ansible Tower database, the credentials may only be used, not viewed, in the web interface. The types of credentials that Ansible Tower can store are passwords, SSH keys, Ansible Vault keys, and cloud credentials.
Once we have the inventory gathered, we can create jobs to perform the playbook or ad-hoc command operations:
Here we have selected the shell module and are running the uname -a command against both nodes:
Once we launch the execution, we can see the standard output in the dashboard. We can also access this using REST API:
Please refer to the Ansible Tower documentation for more detailed references.
There is another way of using Ansible Tower: tower-cli is a command-line tool for Ansible Tower. Get started with the pip install ansible-tower-cli command.
The Ansible Tower REST API is a pretty powerful way to interact with the system
This basically allows you to design your playbook workflow and so on using an easy-to-follow web GUI with the added flexibility of calling this from another CI/CD tool such as Jenkins. Jenkins is, incidentally, the next software to set up and learn.