Tired of repeatedly logging in to systems and manually entering commands. Need a tool to log in to n number of servers and run the given commands to it? Ansible might be the solution that you are looking for. Ansible can log into any number of servers and perform repetitive tasks without any hassle.
Ansible and AWX
Ansible is an open source IT automation engine which can dramatically improve scalability, consistency, and reliability of your IT environment.
AWX is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It is designed to be the hub for all your automation tasks. It has an amazing browsable REST API and allows you to control access, graphically manage or sync inventory with a wide variety of cloud sources, log all your jobs, and integrate well with Lightweight Directory Access Protocol (LDAP).
Ansible Tower is a commercial version based on AWX by Red Hat. Both, AWX and Ansible Tower have similar features.
This tutorial explains how to install Ansible and AWX on a Linux system and how to run a playbook using an AWX server and then assign access to inventory, credentials, and playbooks at an individual level. This makes it possible to set up push-button access to complex automation, and control who can use it and where you can run it.
Playbook – is a script written in YAML language, which contains tasks to be done on the remote servers.
What can be done using AWX And Ansible
Using AWX and Ansible, you can perform the following tasks:
- Provisioning: Set up the various servers you need in your local infrastructure, remote or cloud.
- Configuration management: Change the configuration of an application, OS, or device, start and stop services, install or update applications, implement a security policy, or perform a wide variety of other configuration tasks.
This section lists the prerequisites and the steps to install Ansible and AWX.
Prerequisites to install Ansible and AWX:
- Python 3: A programming language
- open-ssh: Premier connectivity tool for remote login with the SSH protocol
- Postgresql: Object-relational database system
- rabbitmq-server: Messaging broker
- wget: Downloading tool
- memcached: A memory caching system
- nginx: Webserver
Perform the following steps to install the prerequisites of Ansible and AWX using Red Hat Enterprise Linux 7 / CentOS 7.
Enable firewall using the following command:
# systemctl enable firewalld
# systemctl start firewalld
Allow the server to use the HTTP protocol.
# firewall-cmd --add-service=http --permanent;firewall-cmd --add-service=https --permanent
# systemctl restart firewalld
Install the EPEL repository.
# yum install http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
Install the prerequisite packages.
# yum install postgresql96-server -y # yum install -y rabbitmq-server wget memcached nginx ansible
Installing and configuring Ansible and AWX packages
Perform the following steps to install and configure Ansible and AWX packages:
Add the AWX repository to yum.repos.d by performing the following tasks:
Download the repo using the
# wget https://copr.fedorainfracloud.org/coprs/mrmeee/awx/repo/epel-7/mrmeee-awx-epel-7.repo
Copy to repository to /etc/yum.repos.d/ and name it as awx-repo.repo.
#cp mrmeee-awx-epel-7.repo /etc/yum.repos.d/awx-rpm.repo
# yum install -y awx
Initialize (that is, load the default configuration of) the PostgreSQL server.
# /usr/pgsql-9.6/bin/postgresql96-setup initdb
Enable and start the rabbitmq-server
# systemctl enable rabbitmq-server # systemctl start rabbitmq-server
Enable and start the PostgreSQL server.
# systemctl enable postgresql-9.6 # systemctl start postgresql-9.6
Enable and start Memcached.
# systemctl enable memcached # systemctl start memcached
Add a user to the PostgreSQL server.
# sudo -u postgres createuser -S awx ! ignore the error (could not change directory to "/root": Permission denied)
Create a database in PostgreSQL.
# sudo -u postgres createdb -O awx awx ignore the error (could not change directory to "/root": Permission denied)
Import the necessary data to the database for initializing.
# sudo -u awx /opt/awx/bin/awx-manage migrate
Initialize the configuration for AWX.
# echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'root@localhost', 'password')" | sudo -u awx /opt/awx/bin/awx-manage shell # sudo -u awx /opt/awx/bin/awx-manage create_preload_data # sudo -u awx /opt/awx/bin/awx-manage provision_instance --hostname=$(hostname) # sudo -u awx /opt/awx/bin/awx-manage register_queue --queuename=tower --hostnames=$(hostname)
# cd /etc/nginx/ # cp nginx.conf nginx.conf.bkp
Replace the earlier version of nginx.conf with the new version.
Download the latest nginx.conf file using the following command.
# wget https://raw.githubusercontent.com/cupofcaffeine/ansible/working_one/nginx.conf
Copy the file to /etc/nginx.
# cp nginx.conf /etc/nginx/nginx.conf # systemctl enable nginx # systemctl start nginx
Start and enable the AWX services.
# systemctl enable awx-cbreceiver # systemctl start awx-cbreceiver # systemctl enable awx-celery-beat # systemctl start awx-celery-beat # systemctl enable awx-celery-worker # systemctl start awx-celery-worker # systemctl enable awx-channels-worker # systemctl start awx-channels-worker # systemctl enable awx-daphne # systemctl start awx-daphne # systemctl enable awx-web # systemctl start awx-web
Open your browser and go to
http://awx-server.comand then log in to the AWX server using the default credentials (user name: admin, password: password).
Note: It is recommended to change your default password to a strong new password.
We have successfully completed the installation and configuration of Ansible and AWX packages.
Running a playbook on the AWX server
Perform the following steps to run a playbook:
Log in to the AWX server with the default credentials (user name as admin and password as password).
Figure 1. Login Page
On the home page or the dashboard, you can see information about your AWX server and its overall status that includes the following details:
- Number of hosts who have successfully run the playbooks
- Number of hosts who failed to run the playbooks
- Total number of inventories
- Number of projects and the sync status
- Graph of playbook that has been run throughout
Figure 2. Dashboard
Add a new organization.
- On the dashboard, click ORGANIZATIONS on the left pane.
- Click ADD and enter a name and a brief description for the new organization.
- Click SAVE to save changes.
Figure 3. Creating a new organization
Add a new user.
- On the left pane, click USERS.
- Enter the first name and the last name for the user.
- Enter organization you created in the previous step.
- Enter a working email ID and a specify the user name and password to log in to the server.
- Select the User type as per the access rights to be given. Users can be of any one of the following types:
- Normal user – is a member of an organization who can create new templates, use templates, and update templates.
- System auditor – is member of an organization who can view inventory, templates, and job status but cannot create or modify anything on the server.
- System administrator – has all the privileges on the server (same as the default root/admin).
- Click Save to save changes.
Figure 4. Create a new user
Add a new inventory.
Adding an inventory is a task to add hosts to the server. All your remote hosts will come under inventory. An inventory can be divided into groups, such as development, testing, and production servers. To add a new inventory:
- On the left pane, click INVENTORIES.
- Click ADD INVENTORY.
- Enter a name and specify an organization for the inventory.
- Click SAVE to save changes.
Figure 5. Create a new inventory
Host name can be a working IP address or a URL. For example, 192.168.1.23 or aaa.company.com.
- In the same inventory page previously created, click the HOSTS tab.
- Then click ADD HOST.
- Enter the host name of the machine you need to add.
- Enter a description of the machine.
- Click SAVE to save changes. You can add any number of hosts to an inventory.
Figure 6. Add a host to inventory
In AWX, credentials are stored separately. This is very efficient in a LDAP scenario where we can use a single credential to any number of hosts.
- On the left pane, click CREDENTIALS.
- Click ADD and enter a name and description for the new credential.
- Select an organization for the credential.
- Select a credential type (Machine – similar to SSH login).
- Enter the user name and password of the remote machine.
- Click SAVE to save changes made.
Figure 7. Add credentials of corresponding host.
Add a new project.
- On the left pane, click PROJECTS.
- Click ADD.
- Enter a name and description for the project.
- Select an organization and an SCM type. When you add a new project, the base path to the repository is given. Base path can be the link to your GitHub repository or the directory holding playbooks. If file is present on the AWX server, then select Manual and enter the base path to the file. In our case, we will select Git as our SCM Type because we will be using the GitHub repository. The other SCM types are Manual, Mercurial, Subversion, Red Hat Insights.
- Enter SCM URL/Playbook directory. Here, we will add a public GitHub repository: https://github.com/cupofcaffeine/ansible. You can select the required options from the SCM UPDATE OPTIONS section.
- Click SAVE to save changes.
Figure 8. Creating a project
Add a new template.
Here we select the specific playbook to be executed from the project we added.
- On the left pane, click TEMPLATES.
- Enter a name and description for the template.
- Select the job type as Run or Check.
- Select the inventory and the project in which your playbooks are present.
- Select your playbook from the PLAYBOOK drop-down list.
- Add credential for the particular inventory of hosts.
- Select your preference to log type in verbosity. Verbosity refers to the log type you might need while running the playbook.
- Click SAVE to save changes.
Figure 9. Creating template
Run the required job.
On the TEMPLATES page, select the template you want to run and click the job launcher icon.
Figure 10. Running a job
You will be redirected to the currently running job page. Notice that the verbose of the job you just ran is displayed.
Observe if the job ran successfully or not.
- Green indicates that it is successful.
- Orange indicates that the commands are executed, and changes are made/edited.
- Red indicates warnings or errors.
Figure 11. Verbose to job executed
Thus, by using AWX, it is possible to provide granularity on the privileges to be assigned.
In this tutorial we learnt how to install and configure Ansible and AWX on a Linux system (that is, Centos). We created an organization including an inventory and a project. We then created a template in which we used a playbook from the GitHub and executed the same. We also observed the verbose for the execution of a playbook and the status indicating whether it ran successfully.