Tired of repeatedly logging in to systems and manually entering commands. Need a tool to log in to n number of servers and run the given commands to it? Ansible might be the solution that you are looking for. Ansible can log into any number of servers and perform repetitive tasks without any hassle.

Ansible and AWX

Ansible is an open source IT automation engine which can dramatically improve scalability, consistency, and reliability of your IT environment.

AWX is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It is designed to be the hub for all your automation tasks. It has an amazing browsable REST API and allows you to control access, graphically manage or sync inventory with a wide variety of cloud sources, log all your jobs, and integrate well with Lightweight Directory Access Protocol (LDAP).

Ansible Tower is a commercial version based on AWX by Red Hat. Both, AWX and Ansible Tower have similar features.

This tutorial explains how to install Ansible and AWX on a Linux system and how to run a playbook using an AWX server and then assign access to inventory, credentials, and playbooks at an individual level. This makes it possible to set up push-button access to complex automation, and control who can use it and where you can run it.

Playbook – is a script written in YAML language, which contains tasks to be done on the remote servers.

What can be done using AWX And Ansible

Using AWX and Ansible, you can perform the following tasks:

  • Provisioning: Set up the various servers you need in your local infrastructure, remote or cloud.
  • Configuration management: Change the configuration of an application, OS, or device, start and stop services, install or update applications, implement a security policy, or perform a wide variety of other configuration tasks.

Installing Ansible

This section lists the prerequisites and the steps to install Ansible and AWX.

Prerequisites to install Ansible and AWX:

  • Python 3: A programming language
  • open-ssh: Premier connectivity tool for remote login with the SSH protocol
  • Postgresql: Object-relational database system
  • rabbitmq-server: Messaging broker
  • wget: Downloading tool
  • memcached: A memory caching system
  • nginx: Webserver

Perform the following steps to install the prerequisites of Ansible and AWX using Red Hat Enterprise Linux 7 / CentOS 7.

  1. Enable firewall using the following command:

    # systemctl enable firewalld
    
  2. Start firewall.

    # systemctl start firewalld
    
  3. Allow the server to use the HTTP protocol.

    # firewall-cmd --add-service=http --permanent;firewall-cmd --add-service=https --permanent
    
  4. Restart firewall.

    # systemctl restart firewalld
    
  5. Install the EPEL repository.

    # yum install http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
    
  6. Install the prerequisite packages.

    # yum install postgresql96-server -y
    # yum install -y rabbitmq-server wget memcached nginx ansible
    

Installing and configuring Ansible and AWX packages

Perform the following steps to install and configure Ansible and AWX packages:

  1. Add the AWX repository to yum.repos.d by performing the following tasks:

    1. Download the repo using the wget command.

      # wget https://copr.fedorainfracloud.org/coprs/mrmeee/awx/repo/epel-7/mrmeee-awx-epel-7.repo
      
    2. Copy to repository to /etc/yum.repos.d/ and name it as awx-repo.repo.

      #cp mrmeee-awx-epel-7.repo /etc/yum.repos.d/awx-rpm.repo
      
  2. Install AWX.

    # yum install -y awx
    
  3. Initialize (that is, load the default configuration of) the PostgreSQL server.

    # /usr/pgsql-9.6/bin/postgresql96-setup initdb
    
  4. Enable and start the rabbitmq-server

    # systemctl enable rabbitmq-server
    # systemctl start rabbitmq-server
    
  5. Enable and start the PostgreSQL server.

    # systemctl enable postgresql-9.6
    # systemctl start postgresql-9.6
    
  6. Enable and start Memcached.

    # systemctl enable memcached
    # systemctl start memcached
    
  7. Add a user to the PostgreSQL server.

    # sudo -u postgres createuser -S awx
    ! ignore the error (could not change directory to "/root": Permission denied)
    
  8. Create a database in PostgreSQL.

    # sudo -u postgres createdb -O awx awx
    ignore the error (could not change directory to "/root": Permission denied)
    
  9. Import the necessary data to the database for initializing.

    # sudo -u awx /opt/awx/bin/awx-manage migrate
    
  10. Initialize the configuration for AWX.

    # echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'root@localhost', 'password')" | sudo -u awx /opt/awx/bin/awx-manage shell
    # sudo -u awx /opt/awx/bin/awx-manage create_preload_data
    # sudo -u awx /opt/awx/bin/awx-manage provision_instance --hostname=$(hostname)
    # sudo -u awx /opt/awx/bin/awx-manage register_queue --queuename=tower --hostnames=$(hostname)
    
  11. Configure Nginx.

    # cd /etc/nginx/
    # cp nginx.conf nginx.conf.bkp
    
  12. Replace the earlier version of nginx.conf with the new version.

    1. Download the latest nginx.conf file using the following command.

      # wget https://raw.githubusercontent.com/cupofcaffeine/ansible/working_one/nginx.conf
      
    2. Copy the file to /etc/nginx.

      # cp nginx.conf /etc/nginx/nginx.conf
      # systemctl enable nginx
      # systemctl start nginx
      
  13. Start and enable the AWX services.

     # systemctl enable awx-cbreceiver
     # systemctl start awx-cbreceiver
     # systemctl enable awx-celery-beat
     # systemctl start awx-celery-beat
     # systemctl enable awx-celery-worker
     # systemctl start awx-celery-worker
     # systemctl enable awx-channels-worker
     # systemctl start awx-channels-worker
     # systemctl enable awx-daphne
     # systemctl start awx-daphne
     # systemctl enable awx-web
     # systemctl start awx-web
    
  14. Open your browser and go to http://awx-server.com and then log in to the AWX server using the default credentials (user name: admin, password: password).
    Note: It is recommended to change your default password to a strong new password.

We have successfully completed the installation and configuration of Ansible and AWX packages.

Running a playbook on the AWX server

Perform the following steps to run a playbook:

  1. Log in to the AWX server with the default credentials (user name as admin and password as password).

    Figure 1. Login Page
    image1

    On the home page or the dashboard, you can see information about your AWX server and its overall status that includes the following details:

    • Number of hosts who have successfully run the playbooks
    • Number of hosts who failed to run the playbooks
    • Total number of inventories
    • Number of projects and the sync status
    • Graph of playbook that has been run throughout

    Figure 2. Dashboard
    image2

  2. Add a new organization.

    1. On the dashboard, click ORGANIZATIONS on the left pane.
    2. Click ADD and enter a name and a brief description for the new organization.
    3. Click SAVE to save changes.

    Figure 3. Creating a new organization
    image3

  3. Add a new user.

    1. On the left pane, click USERS.
    2. Enter the first name and the last name for the user.
    3. Enter organization you created in the previous step.
    4. Enter a working email ID and a specify the user name and password to log in to the server.
    5. Select the User type as per the access rights to be given. Users can be of any one of the following types:
      • Normal user – is a member of an organization who can create new templates, use templates, and update templates.
      • System auditor – is member of an organization who can view inventory, templates, and job status but cannot create or modify anything on the server.
      • System administrator – has all the privileges on the server (same as the default root/admin).
    6. Click Save to save changes.

    Figure 4. Create a new user
    image4

  4. Add a new inventory.

    Adding an inventory is a task to add hosts to the server. All your remote hosts will come under inventory. An inventory can be divided into groups, such as development, testing, and production servers. To add a new inventory:

    1. On the left pane, click INVENTORIES.
    2. Click ADD INVENTORY.
    3. Enter a name and specify an organization for the inventory.
    4. Click SAVE to save changes.

    Figure 5. Create a new inventory
    image5

  5. Add hosts.

    Host name can be a working IP address or a URL. For example, 192.168.1.23 or aaa.company.com.

    1. In the same inventory page previously created, click the HOSTS tab.
    2. Then click ADD HOST.
    3. Enter the host name of the machine you need to add.
    4. Enter a description of the machine.
    5. Click SAVE to save changes. You can add any number of hosts to an inventory.

    Figure 6. Add a host to inventory
    image6

  6. Add credentials.

    In AWX, credentials are stored separately. This is very efficient in a LDAP scenario where we can use a single credential to any number of hosts.

    1. On the left pane, click CREDENTIALS.
    2. Click ADD and enter a name and description for the new credential.
    3. Select an organization for the credential.
    4. Select a credential type (Machine – similar to SSH login).
    5. Enter the user name and password of the remote machine.
    6. Click SAVE to save changes made.

    Figure 7. Add credentials of corresponding host.
    image7

  7. Add a new project.

    1. On the left pane, click PROJECTS.
    2. Click ADD.
    3. Enter a name and description for the project.
    4. Select an organization and an SCM type. When you add a new project, the base path to the repository is given. Base path can be the link to your GitHub repository or the directory holding playbooks. If file is present on the AWX server, then select Manual and enter the base path to the file. In our case, we will select Git as our SCM Type because we will be using the GitHub repository. The other SCM types are Manual, Mercurial, Subversion, Red Hat Insights.
    5. Enter SCM URL/Playbook directory. Here, we will add a public GitHub repository: https://github.com/cupofcaffeine/ansible. You can select the required options from the SCM UPDATE OPTIONS section.
    6. Click SAVE to save changes.

    Figure 8. Creating a project
    image8

  8. Add a new template.

    Here we select the specific playbook to be executed from the project we added.

    1. On the left pane, click TEMPLATES.
    2. Enter a name and description for the template.
    3. Select the job type as Run or Check.
    4. Select the inventory and the project in which your playbooks are present.
    5. Select your playbook from the PLAYBOOK drop-down list.
    6. Add credential for the particular inventory of hosts.
    7. Select your preference to log type in verbosity. Verbosity refers to the log type you might need while running the playbook.
    8. Click SAVE to save changes.

    Figure 9. Creating template
    image9

  9. Run the required job.

    1. On the TEMPLATES page, select the template you want to run and click the job launcher icon.

      Figure 10. Running a job
      image10

    2. You will be redirected to the currently running job page. Notice that the verbose of the job you just ran is displayed.

    3. Observe if the job ran successfully or not.

      • Green indicates that it is successful.
      • Orange indicates that the commands are executed, and changes are made/edited.
      • Red indicates warnings or errors.

      Figure 11. Verbose to job executed
      image11

Thus, by using AWX, it is possible to provide granularity on the privileges to be assigned.

Summary

In this tutorial we learnt how to install and configure Ansible and AWX on a Linux system (that is, Centos). We created an organization including an inventory and a project. We then created a template in which we used a playbook from the GitHub and executed the same. We also observed the verbose for the execution of a playbook and the status indicating whether it ran successfully.