0

Getting Started: Using the Virtual Environment

Welcome to another Getting Started blog post! Previously, we did a four-part series on Ansible and Windows automation.

In this post, we are going to talk about how you can modify and use the Python virtual environment that is built when Red Hat Ansible Tower is installed. Before we get started, if you would like a dive deeper into the virtual environment you can find our documentation on it here .

Is This a Virtual Reality Test?

No, it is not. But one can dream, right? Before we get into this, let’s talk about what is created when you install Ansible Tower in regards to virtual environments.

Ansible Tower 3.0 and later uses virtualenv. Virtualenv creates isolated Python environments to avoid problems caused by conflicting dependencies and differing versions.

Ansible Tower creates two virtualenvs during installation–one is used to run Ansible Tower, while the other is used to run Ansible. This allows Ansible Tower to run in a stable environment and allows you to make changes to your Ansible environment.

The next topic we are going to talk about is modifying the Ansible virtualenv. But first, a warning to the adventurous. Modifying the virtualenv used by Ansible Tower is unsupported Continue reading

0

Windows Package Management

Welcome to the third installment of our Windows-centric Getting Started Series!

In the previous post we covered how you can use Ansible and Ansible Tower to help manage your Active Directory environment. This post will go into how you can configure some of those machines on your domain. Most of this post is going to be dominated by specific modules. Ansible has a plethora of Windows modules that can be found here. As time is not a flat circle, I can’t discuss all of them today but only a few that are widely used.

MSIs and the win_package Module

So you got your domain up, you have machines added to it, now let’s install some stuff on those machines. I do have a few notes before moving forward in regards to the modules we’ll be discussing. The module win_msi is deprecated and will be removed in Ansible 2.8 (current version as of this post is 2.5). In its place you can use win_package which I will be using throughout this post.

Alright, back to installing stuff. The win_package module is the place to be. It is used specifically for .msi and .exe files that need to be installed Continue reading

0

GETTING STARTED: ANSIBLE TOWER’S API

Welcome to another entry in the Getting Started series. The API (Application Programming Interface) or, as I like to refer to it, the Magical Land of Automation Information, can be used in quite a few ways. In this Getting Started post, we will be discussing Red Hat Ansible Tower’s API and how you can use it to extract information to utilize in your playbooks and other tools.

The idea for this blog post came about when David Federlein was developing a new Ansible Tower demo and presentation. I will be making references to that codebase, which you can follow along with throughout this post. Please note that this demo utilizes Vagrant and VirtualBox so you’ll need to have those applications installed if you would like to stand up the demo yourself.

Ansible Tower’s API

Ansible Tower’s API is fully browsable. You can navigate to your instance’s REST API by typing this into your browser: http://<Tower server name>/api/v2. Once there, you can click any of the listed links and view the current objects loaded for that particular attribute in Ansible Tower. Everything you can do in Ansible Tower's UI can be done from the API; you can also use it Continue reading

0

Getting Started: Using New Kerberos Feature in Ansible Tower

Welcome to another post in our Getting Started series. In our previous post, we discussed how you can set up and use LDAP in your Red Hat Ansible Tower instance. In this post we are going to discuss a new feature in regard to Windows authentication with Kerberos. Before we get started, please note that these changes will not affect the current configuration you are using if you have previously used Kerberos with Ansible Tower. Your setup should function the same way as before.

Using Kerberos to Connect to Windows

Using Kerberos with Ansible and Ansible Tower to connect to your Windows hosts before the release of Ansible 2.3 required some prior scaffolding tasks be set up before you were able to fully use it. The necessary packages for Kerberos are still required to be on the machine that Ansible Tower is installed on. The documentation on the required materials and configuration changes can be found here if you are just starting out or need a refresher.

The main change that comes to using Kerberos with Ansible and Ansble Tower is how Ansible manages Kerberos “tokens” or “tickets." Ansible Tower defaults to automatically managing Kerberos tickets (as Continue reading

0

Getting Started: Adding Proxy Support

Getting Started with Adding Proxy Support

There are many reasons why proxies are implemented into an environment. Some can be put in place for security, others as load balancers for your systems. No matter the use, if you have a proxy in place, Red Hat Ansible Tower may need to utilize it. For a more in-depth look at what we will be doing in this post, you can visit our docs specifically on Proxy Support within Ansible Tower here.

Adding a Load Balancer (Reverse Proxy)

In some instances, you might have Ansible Tower behind a load balancer and need that information added to your instance. Sessions in Ansible Tower associate an IP address upon creation, and Ansible Tower’s policy requires that any use of the session match the original IP address.

To allow for support of a proxy, you will have to make a few changes to your Ansible Tower configuration. Previously, this would have been done in a settings.py file found on your Ansible Tower host, but as of 3.2 you can now make these changes in the UI. To make these edits, you must be an admin on the instance and navigate to Settings, and then Continue reading

0

Getting Started: Setting Up A Job Template

Welcome to another post in our Getting Started series. In our previous post, we discussed the basic structure of how you can write your first playbook.

In this post, we will discuss how to set up job templates and run them against your inventory. We will also discuss job output and how you can view previous job runs to compare and contrast successful/failed runs.

Before we get started, a gentle reminder that in order to run job templates successfully in Red Hat^® Ansible^® Tower, you will need to have an inventory present, an updated project to select a playbook from to run against and up-to-date credentials. 

Job Templates: What Are They?

Job templates are a definition and set of parameters for running an Ansible Playbook. In Ansible Tower, job templates are a visual realization of the ansible-playbook command and all flags you can utilize when executing from the command line. A job template defines the combination of a playbook from a project, an inventory, a credential and any other Ansible parameters required to run.

When you run playbooks from the command line you use arguments to control and direct it. Whether you're invoking an inventory file Continue reading

0

Getting Started: Installing a Tower Cluster

In this Getting Started blog post, we cover how to install Ansible Tower by Red Hat as a clustered environment. If you haven’t already, check out our previous post that outlines the steps on how to install Tower on a single node.

What’s Different with Clusters?

With the addition of Clustering with Tower 3.1, Tower users now have the ability to install Tower as a clustered install rather than just doing an all-in-one install. Clustering is sharing load between hosts. Each node should be able to act as an entry point for UI and API access. This should enable Tower administrators to use load balancers in front of as many nodes as they wish and maintain good data visibility.

Installing Tower in a cluster only has two differences from a standard all-in-one Tower install:

• A separate physical or virtual machine to house an external database
• A different method of editing your inventory file

If you are preparing to install Tower, consider what function Tower will serve for you. If you are deploying Tower in a production environment, you should be using a clustered installation able to provide highly available Tower instances and use an external DB, either as a Continue reading

0

Getting Started: Tower Projects and Inventories

Welcome to another post in our Getting Started series. In our previous post, we discussed how you can equip your Ansible Tower instance with users and credentials.

In this post, we will discuss how to set up projects and inventories in your Ansible Tower instance.

What Is A Tower Project?

Tower projects are a logical collection of Ansible Playbooks that are set up with each other based on what they might be doing or which hosts they might interact with.

Playbooks can be managed within Tower projects by either adding them manually to the project base path on your Tower server, (/var/lib/awx/projects) or by importing them from a source control management system (SCM) that is supported by Tower. Examples of SCMs supported by Tower are Git, Subversion and Mercurial. Managing your projects with an SCM is recommended to ensure that only users with assigned access to the repository can change the Playbook before execution, and for the extra layer of accountability and change control it provides. If your Playbooks are managed by an SCM, update options can be selected to “update on launch”, “delete on update” and “clean”.

If you select “update on launch", Tower will sync each Continue reading

0

Getting Started: Tower Users and Credentials

In our previous Getting Started blog post, we discussed how to install Ansible Tower in your environment.

Now we’ll discuss how you can equip your Tower host with users and credentials.

To begin, let’s cover the essentials: setting up your user base and creating credentials for appropriate delegation of tasks.

How To Set Up A User Base

Building your user base will be the first thing you’ll need to do to get started with Tower. The user base can be broken into three easily-defined parts:

1. User: Someone who has access to Tower with associated permissions and credentials.

2. Organization: The top level of the user base - a logical collection of users, teams, projects and inventories.

3. Team: A subdivision of an organization - provides the means to set up and implement role-based access schemes as well as to delegate work across organizations.

Understanding User Types

There are three types of users that can be defined within Tower:

• Normal User: A user that is given no special permissions from the beginning - they must be granted to them by a system administrator.
  
  
• System Auditor: A user who will have view access only within Tower.
  
  
• System Administrator: A user who has the Continue reading

0

Getting Started: Tower Installer

Welcome to the first in our series of blog posts for Getting Started with Ansible Tower. This series covers basic installation and functions of Tower and an overview of how to use Tower to implement IT automation.

To get started with Tower, you must first learn to install and stand up a single host. Future posts will cover other types of configurations, such as a redundant installation with an external database. For this post, we’ll be highlighting RHEL 7 and Ubuntu LTS. 

Install Tower in 4 Simple Steps:

Run these steps as root (su -).

1. Download the latest Tower edition

If you haven’t already, visit this link to the trial page to have a download link sent to you. If you would like, our AMIs for AWS and our vagrant image are found there as well. If you have network restrictions, contact Ansible Sales and they can send you the bundled installer.

Note: We are currently working on a bundled installer for Ubuntu LTS, so the standard installer will install for Ubuntu.

2. Unpack the file (tar xzvf towerlatest)

 
$ tar xzvf towerlatest
ansible-tower-setup-3.1.0/
ansible-tower-setup-3.1.0/group_vars/
ansible-tower-setup-3.1.0/group_vars/all
...

-tar xzvf towerbundlelatest

 
$ tar xzvf  Continue reading