Using Ansible Tower I have the power to automate simple and complex tasks like configuring and installing packages on Linux serves and configuring AWS infrastructure.
Your company should think about implementing Ansible to meet your business needs i9f you are looking for: multi-user access, user management, credentials, security, RBAC, complex orchestration, reporting, logging, and/or auditing. The Ansible Playbook is CLI-only and Ansible Tower provides a Web GUI and API server for working with Ansible in an enterprise environment.
Ansible Tower main features
Visual dashboard
Graphical inventory management
RBAC
Job scheduling
Job history report
Remote command execution
Centralized logging
Notification
Multi-playbook workflow
Restful API
Benefits of Ansible Tower
Reuse of ansible scripts across the organization
Provides shared infrastructure for team to run ansible scripts
Easily manage privileged and protected administrator credentials
Ease of use for IT teams that traditionally use GUI tools
Ansible Tower provides framework for running and managing Ansible Automation Platform efficiently on an enterprise scale
Offers web interface, RBAC, centralized logging and auditing
RESTful API facilitates integration with enterprise’s existing workflows and tool sets
Ansible Tower Architecture
Installation of Ansible Tower
I chose the t2.medium instance because Ansible Tower requires at least 2 vCPUs and 4GB of RAM.
The base image was set to Red Hat Enterprise Linux 8, You will also have to allow HTTP and HTTPS traffic from the outside to the EC2 instance.
Use Below Commands
> yum update -y
> yum install wget -y
> sudo wget https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz
> sudo tar xvf ansible-tower-setup-latest.tar.gz
> cd ansible-tower-setup-3.8.6-2/
Set the initial administrator password and database password to run the installer
> sudo vi inventory
Set an administrator password and database password,
> vi roles/preflight/defaults/main.yml
Make Sone changes in main.yml file
When done, start installation of Ansible Tower
sudo ./setup.sh
You can configure Ansible Tower using the following:
CLI
RESTful API
Web UI
We will use the Web UI since this is the most preferred method by most new Ansible Tower users. Open your browser point to your Ansible Tower server IP or hostname via https protocol.
Agree to the End User License Agreement and submit to finish the installation.
Create Infrastructure on AWS
We will create a single EC2 instance on AWS. Then configure Ansible Tower to run the playbook.
Create a dedicated virtual environment containing libraries for talking to AWS
Import our playbook to Ansible Tower
Create custom credential type and instantiated it
Define our inventory
Add a job template and execute it
Sample Ansible Playbook
—
– hosts: all
gather_facts: false
tasks:
– name: Create a VM
steampunk.aws.ec2_instance:
name: “{{ i_name }}”
type: “{{ i_type }}”
ami: ami-0e8286b71b81c3cc1
key_pair: demo_key
subnet: “{{ i_subnet }}”
Creating a Virtual Environment
You cannot create a new virtual environment through the web interface. Instead, you need to SSH into Ansible Tower and run commands from the terminal.
$ sudo yum install gcc python3-devel
$ sudo mkdir /opt/venvs
$ sudo python3 -m venv /opt/venvs/steampunk_aws
$ sudo /opt/venvs/steampunk_aws/bin/pip install psutil ansible boto3
You need to open the Ansible Tower web UI, log in and go to the Settings-> System page. Add the / opt / venvs path to the Custom Virtual Environment Path field, save your settings, and you’re done.
Add a Sample Project
Before running an Ansible playbook on the Ansible Tower, it must be retrieved from an external source (Ansible Tower does not have playbook creation capabilities). If you go to the project page and click the green plus button, you’ll see something like this:
My YAML file store in gitrepo, here I am using SCM type Git.
For this project, I have already created the demo repository.
Repository Link:- https://github.com/suraj11198/Ansible-Tower.git
Supplying credentials
Providing credentials for Ansible playbooks is probably the most complex step in the whole process.
Creating a custom credential type
You can add custom credential types by navigating to the Credential Types page and clicking the green plus button. Entering the name and description values shouldn’t be too much of a problem, but the input and injector configuration fields are awkward.
In this case, the content of the input configuration field is the following YAML document:
fields:
– id: aws_access_key
label: AWS Access key
type: string
– id: aws_secret_key
label: AWS Secret Key
type: string
secret: true
– id: aws_region
label: AWS region
type: string
choices: [ eu-central-1, eu-north-1 ]
required:
– aws_access_key
– aws_secret_key
– aws_region
This YAML document tells Ansible Tower that the credential type has three required fields and that the aws_secret_key contains sensitive information to be encrypted and stored.
Injector configuration describes how Ansible Tower passes credentials to Ansible playbooks. This example uses environment variables.
env:
AWS_ACCESS_KEY: “{{ aws_access_key }}”
AWS_SECRET_KEY: “{{ aws_secret_key }}”
AWS_REGION: “{{ aws_region }}”
Then just click the save button at the end and you’re done.
Adding AWS Credentials
Now that you’ve defined your custom credential type, you can add your AWS credentials to Ansible Tower. Go to the Credentials page and click the green plus button and the Ansible Tower will display the following form:
Note that you must select the permission type before you can view the type details field. Click the Save button and you are ready for the next configuration step.
Define an inventory
Running each Ansible playbook runs a task on one or more hosts. The playbook only connects to the remote Web API, so all you need is localhost. You can create it by navigating to the inventory page, clicking the green plus button, and selecting inventory from the drop-down menu.
Once you have named your inventory, you must click the Save button before navigating to the Hosts tab. After clicking the green plus button again, you need to enter the host details as follows:
Copy the following variable definition into the variable input field:
ansible_connection: local
ansible_python_interpreter: “{{ansible_playbook_python}}”
If you do not set these variables correctly, Ansible will not be able to find the packages installed in your virtual environment.
Add Job Template
Ansible Tower job templates are basically template based Ansible playbook executions. Job templates define the playbook that runs Ansible Tower, the credentials and variables that can be used during the run, output redundancy, and more. In this case, the job template should look like this:
This dialog collects all the information defined earlier.
Select the appropriate inventory source.
Select the appropriate project and playbook from now on.
Paste the AWS credentials.
These fields are highlighted in the screenshot above. But still something is missing: the value of the Ansible playbook variable.
Running the job
Once you have entered all the required data and confirmed your selection, Ansible Tower will run the playbook and display the output.
Now See, Our EC2 Instance is created.
We have just created a simple EC2 server with Ansible Tower. hope this will help you use Ansible Tower in future projects. If you have any questions about how Ansible creates an AWS instance, please post in the comments section.
How Can Perficient Help You?
Perficient is a certified Amazon Web Services partner with more than 10 years of experience delivering enterprise-level applications and expertise in cloud platform solutions, contact center, application modernization, migrations, data analytics, mobile, developer and management tools, IoT, serverless, security, and more. Paired with our industry-leading strategy and team, Perficient is equipped to help enterprises tackle the toughest challenges and get the most out of their implementations and integrations.
Learn more about our AWS practice and get in touch with our team here!
Leave A Comment