Entertainment at it's peak. The news is by your side.

Managing infrastructure using Ansible Tower


Just a few of our outdated posts enraged about infrastructure management
the utilization of Ansible. We can take hold of issues one step further this present day and abolish a
rudimentary self-service catalog the utilization of Ansible Tower.

For those of you who’re no longer aware of Ansible Tower, it is a ways a tool
that enables you to centralize all aspects of infrastructure management. Affirm
of it as a particular person-safe wrapper round Ansible with role-essentially based mostly bag entry to
support an eye on. You must well per chance be ready to bag extra files about it on the legitimate page.

We can commence this present day’s put up with a brief diagnosis of an Ansible playbook that
creates a single VM occasion on AWS. Then, we are able to configure Ansible Tower so
that we will be ready to ticket the said playbook. And for the enormous finale,
we are able to high-tail the playbook and spend some money on AWS 😉

Whilst you have to well per chance well presumably take to computer screen alongside, you can will ought to beget a working Ansible
Tower installation. Doubtless the most realistic capacity to bag it up and running is to
exercise the legitimate Vagrant box and spark off it with a trial license
that you have to well per chance well also invent from the Red Hat.

Sample Ansible playbook

The Ansible playbook that we will be the utilization of this present day looks to be cherish this:

- hosts: all
  gather_facts: spurious

    - name: Originate a VM
        name: "{{ i_name }}"
        variety: "{{ i_type }}"
        ami: ami-0e8286b71b81c3cc1
        key_pair: demo_key
        subnet: "{{ i_subnet }}"

Regardless if we’re the utilization of Ansible Tower or no longer, now we prefer to ticket a number of issues
ahead of we are able to high-tail that Ansible playbook. We must always:

  1. guarantee Ansible has bag entry to to the boto3 Python equipment,
  2. install the Ansible Sequence,
  3. present AWS credentials and repair to the
    module by capacity of surroundings variables, and
  4. present values for three variables that we exercise within the playbook.

Now we beget some work to ticket, so we higher commence 😉

Establishing a virtual surroundings

Ansible Tower executes Ansible in a virtual surroundings to isolate it from the
rest of the system. By default, Ansible Tower has one predefined virtual
surroundings containing dependencies for modules which are piece of Ansible 2.9.
Unfortunately, that surroundings would no longer embody all dependencies that the series needs, so we are able to abolish our comprise.

We is never any longer going to abolish a brand unique virtual surroundings from the earn interface. As an more than a number of, we
ought to ssh into the Ansible Tower and high-tail a number of instructions from the terminal:

$ sudo yum install -y gcc python3-devel
$ sudo mkdir /opt/venvs
$ sudo python3 -m venv /opt/venvs/steampunk_aws
$ sudo /opt/venvs/steampunk_aws/bin/pip install psutil ansible boto3

If nothing went awry, now we beget got a brand unique virtual surroundings in
/opt/venvs/steampunk_aws with all required Python programs installed. However
ahead of we are able to exercise it, we ought to present Ansible Tower about it. To ticket that, we
ought to initiate the Ansible Tower’s web UI, log in, and navigate to the Settings
-> Scheme page. After we add the /opt/venvs path to the custom virtual
environments paths discipline and repair the settings, we’re all space.

Informing Ansible Tower about our virtual environment location.

Informing Ansible Tower about our virtual surroundings attach.

Adding pattern challenge

Earlier than we are able to high-tail the Ansible playbook in Ansible Tower, we ought to rating it from
the external source (Ansible Tower has no facilities for authoring playbooks).
After we navigate to the Projects page and click on the inexperienced plus button, we
will survey one thing cherish this:

Ansible Tower project configuration.

Ansible Tower challenge configuration.

Feel free to commerce the configuration as you survey fit, however guarantee you space the
SCM URL discipline’s ticket to and put the
simply Ansible surroundings. We highlighted those no longer unique configuration settings in
the screenshot.

After we add the challenge, Ansible Tower will rating the sources and install
required Ansible collections. How does Ansible Tower know what collections our
challenge needs? Resulting from we listed them within the
collections/requirements.yml file. Inspiring, simply?

Supplying credentials

Supplying Ansible playbooks with credentials also can be essentially the most subtle
step of the overall course of. Why? Resulting from we ought to first account for a custom
credential variety, and then abolish credentials of that variety. However there is
nothing a number of screenshots is never any longer going to clear up 😉

Establishing a custom credential variety

We can add a custom credential variety by navigating to the Credential Types
page and clicking on the inexperienced plus button. Filling within the name and
description values can beget to aloof no longer be too problematic, however the input and injector
configuration fields are trickier.

Definition of custom credential type.

Definition of custom credential variety.

The contents of the input configuration discipline in our case is the following
YAML document:

  - id: aws_access_key
    model: AWS Entry key
    variety: string
  - id: aws_secret_key
    model: AWS Secret Key
    variety: string
    secret: upright
  - id: aws_region
    model: AWS attach
    variety: string
    picks: [ eu-central-1, eu-north-1 ]
  - aws_access_key
  - aws_secret_key
  - aws_region

That YAML document informs Ansible Tower that our credential variety has three
required fields and that the aws_secret_key accommodates gorgeous files
that we would perchance take to store encrypted.

The injector configuration describes how Ansible Tower can beget to aloof pass the
credentials to the Ansible playbook. In our case, we want to make exercise of surroundings

  AWS_ACCESS_KEY: "{{ aws_access_key }}"
  AWS_SECRET_KEY: "{{ aws_secret_key }}"
  AWS_REGION: "{{ aws_region }}"

And with one closing click on the attach button, we’re done.

Adding AWS credentials

Now that we defined our custom credential variety, we are able so that you can add our AWS credentials
to Ansible Tower. After we navigate to the Credentials page and click on on the
inexperienced plus button, Ansible Tower will present us with the following produce:

Adding AWS credentials to Ansible Tower.

Adding AWS credentials to Ansible Tower.

Cease demonstrate that now we prefer to put the credential variety ahead of we survey the sort
aspect fields.

After we click on the attach button, we’re ready for the following configuration step.

Outline a list

Each ansible-playbook high-tail executes projects on one or extra hosts. Resulting from we
will handiest contact a miles-off web API in our playbook, all we want is localhost.
We can abolish one by navigating to the Inventories page, clicking on the
inexperienced plus button, and selecting inventory from the dropdown menu.

After we name the inventory, we ought to click on the attach button ahead of navigating
to the Hosts tab. After we click on the inexperienced plus button again, we ought to hold
the host critical aspects cherish this:

Defining localhost inventory.

Defining localhost inventory.

Compose obvious you reproduction the following variable definitions to the variables input

ansible_connection: local
ansible_python_interpreter: "{{ ansible_playbook_python }}"

If we ticket no longer space those variables because it will seemingly be, Ansible is never any longer going to search out the programs
installed in our virtual surroundings.

Add job template

An Ansible Tower job template is, at its core, a templated ansible-playbook
high-tail. Job templates account for what playbook Ansible Tower will ticket, what
credentials and variables can be found all the device via the high-tail, verbosity of the
output, and so forth. In our case, the job template can beget to aloof behold one thing cherish this:

Ansible Tower job template.

Ansible Tower job template.

In this dialog, we derive all of the facts that we defined ahead of:

  1. We put the simply inventory source.
  2. We put an acceptable challenge and a playbook from it.
  3. We inject our AWS credentials.

We highlighted those fields within the screenshot above. However there is aloof
one thing missing: values for our Ansible playbook variables.

One risk would be to account for them within the extra variables discipline, however there is a
higher capacity of going via this: surveys. Surveys are dialogs that pop up simply
ahead of we ticket the job template, query for some input files, and plan the facts
to variables.

In our instance, we created a respect with three prompts. In the image below, we
demonstrate how we defined the occasion variety suggested. The assorted two prompts were
defined in an identical fashion.

Definition of an instance type prompt.

Definition of an occasion variety suggested.

And with all of this leisurely us, we’re now at last ready to abolish the AWS

Working the job

Now it is at last time for the stress-free piece 😉 If we now navigate to the templates
page and click on on a rocket subsequent to our job template, Ansible Tower will pop up
a respect we defined earlier. After we enter all required files and remark our
picks, Ansible Tower will high-tail the playbook and conceal the output:

Ansible Tower job output.

Ansible Tower job output.

Why can beget to aloof I distress with all that?

To summarize true mercurial, these are the issues that we needed to manufacture to abolish
our proof-of-conception self-service catalog. We:

  1. created a dedicated virtual surroundings containing libraries for talking
    to the AWS,
  2. imported our playbook into Ansible Tower,
  3. created a custom credential variety and instantiated it,
  4. defined our inventory,
  5. added a job template and done it.

Whilst you stay in a terminal and CI/CD programs are your simplest chums, all this
clicking potentially made you nauseous. However the tip result of all this clicking
exercise is one thing practically any individual within the company can exercise. So no longer less than in our
eyes, issues cherish this are price the hassle.

And at the tip of the day, we are able to consistently write an Ansible playbook to automate
Ansible Tower configuration 😉 Otherwise you have to well per chance well also contact us and we are able to enable you
write that playbook and hold the service catalog with some true roar.


Read More

Leave A Reply

Your email address will not be published.