AWX AND ANSIBLE TOWER / AUTOMATION PLATFORM - COMPREHENSIVE OVERVIEW TO RUN YOUR FIRST JOB!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so you're familiar with ansible but you may have recently discovered an offering called ansible tower from the company red hat and you may have also figured out that that is just an open source software called awx tower with red hat's logo slapped on top so first i want to start off by saying red hat and their products are great i use them and i love them and red hat did not steal awx actually it's the other way around right ansible tower existed before awx and then with their commitment to making things open source red hat said they were going to make ansible tower open source and they created the awx community project um and in which they stay it's com the upstream version of ansible tower so all the new things go to awx first and then they get hardened and secured and made long-term support by red hat and put into ansible tower uh and they do say on their question and answer website that it's comparable to fedora being the upstream version of red hat enterprise linux and they do have a section where they say should i use this in production and they say just no so you're wondering if you should use red hat ansible tower or awx and what are the differences well the differences are if we go with red hat ansible tower right we get awx but the logo is changed to a red hat logo the red hat offering called ansible tower also comes with a support agreement right we purchase it through them if something does not work the way we expect it to we can call them up we can submit a ticket if my production environment's down and i need ansible tower to work in order to fix it i can have them on the phone in 10 minutes right and if you're not aware red hat has said they will be doing away with and replacing red hat ansible tower with what's called the automation controller which is part of their new red hat ansible automation control platform so they're gonna have a whole platform it's gonna have a hub and you're gonna have what's called the automation controller in it and it's going to look exactly like red hat ansible tower and it's going to operate the same as red hat ansible tower so here i am on the login screen for awx i'm not going to show you how to install awx there's multiple ways to do that you can do awx operator in a container a helm chart on kubernetes whatever you want right that's for another time this is just once i get into awx once i get an ansible tower how do i use it how do i put things together how do i start running playbooks right and i say instable tower as well because everything you do in awx is a one-for-one swap with ansible tower everything is exactly the same it has exactly the same features uh the only thing that might look different is the ui but it's all going to be in the same place for the most part so i'm just going to go ahead and log in here and i'll put a link in the description to how i personally deploy awx over and over and over using terraform but once we get to the dashboard we see some values up here you know host is how many hosts we have in awx how many failed hosts means you ran a playbook but it failed to run all the tasks successfully against those hosts so you get a failure inventories inventory sync failures and that increments when you have a dynamic inventory that looks through ec2 or a satellite server or azure or vsphere to dynamically update its inventory and that just failed or project sync failures meaning you had a project that you defined and it failed to sync from a remote source and we'll go over that more in detail all right but i want to go over these things i'm not going to go down the list straight down the list but i'm going to go in a logical order what makes sense from the time you first stand up ansible tower or awx so first when you stand up awx or ansible tower the first thing you're going to want to do is create an organization so over on the left click organizations and you're just going to hit add and organizations are just a form of tenancy right they're a way of separating resources based on organization so if you had an organization called mcdonald's right and you created inventories and users and credentials and projects and so on they would be available to the mcdonald's organization but if you created a burger king organization too their resources would be separate from the mcdonald's resources so one organization cannot view or execute another organization's resources if they don't have permission to do right by default they don't right you don't have to worry about instance groups and you don't have to worry about galaxy credentials unless you want ansible galaxy so i've created an organization um and now once it's created i can go to access right i can say which users belong in my organization which teams which are like a logical grouping of of users and i can create notifications right for this organization and we'll go over notifications more detail later but if i go back to organizations i'm actually going to create another one and i'm going to call it burger king and i'm going to hit save and so now i've got two organizations right so if i create resources and assignment mcdonald's and i create resources and assign the burger king they're not going to be able to see or react interact with each other's resources unless say i put timmy in mcdonald's and then i say i want timmy to also have access to burger king then you can do both next we're going to go ahead and go over inventories so come here on the left and we'll hit add and we'll see two options here we have add inventory or add smart inventory so the differences here are as if i had add inventory i can create a static or a dynamic inventory where i can add hosts right and variables for those hosts and add smart inventory all this is is we are saying so if i click in here real quick quick example i'm not going to go over this in true depth because it gets kind of complicated but we have the smart host filter option right so i can say i want this inventory to be created from another inventory when the hosts match this filter right so if i give you an example i say i have a mcdonald's inventory and i go ahead and i say i want to create another inventory based on the subnets of those hosts in that inventory ansible's going to go ahead and when i run a playbook it's going to gather all the facts from well if i have gathers facts that it's going to gather all the facts from those hosts it's going to pull back all the subnets that all those hosts are in and based on this filter here it's going to create a new inventory with all the hosts in the defined subnet that i want right it's it's a little complicated i know but for the most part just starting out you're going to want to go to add inventory right and you're giving the inventory a name similar to if you were naming your inventory file if you were using ansible via the command line so this is going to be mcdonald's inventory and you can give it a description but i'm going to go ahead and organization and again we have two organizations so if i choose mcdonald's as my organization burger king is not going to have access to this inventory they're not going to be able to see it or run things against it and users in burger king's organization will not be able to as well so i'm going to go ahead and select and you don't need insights credentials or insights groups and variables is where if you want a variable to apply to every host inside of this inventory this is where you would place it similar to if you were apply a variable to at the top of your inventories file using ansible cli in the inventory file so i'm going to hit save and then we have all these options that appear right access who's allowed to have access to this inventory groups if we have 10 hosts right multiple hosts 10 hosts each in different regions maybe east west north south we can separate them this way host is we're going to actually put our hosts sources so this is actually dynamic inventory so if you were to choose like amazon ec2 it would ask you for your like your aws credentials um and then it would actually like update dynamically during playbook runs so we'll go back to there and completed jobs that involve this host so i'm gonna go to host i'm gonna hit add and actually you can add a host here with a valid dns name right if it's got a valid dns name or you can do ip address so i've got an aws ec2 instance sitting out there on internet i'm actually going to use the ip address and give it a description ec2 instance and i can set specific host variables so these would apply only to this host if during a playbook run so and if you don't know how hierarchy works with ansible it's always the most more specific declaration of a variable that gets applied so go ahead and hit save now i've got a mcdonald's inventory with hosts and i've got my host to find so once you've added a host to your inventory before you can actually connect to it you need to tell ansible or awx how to actually connect to that host so we need to create what's called credentials and we need to create more specifically a machine credential type and this is essentially where you're going to specify what user do you want to ssh with when ansible runs a playbook what credentials do you want to use to connect do you want to escalate via sudo or just switch user and what credentials do you want to accomplish that right so this is going to be my ec2 key we can give it a description again we give it an organization for separation machine type credential again for ssh and i know that the user on this server is just called ubuntu and i don't need a password because i'm going to be using ssh private key when i created the ec2 instance aws provided me with a private key for the key pair i don't need to provide that i don't need to provide that because there is no password for the private key privilege mode escalation i'm going to go ahead and do sudo escalation name i'm actually going to go up to root it's not recommended to do this but i set this box up quickly just for this demonstration so that's all i have right now and then the password for that root user is going to be the password that i set and then i go ahead and save so you have a credential again you can choose who has access to this credential so now that i've got this credential created what this is going to let me do is when i go ahead later and create a template which is a playbook run configuration i'm going to say i want to use the ec2 key ssh key during to run this playbook and it's going to then use that key to attempt to connect to the host that i've defined in the playbook but before we can do that i need to add another credential here because we need to create what's called a project so before i can create the project i need to add git credentials so we'll say git give it a description and mcdonald's will be the organization so i'm going to choose where is it git hub personal access token so what i'm doing is i'm creating credential to allow me to pull from github so what i can do is i'll then go to github and i have a little repository right here you don't need the credentials if you don't need the credentials to connect right so technically i don't have to fill in the token here because i don't need to authenticate via token to pull in this repository but if you wanted to you would go to settings and then you would go down to developer settings and personal access tokens and you could create you could generate a new token here right so i'm actually going to grab this token real quick all right so i got the token i'm gonna go ahead and paste that in here and i'll hit save and i did not show you the token because i don't want to so again we have access who has access to this credential when we go back to credentials now we have two credentials right we have ssh key and get access personal access token all right so next we'll go to projects so projects projects what are projects projects are kind of like uh you're kind of defining the space that all your playbooks and everything that's required to run those playbooks exists right so for example if we choose manual here for source control credentials type um basically if we put our playbooks in this directory manual points at a directory right so if we put our playback in this directory uh then they're going to show up under the manual project this is unadvisable because you don't have any version and control over it so the next most popular option is to use git so you can use any type of source control management system right you could use bitbucket gitlab github whatever you want because git's just the protocol so then i would give it a name right for the new project so roles playbooks right i'm going to give it an organization all right and then i need a source control url so if i go to github and i find a repository with playbooks in it that i would like to run right for my example i have a repository here called ansible roles it's just a simple playbook uh right here called configure systems and all it's going to do is run the mode of the day roll to set the mode of the day on the host so i'm going to go ahead and i'm going to copy the https url i'm going to go back to awx and i'm going to paste that in there then i'm going to find a branch that i would like to pull from source control respect you don't have to worry about source control control credential this is where you would actually place your git credential but for some reason for me anyway it's not working properly right please add to populate list i don't know why this is not showing up it might be an error with the particular version of awx i'm using but if you needed to provide a personal access token for git this is where you would select it after you've already created it over here in credentials like we did earlier because this is a public repository i do not need a personal access token to just pull it down okay i just want to make it known for the record earlier i said that for some reason my git credential was not showing up when i went to project and attempted to click source control credential apparently it's there now so just know that if the repository is public and allows you to pull without authentication then you don't need a source control credential but if you do in awx it might take a few minutes for that credential to populate uh under yours to be usable with your project and one of the important things here is you're going to want to update revision on launch right and what this means is every time i run a playbook that belongs to this project every time i run a template that belongs to this project it's gonna it's gonna run a job before it runs my playbook it's gonna run a job to check in with github and pull in the latest playbooks from github so i'm gonna hit save and then again we have access who has access to these uh this project notifications job templates which templates are like assigned to this project schedules you can assign schedules to this project we'll go over that later um and details right so we're going to hit sync here and you're not going to see anything happen it's going to look really weird well if we go to jobs this is where we see things happening with projects and templates right so we can see that we've got this green here which means uh that it was successful in syncing our inventory with github right so what it did is again without credentials it went ahead and reached out to the git repository and looked at the version and then pulled it in and it saw that it didn't need anything from galaxy so it didn't go ahead and do that update source 3 if necessary update project using get cool all right so that's been successfully defined so now once we have a project which again is a location to where our playbooks are stored we need to create what's called a template so we have two options here add job template or add workflow template so a job template is just you're saying i want to run this one playbook with these ones set of settings and that's it a workflow template is you're saying i want to run this job with this playbook and then if that passes or fails or regardless of the result run this one and then run that one so it's a continuous workflow of multiple templates so we're going to go ahead and hit add job template and i'm going to i'm going to give it a name configure mode of the day right because that's what my playbook is going to do i can give it a description job type run or check right run is actually going to execute it check is just going to do like a dry run and then i have to specify inventory so we're going to take what inventory is the host that i have to find in the playbook contained in so i'm going to go ahead and choose mcdonald's inventory so i'm actually going to stop there real quick and i'm going to go back to the project so this is the playbook that's actually going to run and i need to make sure this hosts section contains a valid hostname or group of hosts that actually exist in the inventory right so if i go back to awx here the inventory i've got a host so i'm going to copy this address and i'm going to go back to the project i'm actually just going to do a no no and i'm going to update this right here in github and i'm going to commit straight to master and all fine and dandy so now if i define this inventory right ansible is going to see this line it's going to say hey i want to run against this host and then as long as i have defined that host inventory right here it's going to work all right then we have to choose a project for this template we've only got one the roles playback project we created and what that project did when it synced is it evaluated the entire repository for a valid playbook right configure systems.yaml um we're going to provide credentials and these are going to be the ec2 key credentials right so we're going to hit ok so this is the how we're going to ssh into the box uh labels if we've got labeling going on on our poly playbook we can go ahead and set our labels here so we'll only run the tasks with the defined labels variables uh we've got forks which is really how many hosts do you want to run this against in parallel at once um so if you don't have a lot of computing power just leave this as zero limit so limit's an interesting one right if i say right here in the playbook i define a whole group of hosts like it's got like 100 hosts in the group that i put here well i don't want to re-create like a new template or or you know reinvent the wheel so i could just put limit here and i could put hosts one host two and so on and it would only run it against the hosts defined and limit verbosity however both do you want this template to be uh job slicing we don't need to worry about that timeout it is self-explanatory you can show changes or not right so if enabled show the changes made by ansible tasks we're supported this equivalent ansible's diff mode instance groups we're not going to worry about that job tags we're not going to worry about that either and skip tags are there any tasks in your playbook you would like to skip so the most important part of this is probably going to be privileged escalation if you've got pseudo going on all right so if i look at the playbook become is set to yes because i need to become to edit the mode of the day file so that means i need privilege escalation enabled provisioning callbacks right so this is going to allow the creation of a url host can contact brand name and request a configuration update using the job template web hooks so you can like web hooks are like if you put uh if you go to the host and you have this all set up you could just like put a one line command that will interact with the api and it'll essentially what you're doing with awx and tower is your your pushing configurations to host enable web hike lets the host actually call out to awx and say i want to run this template against me right can i run more than one job at once usually i'll set that yes and enable fat cash fat and enable fact storage all right we're gonna hit save so i now have a template which is a play but run of a playbook against an inventory so when i hit launch i'm gonna it's gonna start two jobs the first job is going to resync the project to make sure we have the latest and greatest from github and the second job is actually going to run the playbook so if i hit launch and then i'm going to open this in a new tab we so we can see that source control updated and then immediately after configure mode of the day ran but it failed uh so why did we fail well this is a syntax error inside of the playbook so error the role mode of the day was not found what did i do wrong here so i got to fix this playbook real quick and then i'll be right back all right so the issue was my playbook was up here but my roles were down here one directly below instead of because your roles if you haven't defined in your ansible config where you want your roles to be then they need to be relative to wherever the playbook is running in a roles directory if that makes sense so because this playbook is in here it's looking in the here for the roles directory but it's not finding it but i moved it to here and the roles directory is right here so now i need to go back to awx and we're going to go back to projects actually and i need to actually update so we'll resync this because we made a change and then we'll go to the template and we will edit that so we'll hit edit to the new playbook configure systems2.aml we'll save and we'll launch and now if we go back to jobs again we should see configure mode of the day running and success we have successfully actually it says no host match could not match the supplied host pattern ignoring servers so why is it saying servers this is a me issue again so what do we have here um host oh okay i didn't edit the host name in the right place by the way this is a pretty crappy playbook to use as an example i wrote it when i was first learning ansible so probably doesn't follow best practices but it's going to work for this example eventually you'll see so i'm going to go ahead and hit relaunch and it's going to resync the project so we'll go to jobs and we got source control update because we made a change configure mode of the day um okay cool we've actually connected to our host so we did have an error out here in the output fatal could not find our access that's that's just part of the ansible playbook i wrote that i said was crap but the point is we connected to the host right and because we didn't run successfully uh we failed right so actually hang on i'm going to fix this real quick because i want you to see the green all right so the issue is like here i'll just i had a full path like when it was sitting on the system here i told you these were old um really the files just like one director down into files and mode of the day j2 so i'll go ahead and commit real quick and then we'll go back and we will relaunch one more time and then of course we're gonna update the repository information inside of awx so we get the latest and greatest for the playbook and we're going to configure mode of the day and voila it is finished running so successful playbook run so templates again are just jobs where you define what playbook you want to run what inventory source the hosts that you want to run against are in what credentials do you want to use to connect to those hosts and do i need to sudo stuff like that right all right now that we've done a successful playbook run just to recap right all this stuff applies to ansible tower and awx everything we just did you can do an ansible tower the same exact way creating an inventory creating credentials creating a project and syncing that project creating a template right all of that is the same in ansible tower you can do it the exact same way so let's go over some of these other things here right so for jobs what are jobs jobs are every time uh a job a playbook runs is a job uh every time a task runs right so when source control updates for a project that's considered a job when you run a template that's considered a playbook run that's considered a job you can go back through this history and you can click on them to see what happened and you can see pass or fail based on the color here red or green so next we have schedules and schedules allow you to say well we'll just walk through an example it allows you to set an interval of when you want things to run so if i want to run configure mode of the day every sunday at 3 30 pm i would click on the template and i would go to schedules and i would hit add and i would give it a name sundays at 3 30 pm so the start date and time is what time so really this is i want to begin running this when at 3 30 p.m on 10 10 is when the first one is going to run and then every subsequent one after that is also going to run at 3 30 pm right and you can choose those settings here uh what time zone do you want to tie this to and then a run frequency right i want to run this every sunday so i'll choose week once a week on sundays and this is the equivalent of creating a crown job and then when do you want it to end never meaning it will run every week every sunday at 3 30 p.m after so many occurrences right do you want this to run after it runs two sundays three sundays what have you or do you want it to end on a certain date all right so i'll just choose never and i'll hit save and we can see i have a schedule created right so every sunday at 3 30 p.m i'm going to go ahead and i'm going to run the mode of the day playbook or template and there's my schedule assigned to this template you can turn it on on our off with this button here and then we have activity streams this is just stuff that's happening inside your environment who's creating things who's destroying things what's going on which i was running stuff like that uh workflow approvals this is going to work be where remember how earlier i said you can add and create a workflow template right um so this is going to be where you're going to approve workflows if needs if the need be or deny you know we have users so this is where we can add a user right so bob bob bob.com and we can give bob's password uh yeah we'll just copy that i wonder if that works the the man and we can assign bob to an organization so we'll decide if he needs what access to what resources and wait does he want to be a system administrator assistant monitor will to make it madman we'll hit save oh uh we'll just make this password and we'll save so we created a user we can assign them into different organizations we can add them to more than one we can assign them to teams which are kind of like and roles uh teams uh we can go ahead and add a team the team what team does this organization belong to or what organization does this team belong to right we can add bob to this but he's already added to it because he's an admin different roles for this team right so teams are groups of so you have users teams which are like a group of users and then you can create roles that kind of assign certain users to certain teams and give them certain access to certain things right credential types we don't need to worry about this but you can create your own kind of credential notifications this is actually a handy one because say you've got a slack or a mattermost or something like that or email grafana right you've got all these different things like webhook you can actually create these and you can assign them to certain templates right so if i click on this there's a notifications tab you can have a notification when i run that says when this uh particular template starts send me an email send me a slack message if it runs and fails send me a slack message if it doesn't don't send me anything stuff like that right so if we just hit add we can see like slack we can add our you know what channels you want this go to what's the token you can add a custom message um you can specify if you want these messages to run on start success error stuff like that all good stuff we got management jobs uh which seems to be blank we have instance groups uh so just real quick instance groups are like say you had like four ansible tower or awx nodes running you could group those into instance groups and you could apply custom policies like you can put two in this group two in that group right add container group you can have you know it's just a way of grouping your nodes and resources um applications you can go ahead and add applications here it's more of an advanced setting uh and then settings this is for your administrators right you can set up uh authentication to like saml ldap right sso uh you have logging settings so you can define how you want your logging to be configured miscellaneous system settings um you know automation analytics apple url login redirect there's all this you can get pretty fancy with the administrative stuff and then user interface settings custom logo stuff like that um but in native x it seems like you know this is coming soon so you know it's one of those things where you know it's that doesn't we don't get an awx but we might get it in red hat ansible tower and then we go back to the dashboard we can see um you know we don't have any failed hosts because our job ran successfully last time and we have a good inventory and we have a successfully synced project and we have a nice little graph here [Music]
Info
Channel: The_Sudo
Views: 27,079
Rating: undefined out of 5
Keywords: awx, ansible, redhat, devops
Id: 49x1jEliq5U
Channel Id: undefined
Length: 33min 9sec (1989 seconds)
Published: Mon Oct 11 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.