Ansible AWX

Transcript

1. Ansible AWX Jan-Piet Mens November 2017
 @jpmens the upstream project

   from which Tower is produced

2. @jpmens: consultant, author, architect, part-time admin, small-scale fiddler, created OwnTracks,

   loves DNS, plain text, and contributed to Ansible.

3. AWX project web-based user interface, REST API, and task engine

   built on top of Ansible https://github.com/ansible/awx

4. AWX ..?

5. why?

6. Ansible AWX

7. Features real-time playbook output, push-button deployment, Galaxy integration, authentication, projects/jobs/workflows,

   security, notifications, logging, scheduling
8. None

9. Authentication local data, social (Github, Google), enterprise (AD, SAML, RADIUS),

   LDAP, Kerberos

10. Security playbooks executed via awx user, run in namespaces/chroots, can’t

    access other data, RBAC

11. RBAC: Execute

12. Inventories comparable to Ansible inventory files, multiple, sync with AWS,

    GCE, Rackspace, custom scripts, inventory from SCM, smart inventory, imported
13. None

14. Projects / jobs collection of playbooks, on filesystem or SCM,

    sync with SCM, Job Templates, workflows link jobs
15. None

16. Jobs list

17. Workflow

18. Logging … detailed logging, management jobs { "cluster_host_id": "awx", "level":

    "INFO", "@timestamp": "2017-10-14T14:42:43.060Z", "host": "awx", "logger_name": "awx.main.scheduler", "message": "Submitting project_update 70 (waiting) to instance group 1.", "type": "logstash" }

19. … Logstash aggregator services (Splunk, Loggly, Sumologic, Elastic),

20. Notifiers e-mail Slack Twilio PagerDuty Hipchat IRC Webhook

21. credentials AWS, Google, machine, SCM, Vault, VMware, custom

22. None

23. { "status": "successful", "credential": "ww-machines", "name": "t-job1", "started": "2017-10-14T13:34:30.06452 "extra_vars":

    "{\"poem\": \"Mary had "friendly_name": "Job", "created_by": "admin", "project": "demo-talk", "url": "https://towerhost/#/jobs/46", "finished": "2017-10-14T13:34:47.1608 "hosts": { "roo": { "skipped": 0, "ok": 3, "changed": 1, "dark": 0, "failed": false, "failures": 0 } }, "playbook": "touchem.yml", "id": 46, "inventory": "west-wing" } Webhooks

24. clustering redundancy, load-sharing, UI/API

25. REST API curl -H 'Content-type: application/json' \ -d '{"extra_vars":{"newpoem":"hello good

    world"}}' \ -u admin:password \ http://awx.example.net/api/v2/job_templates/t-job1/launch/ curl -H "Content-type: application/json" \ -d "$(jo username=jog1 first_name=Joanne last_name=Guest \ [email protected] password=sikret)” \ -u admin:password \ http://awx.example.net/api/v2/users/

26. tower-cli $ tower-cli job launch --job-template=t-job1 --> $EDITOR # Specify

    extra variables (if any) here as YAML. # Lines beginning with "#" denote comments. poem: Mary had something newpoem: which was as white as snow Resource changed. === ============ ======================== ======= ======= id job_template created status elapsed === ============ ======================== ======= ======= 152 8 2017-10-15T15:42:21.084Z pending 0.0 === ============ ======================== ======= ======= https://github.com/ansible/tower-cli/

27. provisioning callbacks initiate playbook run for host on host (cron,

    firstboot)

28. hooks and repositories

29. Installing AWX OpenShift / MiniShift Docker PostgreSQL https://github.com/ansible/awx/blob/devel/INSTALL.md

30. you own the parts

31. angry potato https://github.com/nanobeep/awx-logos fix

32. safer automation!