Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ansible AWX

Jan-Piet Mens
November 26, 2017

Ansible AWX

a quick introduction to Ansible AWX, the upstream project from which Tower is produced

Jan-Piet Mens

November 26, 2017
Tweet

More Decks by Jan-Piet Mens

Other Decks in Technology

Transcript

  1. Ansible AWX
    Jan-Piet Mens
    November 2017

    @jpmens
    the upstream project from which Tower is produced

    View full-size slide

  2. @jpmens: consultant,
    author, architect, part-time
    admin, small-scale fiddler,
    created OwnTracks, loves
    DNS, plain text, and
    contributed to Ansible.

    View full-size slide

  3. AWX project
    web-based user interface, REST API, and task engine built on
    top of Ansible
    https://github.com/ansible/awx

    View full-size slide

  4. Features
    real-time playbook output, push-button deployment, Galaxy
    integration, authentication, projects/jobs/workflows, security,
    notifications, logging, scheduling

    View full-size slide

  5. Authentication
    local data, social (Github, Google), enterprise (AD, SAML,
    RADIUS), LDAP, Kerberos

    View full-size slide

  6. Security
    playbooks executed via awx user, run in namespaces/chroots,
    can’t access other data, RBAC

    View full-size slide

  7. RBAC: Execute

    View full-size slide

  8. Inventories
    comparable to Ansible inventory files, multiple, sync with
    AWS, GCE, Rackspace, custom scripts, inventory from SCM,
    smart inventory, imported

    View full-size slide

  9. Projects / jobs
    collection of playbooks, on filesystem or SCM,
    sync with SCM, Job Templates, workflows link
    jobs

    View full-size slide

  10. Logging …
    detailed logging, management jobs
    {
    "cluster_host_id": "awx",
    "level": "INFO",
    "@timestamp": "2017-10-14T14:42:43.060Z",
    "host": "awx",
    "logger_name": "awx.main.scheduler",
    "message": "Submitting project_update 70 (waiting) to instance group 1.",
    "type": "logstash"
    }

    View full-size slide

  11. … Logstash
    aggregator services (Splunk, Loggly, Sumologic, Elastic),

    View full-size slide

  12. Notifiers
    e-mail
    Slack
    Twilio
    PagerDuty
    Hipchat
    IRC
    Webhook

    View full-size slide

  13. credentials
    AWS, Google, machine, SCM, Vault, VMware, custom

    View full-size slide

  14. {
    "status": "successful",
    "credential": "ww-machines",
    "name": "t-job1",
    "started": "2017-10-14T13:34:30.06452
    "extra_vars": "{\"poem\": \"Mary had
    "friendly_name": "Job",
    "created_by": "admin",
    "project": "demo-talk",
    "url": "https://towerhost/#/jobs/46",
    "finished": "2017-10-14T13:34:47.1608
    "hosts": {
    "roo": {
    "skipped": 0,
    "ok": 3,
    "changed": 1,
    "dark": 0,
    "failed": false,
    "failures": 0
    }
    },
    "playbook": "touchem.yml",
    "id": 46,
    "inventory": "west-wing"
    }
    Webhooks

    View full-size slide

  15. clustering
    redundancy, load-sharing, UI/API

    View full-size slide

  16. REST API
    curl -H 'Content-type: application/json' \
    -d '{"extra_vars":{"newpoem":"hello good world"}}' \
    -u admin:password \
    http://awx.example.net/api/v2/job_templates/t-job1/launch/
    curl -H "Content-type: application/json" \
    -d "$(jo username=jog1 first_name=Joanne last_name=Guest \
    [email protected] password=sikret)” \
    -u admin:password \
    http://awx.example.net/api/v2/users/

    View full-size slide

  17. tower-cli
    $ tower-cli job launch --job-template=t-job1
    --> $EDITOR
    # Specify extra variables (if any) here as YAML.
    # Lines beginning with "#" denote comments.
    poem: Mary had something
    newpoem: which was as white as snow
    Resource changed.
    === ============ ======================== ======= =======
    id job_template created status elapsed
    === ============ ======================== ======= =======
    152 8 2017-10-15T15:42:21.084Z pending 0.0
    === ============ ======================== ======= =======
    https://github.com/ansible/tower-cli/

    View full-size slide

  18. provisioning callbacks
    initiate playbook run for host on host (cron, firstboot)

    View full-size slide

  19. hooks and repositories

    View full-size slide

  20. Installing AWX
    OpenShift / MiniShift
    Docker
    PostgreSQL
    https://github.com/ansible/awx/blob/devel/INSTALL.md

    View full-size slide

  21. you own the parts

    View full-size slide

  22. angry potato
    https://github.com/nanobeep/awx-logos
    fix

    View full-size slide

  23. safer automation!

    View full-size slide