Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ansible AWX

C382a57369a2810344202ca9a1d37992?s=47 Jan-Piet Mens
November 26, 2017

Ansible AWX

a quick introduction to Ansible AWX, the upstream project from which Tower is produced

C382a57369a2810344202ca9a1d37992?s=128

Jan-Piet Mens

November 26, 2017
Tweet

Transcript

  1. Ansible AWX Jan-Piet Mens November 2017
 @jpmens the upstream project

    from which Tower is produced
  2. @jpmens: consultant, author, architect, part-time admin, small-scale fiddler, created OwnTracks,

    loves DNS, plain text, and contributed to Ansible.
  3. AWX project web-based user interface, REST API, and task engine

    built on top of Ansible https://github.com/ansible/awx
  4. AWX ..?

  5. why?

  6. Ansible AWX

  7. Features real-time playbook output, push-button deployment, Galaxy integration, authentication, projects/jobs/workflows,

    security, notifications, logging, scheduling
  8. None
  9. Authentication local data, social (Github, Google), enterprise (AD, SAML, RADIUS),

    LDAP, Kerberos
  10. Security playbooks executed via awx user, run in namespaces/chroots, can’t

    access other data, RBAC
  11. RBAC: Execute

  12. Inventories comparable to Ansible inventory files, multiple, sync with AWS,

    GCE, Rackspace, custom scripts, inventory from SCM, smart inventory, imported
  13. None
  14. Projects / jobs collection of playbooks, on filesystem or SCM,

    sync with SCM, Job Templates, workflows link jobs
  15. None
  16. Jobs list

  17. Workflow

  18. Logging … detailed logging, management jobs { "cluster_host_id": "awx", "level":

    "INFO", "@timestamp": "2017-10-14T14:42:43.060Z", "host": "awx", "logger_name": "awx.main.scheduler", "message": "Submitting project_update 70 (waiting) to instance group 1.", "type": "logstash" }
  19. … Logstash aggregator services (Splunk, Loggly, Sumologic, Elastic),

  20. Notifiers e-mail Slack Twilio PagerDuty Hipchat IRC Webhook

  21. credentials AWS, Google, machine, SCM, Vault, VMware, custom

  22. None
  23. { "status": "successful", "credential": "ww-machines", "name": "t-job1", "started": "2017-10-14T13:34:30.06452 "extra_vars":

    "{\"poem\": \"Mary had "friendly_name": "Job", "created_by": "admin", "project": "demo-talk", "url": "https://towerhost/#/jobs/46", "finished": "2017-10-14T13:34:47.1608 "hosts": { "roo": { "skipped": 0, "ok": 3, "changed": 1, "dark": 0, "failed": false, "failures": 0 } }, "playbook": "touchem.yml", "id": 46, "inventory": "west-wing" } Webhooks
  24. clustering redundancy, load-sharing, UI/API

  25. REST API curl -H 'Content-type: application/json' \ -d '{"extra_vars":{"newpoem":"hello good

    world"}}' \ -u admin:password \ http://awx.example.net/api/v2/job_templates/t-job1/launch/ curl -H "Content-type: application/json" \ -d "$(jo username=jog1 first_name=Joanne last_name=Guest \ email=jog1@example.net password=sikret)” \ -u admin:password \ http://awx.example.net/api/v2/users/
  26. tower-cli $ tower-cli job launch --job-template=t-job1 --> $EDITOR # Specify

    extra variables (if any) here as YAML. # Lines beginning with "#" denote comments. poem: Mary had something newpoem: which was as white as snow Resource changed. === ============ ======================== ======= ======= id job_template created status elapsed === ============ ======================== ======= ======= 152 8 2017-10-15T15:42:21.084Z pending 0.0 === ============ ======================== ======= ======= https://github.com/ansible/tower-cli/
  27. provisioning callbacks initiate playbook run for host on host (cron,

    firstboot)
  28. hooks and repositories

  29. Installing AWX OpenShift / MiniShift Docker PostgreSQL https://github.com/ansible/awx/blob/devel/INSTALL.md

  30. you own the parts

  31. angry potato https://github.com/nanobeep/awx-logos fix

  32. safer automation!