Ansible AWX Jan-Piet Mens November 2017
 @jpmens the upstream project from which Tower is produced

@jpmens: consultant, author, architect, part-time admin, small-scale fiddler, created OwnTracks, loves DNS, plain text, and contributed to Ansible.

AWX project web-based user interface, REST API, and task engine built on top of Ansible https://github.com/ansible/awx

AWX ..?

why?

Ansible AWX

Features real-time playbook output, push-button deployment, Galaxy integration, authentication, projects/jobs/workflows, security, notifications, logging, scheduling

No content

Authentication local data, social (Github, Google), enterprise (AD, SAML, RADIUS), LDAP, Kerberos

Security playbooks executed via awx user, run in namespaces/chroots, can’t access other data, RBAC

RBAC: Execute

Inventories comparable to Ansible inventory files, multiple, sync with AWS, GCE, Rackspace, custom scripts, inventory from SCM, smart inventory, imported

No content

Projects / jobs collection of playbooks, on filesystem or SCM, sync with SCM, Job Templates, workflows link jobs

No content

Jobs list

Workflow

Logging … detailed logging, management jobs { "cluster_host_id": "awx", "level": "INFO", "@timestamp": "2017-10-14T14:42:43.060Z", "host": "awx", "logger_name": "awx.main.scheduler", "message": "Submitting project_update 70 (waiting) to instance group 1.", "type": "logstash" }

… Logstash aggregator services (Splunk, Loggly, Sumologic, Elastic),

Notifiers e-mail Slack Twilio PagerDuty Hipchat IRC Webhook

credentials AWS, Google, machine, SCM, Vault, VMware, custom

No content

{ "status": "successful", "credential": "ww-machines", "name": "t-job1", "started": "2017-10-14T13:34:30.06452 "extra_vars": "{\"poem\": \"Mary had "friendly_name": "Job", "created_by": "admin", "project": "demo-talk", "url": "https://towerhost/#/jobs/46", "finished": "2017-10-14T13:34:47.1608 "hosts": { "roo": { "skipped": 0, "ok": 3, "changed": 1, "dark": 0, "failed": false, "failures": 0 } }, "playbook": "touchem.yml", "id": 46, "inventory": "west-wing" } Webhooks

clustering redundancy, load-sharing, UI/API

REST API curl -H 'Content-type: application/json' \ -d '{"extra_vars":{"newpoem":"hello good world"}}' \ -u admin:password \ http://awx.example.net/api/v2/job_templates/t-job1/launch/ curl -H "Content-type: application/json" \ -d "$(jo username=jog1 first_name=Joanne last_name=Guest \ email=jog1@example.net password=sikret)” \ -u admin:password \ http://awx.example.net/api/v2/users/

tower-cli $ tower-cli job launch --job-template=t-job1 --> $EDITOR # Specify extra variables (if any) here as YAML. # Lines beginning with "#" denote comments. poem: Mary had something newpoem: which was as white as snow Resource changed. === ============ ======================== ======= ======= id job_template created status elapsed === ============ ======================== ======= ======= 152 8 2017-10-15T15:42:21.084Z pending 0.0 === ============ ======================== ======= ======= https://github.com/ansible/tower-cli/

provisioning callbacks initiate playbook run for host on host (cron, firstboot)

hooks and repositories

Installing AWX OpenShift / MiniShift Docker PostgreSQL https://github.com/ansible/awx/blob/devel/INSTALL.md

you own the parts

angry potato https://github.com/nanobeep/awx-logos fix

safer automation!