Ansible Tower/Automation Controller
The main difference between Ansible Tower and Ansible Automation Platform is that Ansible Tower is an older version of the software which has now been replaced by Ansible Automation Controller which in turn is part of the Ansible Automation Platform.
Ansible automation controller is the web-based UI interface for Red Hat Ansible Automation Platform.
Using the web-UI interface, we can create an Inventory to manage our servers, import our playbooks through the Projects, add Job Templates to run the playbooks and finally, create a Workflow linking a few of those playbooks through success or failure conditions.
The mode of operation of controller has evolved and now uses container technology to run the jobs. This replaces the notion of the Python virtual environment known previously in Tower. Containers and their images, used for the execution of each job are known are known as execution environment.
Below is new dashboard of Ansible Controller:
You will find the following buttons. If you click any of them it will take you to the corresponding section.
- Hosts
- Failed hosts
- Inventories
- Inventory sync fail
- Projects
- Projects sync fail.
INVENTORY:
An inventory is a collection of hosts against which jobs (ex. playbooks) may be launched, the same as an Ansible inventory file, it indicates which nodes will be managed by the control machine, in this case the automation controller.
Inventories may be divided into groups and these groups contain the actual hosts. The hosts may be sourced manually or dynamically and can be referenced by their IP addresses or their hostnames.
In automation controller you will be able to run multiple playbooks against these inventories without recreating them.
Creation of Inventory:
- On the side navigation bar, under the Resources section, click on Inventories
- Click on the blue Add button
- Select Add inventory from the dropdown
- Name it
Dev-hosts
. Leave all the other fields as they are. - Click Save
ADD HOSTS TO — DEV-HOSTS INVENTORY:
- On the tab bar, click on Hosts
- Click on the blue Add button.
- In the Name text box enter
node01
. Leave all the other fields as they are. - Click Save
- Click on the Hosts menu in the sidebar or use the breadcrumb Back to hosts
- Repeat the above steps to create a new host, named
node02
.
CREATE GROUP IN DEV-HOSTS :
- On the sidebar, go to Inventories and click on the
Dev-hosts
- On the tab bar of
Dev-hosts
, click on Groups - Click on the Add button to create a new group.
- Create a new group named
web
(NOTE: you don't need to input the[ ]
like you would in an inventory file). - Click Save when you are finished.
ADD node01 and node02 to web Group:Click on the Hosts tab on the top menu of the web
group
- Click Add existing host. A pop up will appear.
- Select both
node1
andnode2
then click Save. - Verify
node1
andnode2
are now added to theweb
group.
PROJECTS:
Projects are logical groups of Ansible playbooks in automation controller. These playbooks usually reside in a source code version control system like Git (and platforms as Github or Gitlab). With Projects we can reference a repository or directory with one or several playbooks, that we will later use.
We use Projects to “import” our playbooks into automation controller. These playbooks might be in a source control management (SCM) like Git (in GitHub or Gitlab for ex.) or locally. Automation controller doesn’t allow us to create or edit playbooks through the web-UI, we can only “import” them into Projects which we later run through the Job Templates feature
CREATE PROJECT:
- Click the Projects link in the Resources section of the sidebar
- Click the Add button
- Name the Project as
Apache playbooks
- For the Source Control Type dropdown, select Git, this will enable new fields below.
- For the Source Control URL field — copy the scm repo URL:
Check the New Project is Sync:
- Click the Projects link in the Resources section of the sidebar
- Verify that the Status for our
Apache playbooks
project is green and reads Successful - Click the Successful and review the output of the sync.
CREDENTIALS:
Credentials are utilized by automation controller for authentication when launching jobs against machines, synchronizing with inventory sources, and importing project content from a version control system.
Credentials are imported and stored encrypted within automation controller, and are not retrievable in plain text on the command line by any user. You can grant users and teams the ability to use these credentials, without actually exposing the credential to the user itself.
There are multiple types of credential types, ranging from tokens, to user/passwords or public keys. In total, there are over 20 supported types and even the option to create Custom ones. We will explore the Machine credential type today, which we will use to connect to the servers in our inventory through SSH.
- Click the Access tab to see who has access to use this credential. These are the automation controller users.
- Click the Job Templates tab to see what Jobs are currently using this credential.
Exploring the Machine type Credentials:
- Go back to the Details tab of the lab-credentials
- Click the Edit button
- Look at the different fields available.
- Notice how the SSH Private Key field only allows us to Reset. As mentioned before, the key is encrypted and not retrievable.
- To exit, click the Cancel button to avoid accidental modifications.
JOB TEMPLATE:
In automation controller a job template is a definition and set of parameters for running an Ansible job, which is usually known as a playbook. Job Templates are useful to execute the same job many times. Job templates also encourage the reuse of Ansible content and collaboration between teams.
To create a Job Template you need to have a Project from which to source our Playbooks. We created our project in the previous challenge. Also note that although a Project might contain multiple Playbooks, a Job Template can only run one of those playbooks.
In automation controller when we want to run multiple playbooks we need to use a Job Template Workflow.
Create Job Template:
- Click the Templates link in the Resources section of the sidebar
- Click the Add dropdown button and select Add job template
- Name the Job Template as
Install Apache
- For the Job Type field, leave the default: Run
- For the Inventory field, touch the magnifying glass and select
Lab-Inventory
- For the Project field, touch the magnifying glass and select
Apache playbooks
- For the Playbook dropdown field, you will notice that it’s auto populated with all the playbooks available in the Project repository we selected. Choose the
apache.yml
. - For the Credentials field, touch the magnifying glass and select
lab-credentials
- Leave all the other fields the same and click Save