Ceci est une ancienne révision du document !
Table des matières
Notes Ansible Tower - Ansible Automation Platform
Voir aussi :
- event-driven platform for runbook automation / IFTTT (if this, then that)
Vocabulaire / Concepts
Cycle de vie :
Recherche doc RedHat :
Ansible Engine
Correspond à Ansible et est installé par :
sudo yum install ansible
Control node
Control node
- control plane
- execution plane
Dans AAP v1 le “control plane” et l'“execution plane” étaient ensemble sur le “control node”
mesh node types : node_type=hybrid par défaut ou node_type=control
node_type :
- control (WebUI & API)
- execution (ansible-playbook)
- hybrid (Execution + control)
- hop (sorte de proxy ssh entre le Controller et les Execution Nodes ; ne peut pas être un Execution Node)
Execution Node (Ansible Automation Engine)
The machine that runs Ansible Linux Mac BSD … Python 3.8 ou +
Hop nodes / Execution nodes
mesh node types node_type=hop
ou node_type=execution
Ansible Mesh / Receptor
Voir :
receptor_listener_port
27199/tcp
| Automation Controller | Execution Node |
| ESTABLISHED 27199 | LISTEN 27199 |
work-signing keys
Control node receptor
- work-signing: privatekey: /etc/receptor/work_private_key.pem tokenexpiration: 1m - work-verification: publickey: /etc/receptor/work_public_key.pem
Execution Node
- work-verification: publickey: /etc/receptor/work_public_key.pem
To create the keys, just do openssl commands, you can see them evokes in the plays here https://github.com/ansible/awx/blob/a86740c3c9eaf9a551e850341d8adec5a3962dd5/tools/docker-compose/ansible/roles/sources/tasks/main.yml#L84
Ansible Execution Environment
Sorte de pyenv contenant Ansible, les collections et plugins
Managed host
Les cibles
ansible myhost --become -m raw -a "yum install -y python2"
Prereq Python 2 (version 2.6 or later) or Python 3 (version 3.5 or later)
Automation Hub / Galaxy
jfrog-artifactory :
Hop node
Anciennement “Isolated Nodes”
Voir :
Alternative à ssh-proxy
The only prerequisite is that there is SSH connectivity from the Tower Cluster to the Isolated Node
Exemple de conf :
[isolated_group_restrictedzone:vars] controller=tower [isolated_group_nc] cary.remote.office controller=tower
Isolated instances are not supported in conjunction with running Ansible Tower in OpenShift.
Ansible Automation Hub
Voir Galaxy NG
(Private) Automation Hub
Config
tower-cli setting modify ALLOW_JINJA_IN_EXTRA_VARS always
Logs
Voir : https://github.com/ansible/awx/issues/11330
extra_vars des jobs dans les logs (à tester)
- hosts: localhost gather_facts: false tasks: - shell: "echo {{ inventory_hostname }}"
ou
The first idea was to add extra_vars to every job events, but it would work just as well to be able to add a short string label (prompt on launch) when launching a job template. This should not cause a performance issue.
Add extra_vars to every job event sent over job_events #11330
Rechercher par date / heures
GT
env TZ=Europe/Paris date --rfc-3339=second -d '2023-08-23 21:50' 2023-08-23 21:50:00+02:00
LT
env TZ=Europe/Paris date --rfc-3339=second -d '2023-08-24 00:20' 2023-08-24 00:20:00+02:00
Développement / Intégration
Ansible Navigator
- TUI or CLI to execute playbook
- Supports Execution Environments
Ansible Builder
- creates Execution Environment
- takes in input text/yaml files describing the EE to produce
Voir :
Autres
GPG Signing
Connaitre la version
cat /etc/ansible-automation-platform/VERSION
La config de la connexion à la DB est ici :
/etc/tower/conf.d/postgres.py
Autres
#ansible-config init --disabled -t all > ansible.cfg ansible-navigator config init --disabled -t all > ansible.cfg
#ansible-config view | grep -B 2 -A 2 'inventory plugins' ansible-navigator config view | grep -B 2 -A 2 'inventory plugins'
[root@ansible-1 ~]# awx-manage list_instances
[tower capacity=51]
ansible-1 capacity=17 version=3.7.1 heartbeat="2020-08-27 09:06:21"
ansible-2 capacity=17 version=3.7.1 heartbeat="2020-08-27 09:05:58"
ansible-3 capacity=17 version=3.7.1 heartbeat="2020-08-27 09:06:00"
https://goetzrieger.github.io/ansible-tower-advanced/2-clustering/
#!/bin/bash awx -f human inventory create --name "Example Inventory" --organization "Default" awx -f human host create --name "node1" \ --inventory "Example Inventory" awx -f human host create --name "node2" \ --inventory "Example Inventory" awx -f human credential create --name "Example Credentials" \ --organization "Default" \ --credential_type "Machine" \ --inputs '{"username": "ec2-user", "ssh_key_data": "@~/.ssh/aws-private.pem"}' awx -f human project create --name="Apache" \ --scm_type=git \ --scm_url="https://github.com/goetzrieger/ansible-labs-playbooks.git" \ --organization "Default" \ --scm_clean=true --scm_delete_on_update=true --scm_update_on_launch=true \ --wait awx -f human job_templates create \ --name="Install Apache" \ --inventory="Example Inventory" \ --project=Apache \ --playbook=apache_install.yml \ --become_enabled="yes" awx -f human job_template associate --name "Install Apache" \ --credential "Example Credentials"
Source : https://goetzrieger.github.io/ansible-tower-advanced/4-awx-cli-exercises/
Autres
Credentials
sudo awx-python -m pip install safeguardcredentialtype sudo awx-manage setup_managed_credential_types sudo automation-controller-service restart
Source : https://pypi.org/project/safeguardcredentialtype/
Voir aussi : M(awx.awx.credential_input_source)