Ansible released AWX a few weeks ago, an open source (community supported) version of their commercial Ansible Tower product. This is a web-based graphical interface to manage Ansible playbooks, inventories, and schedule jobs to run playbooks.
The Github repository you find here: https://github.com/ansible/awx
Let’s start with the installation of Ansible AWX, very easy because everything is dockerized and see the install guide for more information.
Modify the inventory file under the installer folder and change the Postgres data folder which is otherwise located under /tmp, also change Postgres DB username and password if needed. I would recommend binding AWX to localhost and put an Nginx reverse proxy in front with SSL encryption.
Changes in the inventory file:
postgres_data_dir=/var/lib/postgresql/data/ host_port=127.0.0.1:8052
Start the build of the Docker container:
ansible-playbook -i inventory install.yml
After the Ansible Playbook run completes, you see the following Docker container:
berndonline@lab:~/awx/installer$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 26a73c91cb04 ansible/awx_task:latest "/tini -- /bin/sh ..." 2 days ago Up 24 hours 8052/tcp awx_task 07774696a7f2 ansible/awx_web:latest "/tini -- /bin/sh ..." 2 days ago Up 24 hours 127.0.0.1:8052->8052/tcp awx_web 981f4f02c759 memcached:alpine "docker-entrypoint..." 2 days ago Up 24 hours 11211/tcp memcached 4f4a3141b54d rabbitmq:3 "docker-entrypoint..." 2 days ago Up 24 hours 4369/tcp, 5671-5672/tcp, 25672/tcp rabbitmq faf07f7b4682 postgres:9.6 "docker-entrypoint..." 2 days ago Up 24 hours 5432/tcp postgres berndonline@lab:~/awx/installer$
Install Nginx:
sudo apt-get update sudo apt-get install nginx sudo rm /etc/nginx/sites-enabled/default
Create Nginx vhosts configuration:
sudo vi /etc/nginx/sites-available/awx
server { listen 443 ssl; server_name awx.domain.com; ssl on; ssl_certificate /etc/nginx/ssl/awx.domain.com-cert.pem; ssl_certificate_key /etc/nginx/ssl/awx.domain.com-key.pem; location / { proxy_pass http://127.0.0.1:8052; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
Create symlink in sites enable to point to awx config:
sudo ln -s /etc/nginx/sites-available/awx /etc/nginx/sites-enabled/awx
Reload Nginx to apply configuration:
sudo systemctl reload nginx
Afterwards you are able to login with username “admin” and password “password”:
I created a simple job for testing with AWX, you first start to create a project, credentials and inventories. The project points to your Git repository:
Under the job you configure which project, credentials and inventories to use:
Once saved you can manually trigger the job, it first pulls the latest playbook from your version control repository and afterwards executes the configured Ansible playbook:
The job details look very similar if you run an playbook on the CLI:
Ansible AWX is a very useful tool if you need to manage different Ansible playbooks and do job scheduling if you are not already using other tools like Jenkins or Gitlab-CI. But even then it is a good addition to use AWX to run ad-hoc playbooks.
Check out my new articles about Automate Ansible AWX configuration using Tower-CLI and Build Ansible Tower Container.
while running playbook with ansible-playbook –check command
i get this error,
fatal: [localhost]: FAILED! => {“msg”: “‘dict object’ has no attribute ‘instances'”}
to retry, use: –limit @/root/instance/provision-ec2.retry
this is my root playbook
—
– name: Setup an EC2 instance
hosts: localhost
connection: local
gather_facts: no
user: root
pre_tasks:
– include_vars: ec2_vars/{{type}}.yml
roles:
– provision-ec2
rest playbook roles and variables, i have defined in other folders.
Looks like AWX is not loading your additional variable files.
Try defining your variables under inventories or extra vars in the job template and see if this works.
Request u to write more articles on Ansible AWX.
Thanks for such a good work. you are doing a great job.
Thank you, will see to write a bit more about AWX in the coming weeks.
Hi, can you help with the configuration that I have to do on AWX if I am using vault in my playbook. I have tried but having issues. Steps that I have tried:
I have created template and pointed one of my playbook which is vault encrypted ,
Created new credential with following details:
Credential type : Vault
Vault Password : password given at the time of creating vault file
Vault Identifier : Vault file name
Mapped this user to template.
Please let me know if I am missing something here.
Hi Chenna,
Why are you using the Vault-ID option?
This is normally when the vault password is in a password_file, if this is the case then it is correct but check if AWX has a problem finding the password_file when it runs the playbook.
What is the exact error message you get?
I will try this on my side with Vault and AWX.
Does AWX suports roles i tried to run it dint works
Not sure what you mean about roles?
Role based access controls? The open source version has only some limited functionality but the enterprise version has more fine grain controls about what users can access.
Hello,
I tried the provided steps. I would like to add that i am using docker-ce where the awx is deployed. Post deployment, i have installed the nginx and followed the steps as provided however, it appears like nginx is not serving awx. Since AWX web port was using default 80, the only addition i did was to change the port for nginx from 80 to 3200. Somehow, nginx is not serving AWX.
How does your nginx config looks like?
As you see in my example awx runs on port http://127.0.0.1:8052, and not port 80.
Do a docker ps as well to see on which port awx_web runs if it is the same?
I deleted by data base and i cant login with the default password. Is there a work around that i could use. Your help will be greatly appreciated.
Hello Ralph,
If you deleted the database then there is no way back in.
You need to re-run the Ansible Tower installer which creates a new database and then you are able to login with the default password.
Best,
Bernd