AWX Ad Hoc Test
The first step before you do anything on AWX, is just get your toes wet and do a simple ad hoc command locally.
To do this got to Inventories -> +
Call it localhost
. Next you have to actually add hosts or groups to this inventory.
To do this edit the inventory and go to hosts
-> +
and then put the hostname as localhost
. It is very important that you add in the host variables:
ansible_connection: local
If you do not add that local connection, you will use ssh isntead and won’t be able to connect
Now go back to the hosts page, select the host you want to run an ad hoc command on. Then select Run Commands
Then use the module ping
which connects to a host, checks there is a usable python and then returns pong
The output of the command should be:
But Can you ICMP Ping 1.1.1.1
Depending on the way you deployed, this might not work. So try it out, using the command module and doing a ping -c 4 1.1.1.1
.
If you are running on kubernetes and the container running the task does not have the ping
utility you will get:
localhost | FAILED | rc=2 >>
ping: socket: Operation not permittednon-zero return code
then if you run it with privilege escalation you get:
{
"module_stdout": "",
"module_stderr": "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1,
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"_ansible_no_log": false,
"changed": false
}
Running this same command without privilege escalation on an older version of AWX running with deployed with docker-compose
you get a success:
However, running on k8s is actually preferred. You might not have access to some standard tools on the docker deploy but you will hardly need them – I think.
Walkthrough of Setting up your playbook to Run
There is a bit of terminology that is AWX (Ansible tower) specific. That is a bit different from pure ansible. We will cross that bridge when we get their though.
The first thing to do is ensure your playbooks are in a git repo.
So what a repo is called in Asnsible is a project.
A project is a Logical collection of ansible playbooks. Although sane people keep these in git repos.
But wait, to access that repo you need to setup a Source control credential first.
So the flow is:
- Create a Credential for Source Control
- Create a Project
…
1. Setup Credentials (for gitlab source control)
First create a ssh key pair for awx.
Using ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
and store it as awx_key
for example.
Then copy the private key.
Click Credentials on the side -> +
and add set the credential type to Source Control
. Then Add your private key.
In gitlab you need to go to your: Repo -> settings -> repository -> Deploy Keys
(You can use Deploy tokens if you do not want to use ssh – only https).
Ensure the key is enabled.
2. Create Project
Go to Projects
-> +
Set the SCM details and selecting the gitlab
scm credentials.
Save, and then repo should eventually be pulled -> shown by a green light.
3. Create a Job Template
You can only create a job template if you have a project. A job template basically links up the inventory (variables), credentials and playbook you are going to run.
Go to Templates
-> +
-> Job Templates
4. Run your Job
Run the job template by pressing the Launch button
Extra: Using a Survey
Surveys set extra variables in a user-friendly question and answer way
- Click
Create Survey
on the job Template
Now you can add questions to the user and it will fill them out in extra vars.