ansible auto-remediation awx Containers Kubernetes

Walkthough of Creating and Running Plays on AWX

AWX Ad Hoc Test

The first step before you do anything on AWX, is just get your toes wet and do a simple ad hoc command locally.

To do this got to Inventories -> +

Call it localhost. Next you have to actually add hosts or groups to this inventory.

To do this edit the inventory and go to hosts -> + and then put the hostname as localhost. It is very important that you add in the host variables:

ansible_connection: local

If you do not add that local connection, you will use ssh isntead and won’t be able to connect


Now go back to the hosts page, select the host you want to run an ad hoc command on. Then select Run Commands


Then use the module ping which connects to a host, checks there is a usable python and then returns pong


The output of the command should be:


But Can you ICMP Ping

Depending on the way you deployed, this might not work. So try it out, using the command module and doing a ping -c 4


If you are running on kubernetes and the container running the task does not have the ping utility you will get:

localhost | FAILED | rc=2 >>
ping: socket: Operation not permittednon-zero return code

then if you run it with privilege escalation you get:

    "module_stdout": "",
    "module_stderr": "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1,
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    "_ansible_no_log": false,
    "changed": false

Running this same command without privilege escalation on an older version of AWX running with deployed with docker-compose you get a success:


However, running on k8s is actually preferred. You might not have access to some standard tools on the docker deploy but you will hardly need them – I think.

Walkthrough of Setting up your playbook to Run

There is a bit of terminology that is AWX (Ansible tower) specific. That is a bit different from pure ansible. We will cross that bridge when we get their though.

The first thing to do is ensure your playbooks are in a git repo.

So what a repo is called in Asnsible is a project.
A project is a Logical collection of ansible playbooks. Although sane people keep these in git repos.

But wait, to access that repo you need to setup a Source control credential first.

So the flow is:

  1. Create a Credential for Source Control
  2. Create a Project

1. Setup Credentials (for gitlab source control)

First create a ssh key pair for awx.
Using ssh-keygen -t rsa -b 4096 -C "" and store it as awx_key for example.
Then copy the private key.

Click Credentials on the side -> + and add set the credential type to Source Control. Then Add your private key.


In gitlab you need to go to your: Repo -> settings -> repository -> Deploy Keys (You can use Deploy tokens if you do not want to use ssh – only https).
Ensure the key is enabled.

2. Create Project

Go to Projects -> +

Set the SCM details and selecting the gitlab scm credentials.

Save, and then repo should eventually be pulled -> shown by a green light.


3. Create a Job Template

You can only create a job template if you have a project. A job template basically links up the inventory (variables), credentials and playbook you are going to run.

Go to Templates -> + -> Job Templates


4. Run your Job

Run the job template by pressing the Launch button

Extra: Using a Survey

Surveys set extra variables in a user-friendly question and answer way

  1. Click Create Survey on the job Template


Now you can add questions to the user and it will fill them out in extra vars.