Walkthough of Creating and Running Plays on AWX

AWX Ad Hoc Test

The first step before you do anything on AWX, is just get your toes wet and do a simple ad hoc command locally.

To do this got to Inventories -> +

Call it localhost. Next you have to actually add hosts or groups to this inventory.

To do this edit the inventory and go to hosts -> + and then put the hostname as localhost. It is very important that you add in the host variables:

ansible_connection: local

If you do not add that local connection, you will use ssh isntead and won't be able to connect

awx-inventory-for-localhost

Now go back to the hosts page, select the host you want to run an ad hoc command on. Then select Run Commands

awx-ad-hoc-run-commands-on-a-host

Then use the module ping which connects to a host, checks there is a usable python and then returns pong

awx-localhost-ping

The output of the command should be:

awx-successful-local-ping

But Can you ICMP Ping 1.1.1.1

Depending on the way you deployed, this might not work. So try it out, using the command module and doing a ping -c 4 1.1.1.1.

awx-ping-cloudflare

If you are running on kubernetes and the container running the task does not have the ping utility you will get:

localhost | FAILED | rc=2 >>
ping: socket: Operation not permittednon-zero return code

then if you run it with privilege escalation you get:

{
    "module_stdout": "",
    "module_stderr": "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1,
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "_ansible_no_log": false,
    "changed": false
}

Running this same command without privilege escalation on an older version of AWX running with deployed with docker-compose you get a success:

awx-successful-ping

However, running on k8s is actually preferred. You might not have access to some standard tools on the docker deploy but you will hardly need them - I think.

Walkthrough of Setting up your playbook to Run

There is a bit of terminology that is AWX (Ansible tower) specific. That is a bit different from pure ansible. We will cross that bridge when we get their though.

The first thing to do is ensure your playbooks are in a git repo.

So what a repo is called in Asnsible is a project.
A project is a Logical collection of ansible playbooks. Although sane people keep these in git repos.

But wait, to access that repo you need to setup a Source control credential first.

So the flow is:

  1. Create a Credential for Source Control
  2. Create a Project
    ...

1. Setup Credentials (for gitlab source control)

First create a ssh key pair for awx.
Using ssh-keygen -t rsa -b 4096 -C "your_email@example.com" and store it as awx_key for example.
Then copy the private key.

Click Credentials on the side -> + and add set the credential type to Source Control. Then Add your private key.

awx-gitlab-scm-privatekey

In gitlab you need to go to your: Repo -> settings -> repository -> Deploy Keys (You can use Deploy tokens if you do not want to use ssh - only https).
Ensure the key is enabled.

2. Create Project

Go to Projects -> +

Set the SCM details and selecting the gitlab scm credentials.

Save, and then repo should eventually be pulled -> shown by a green light.

awx-create-a-project

3. Create a Job Template

You can only create a job template if you have a project. A job template basically links up the inventory (variables), credentials and playbook you are going to run.

Go to Templates -> + -> Job Templates

awx-job-template

4. Run your Job

Run the job template by pressing the Launch button

Extra: Using a Survey

Surveys set extra variables in a user-friendly question and answer way

  1. Click Create Survey on the job Template

awx-add-survey

Now you can add questions to the user and it will fill them out in extra vars.

Sources