Ansible is a powerhouse of configuration management and can power a lot of automation but add Tower to that and you add so much more. Using Ansible Tower you get Role Based Access Control (RBAC), push button automation, centralized logging and a host of other features.
Tower, like Ansible is owned by Red Hat, and has a pay for support version. However, also like Ansible there is an upstream opensource version of Tower called AWX. AWX does everything the RHEL supported version of Tower does except integrate with the new RHEL cloud.redhat.com insight analytics. Unlike Tower though, AWX can be simply installed in a Docker deployment. That is what I am going to cover here.
There are plenty of guides out there for installing Docker on Linux, Windows, and Apple so I am not going to cover that. Just make sure in addition to the Docker engine you also have the docker-compose binary installed. You also need to have Ansible installed on the host. I suggest using a Linux host to make this as easy as possible.
On the host where you have Docker running you will need to clone the AWX git repo
$ git clone https://github.com/ansible/awx.gitCd into the awx installer directory
$ cd awx/installerThe installer is an Ansible play that will do all the work of creating the docker-compose file as well as some environmental links. Take a look at the inventory file and update any passwords you would like to change. You can leave everything commented that already is, as this install is for Docker, not Kubernetes or the RHEL supported Kubernetes version, OpenShift.
Once you have the passwords the way you want them, run the AWX install playbook.
$ ansible-playbook -i inventory install.yml This will create the directory /tmp/awxcompose, populate that directory with a docker-compose file, and some environment files. Also, a directory /tmp/pgdocker will be created for the Postgres database. The playbook will also run the docker-compose file to stand up the Tower docker environment.
Now if you are only testing to see that it works you can stop now, but if you want to use this environment and have the data persistent, there are some extra steps you should do. Firstly, you will need to stop and tear down the running AWX stack within docker. You do this so that the stack can be recreated with the persistent data in its new location. Fortunately, this is very easy thanks to the docker-compose file. Change to the /tmp/awxcompose directory and run the docker-compose command with the down option
$ cd /tmp/awxcompose$ docker-compose down This will stop and remove the created Docker containers so that after modifications they will be created the way they are needed for long term. Next, a permanent location for the files needs to be created. In this example, I will be creating a directory called awx_tower in my home directory. Once you have the permanent directory, the tmp directories need to be moved to that location.
$ mkdir ~/awx_tower$ mv /tmp/awxcompose ~/awx_tower/$ mv /tmp/pgdocker ~/awx_tower/With the directories moved, now it is time to move and edit the compose file so that it has a permanent update to this location and allows for not only an easier path to the new permanent data, but also allows for easier expanding of the container stack if you add more containers for example a git repo.
$ cd ~/awx_tower$ mv awxcompose/docker-compose.yml .Now edit the docker-compose.yml file so it reads like this.
version: '2'
services:
web:
image: ansible/awx_web:9.0.1
container_name: awx_web
depends_on:
- rabbitmq
- memcached
- postgres
ports:
- "80:8052"
hostname: awxweb
user: root
restart: unless-stopped
volumes:
- "./awxcompose/SECRET_KEY:/etc/tower/SECRET_KEY"
- "./awxcompose/environment.sh:/etc/tower/conf.d/environment.sh"
- "./awxcompose/credentials.py:/etc/tower/conf.d/credentials.py"
- "./awxcompose/nginx.conf:/etc/nginx/nginx.conf:ro"
environment:
http_proxy:
https_proxy:
no_proxy:
task:
image: ansible/awx_task:9.0.1
container_name: awx_task
depends_on:
- rabbitmq
- memcached
- web
- postgres
hostname: awx
user: root
restart: unless-stopped
volumes:
- "./awxcompose/SECRET_KEY:/etc/tower/SECRET_KEY"
- "./awxcompose/environment.sh:/etc/tower/conf.d/environment.sh"
- "./awxcompose/credentials.py:/etc/tower/conf.d/credentials.py"
environment:
http_proxy:
https_proxy:
no_proxy:
rabbitmq:
image: ansible/awx_rabbitmq:3.7.4
container_name: awx_rabbitmq
restart: unless-stopped
environment:
RABBITMQ_DEFAULT_VHOST: "awx"
RABBITMQ_DEFAULT_USER: "guest"
RABBITMQ_DEFAULT_PASS: "awxpass"
RABBITMQ_ERLANG_COOKIE: cookiemonster
http_proxy:
https_proxy:
no_proxy:
memcached:
image: "memcached:alpine"
container_name: awx_memcached
restart: unless-stopped
environment:
http_proxy:
https_proxy:
no_proxy:
postgres:
image: postgres:10
container_name: awx_postgres
restart: unless-stopped
volumes:
- ./pgdocker/10/data/:/var/lib/postgresql/data/pgdata:
environment:
POSTGRES_USER: awx
POSTGRES_PASSWORD: awxpass
POSTGRES_DB: awx
PGDATA: /var/lib/postgresql/data/pgdata
http_proxy:
https_proxy:
no_proxy:The highlighted parts are the most important bits to be sure are correct. Now all that’s left is to redeploy the stack and do some updates.
$ docker-compose up -d
Once the stack is started, you can connect to the container that handles the ansible tasks called awx_task
$ docker exec -it awx_task bash
After connecting we will install some packages so that NetApp modules will work, update Ansible to the most current available version, and finally install the NetApp collections in a central location.
bash-4.4# pip3 install netapp-lib requests solidfire-sdk-python
bash-4.4# pip3 install ansible –-upgrade
bash-4.4# ansible-galaxy collection install netapp.ontap -p /usr/share/ansible/collections
bash-4.4# ansible-galaxy collection install netapp.elementsw -p /usr/share/ansible/collections
You can also install any additional collections you want to use at this point using the appropriate namespace and collection you want (i.e., netapp.aws, cisco.ios, etc).
Log out of the container
bash-4.4# exit
Tower is now running on the host at port 80. The rest of the setup is handled by the web interface . If you did this on the system you are using you can use http://localhost
Happy towering. Check back at netapp.io later for more posts on Ansible and Tower, as well as information about containers, and OpenStack. As always, any questions you have can be asked in our Slack workspace. Get your invite at netapp.io/slack and join me in the #configurationmgmt channel.
