Introduction to Ansible Tower

What You Will Learn

Red Hat^® Ansible^® Tower helps you scale IT automation, manage complex deployments and speed productivity. Centralize and control your IT infrastructure with a visual dashboard, role-based access control, job scheduling and graphical inventory management.

What is Ansible Tower
How Ansible Tower Works
Installing Ansible Tower
Key Features

What is Ansible Tower?

Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation – with a UI and RESTful API

Role-based access control keeps environments secure, and teams efficient
Non-privileged users can safely deploy entire applications with push-button deployment access
All Ansible automations are centrally logged, ensuring complete auditability and compliance

Platform Overview

Installing Ansible Tower


# the most common and preferred way of
# installation for RHEL (Preferred) or Ubuntu
$ wget https://bit.ly/ansibletower

# bundled installer can be downloaded for
# RHEL (and select derivatives) at
$ wget https://bit.ly/ansibletowerbundle

# looking for a specific version? navigate to http://releases.ansible.com/ansible-tower
# to see all the versions available for download

Server Requirements

Red Hat Enterprise Linux (RHEL) 7 (and select derivatives), Ubuntu 14.04 64-bit, and Ubuntu 16.04 LTS 64-bit support required (kernel and runtime).
A currently supported version of Mozilla Firefox or Google Chrome.
2 GB RAM minimum (4+ GB RAM highly recommended)
20 GB of dedicated hard disk space

Demo Time:
Installing Ansible Tower

Installing Ansible Tower is simple and quick. Go ahead and open up a terminal and connect to VM with an OS of your choice.

Start by downloading the latest bundled tower installer from https://bit.ly/ansibletowerbundle and unpack the tarball once it is done downloading.

Now that the package is unzipped, move into the directory and look for the inventory file. Here you will set all the necessary passwords needed for the install to take place.

You will need to set:

admin_password
pg_password
rabbitmq_password

You are setting the admin password because the admin user account will be the only account at the beginning that can access your Ansible Tower instance.

You are setting the postgres password so that tower will have access to the database that is created

And you are setting rabbitmq password so that rabbitmq will be able to

Workshop:
Installing Ansible Tower

See

workshops/tower_install

in the Ansible Lightbulb repo.

It's solution and addition details can be found in facilitator/solutions/tower_install.md.

Key Features of Ansible Tower

Dashboard and User Interface
User Base -- Organizations, Teams & Users
Credentials
Inventories
Projects
Job Templates & Jobs
Role Based Access Control (RBAC)

Dashboard and User Interface

User Base

A user is an account to access Ansible Tower and its services given the permissions granted to it.

An organization is a logical collection of users, teams, projects, inventories and more. All entities belong to an organization with the exception of users.

Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations.

Users are individuals and can be added to teams and or organizations. There are 3 types of users: Normal User, System Auditor and System Administrator.

A normal user has read write access limited to the resources they are able to access.

A system auditor implicitly inherit the read-only capability for all objects within the Ansible Tower environment.

A system administrator (also known as Superuser) has admin, read, and write privileges over the entire Ansible Tower installation. A System Administrator is typically responsible for managing all aspects of Ansible Tower and delegating responsibilities for day-to-day work to various Users.

An organization is is a logical collection of Users, Teams, Projects, and Inventories, and is the highest level in the Ansible Tower object hierarchy.

A Team is a subdivision of an organization with associated users, projects, credentials, and permissions. Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations.

The user-base plays an important part in implementing role-based access control schemes across your organization.

Credentials

Credentials are utilized by Ansible Tower for authentication with various external resources:

Connecting to remote machines to run jobs
Syncing with inventory sources
Importing project content from version control systems
Connecting to and managing networking devices

Centralized management of various credentials allows end users to leverage a secret without ever exposing that secret to them.

Inventory

Inventory is a collection of hosts (nodes) with associated data and groupings that Ansible Tower can connect to and manage.

Hosts (nodes)
Groups
Inventory-specific data (variables)
Static or dynamic sources

Projects

A Project is a logical collection of Ansible Playbooks, represented in Ansible Tower.

You can manage Playbooks and Playbook directories by placing them in a source code management system supported by Ansible Tower, including Git, Subversion, and Mercurial.

As a refresher from the core presentation, a Project is a logical collection of Ansible playbooks.

In Ansible Tower, you can manage playbooks and playbook directories by either placing them manually under the Project Base Path on your Ansible Tower server, or by placing your playbooks into a source code management (SCM) system supported by Ansible Tower, including Git, Subversion, and Mercurial.

Managing your projects with a SCM is recommended to ensure that only those with assigned access to the repository can change the playbook before execution, and for the extra layer of accountability and change control it provides.

Within Ansible Tower, there are a few new things that you can do with your projects.

Update: If configured for a particular project, you can invoke an immediate update to source control.
Schedule: If configured for a particular project , you can schedule an update from source control.
Permissions: Any project can have permissions added to it so only a specific set of users or teams can access it.

Job Templates

A job template is a definition and set of parameters for running an Ansible Playbook.

Job templates are useful to execute the same job many times and encourage the reuse of Ansible Playbook content and collaboration between teams.

While the REST API allows for the execution of jobs directly, Ansible Tower requires that you first create a job template.

To create a job template, there are some things that are required. You will need to have:

Name
Job Type
Inventory
Project
Playbook
Credentials (a machine credential is always required but depending on what you are running against, other credentials might be needed)
Verbosity Level (A level 0 is always selected by default but depending on the kind of output that is needed, you can select a level all the way up to 5)

Those are required for a job template but their other options for you to cater each job template to your exact needs.

Due to time, we won't go to far into the weeds on some of the advanced configurations that you can do with Job Templates but there are some options that you can select to make life a little easier when running job templates.

Options such as Enable privilege escalation, enable provisioning callbacks and enable concurrent jobs.

Enable Privilege Escalation: If enabled, run this playbook as an administrator. This is the equivalent of passing the --become option to the ansible-playbook command.
Allow Provisioning Callbacks: Enable a host to call back to Ansible Tower via the Ansible Tower API and invoke the launch of a job from this job template.
Allow Provisioning Callbacks: Enable a host to call back to Ansible Tower via the Ansible Tower API and invoke the launch of a job from this job template.

Jobs

A job is an instance of Ansible Tower launching an Ansible Playbook against an inventory of hosts.

Job results can be easily viewed
View the standard out for a more in-depth look

Role Based Access Control (RBAC)

Role-Based Access Controls (RBAC) are built into Ansible Tower and allow administrators to delegate access to server inventories, organizations, and more. These controls allow Ansible Tower to help you increase security and streamline management of your Ansible automation.

Role Based Access Control (RBAC)

Demo Time:
Ansible Tower Basic Setup
& Job Run

Workshop:
Ansible Tower Basic Setup
& Your First Job Run

See

workshops/tower_basic_setup

in the Ansible Lightbulb repo.

Dynamic Inventory in Ansible Tower

Dynamic inventory is a script that queries a service, like a cloud provider API or a management application. This data is formatted in an Ansible-specific JSON data structure and is used in lieu of static inventory files.

Groups are generated based on host metadata
Single source of truth saves time, avoids duplication and reduces human error
Dynamic and static inventory sources can be used together

Demo:
Ansible Tower Dynamic Inventory

More with Ansible Tower

Job Status Updates
Activity Stream
Integrated Notifications
Schedule Jobs
Manage and Track Your Inventory
Self Service IT (User Surveys)
Remote Command Execution
External Logging
Multi-Playbook Workflows

Job Status Update

Heads-up NOC-style automation dashboard displays everything going on in your Ansible environment.

Activity Stream

Securely stores every Job that runs, and enables you to view them later, or export details through Ansible Tower’s API.

Integrated Notifications

Stay informed of your automation status via integrated notifications. Connect Slack, Hipchat, SMS, email and more.

Schedule Jobs

Enables you to schedule any Job now, later, or forever.

Manage and Track Your Inventory

Ansible Tower’s inventory syncing and provisioning callbacks allow nodes to request configuration on demand, enabling auto-scaling.

Self Service IT

Ansible Tower lets you launch Playbooks with just a single click. It can prompt you for variables, let you choose from available secure credentials and monitor the resulting deployments.

Remote Command Execution

Run simple tasks on any hosts with Ansible Tower's remote command execution. Add users or groups, reset passwords, restart a malfunctioning service or patch a critical security issue, quickly.

External Logging

Connect Ansible Tower to your external logging and analytics provider to perform analysis of automation and event correlation across your entire environment.

Multi-Playbook Workflows

Ansible Tower’s multi-Playbook workflows chains any number of Playbooks together to create a single workflow. Different Jobs can be run depending on success or failure of the prior Playbook.

Next Steps

It’s easy to get started
ansible.com/get-started
Try Ansible Tower for free:
ansible.com/tower-trial
Would you like to learn a lot more?
redhat.com/en/services/training/do409-automation-ansible-ii-ansible-tower

Introduction to Ansible Tower

What You Will Learn

What is Ansible Tower?

Platform Overview

Installing Ansible Tower

Server Requirements

Demo Time: Installing Ansible Tower

Workshop: Installing Ansible Tower

Key Features of Ansible Tower

Dashboard and User Interface

User Base

Credentials

Inventory

Projects

Job Templates

Jobs

Role Based Access Control (RBAC)

Role Based Access Control (RBAC)

Demo Time:Ansible Tower Basic Setup& Job Run

Workshop:Ansible Tower Basic Setup& Your First Job Run

Dynamic Inventory in Ansible Tower

Demo:Ansible Tower Dynamic Inventory

More with Ansible Tower

Job Status Update

Activity Stream

Integrated Notifications

Schedule Jobs

Manage and Track Your Inventory

Self Service IT

Remote Command Execution

External Logging

Multi-Playbook Workflows

Next Steps

Demo Time:
Installing Ansible Tower

Workshop:
Installing Ansible Tower

Demo Time:
Ansible Tower Basic Setup
& Job Run

Workshop:
Ansible Tower Basic Setup
& Your First Job Run

Demo:
Ansible Tower Dynamic Inventory