Introduction to AWX on Ansible | Dynamic Inventories for Google Cloud
The AWX project, AWX for short, is an open source community project that is one of the upstream projects for Red Hat Ansible Automation Controller (formerly known as Ansible Tower). AWX provides a modern web UI and REST API’ s to manage your organization’s IT orchestration needs.
In this article, you will find brief information about the AWX project, its main features and concepts, and some practical examples.
AWX Terminology
AWX has a variety of concepts which are parallel with Ansible. Besides these, some of the concepts are further features to provide functionality on top of Ansible.
Let’s look at AWX concepts in a nutshell; The left navigation bar includes four concepts of AWX; View, Resources, Access, Administration.
The Views menu provides all of the information about your Awx platform.
The Dashboard view provides summary information related with hosts, inventories, projects, and jobs.
The Jobs tab provides a list of the jobs that have ran in AWX, including job templates, Source Control Update, etc..
The Schedules tab shows all of the scheduled jobs that are configured even if they are activated or deactivated.
There is an important tab called Activity Stream in terms of logging for particular changes in AWX objects. It provides a complete list of activities or an event in a detailed view. These activities could be done by system or a user.
The Resources is one of the critical menu that covers all of the concepts of your automation workloads on AWX. Additionally, it allows you to configure who has permissions for which of those resources. The Resources menu is vital because it contains concepts that specify how and where Ansible playbooks will run.
Templates
Basically, the Job template in AWX, consists of configurations required for Ansible jobs. Job template provides ready to use Ansible jobs for Awx users. When the user launches a Job template, AWX automatically runs a single Job for each launched job template. Therefore, job templates are useful to execute the same job many times and create similar jobs from one fundamental job.
Credentials
AWX uses credentials for authentication of aimed workloads. Running Jobs on machines, synchronizing with inventories, and importing project contents from a version control system are some of the examples from these workloads.
AWX provides an encryption option for storing the sensitive credentials (SSH passwords, SSH private keys, API files for service accounts, etc.). Additionally, AWX supports multiple credential types such as Gcp, Aws, Azure, and some others are shown in the screenshot below.
Projects
Basically, Projects represent a collection of Ansible Playbooks. Projects containing the Playbooks can be updated periodically by Source Control applications, such as Git, Subversion, Mercurial etc. Also, Playbooks can be put in the local filesystem that AWX installed if wished.
In our environment we use Source Control as a repository of Ansible playbooks. We use git@bitbucket. To do so, you need to create access key on bitbucket and use it in AWX. All of the credentials are kept securely in AWX. Keys are encrypted while stored, and they can not be retrieved even from AWX’ s database.
Inventories
Inventory is a collection of hosts which will be a target for Ansible playbooks. Hosts can be created individually or in the group.
AWX supports several methods for inventory creation, including static, dynamic and smart inventory options.
Smart Inventories
A Smart Inventory is a collection of hosts defined by a stored search. Search criteria can be host attributes (like groups) or facts (such as installed software, services, hardware or whatever information Ansible pulls). A Smart Inventory can be viewed like a standard inventory and used for job runs.
To add a smart inventory; from the left menu; click inventories > add smart inventory.
Dynamic Inventory Plugins
In real life scenarios, administrators have to deal with dynamic inventories from various sources. AWX provides built-in features for syncing dynamic inventories from a wide range of providers such as Google Cloud(GCP), Amazon Web Services(AWS), etc.
In this section, I will give you a short real life example of how we can add dynamic inventories that are hosted in GCP.
Go to Inventories menu from the left bar, click Add inventory. Give a name that you want to see as an inventory name, GCP Linux Instances; test-project given name for our example. Click Save button.
After new inventory is added, click on it from the inventories list for detailed configuration. Before adding a GCP source you need to create a service account on GCP. See documentation; Creating and managing service accounts.
To use this service account in AWX; go to Credentials and Add button. Select Credential Type as a Google Compute Engine and fill the required boxes like below. As mentioned above, credentials stored in AWX are encrypted.
To add source; Click the Sources tab, create a new source for GCP inventory.
Select service account that was created in GCP, with the minimum role of Compute Viewer in required projects. There are checkboxes that should be activated; ‘Update on launch’ and ‘Overwrite’. Thus, each time a job runs using this inventory, refresh the inventory from the selected source before executing job tasks. Also, with the Overwrite option any hosts that were previously present on the external source but are now removed will be removed from the inventory.
Last configuration that we need to do is, Source variables. Example configuration is given below; we provide GCP project that dynamic source will run and which instances will be added by label. In our example test-project and labels (platform=linux, env=test) are used.
---
projects:
- test-project
filters:
- labels.platform = linux
- labels.env = test
hostnames:
# List host by name instead of the default public ip
- name
After all of the configurations are set, we can run the source job for sync of our GCP inventory. Go to Inventories select inventories that we created; GCP Linux Instances; test-project. Select Sources tab and Start sync process.
AWX will create the job for inventory sync. It can be seen inventory sync job in the Jobs menu. After it finished successfully, hosts can be seen on your Inventory’ s Hosts tab. Finally our dynamic inventory is ready to use. It is recommend to use dynamic inventory for Cloud resources. Dynamic inventory should be configured to synchronize hosts before each job run.
In this article, I wanted to give a brief introduction to the AWX project and its important terminologies. Also, I gave a quick example that explains how we synchronise our dynamic GCP hosts with an AWX inventory.
In the next articles, I will mention the job templates which are using for configuration of Ansible jobs. Moreover, I will give examples of job templates for reporting, task automation and remediation of virtual machines.