Introduction to Ansible Tower
Ansible Tower is an enterprise solution for Ansible by RedHat. It has a web console and REST API to operate Ansible across our team, organization, and enterprise. It also provides role-based access control, job scheduling, integrated notification, and graphical inventory management. It is a centralized hub for all our automation tasks. It can be easily integrated with third-party tools and processes using the REST API and CLI.
Why Do We Need Tower in Ansible?
It becomes very difficult to manage a large infrastructure. There are different users and groups who need a different levels of access to use Ansible. Also, we have to integrate these tools with other third-party tools to operate the IT infrastructure as per defined standard like integration with SCM tools for Ansible playbook, integration with ticketing tools to create tickets if any tasks fail or notify the user over the mail or using messaging apps, etc. We also need an audit trail for proper tracking who ran what job and when. And one more important thing is product support. These features are not available in Ansible and can only be achieved by Ansible Tower.
Features of Tower in Ansible
Following are the features:
1. Ansible Dashboard
We get an Ansible Dashboard as soon as we login to the Ansible Tower web console. Ansible Dashboard provides a graphical view of job status, brief about recent job runs and templates. It also shows no. of hosts, failed hosts, inventories, projects, etc. We can adjust the job status setting as per our requirement as well.
2. Workflow Editor
Ansible Tower provides a workflow editor that helps us to connect multiple playbooks, updates, and workflows even they run as a different user or they use different inventories or uses different credentials. We can create dependencies such as running a playbook depends upon the success or failure of other playbooks. We can easily chain different playbooks created and maintained by different teams to setup a base system configuration and deploy an application.
3. Tower Clustering
We must have more than one Ansible Tower to achieve high availability and better performance. We can create an Ansible Tower cluster by adding multiple Ansible Tower nodes to it. We can easily scale our Ansible automation as per requirement and it also allows us to reserve capacity for teams, jobs, and remote execution for access across the enterprise. Ansible Automation architecture supports up to 200k nodes with 20 cluster nodes.
4. Real-Time Analysis
It provides a real-time update about the completion of Ansible plays and tasks, success, and failure of each host. We can see the status of our automation and which is going to run next. We can also see the status of source control updates or client inventory refreshes.
5. Audit Trail
In an organization, it is most important to track a log of changes made to an application so that if something bad happens to the application we can check the logs and correct the changes made by mistake. Ansible Tower logs all the details about any changes made to the Ansible such as who has made the changes, what are the changes have been applied to a job or when it happened. Ansible Tower keeps track of all the changes made to Ansible Tower itself such as job creation details, inventory changes, etc. We can see this audit trail in Activity Stream in Ansible Tower web console. It can be also integrated with the existing logging application used in the organization to perform a better analysis of automation and event correlation to generate ticker in any ITSM tool.
6. Job Scheduling
We can schedule jobs to run a playbook, update the cloud inventory as well as source control at a specific time, daily, weekly using Ansible Tower, Ansible does not have this capability. We can also set a frequency of the scheduled jobs. We can integrate it with a continuous delivery pipeline as well.
Ansible Tower provides self-service capability as well for example we can delegate read-only access to L1 users to keep eye on Ansible Dashboards or run simple jobs like adding new users, groups, changing the password, etc. It also allows us to delegate control to Developers and QA users to setup their own environment for development and testing and run their jobs without any intervention of Ansible Administrator.
8. Notification Integration
We can integrate Ansible Tower with email, messaging app such as Slack, HipChat, etc., SMS, PagerDuty and more to notify users or teams about the success or failure of the jobs. We can also integrate Ansible tools to send a notification to a custom webhook to trigger other tools in our infrastructure, for example, if any jobs fail it will send a notification to any ITSM tool to create an incident of the job failure.
9. REST API and CLI Tool
We can easily interact with Ansible Tower using the REST API. It helps to easily integrate it with other third-party tools that support REST API. If we want to integrate it with any command tools that are possible using Ansible Tower’s CLI tool.
10. Management and Tracking of our Inventory
We can manage our entire infrastructure inventory using Ansible Tower whether it is hosted on any Public Cloud platform such as Amazon Web Services, Microsoft Azure, GCP, etc. or hosted on our private cloud like OpenStack, VMware environment. It continuously keeps syncing our cloud inventory and we can also request configuration on demand.
11. Execute Commands Remotely
We can run tasks directly from Ansible Tower using Run Command feature on any host or group of hosts in our inventory. It is the same as running Ad-hoc command in Ansible.
Let’s take a quick tour of Ansible Tower
We can download the trial version using the below link:
Once downloaded, install the trial version on Red Hat or CentOS, check the requirement as it depends upon the Ansible Tower version.
1. Below is the sign-in page of Ansible Tower. Enter your credentials to log in to the Ansible Tower. The default user name is ‘admin’.
2. After a successful sign in to the Ansible Tower, you get below dashboard:
: Click on the bell icon for any notification such as job completion, failure, etc.
– Click on the ‘i’ button to get version information of the Ansible Tower.
– Takes to the online documentation page.
– I believe this is one is self-explanatory. Yes, click to sign out from Ansible Tower.
3. If we login to the Ansible Tower first time, it takes us to the license page. We need a trial license in order to use the product. We get it through mail or by contacting the Ansible Support team. Once you have the license file, you can upload it by clicking on the ‘Browse’ button. We can also use Red Hat customer credentials to login and get the license.
4. Once uploaded or signed in, accept the EULA and click on the ‘Submit’ button. The other two options are optional and depend upon the individual.
5. Click on Users from the left pane and we get the details of all users. Below is the snapshot of the default user ‘admin’, user details page is easy to understand, to get more details about the user, click on different buttons available at the top such as ‘Organization’, ‘Teams’, ‘Permissions’ and ‘Tokens’. Click on the save button after making the changes.
6. Click on the ‘Organization’ tab from the left pane to get the available organizations and to create the new one, we have a built-in organization called ‘default’.
7. Click on ‘Default’ to get more information about the ‘Default’ organization. See below: –
8. We can create teams in Ansible Tower. Click on ‘Teams’ to get available Teams and click on the ‘+’ button to add more.
9. Click on ‘Inventories’ button in the left side panel to get existing inventories or to create a new one.
10. We have default inventory ‘Demo Inventory’ that looks like below, however, we mostly create our own inventories as per requirement.
11. To create new inventory, click on ‘Inventories’ from the left side panel, we get below page, click on the ‘+’ button, and then choose Inventory:
12. We get the below page to create new Inventory, fill the form that is self-explanatory and click on save:
13. Once inventory is created, click on ‘Host’ button to create a new host and click on the ‘+’ icon to create a new host:
14. We get the below page and we have to give the name of the host and description where the description is optional.
15. Once the host is created, we need to add the host to a group so click on ‘Groups’ button and we get below page, again click on the ‘+’ button to create a new group:
16. We again get a simple form to create a group, fill the form, and click on save:
17. Once the group is created click on the ‘Hosts’ button to add hosts to the group. We can add an existing host or create a new host from here only. We will add the existing host created above.
18. Now we need to add the credential of the hosts to run the job. Click on ‘Credentials’ and here also we have default credential ‘Demo Credential’, however, we can create new credentials by clicking on ‘+’ button:
19. We get the below page to create a New Credential. We can select Credential Type such as ‘user and password’, ‘ssh key’ etc. whatever credential we have to connect the hosts. After completing the form, click on save.
20. Now we need to set up the project. Click on ‘Projects’ from left side pane to open Projects page as below, again we have default ‘Demo Project’ and to create a new one click on green ‘+’ button:
21. We get the below page to create a new project and under SCM type, we need to choose where our playbook or role exists:
22. Finally all set up to create a job template and launch it to see the Ansible Tower in action. Click on ‘Templates’ on the left-hand side and we get the below page, here we have the default template ‘Demo job Template’ that is created automatically when we install Ansible Tower. Click on the ‘+’ button to create a new one.
23. Fill below form to create the template, here we need to consider mandatory field which has ‘*’ symbol. We need to provide details that we have created above like which Inventory to use, select the project, etc. Once you filed all mandatory fields, click on the ‘Launch’ button to launch your template.
24. We can also go back and click on the highlighted launch button as below:
25. After launching the job template, it shows us the status of the job as below:
Ansible Tower is a great tool for configuration management and automation for a medium to large organization. Ansible Tower comes in Standard and Premium editions. Both are almost the same and have only one difference which is we get only 8*5 Enterprise Support in Standard Edition whereas we get 24*7 Premium support in Premium Edition. We can also get a free trial of Ansible Tower but it only supports 50 nodes.
This is a guide to Ansible Tower. Here we discuss Introduction and why Do We Need Tower in Ansible along with its different features as well as examples. You can also go through our other suggested articles to learn more –