This Ansible playbooks and roles allows for easy interaction with an Ansible Controller server via Ansible roles using the Controller collection modules.
CaC is a term generally referring to the separation of configuration settings from the actual code. The ideal being you can store that configuration data in source control, and easily run and tweak it to match different environments.
In Ansible Automation Platform terms, we can use the features within the automation controller in combination with CaC to provide a more flexible, richer experience.
You can use CaC with a GitOps approach to help replicate configurations across automation controller environments. When dealing with large, complex systems, you often need to replicate configurations between environments or sites. Treating your configs as a form of code, called Configuration as Code (CaC or CasC), allows you to track bugs, fixes, and deployments.
awxkit >= 9.3.0
- ansible.controller collection - 4.4.2 or later if any.
ansible-galaxy collection install ansible.controller
- Credential to the Ansible Automation Controller
The controller_configure.yaml
can be executed using ansible-playbook
, ansible-navigator
or using a Job template from Ansible controller itself.
When using ansible-playbook
or ansible-navigator
, the credential can be passed as environment variables; configure the credential as follows.
export CONTROLLER_USERNAME=admin
export CONTROLLER_PASSWORD=secretpassword
export CONTROLLER_HOST=https://ansiblecontroller22-1.lab.local
$ ansible-plabook controller_configure.yaml -t <tag>
$ ansible-navigator run controller_configure.yaml --penv CONTROLLER_USERNAME --penv CONTROLLER_PASSWORD --penv CONTROLLER_HOST -t <tag>
Login to the automation controller (from where you are going to execute the CaC operation),
-
Step 1. A Git repo for Configuration as Code - Store this content in a Git repo as it is.
-
Step 2: Create the Project in Automation controller with the CaC repo as source and add Git credential if required.
-
Step 3: Create a
Red Hat Ansible Automation Platform
type credential and enter the controller host, username and password for the controller. -
Step 4: Create a Job template (eg:
CaC-Controller-Configuration
) using the playbookcontroller_configure.yaml
- Step 4.1: Attach the previously created
Red Hat Ansible Automation Platform
type credential. - Step 4.2: Enable
Prompt on Launch
for theJob Tags
as we need to control the execution. - Step 4.3: Add a tag
none
in theJob Tags
text box. (This is to avoid any accidental execution.)
- Step 4.1: Attach the previously created
-
Step 5: Execute the playbook with appropriate tags as explained in the next section.
- If the credential sources are enabled (automated password and token input), all of the resources can be created in a one batch.
- If the credential input (password, token and so on) needs to enter manually, then break the job execution as follows.
Step 1: Launch the job template CaC-Controller-Configuration
with the following tags: settings
, organizations
, credential_types
, credentials
Step 2: Login to the target automation controller (if this is a different controller), edit the source control credentials with correct password (this is for syncing the project with correct credentials). You can also update other credential passwords and tokens at this time.
Step 3. Continue the CaC configuration with the remaining tags: projects
, inventories
, hosts
, templates
, workflows
etc.
Since the Ansible controller is running locally (on workstation my lab setup), I need to create tunnel (using ngrok here) so that GitHub can reach my Ansible controller over internet.
export NGROK_AUTH_TOKEN=Your-Authtoken
export NGROK_CUSTOM_DOMAIN=Your-custom-domain
$ podman run --net=host -it \
-e NGROK_AUTHTOKEN=$NGROK_AUTH_TOKEN \
ngrok/ngrok:latest \
http https://aap-rhel-92-1.lab.local \
--domain=$NGROK_CUSTOM_DOMAIN
Note:
- Using Podman container to run ngrok, but you can install ngrok locally and use it.
- Using
guiding-immortal-sunbeam.ngrok-free.app
as pre-configured domain name. https://aap-rhel-92-1.lab.local
is my local URL of Ansible controller.
$ ldapsearch -x -H ldap://win -D "CN=josie,CN=Users,DC=website,DC=com" -b "dc=website,dc=com" -w Josie4Cloud
Note: The ldapsearch utility is not automatically pre-installed with automation controller, however, you can install it from the openldap-clients
package.
If you cannot install the package (if you are running it inside Container or OpenShift), then test the connectivity using curl command as follows.
In this scenario, we have an Automation Controller running using Podman (containerized AAP).
Test 389
or 636
depends on the port you are using.
[devops@aap-rhel-92-1 ~]$ podman exec -it automation-controller-task /bin/bash
bash-4.4$ podman exec -it automation-controller-task /bin/bash
bash-4.4$ curl -kv http://WIN2019.example.com:636
* Rebuilt URL to: http://WIN2019.example.com:636/
* Trying 192.168.57.137...
* TCP_NODELAY set
* Connected to WIN2019.example.com (192.168.57.137) port 636 (#0)
> GET / HTTP/1.1
> Host: WIN2019.example.com:636
> User-Agent: curl/7.61.1
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
bash-4.4$ curl -kv http://WIN2019.example.com:389
* Rebuilt URL to: http://WIN2019.example.com:389/
* Trying 192.168.57.137...
* TCP_NODELAY set
* Connected to WIN2019.example.com (192.168.57.137) port 389 (#0)
> GET / HTTP/1.1
> Host: WIN2019.example.com:389
> User-Agent: curl/7.61.1
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer