Let's build a tower (part 5)

Introduction

Welcome to another post in our "Let's build a tower" series. In our previous posts, we discussed how to deploy AWX to Azure, configure its authentication and run a playbook.

This time we will discuss how to set up Workflow Job Template and run them against Azure inventory.

Architecture

Our Workflow will contain following steps:

Get the latest version of playbooks from our demo SCM
Deploy Azure virtual machine
Install NGINX on Azure VM

Prerequisites

Before configuring AWX we need an Azure SPN (which we have configured previously), to which we could assign permissions.

Implementation

We will need to configure following items:

Project
Inventory
Credentials
Job Template
Workflow Job Template

Project configuration

Tower projects are a logical collection of Ansible Playbooks that are set up with each other based on what they might be doing or which hosts they might interact with.

Playbooks can be managed within Tower projects by either adding them manually to the project base path on your Tower server, (/var/lib/awx/projects) or by importing them from a source control management system (SCM) that is supported by Tower (Git, Subversion and Mercurial)

This time we will add the Github repository and synhronize it:

Inventory configuration

Within Tower, the hosts that you interact with are set up as collections within Tower called inventories. Tower divides inventories into groups and the groups are what contain the actual hosts. Groups can be sourced manually by adding the IPs and hostnames into Tower, imported from an Ansible hosts file, or they can be sourced from one of Ansible Tower’s supported cloud providers.

We need to create two empty inventories - "LOCALHOST" and "NGINX inventory":

During the workflow deployed VM IP address will be added to "NGINX inventory" inventory.

Credentials configuration

Credentials play a crucial role in job templates as they are how Ansible Tower will connect to the machine or cloud to complete the execution of the ansible playbook.

To be able run job templates we will need to create following credentials:

"Azure SPN" - service account credentials for Azure deployment
"NGINX VM administrator" - deployed virtual machines access credentials
"Tower Credentials" - AWX service account credentials, which will be used to store delpoyed VM public IP

Job Templates configuration

Job templates are a definition and set of parameters for running an Ansible Playbook. In Ansible Tower, job templates are a visual realization of the ansible-playbook command and all flags you can utilize when executing from the command line. A job template defines the combination of a playbook from a project, an inventory, a credential and any other Ansible parameters required to run.

For our project we will need 2 templates:

"NGINX VM deploy" project will "azure-template-deploy-part-2/main.yml" for initial VM deployment. Please use Azure and Tower credentials, which we've specified in previous section, for this template. Also, as an input, we need to specify extra vairables accordingly to your environment. Extra variables template you can copy from here:

---
deploy_group_location: XXXXXXXX
deploy_group_name: XXXXXXXX
vm_admin_username: XXXXXXXX
vm_admin_password: XXXXXXXX
awx_inevntory: "NGINX inventory"

Variables 'deploy_group_name' and 'deploy_group_location' - are Azure deployment resource group and location. 'vm_admin_username' and 'vm_admin_password' variables - should match to values from "NGINX VM administrator" credentials. 'awx_inevntory' should match inventory name.

Workflow Job Template configuration

Workflow enables users to create sequences consisting of any combination of job templates, project syncs, and inventory syncs that are linked together in order to execute them as a single unit.