AWX

The Free Ansible Tower
In Practice

OSCamp 2019, Berlin

Felix Frank, Systems Architect
The unbelievable Machine Company GmbH

Felix Frank

@felis_rex

(there's and egg squatting @ffrank, what are you going to do)

  • recovering Puppet zealot actually
  • also helping the mgmt project
  • Ansible for a living for 2 years
    and counting
  • sometimes seen w/o a computer
    according to rumors

But enough about me

Tell me about yourselves

Why we like Ansible

Ease of modeling ops automation

- name: Install platform software
  package: name={{ item }}
  with_items: [ apache2, libapache2-mod-jk, java8, tomcat8 ]

- name: Deploy app artifact
  unarchive:
    dest: /opt/apps/{{ application_name }}
    src: "{{ base_url }}/{{ application_version }}/build.tgz"
  vars:
    base_url: https://{{ build_server }}/builds/{{ application_name }}

Ease of orchestration

- name: Deploy virtual infrastructure
  hosts: localhost
  roles: [ openstack_network, openstack_vms ]

- name: OS basic setup
  hosts: all
  roles: [ common, hardening ]

- name: Set up database
  hosts: database
  roles: [ mysql, db_schemas ]
						
- name: Set up web application
  ...

Powerful set of built-in modules

  • AWS, Azure, GCE, VMware, Openstack...
  • Switches, Routers, Loadbalancers, Storage...
  • Identity Management, Monitoring...

Let's see it in action

Demo I

So passwords aren't fun,
but there's more issues e.g.

team members running arbitrary code versions

https://3milliondogs.com/dogbook/this-couple-took-photos-of-their-dog-growing-up-and-its-something-you-really-need-to-see/

runs can overlap each other

http://www.heroviral.com/11-puppies-1-mother/

handling Ansible versions, pip package versions...

https://www.canberratimes.com.au/story/4764096/a-dalmatian-daze-world-record-equalling-litter-born/

managing extra vars in your bash history?

https://knowyourmeme.com/memes/i-have-no-idea-what-im-doing

Enter Tower AWX

Enter Tower AWX

AWX

A service that runs your Ansible code from one central place

Comes with a web UI and a REST API

Let's see it in action

Demo II

Advantages with AWX

  • stores encrypted credentials
  • defines playbook run details
  • stores log output
  • allows scheduled runs
  • queueing and isolation

How it works

Installation options

  • plain Docker
  • Docker Compose
  • Docker Swarm
  • Kubernetes
  • that's it
  • plain Docker
  • Docker Compose
  • Docker Swarm
  • Kubernetes
  • Openshift

Let's try Compose

Demo III

Okay so it's running

Let's run some code

Demo IV

Okay so that's neat

But why not Jenkins? Or Rundeck? Foreman? Or my cool rails app?

  • Jenkins has no real integration
  • Rundeck is actually fine
    (Ansible integration is 3rd party)
    So is Foreman
  • don't roll your own though

AWX caveats

  • WebUI: cannot launch job from template editor
  • WebUI: cannot make schedule from schedule list
  • allowing parallel runs is non-trivial
  • testing code from branches is non-trivial
  • no docker-less option
  • comes with no SSL support
  • no vaults in inventories
  • CLI silently ignores dead switches

In Summary

AWX makes running Ansible simple at the cost
of setup overhead

Testing becomes especially cumbersome

Can automate its own config

Securely manages your credentials

Adds essential features like log retention

Great option for larger teams that need coordination

Thanks for listening

One last thing...

We are hiring

https://www.unbelievable-machine.com/en/careers/

Questions?