How to install Ansible Tower on Red Hat / CentOS
|Ansible Tower Installation|
WHY RED HAT ANSIBLE TOWER?
Ansible Tower is a web-based UI that provides an enterprise solution for IT automation. It
- has a user-friendly dashboard
- complements Ansible, adding automation, visual management, and monitoring capabilities.
- provides user access control to administrators.
- graphically manages or synchronizes inventories with a wide variety of sources.
- a RESTful API
- And much more…
ANSIBLE TOWER TYPES OF MODE
Depending on the needs of the enterprise, Ansible Tower can be implemented using one of the following architectures.
Single Machine with Integrated Database
All Ansible Tower components, the web front-end, RESTful API back end, and PostgreSQL database resides on a single machine. This is the standard architecture.
Single Machine with Remote Database
The Ansible Tower web UI and RESTful API back end are installed on a single machine, and the PostgreSQL database is installed on another server on the same network. The remote database can be hosted on a server with an existing PostgreSQL instance outside the management of Ansible Tower. Another option is to have the Ansible Tower installer create a PostgreSQL instance on the remote server, managed by Ansible Tower, and populate it with the Ansible Tower database.
High Availability Multimachine Cluster
Earlier Ansible Tower versions offered a redundant, active-passive architecture consisting of a single active node and one or more inactive nodes. Starting with Red Hat Ansible Tower 3.1,this architecture is now replaced by an active-active, high-availability cluster consisting of multiple active Ansible Tower nodes. Each node in the cluster hosts the Ansible Tower web UI and RESTful API back end and can receive and process requests. In this cluster architecture, the PostgreSQL database is hosted on a remote server. The remote database can reside either on a server with an existing PostgreSQL instance outside the management of Ansible Tower, or on a server with a PostgreSQL instance created by the installer and managed by Ansible Tower.
OpenShift Pod with Remote Database
In this architecture, Red Hat Ansible Tower operates as a container-based cluster running on Red Hat OpenShift. The cluster runs on an OpenShift pod, which contains four containers to run the Ansible Tower components. OpenShift adds or removes pods to scale Ansible Tower up and down. The installation procedure for this architecture is different from the other architectures.
RED HAT ANSIBLE TOWER FEATURES
Two types of license are available for Ansible Tower: basic and enterprise. An enterprise license offers access to all Ansible Tower features. A basic license offers access to only a subset of the Ansible Tower features and does not include many enterprise-level options, such as logging aggregation, and clustering. The following are some of the many features offered by Ansible Tower for controlling, securing, and managing Ansible in an enterprise environment.
The Ansible Tower web UI displays a Dashboard which provides a summary view of an enterprise's entire Ansible environment. The Ansible Tower Dashboard allows administrators to easily see the current status of hosts and inventories, as well as the results of recent job executions.
Role-based Access Control (RBAC)
Ansible Tower uses a Role-based Access Control (RBAC) system which maintains security while streamlining user access management. It simplifies the delegation of user access to Ansible Tower objects such as Organizations, Projects, and Inventories.
Graphical Inventory Management
You can use the Ansible Tower web UI to create inventory groups and add inventory hosts. You can also update inventories from an external inventory source such as public cloud providers, local virtualization environments, and an organization's custom configuration management database (CMDB).
You can use Ansible Tower to schedule playbook execution and updates from external data sources either on a one-time basis or recurring at regular intervals. This allows routine tasks to be performed unattended and is especially useful for tasks such as backup routines, which are ideally executed during operational off-hours.
Real-time and Historical Job Status Reporting
When you initiate a playbook execution in Ansible Tower, the web UI displays the playbook's output and execution results in real time. The results of previously executed jobs and scheduled job runs are also available in Ansible Tower.
Ansible simplifies IT automation and Ansible Tower takes it a step further by enabling user self-service. The Ansible Tower streamlined web UI, coupled with the flexibility of its RBAC system allows administrators to reduce complex tasks to simple easy-to-use routines.
Remote Command Execution
Ansible Tower makes the on-demand flexibility of Ansible ad hoc commands available through its remote command execution feature. User permissions for remote command execution are enforced using the Ansible Tower RBAC system.
Ansible Tower centrally manages authentication credentials. This means that you can run Ansible plays on managed hosts, synchronize information from dynamic inventory sources, and import Ansible project content from version control systems. It encrypts the passwords or keys provided so that they cannot be retrieved by Ansible Tower users. Users can be granted the ability to use or replace these credentials without actually exposing them to the user.
Centralized Logging and Auditing
Ansible Tower logs all playbook and remote command execution. This provides the ability to audit when each job was executed and by whom. In addition, Ansible Tower offers the ability to integrate its log data into third-party logging aggregation solutions, such as Splunk and Sumologic.
Ansible Tower notifies you when its job executions succeed or fail. Ansible Tower can deliver notifications using many different applications, including email, Slack, and HipChat.
Complex operations often involve the serial execution of multiple playbooks. Ansible Tower multiplaybook workflows allow users to chain together multiple playbooks to facilitate the execution of complex routines involving provisioning, configuration, deployment, and orchestration. An intuitive workflow editor also helps to simplify the modelling of multiplaybook workflows.
The Ansible Tower RESTful API exposes every Ansible Tower feature available through the web UI. The API's browsable format makes it self-documenting and simplifies the lookup of API usage information.
Ansible Tower has the following requirements:
- Supported Operating Systems: Ansible Tower can be installed and is supported on 64-bit x86_64 versions of Red Hat Enterprise Linux 7, CentOS 7, and Ubuntu 16.04 LTS.
- The latest stable release of Ansible
- 4 GB RAM minimum
- 20 GB hard disk
RED HAT ANSIBLE TOWER LICENSING AND SUPPORT
Administrators interested in evaluating Ansible Tower can obtain a trial license at no cost.
Instructions on how to get started are available at https://www.ansible.com/tower-trial
Administrators interested in progressing beyond trial licensing can choose from three types of Red Hat Ansible Tower subscriptions:
Targeted at small deployments, this includes a basic Ansible Tower subscription, with software maintenance and upgrades but no technical support or service level agreement (SLA). Some "enterprise" features of Ansible Tower are not included. Versions supporting up to 250 managed nodes are available. Larger deployments should consider the enterprise subscriptions.
The Standard edition includes an enterprise Ansible Tower subscription with entitlement to all Ansible Tower features and 8x5 technical support. Pricing is based on the number of nodes that are managed.
The Premium edition also includes an enterprise Ansible Tower subscription with software maintenance and upgrades and all Ansible Tower features, but with entitlement to 24x7 technical support. Pricing is based on the number of nodes managed.
ANSIBLE TOWER INSTALLERS
Two different installation packages are available for Ansible Tower.
The standard setup Ansible Tower installation program can be downloaded from http://releases.ansible.com/ansible-tower/setup/
The latest version of Ansible Tower for Red Hat Enterprise Linux 7 is always located at https://releases.ansible.com/ansibletower/setup/ansible-tower-setup-latest.tar.gz
This archive is smaller but requires internet connectivity to download Ansible Tower packages from various package repositories.
A different, bundled installer for RHEL 7 is available at http://releases.ansible.com/ansible-tower/setup-bundle/ansible-tower-setup-bundle-latest.el7.tar.gz
This archive includes an initial set of RPM packages for Ansible Tower so that it may be installed on systems disconnected from the internet.
Those systems still need to be able to get software packages for Red Hat Enterprise Linux 7 and the Red Hat Enterprise Linux 7 Extras channel from
reachable sources. This may be preferred by administrators in higher security environments. This installation method is not currently available for Ubuntu.
INSTALLING ANSIBLE TOWER
The following procedure applies to the bundled installer to install Ansible Tower on a single Red Hat Enterprise Linux 7.4 or later system with access to the Red Hat Enterprise Linux 7 Extras repository.
1. As the root user, download the Ansible Tower setup bundle to the system.
2. Extract the Ansible Tower setup bundle and change into the directory containing the extracted contents.
3. Edit the inventory file to set passwords for the Ansible Tower admin account (admin_password), the PostgreSQL database user account (pg_password), and the
RabbitMQ messaging user account (rabbitmq_password).
4. Run the setup.sh script to start the Ansible Tower installer.
[root@towerhost ansible-tower-setup-bundle-3.6.4-1]# ./setup.sh
PLAY [Install Tower isolated node(s)] ***************************************************************************
skipping: no hosts matched
PLAY RECAP ***************************************************************************
localhost : ok=158 changed=83 unreachable=0 failed=0 skipped=81 rescued=0 ignored=3
The setup process completed successfully.
Setup log saved to /var/log/tower/setup-2020-05-07-15:21:03.log
5. Now, open your browser, access the Ansible Tower web interface with your server’s IP or FQDN, the username is admin and the password that you configured in the inventory file.
6. Log in to the Ansible Tower web UI as the Ansible Tower administrator with the admin account and the password you set in the installer's inventory file.
7. Finaly, click on browse and provide .pem license file, agree the End user license Agreement and click submit button.
Congratulations…!!! You have successfully installed Ansible Tower.