Ansible Tower integration

soissons · July 28, 2016, 5:10pm

Hello folks !

I’m trying the Ansible Tower Integration but i meet some problems, let me explain (i hope to explain this well, english is not my “natural tongue” … )

I linked my Ansible Tower to ManageIQ in a heartbeat (thanks to this forum)
I created a button on the VM page that launch an Ansible Job on this VM (again…thx to this forum )

So…now i try to make a “workflow” :

Deploy a VM (on VMWare Provider) ===> run an Ansible job on this VM ==> “tadaaa pure magic”

So for this I made a bundled catalog item : 1 item is the VM template deployement the 2nd is the Ansible Job without dialogs)

My ansible is very simple, just a POC (a touch on a file) with parameter “host: all”

When i run this playbook via my button, no problem, this run on the selected VM
When i run the bundled item…the vm deployement is OK but the playbook run on ALL the VM in inventory…not only on the VM which is deployed…

So…first…what i tryng to do is possible or i’m just fooling myself ?
What can be wrong ?

I tried to find a solution or some documentation all over the internet (i found a lot here ) but nothing on this kind of workflow (VM deployement + Ansible post configuration on the fly on the specific VM)

Thx in advance guys (and girls of course )

soissons · August 1, 2016, 6:25am

soissons · August 2, 2016, 8:43am

Ok…so for the moment my POC for ManageIQ with Ansible Tower is a complete fail agains’t Vrealize and System Center…

So i let ManageIQ until this system is “mature” and fully documented (where is the Ansible Tower integration Documentation ??? C’mon…this is a major Feature and no Doc outhere ? Really ?)

Bye

bdunne · August 2, 2016, 3:36pm

@soissons I assume you have created a state machine that provisions the VM, waits for completion, then attempts to run the Ansible Tower Job Template. Is that correct?

Are you setting the limit properly when launching the Ansible Tower Job Template? If the limit is not set, I believe it will run on the whole inventory.

cc @mkanoor @bill @syncrou @gmccullough

chessbyte · August 2, 2016, 7:21pm

@soissons While we work on improving upstream documentation, please see if the downstream documentation helps.

soissons · July 5, 2019, 1:26am

@bdunne and @chessbyte thank you for your time

I’m going to put some screenshot for a better understanding (or mistake tracking) ==>

Here my Bundle Items :

This bundle have 2 items :

1 item is the VM deployement from template with VMware provider (alone he work perfectly fine)

1 item is the Ansible job (work perfect via button, he run on the selected VM)

The Bundle Item have 1 Service dialogs :

And i put a textbox to retrieve the hostname variable and put in my Playbook Ansible =>

Here on the Ansible tower side the configuration i make :

in the job template

Snap 2016-08-03 at 08.01.36.jpg1084×640 35.3 KB
in the playbook

I run the bundled items, i put on Textbox my VM Name and the playbook run on the selected VM ( Victory ! ^^ but wait…he run not properly, i will explain after…)

The Problem, now, is the Ansible Job start way before the completion of the VM deployement…so the Ansible Playbook run before the VM is up and ready…

I have this error message :

Hope i was the most complete possible…

I really want to have ManageIQ…and not SystemCenter or Vrealize…

Thx Guys

bdunne · August 4, 2016, 1:47pm

@soissons I don’t think this can work as a bundle. The solution is to create a new automate state machine that does the VM provision first then does the Ansible Tower work once the VM is created, ensuring that the VM is available before the Job Template is triggered.

soissons · July 5, 2019, 1:26am

A HUGE thanks to @jmarc !!!

And if @jmarc is OK I will update this thread tomorrow with a step by step how to

PS: @bdunne In fact my previous workflow could work, not very efficient but he can work, just needed to add some previous step in Schema…(i will explain tomorrow)

Bye Guys and…really thank you @jmarc !

jprause · August 4, 2016, 3:28pm

Awesome @soissons! Looking forward to the step-by-step,…as I’m sure it will benefit the community.

soissons · July 5, 2019, 1:26am

Hi Guys,

First i would really thank @jmarc for the help and i recommend his Redhat Cloudforms Blog post :

You can find some very useful tips (this use case and more are coming )

So here the quick step by step “how to” for this particular use case (see my previous post):

(Assuming on Ansible Tower, you created your playbook and make it as a job template) :

create the VM deployment Item :

794×472 63.2 KB

No dialog and the Provisioning entry point is
/Service/Provisioning/StateMachine/ServiceProvision_Template/ Catalogiteminitialization.

(*jeremie is just my “cloned namespace”)

This item is a VM deployement from a template for VMware provider so configure it the proper way (if you are interested let me know i update the thread with some screenshot for that)

Second item is the Ansible job (when you create the Service catalog item, choose “Ansible tower” type):

No dialog and the Provision entry point is /ConfigurationManagement/AnsibleTower/Service/Provisioning/StateMachines/Provision/ Provision_from_bundle

Now before we create the Service Bundle Items we gonna create the Service dialog for this one:

For that create/clone a namespace and add a new method :

This method (Get_VM_Name) will be able to dynamically feed the “limit” parameter of Ansible we gonna put in textbox on our Service Dialog.

Here the code :

Ok now create the service Dialog =>

(really basic…you can do much better )

The dialog box that is important here is the “Limit” one.
As i say previously this box will feed the limit parameter of Ansible to run on this specific host/VM.

Configure it the same way and point your Entry point to the method created before(Get_VM_Name)

Now create the Catalog bundle items :

Choose the dialog previously created and put the Provision entry point : /Service/Provisioning/StateMachines/ServiceProvision_Template/ CatalogbundleItemInitialization

Select you items and the sequencing (Ansible job in 2nd ):

The Ansible Job Template can only run once the VM is deployed and UP.

To ensure the ordering, add an initial ‘pre0’ state with a value of /Service/Provisioning/StateMachines/Methods/GroupSequenceCheck to the state machine schema used to launch our AnsibleType service item ==>

( See @bdunne with that particular step added, my last Workflow can work, not efficient but well…now i switched to the “limit” textbox way )

That’s all Folks

Now you can Deploy a VMWare VM and configure it with ansible to fit the needs (and with Ansible, the possibility are endless)

Ladas · August 31, 2016, 9:00am

@soissons cool article, I will take inspiration from this.

Btw. my problem was, that a provider can say the VM is ready, but you can’t really ssh to it yet, cause it’s still doing some init. (happened with AWS). You can solve this nicely on the Tower side, when you start with a ‘wait for VM to be sshable’, like this:

github.com

atyronesmith/OPNFV-demo-ansible/blob/006000e03d2e348f0875277a9c1f2833d8f4d384/roles/cloudrouter-server/tasks/main.yml#L26


#- name: Make sure libselinux-python are installed
#  dnf: name=libselinux-python state=present
#  become: yes
#  become_user: root


- name: fetch AWS public IP first
set_fact:
  ansible_ssh_host: "{{ hostvars[inventory_hostname].ec2_ip_address }}"


- name: Wait for port 22 to become open
local_action: wait_for port=22 host="{{ ansible_ssh_host | default(inventory_hostname) }}" search_regex=OpenSSH delay=10 timeout=1200


- name: Gather facts
setup:  


#- name: Put a README in place
#  copy: src=README dest=/home/opnfv/README


#- name: Install openvpn
#  raw: sudo dnf install -y openvpn
#

switchboard.op · July 5, 2019, 1:26am

Hi. This thread has been helpful in getting a Tower Job template to run against a VM it’s bundled with, but I am having an issue that isn’t covered here…

When I order my bundle. The service is created with the VM contained within, but another service is created with the same name and no VMs associated. This “ghost service” always errors when I try to retire it. It looks like it’s parented to the catalog item rather than the bundle. Parent should be “RHEL with Tower Job”

My Service bundle is set up almost exactly as it is in @soissons example. With a simple Ansible job with a debug message to just test the connection between Tower and the Management Engine. The one difference is that I define a service_name in addition to a vm_name in the service dialog.

Any idea how I can stop the Ansible-Tower Job Service Item from creating its own service or fix the parenting issue?

Thanks

vestival · January 18, 2017, 7:08pm

@soissons have you tested this with the new cfme 5.7.? Have you find any issue?

switchboard.op · January 18, 2017, 9:49pm

I solved the issue I was having with the method below.

begin
    svc = $evm.root['service_template_provision_task'].destination
    if svc.v_total_vms.zero?
        svc.remove_from_vmdb
        $evm.log(:info, 'Removed empty service from VMDB')
        $evm.root['ae_next_state'] = 'Finished'
    else
        $evm.log(:info, 'Ansible job returned a VM')
        # need to address parenting here
    end
    exit MIQ_OK
rescue => err
    $evm.log(:error, "[#{err}]\n#{err.backtrace.join("\n")}")
    exit MIQ_WARN
end

Added this to one of the post states of the state machine at: ConfigurationManagement/AnsibleTower/Service/Provisioning/StateMachines/Provision/provision_from_bundle

As you can see I still haven’t solved the parenting issue if the Ansible job actually does return an inventory item. That’s a challenge for another day.

rut31337 · March 21, 2017, 12:11am

Great stuff. One thing I would like to add, if you don’t want to kick off the Ansible Tower job at the same time as the VM build (in parallel), you can set the action order for both items in the bundle to 1. This will make them run serially.