Ansible Tower

Overview

Morpheus supports Ansible Tower for configuration management. Morpheus accomplishes this by integrating with an existing instance running Ansible Tower (AT) 3.3.0-1 and earlier. The username and password required for integration can be a user with admin access or a user with project admin access

Morpheus will import the current Inventory, Templates, Hosts, Groups and Projects. In the integration view it will add a Job tab which will have information of all the jobs executed from Morpheus.

Note

This integration will not import data of the jobs which are not executed from Morpheus.

Add Ansible Tower Integration

  1. Navigate to Administration > Integrations and select + New Integration

  2. Select Integration Type “Ansible Tower”

  3. Populate the following fields:

    • Name: Name of the Ansible Tower Integration in Morpheus

    • Enabled: To disable the integration, uncheck this option

    • Ansible Tower URL: An HTTPS or HTTP Ansible Tower URL

    • Username: The user Morpheus would use to communicate with Ansible Tower

    • Password: Enter the password. Password is encrypted and saved in DB

    • API Version: This drop down has one option (v2) for now but may have others in future

  4. Save Changes

Once you have completed this section and saved your changes you can set up a Cloud or Group to utilize this integration.

Scope Ansible Tower Integration to a Cloud

All instances provisioned in this cloud will have the Ansible Tower config option during provisioning. See below the Provisioning Options for more details about the options.

  1. Navigate to Infrastructure > Clouds

  2. Edit the target Cloud

  3. Expand the Advanced Options section

  4. In the Config Management dropdown, select the Ansible Tower Integration.

  5. Save Changes

Scope Ansible Tower Integration to a Group

All instances provisioned in this Group will have the Ansible Tower config option during provisioning in any cloud part of the Group. See below the Provisioning Options for more details about the options.

  1. Navigate to Infrastructure > Groups

  2. Edit the target Group

  3. Expand the Advanced Options section

  4. In the Config Management dropdown, select the Ansible Tower Integration.

  5. Save Changes

Provisioning Options

When provisioning Instances into a Cloud or Group with a Ansible Tower Integration added, an Ansible Tower section will appear in the Config section of the provisioning wizard. By default, Ansible Tower is enabled, but can be disabled by expanding the Ansible Tower section and unchecking Enable Ansible Tower.

Ansible Integration Provisioning options:

Enable Ansible Tower

Select to bootstrap

Inventory

A list of Inventory available in Ansible Tower will appear in the drop down. Select an existing inventory. The instance will be added to the inventory selected.

Ansible Group

Enter the name of a new or an existing Group in the inventory selected above.

Template
Select an existing template or select the option ‘Create New Template’. If ‘Create New Template’ is selected below fields will appear and are mandatory
Template Name

Enter the template name

Project

Select an existing project from the drop down options

Playbook

Select a playbook from the dropdown to be associated with the template. Note: Morpheus doesn’t store a local copy of the playbooks visible in Ansible Tower. SCM or local path for playbooks should be maintained in Ansible Tower.

Execute Mode
Select one of the options from the dropdown
Limit to instance

This will execute the template on the instance provisioned.

Limit to Group

This will execute the template on all hosts attached to the group entered in the ‘Ansible Group’ field.

Run for all

This will execute the template on all hosts in the inventory

Skip execution

This will skip the execution of the template on the instance provisioned.

Scoping Ansible Tower Jobs to Tenant-Default Inventories

Users in the Primary Tenant have an additional Inventory execution option when creating Ansible Tower Job-type Tasks. When making a selection in the Inventory field, “Use Tenant Default” may be selected rather than a specific Inventory. This is because Ansible Tower Jobs created in the Primary Tenant may be shared publicly to other Tenants through public Workflows or when associated with public Library items.

../../_images/ansibleTowerInventory.png

When this option is selected and the Task is run in a Subtenant, it will automatically be run against the default Inventory which is configured for the Subtenant. The next section includes steps for associating Tenants and default Inventories.

Important

An Ansible Tower Job configured to run against a Tenant-default Inventory will fail when run by a user whose Tenant does not have a default Inventory set.

Setting Default Inventories for Tenants

When creating or editing Ansible Tower integrations, navigate to the Inventory tab to view all Inventories synced from the selected integration. Click “Permissions” inside the “MORE” action menu at the end of a row for the selected Invetory. Within the PERMISSIONS modal, there is a single typeahead field where a Tenant can be selected. Once the Tenant is selected, click SAVE CHANGES. Now back on the Inventory list view, you’ll see the default Tenant which is associated with each Inventory.

Note

Tenants may only be associated with one Inventory, though an Inventory can have multiple Tenant associations. If a Tenant is selected to be associated with a new Inventory, its association with a previous Inventory will automatically be removed.

../../_images/inventoryList.png

Ansible Tower Configuration

When using an Ansible Tower task type or associating the Ansible Tower integration with a cloud/group, there are a few options that can be configured:

  • Inventory

  • Group

  • Job Template

  • Execute Mode

Prompt at Launch

Some options used to configure your deployments have the related option of Prompt at Launch in Ansible Tower, which should be enabled on the template to be chosen in the Job Template field. If Prompt at Launch is not enabled, the values configured on the template in Ansible Tower will be used instead. Prompt at Launch can be seen below on the Inventory and Limit fields:

../../_images/ansibleTowerPromptAtLaunch.png

Group

The Group field is optional but a group can be entered into the field to associate the host to, in the target inventory. If the group is existing, then the instance will be associated as a host to that group. If the group does not exist, the group will be created and the instance will be associated as a host to that group.

../../_images/ansibleTowerGroups.png

Inventory

When provisioning on a cloud with a configured Ansible Tower integration or using an Ansible Tower task type against an instance, the instance will be added as a host to the inventory chosen in the Inventory field. As mentioned, if specified, these instance will be associated with groups in the inventory as well. When using an inventory that syncs from a project, the instance will still be added as a host in the inventory, in addition to the sync’d inventory. This means that Ansible Tower will aggregate the manually added hosts from Morpheus with the sync’d project inventory. However, if the Overwrite option is enabled on the source for the project that contains the inventory, any hosts added by Morpheus will be overwritten. In some cases, a separate Morpheus inventory may be desired, if Overwrite is required on your sources.

../../_images/ansibleTowerOverwrite.png

Passing extra_vars to Ansible Tower Job

When provisioning or when running Ansible Tower Jobs as Morpheus Tasks, you may pass the extra_vars stack to the Tower Job. First, ensure the Job Template has extra variables “Prompt on Launch” enabled as shown below:

../../_images/towerExtraVars.png

The sample Playbook below is associated with the Tower Job Template.

---
- hosts: all
vars:
  Opensource_Team: "Customer"
tasks:
- name: Print Hello World
  debug:
    msg:
    - "Hello World {{ Opensource_Team }}. Here are Morpheus extra_vars: {{ morpheus }}"

After executing the Tower Job, we can see the variable stack surfaced into the results as defined in the Playbook:

../../_images/towerResults.png

Use Case

You have Job template(s) in Ansible Tower to do post build config after the OS is deployed. The playbook with roles and tasks to do post build will add specific users and groups, install required packages, remove packages, disable services, change config for ntp, resolv, hosts etc. You want to add the instance to an existing Group/Inventory in Tower.

You can achieve this by adding the Ansible Tower Integration and then scope it to a Cloud or Group. While provisioning an instance, in the config stage you have the Ansible Tower section with option to select the post build job template, select the Inventory and provide an existing Group Name or if the Group doesn’t exist Morpheus will create it and submit for provisioning.

Morpheus will provision the instance, once it is in the finalize state where the instance has an ip and has completed domain join if required, added user(s) or User Groups if specified then Morpheus will add the instance to the inventory and Group and run the Template which will do all the post build of the server.

The output of the post build template execution can be see under Instance history.