Deploy & Configure AWX with Ansible EE

About

This example shows how to deploy basic EVPN/VXLAN Fabric based on Arista Validated Design roles using Ansible Tower/AWX. This repository will be used as project on AWX and we will describe how to configure Tower for the following topics:

Create a project
Create inventory
Install collections
Install python requirements

Disclaimer

This guide was originally published in our Arista AVD ecosystem and is based on field experience and it is not considered as an official AWX/Tower design guide. All the resources used in this post are available in the following repository.

It is not a post about how to use Arista Validated Design collection, but how to configure Ansible AWX to use it.

Before starting

If you want to see how to build your inventory and all related variables, it is recommended to read following documentation:

This guide describe how to install and configure AWX to run Arista AVD ansible collection using official approach as per AWX repository and requires to have a Kubernetes cluster available to install awx operator.

Requirements

To play with this repository, you need:

A kubernetes cluster set up and ready to use. AWX Operator repository uses minikube, but any flavor can be used.
A docker engine or podman to build Ansible Execution Engine.

AWX Installation

Deploy AWX Operator

If you do not have installed AWX operator yet, you can install it with the following commands:

  
# Clone repository
$ git clone https://github.com/ansible/awx-operator.git

# Create namespace in kubernetes
$ kubectl create namespace awx-avd-demo
namespace/awx-avd-demo created

kubectl config set-context --current --namespace=awx-avd-demo
Context "minikube" modified

# Deploy operator
$ cd awx-operator
$ export NAMESPACE=awx-avd-demo
$ make deploy

Full step by step is available on AWX Operator repository

Deploy an AWX instance

All the following steps will be executed in this repository as it provides both ansible content and AWX deployment manifest

AWX manifest

  
# manifests/awx-instance.yml
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx-for-avd-demo
spec:
  service_type: nodeport

AWX deployment

To deploy AWX, just run the following command:

  
# Check operator is active
$ kubectl get pods
NAME                                               READY   STATUS    RESTARTS   AGE
awx-operator-controller-manager-6d959bd7dd-nwjz8   2/2     Running   0          6m54s

# Deploy AWX
$ kubectl apply -f manifests/awx-instance.yml

# Monitor deployment (it can take time to appear)
$ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
NAME                        READY   STATUS    RESTARTS   AGE
awx-demo-postgres-0         1/1     Running   0          24s
awx-demo-6f58cd7b8d-6dpwr   4/4     Running   0          6s

Once container are UP and running, you should monitor logs to check provisioning completion:

  
$ kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
...
PLAY RECAP *********************************************************************
localhost                  : ok=62   changed=0    unreachable=0    failed=0    skipped=45   rescued=0    ignored=0

Get access information

AWX instance is available via a node port. So you can use following command:

  
# For minikube
minikube service awx-demo-service --url -n $NAMESPACE

# For other flavors
$ kubectl get services
NAME                                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
awx-operator-controller-manager-metrics-service   ClusterIP   10.152.183.37   <none>        8443/TCP       14m
awx-demo-postgres                                 ClusterIP   None            <none>        5432/TCP       6m35s
awx-demo-service                                  NodePort    10.152.183.71   <none>        80:31025/TCP   6m19s

In this example, instance is listening on port 31025

AWX Credentials are admin and password generated by Kubernetes

  
kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode
O2WBkBTW7CKWUZLqm263PklCL5m7K0GU

Configure AWX

Create Ansible Execution Environment

Ansible has recently introduced Execution Environment which is basically a container to execute your playbooks. The main interest is you don’t have to build a virtual environment in AWX.

To build such container, you need docker or podman as well as ansible-builder.

pip install ansible-builder

And then you have to define your builder file:

  
---
version: 1

build_arg_defaults:
  EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.12-devel'

dependencies:
  galaxy: requirements.yml
  python: requirements.txt

additional_build_steps:
  prepend: |
    RUN pip install --upgrade pip setuptools
    RUN yum install -y \
        make \
        wget \
        curl \
        less \
        git \
        zsh \
        vim \
        sshpass

Note that collection definition is part of requirements.yml. So a new image should be build each time you want to upgrade to a new avd or cvp collection.

To build image, nothing complex:

ansible-builder -f exeution-environment.yml -t <your-docker-image:tag>

Ansible version for runner can be found in ansible-runner registry

Also upload image to a registry.

docker push <your-docker-image:tag>

You can read more in this post.

Install Ansible Execution Environment

After your image has been uploaded on a public or private registry, you can define this Execution Environment in AWX (Administration / Execution Environments)

Add Ansible Execution Environment

If your image is on a private registry, you have to create credentials for your registry

List of available execution environment

Configure a Project

Now we will use this repository as source for both playbooks and inventory. Go to Resources / Projects and select Add

This project will be used for 2 things:

Get our inventory and all attached variables.
Get our playbooks to run in AWX.

Configure project with:

SCM Type: Git
SCM Branch: master
Ansible Environment: /your/path/to/venv
SCM URL: https://github.com/arista-netdevops-community/avd-with-ansible-tower-awx.git

Add project

Don’t forget the following elements:

Set correct Execution Environment from the list.
Select correct branch
Configure optional credentials if required

Create inventory

We can now create inventory in AWX in Resources / Inventories and select Add Inventory

Create Inventory

Click Save and and then on Sources

Add source

And then, complete information:

Configure Inventory source

Create Template (aka Playbook)

Template is in charge of the glue between inventory, execution environment and playbook to run.

Go to Resources / Templates and select Add Job Template

Add Template

In this section, feel free to use your tags based on your need. Here playbook will execute only build and not deploy and will skip documentation.

What’s next ?

Now everything is set and you should be able to run your playbook or build your own workflow !

AWX running playbook

Resources

Play with Ansible Execution Environment
Ansible Arista Validated Design repository.
Ansible Arista CloudVision Collection repository.
AWX Operator repository
Minikube
Ansible builder