Ansible AWX with Isolated Nodes

Yes, I know… you would like to run some Ansible workloads using isolated nodes and on top of that – you would like to use the AWX for this purpose. The following is a pure process to do just what you need. No additional fluff. It has been tested in several environments with AWX 14.1.

Ahhh… and read to the end… there is a bonus awaiting you :)

  1. Install Centos8 host
  2. dnf update -y
  3. dnf install epel-release python3-pip python3-devel -y
  4. dnf install ansible rsync gcc -y
  5. dnf install gcc
  6. echo "alias python=python3" >> ~/.bashrc
  7. source ~/.bashrc
  8. ln --symbolic /usr/bin/python3 /usr/bin/python
  9. python3 -m pip install ansible-runner pywinrm
  10. mkdir /var/lib/awx
  11. useradd awx
  12. chown awx:awx /var/lib/awx
  13. ssh-keygen -t rsa -b 2048

on the AWX node with awx_task container:

  1. docker ps
  2. docker exec -it awx_task /bin/bash
  3. awx-manage provision_instance --hostname hostname –is-isolated
  4. awx-manage register_queue --queuename HKG --hostname hostname --controller tower
  5. awx-manage generate_isolated_key
  6. Copy the key to the isolated node to /home/awx/.ssh/authorized_keys
  7. On isolated node: chmod 640 /home/awx/.ssh/authorized_keys
  8. On AWX node in docker exec context:
  9. awx-manage test_isolated_connection --hostname hostname
  10. In the AWX GUI:

Confirm you can see HKG group (created with register_queue switch) … controller needs to be the controlling instance group. If you have one server in the instance group, this is the controlling group, if you have more, that is fine

11. Click on HKG (or whatever name) and Instances

12. Disable new node in the console:

13. Re-enable the node:

14. Wait and confirm the node stays Active

15. docker logs -f awx_task. Confirm the following logs entries are being displayed:

16. Configure the Inventory and select the instance group

17. Create the Template and select the instance group

18.Observe the job… Notice that in the Job details, the Execution node is set to one of the Isolated Nodes and The Instance Groups is set to the group specified in the Template:

19. In the docker logs -f awx_task, you should see the following execution tasks (this one indicates the content of the Project/Inventory and Template have been transferred to the Isolated Node:

20. At the time of running the ansible code, you can run journalctl -f on the isolated nod, you will see the directory where the artefacts are copied to and investigate.


The following Ansible Playbook should be converted into a role. The role should be run from the AWX node (as we need to execute a few commands in awx_task container). Alternatively – you can run this from any other node, but keep in mind ‘delegate_to’.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

[Cloud and Modern Data Center]

Azure Site Recovery and MCS Provisioned Workloads

By [James Kindon]

Azure Site Recovery (ASR) is Microsoft’s multi-faceted solution for performing services such as Disaster Recovery (DR), Business Continuity Planning (BCP)...

[Cloud and Modern Data Center]

Securing and Optimising Access to Azure Storage Accounts with Azure Endpoints

By [James Kindon]

When working with Azure files, it is important to ensure that traffic destined for your files shares is both secured and routed in an optimal fashion.

[Cloud and Modern Data Center]

Automating Active Directory Domain Join for Azure Storage Accounts with Container Workloads

By [James Kindon]

Having the ability to Active Directory Domain Join (ADDS) an Azure Storage account has changed the game for many organisations deploying file service into Azure.