Yes, I know… you would like to run some Ansible workloads using isolated nodes and on top of that – you would like to use the AWX for this purpose. The following is a pure process to do just what you need. No additional fluff. It has been tested in several environments with AWX 14.1.
Ahhh… and read to the end… there is a bonus awaiting you 🙂
- Install Centos8 host
- dnf update -y
- dnf install epel-release python3-pip python3-devel -y
- dnf install ansible rsync gcc -y
- dnf install gcc
- echo “alias python=python3” >> ~/.bashrc
- source ~/.bashrc
- ln –symbolic /usr/bin/python3 /usr/bin/python
- python3 -m pip install ansible-runner pywinrm
- mkdir /var/lib/awx
- useradd awx
- chown awx:awx /var/lib/awx
- ssh-keygen -t rsa -b 2048
on the AWX node with awx_task container:
- docker ps
- docker exec -it awx_task /bin/bash
- awx-manage provision_instance –hostname hostname –is-isolated
- awx-manage register_queue –queuename HKG –hostname hostname –controller tower
- awx-manage generate_isolated_key
- Copy the key to the isolated node to /home/awx/.ssh/authorized_keys
- On isolated node: chmod 640 /home/awx/.ssh/authorized_keys
- On AWX node in docker exec context:
- awx-manage test_isolated_connection –hostname hostname
- In the AWX GUI:
Confirm you can see HKG group (created with register_queue switch) … controller needs to be the controlling instance group. If you have one server in the instance group, this is the controlling group, if you have more, that is fine
11. Click on HKG (or whatever name) and Instances
12. Disable new node in the console:
13. Re-enable the node:
14. Wait and confirm the node stays Active
15. docker logs -f awx_task. Confirm the following logs entries are being displayed:
16. Configure the Inventory and select the instance group
17. Create the Template and select the instance group
18.Observe the job… Notice that in the Job details, the Execution node is set to one of the Isolated Nodes and The Instance Groups is set to the group specified in the Template:
19. In the docker logs -f awx_task, you should see the following execution tasks (this one indicates the content of the Project/Inventory and Template have been transferred to the Isolated Node:
20. At the time of running the ansible code, you can run journalctl -f on the isolated nod, you will see the directory where the artefacts are copied to and investigate.
BONUS
The following Ansible Playbook should be converted into a role. The role should be run from the AWX node (as we need to execute a few commands in awx_task container). Alternatively – you can run this from any other node, but keep in mind ‘delegate_to’.