This blog article covers the steps to Execute a Job Template at the Ansible Tower as a Day2 operation after a server is provisioned using a cloud template (e.g cft/arm). The steps on how to send server credentials and extra variables to ansible tower are also provided. The steps to troubleshoot issues if any were also added. You will find this useful for building your server deployment workflows.
CPG - calling Ansible Job as Post Provision Step for cloud catalog item
PreRequisutes
1. Create a Virtual Server using cloud template [eg:- CFT]
2. Discover Ansible Tower
3. Use the OOB Day2 Operation [Virtual Machine Store Extension Interface - Execute Job Template]
a. Register Node
i. Registers the newly provisioned node with Ansible on the given Inventory and HostGroup
ii. Creates Host Credential at Ansible Tower.
b. Execute Job Template
i. Executes an Ansible Job template on the provisioned VM. Eg:- Apache, Tomcat etc..,
4. Configure Application Profile to select the Ansible Job Template.
---------------------------------------
Runtime
1. Deploy a Catalog Item with a simple VM.
2. Resolve NodeAddress and NodeCredentials
Expression to resolve NodeCredentials
$(Stack.items[Virtual Server].node_reference_credential[sn_cmp_vm_node_mgmt_creds:node].attribute[cred_id])
Mandatory Step needed by Ansible to create an Host credential at Ansible Tower
1. Create or use an existing record in sn_cmp_node_credential
2. Create an association between Node Credentials and the Node in sn_cmp_vm_node_mgmt_creds. Ansible will be picking these node credentials [username and password/private-key] to create host credential
3. Click on the Virtual Server and Select the Day2 operation. [Virtual Machine Store Extension Interface - Execute Job Template]
Send Extra Vars to Ansible Tower
Use ConfigurationOverrides attribute in order to override Extra Variables on Ansible Job Template.
[
[{ "name": "attribute", "value": "aws_zone" }, { "name": "value", "value": "${parameter.Location}" }],
[{ "name": "attribute", "value": "contact_email" }, { "name": "value", "value": "sample-email@gmail.com" }],
[{ "name": "attribute", "value": "port" }, { "name": "value", "value": "9090" }]
]
Troubleshoot
2 operations run at the Ansible Tower [Register Node, Execute Job Template].
1. Inputs to Register Node
2. Inputs to Execute Job Template
3. Connection between Ansible and MID Server
curl -u <username>:<password> -k https://<ansible-ip>/api/v2/organizations/
4. Credential association exists between Server and Credentials in sn_cmp_vm_node_mgmt_creds.
Note:
Register Node should run only once for a node. Execute Job Template can run multiple times on the same node to deploy a different Job template.
2 Comments
.png){kind=link}
.png){kind=link}
.png){kind=link}
.png){kind=link}
