Ansible Tower
The Ansible Tower Adapter is used to manage and provide an API for Ansible Tower, a build, configuration, and orchestration system.
- Ansible Tower needs to be installed on a server that IAP can access.
- Ansible Tower does not need to be installed on the same server that IAP is on.
- Refer to the Minimum System Requirements (located in the Installation guide) for the required version.
| Name | Method |
|---|---|
| Adhoc Command | GET, POST, DELETE |
| Credential | GET, POST, PUT, DELETE |
| Dashboard | GET |
| Group | GET, POST, PUT, DELETE |
| Host | GET, GET FILTERED (as in getDevicesFiltered), POST, PUT, DELETE |
| Inventory | GET, POST, PUT, DELETE |
| Job | GET, GET RESULT, POST, PUT, DELETE |
| Job Event | GET |
| Job Template | GET, POST, PUT, DELETE, LAUNCH, LAUNCH SYNC, DRY RUN SYNC |
| Organization | GET, POST, PUT, DELETE (limitation of 1 in test environment) |
| Playbook | GET LIST |
| Project | GET, POST, PUT, DELETE |
| Workflow Job | GET, GET RESULT, POST, PUT, DELETE |
| Token | GET |
| Generic | GET, POST, PUT, DELETE |
Adapter Properties
| Property | Type | Description |
|---|---|---|
host |
String | Required. The IP or hostname of the Ansible Tower server. |
port |
Number | Required. The port number of the Ansible Tower server. |
protocol |
String | Optional. Tells the adapter whether to use HTTP or HTTPS (http is the default). |
credentials.username |
String | Required. The username to use when connecting to the Ansible Tower server. |
credentials.password |
String | Required. The password to use when connecting to the Ansible Tower server. |
credentials.token |
String | Required. The token provided by your Ansible Tower license file. |
stub |
Boolean | Optional. Indicates whether the stub should be run instead of making calls to Ansible Tower (very useful during basic testing). The default is false which means connect to Ansible Tower. |
throttle.throttle_enabled |
Boolean | Optional. Defaults to false and simply states whether the adapter should use throttling or not. |
throttle.number_pronghorns |
Number | Optional. Defaults to 1 and states whether throttling is done in a single IAP instance or whether requests are being throttled across multiple IAPs. This is an important property for performance enhancements. Throttling in a single IAP uses an in memory queue so there is less overhead. Throttling across multiple IAPs requires putting the request and queue information into a shared resource, e.g. the database, so that each IAP can determine what is running and what is next to run. This requires additional IO overhead. |
throttle.sync_async |
String | Optional. Is not used at this time. It is for future expansion of the throttling engine. |
throttle.max_in_queue |
Number | Optional. Represents the maximum number of requests that IAP should allow into the queue before rejecting requests. This is not necessarily a limit on what IAP can handle, but more about timely responses to the requests. The current default is 1000. |
throttle.concurrent_max |
Number | Optional. Defines the number of requests that IAP can send to Ansible Tower at one time. The default is 1, meaning each request must be sent to Ansible Tower in a serial manner. |
throttle.expire_timeout |
Number | Optional. Defaults to 0. This is a graceful timeout of the request session. After the request has completed, IAP will wait the additional expire timeout time (in milliseconds) prior to sending the next request. |
throttle.avg_runtime |
Number | Optional. An approximate average of how long it takes Ansible Tower to handle each request. This is an important number that has performance implications. If the number is defined too low, it puts extra burden on IAP CPU and memory as the requests will continually try to see if they can run. If the number is defined too high, requests may wait longer than they need to before running. The number does not need to be exact but the throttling strategy depends heavily on this number being within reason. If averages range from 50 to 250 milliseconds, pick an average run-time somewhere in the middle so that when Ansible Tower performance is exceptional you might be a little slower than you might like, but when it is poor you still run efficiently. Default is 200 milliseconds. |
request.number_retries |
Number | Tells IAP how many times to retry a request that has either aborted or taken the limit error before giving up and returning an error. |
request.limit_retry_error |
Number | Optional. The HTTP error status number which defines that no capacity was available and thus after waiting a short interval the adapter can retry the request. The number defaults to 0. |
request.attempt_timeout |
Number | Optional. How long IAP should wait before aborting the attempt. On abort, IAP will back off the requests and run a Healthcheck until it re-establishes connectivity to Ansible Tower. Then it will re-attempt the request that aborted. The attempt timeout defaults to 5000 milliseconds. |
request.archiving |
Boolean | Optional. Defaults to false. It archives the request, the results and the various times (wait time, Ansible Tower time, and overall time) in the ansibletower_results collection in MongoDB. Before enabling this capability think about how much to archive and develop a strategy for cleaning up the collection in the database so that it does not become too large, especially if the responses are large. |
request.ssl.enabled |
Boolean | If you require SSL then change this to true. SSL can work two different ways, you can accept invalid certifications (only recommended for lab environments) by setting the flag to true or you can provide a CA file. If SSL is enabled and the accept invalid certifications is false, then the CA file is required. |
request.ssl.accept_invalid_cert |
Boolean | Flag indicating whether untrusted certificates are accepted. |
request.ssl.accept_invalid_cert |
Boolean | Flag indicating whether untrusted certificates are accepted. |
request.ssl.ca_file |
String | Path to the certificate authority chain containing a list of trusted certificates. |
request.ssl.ciphers |
String | The trusted set of SSL ciphers to negotiate with the remote host. |
Sample Configuration
A sample Ansible Tower configuration is provided below for reference. Be sure to configure the following properties.
hostportprotocolcredentials.usernamecredentials.passwordcredentials.tokenrequest.ssl.enabledrequest.ssl.ca_filerequest.ssl.ciphers
{
"id": "ansibletower",
"type": "AnsibleTower",
"properties": {
"host": "localhost",
"port": 443,
"protocol": "https",
"credentials": {
"username": "admin",
"password": "$ENC87eb897b507afc1796db49409dd0261985802f84aad3469e",
"token": "token"
},
"stub": false,
"throttle": {
"throttle_enabled": false,
"number_pronghorns": 1,
"sync_async": "sync",
"max_in_queue": 1000,
"concurrent_max":1,
"expire_timeout":0,
"avg_runtime": 200
},
"request": {
"number_retires":3,
"limit_retry_error":401,
"attempt_timeout":5000,
"archiving":false,
"ssl": {
"enabled": true,
"accept_invalid_cert": false,
"ca_file": "/etc/ssl/ca.cert",
"ciphers": "DHE-RSA-AES256-SHA"
}
}
}
}