Setup Ansible Tower 2.2 via Proxy

The Ansible Tower is a really nice piece of visual “control center” for your Ansible installation. Ansible itself describes it as:

Centralize and control your Ansible infrastructure with a visual dashboard, role-based access control, job scheduling, and graphical inventory management. Tower’s REST API and CLI make it easy to embed Tower into existing tools and processes. Delegate automation jobs to non-Ansible users with portal mode.

Ansible Inc. recently released the new version 2.2 of the Tower, which has really nice features for enterprise environments.

Internet access required

By default the setup procedure of the Ansible Tower 2.2 requires direct internet access. Unfortunately if you’re working in an environment with security guidelines in place, you might have no direct access to the internet.

To work around on this issue we had to use a HTTP proxy server for the Tower setup. If you’re used to Linux, you know you can set the proxy via  http_proxy environment variable. Sadly these environment variables won’t be passed to Ansible, so that doesn’t help at all. Setting the proxy option in the YUM config will help  yum, but the setup procedure is still using Ansible modules like pip or get_url. So eventually we found another solution, by adding the proxy environment directly to the Ansible setup tasks / roles.

Here’s the patch for that:

Just download the patch and store it in /tmp/ansible-tower-setup.patch.

Setup the Tower

Here’s the full guide to setup the Ansible Tower 2.2.

Install Ansible

First of all, you’ve to install Ansible itself. You’ve two options:

  • install Ansible via pip
  • install Ansible via package manager

We recommend using pip, because it’s Pythons own package manager.

For Debian, that’s quite easy:

Unfortunately RedHat does no longer provide pip in RHEL 7, so you’ve to install it all by yourself:

Alternatively you can install Ansible from Fedora’s EPEL channels, though this isn’t supported from RedHat as well:

Please note that Fedora supports ansible out of the box!

Install the Tower

Browse to the official Ansible Tower page and get your personal copy of the Tower.

When you got your ansible-tower-setup-latest.gz, you’re ready to configure the Tower setup:

Now if you’re using a proxy, you should really patch your Tower setup roles / tasks by executing:

After you’ve patched the setup procedure, edit the proxy environment in  group_vars/all, and then start the setup:

 

 

2 Comments

  • luv Reply

    Will this be helpful in hosting ansible behind nginx ?

    • Dominique Barton Reply

      Hosting the Tower WebUI behind nginx? Of coruse you can do that (by using nginx’s proxy features), but why do you want that?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.