Getting started with Ansible Tower in IBM Cloud
Red Hat® Ansible Tower automates continuous configurations and deployments.
Red Hat Ansible Tower is an Internet-based hub that runs your automation tasks. You can configure the optional license to use Red Hat Ansible Tower with the automation capability of the IBM Cloud Pak® for Multicloud Management.
Before you begin
- You must have a Linux system with OpenShift command-line tool (oc) installed to run the installer.
- Your target cluster must be an OpenShift cluster where IBM Cloud Pak for Multicloud Management is installed. For more information, see Getting started with IBM Cloud Pak for Multicloud Management.
- You must have administrator privileges for the account that is used to run the OpenShift installer (
cluster-admin
role is required). - Download the IBM Cloud Pak® for Multicloud Management 2.1 part numbers from IBM Passport Advantage.
- Red Hat Ansible Tower key - CC7X6EN (temporary-tower-license.txt)
- Automation navigation for IBM Cloud Pak® for Multicloud Management 2.1 - CC7X4EN (automation-navigation-updates.sh)
- (Optional) Earlier part numbers are also available
- IBM Cloud Pak® for Multicloud Management 2.0 - Red Hat Ansible Tower key - CC737EN
- IBM Cloud Pak® for Multicloud Management 2.0 - Automation navigation for IBM Cloud Pak for Multicloud Management 2.0 - CC734EN
- IBM Cloud Pak® for Multicloud Management 1.3 - Red Hat Ansible Tower key - CC79QEN
- IBM Cloud Pak® for Multicloud Management 1.3 - Automation navigation for IBM Cloud Pak for Multicloud Management 1.3 - CC66KEN
Installing Red Hat Ansible Tower
-
Log in to OpenShift as an administrator from your Linux system.
oc login --token=<token> --server=<URL>
For example:
oc login --token=EtZqGLpwxpL8b6CAjs9Bvx6kxe925a1HlB__AR3gIOs --server=https://c100-e.us-east.containers.cloud.ibm.com:32653
You can find the
oc login
for your OpenShift cluster where IBM Cloud Pak for Multicloud Management is installed by using these steps:a. Log in to IBM Cloud: https://cloud.ibm.com/
b. Select OpenShift>Clusters and select the cluster where IBM Cloud Pak for Multicloud Management is installed.
c. Log in to the OpenShift web console and select the IAM <yourID> menu, then select "Copy Login Command".
d. Click the Display Token link.
e. Copy the providedoc login ...
CLI command to log in to OpenShift. -
On your Linux system, download the installation package by running the following command:
wget https://releases.ansible.com/ansible-tower/setup_openshift/ansible-tower-openshift-setup-latest.tar.gz
-
Extract the package by running the following commands:
tar xvf ansible-tower-openshift-setup-latest.tar.gz
cd ansible-tower-openshift-<version_from_step2>
-
To install Ansible, run the following command:
sudo yum install ansible ``` Note: Ensure the ansible version installed is the required version for the setup bundle you downloaded, see the [Ansible Software Requirements](https://docs.ansible.com/ansible-tower/3.7.1/html/installandreference/requirements_refguide.html#ansible-software-requirements) in the Ansible Tower documentation. Run this command to check ansible version: ``<ansible --version>``.
-
Create an
ansible-tower
namespace for your Red Hat Ansible installation in your OpenShift cluster.oc new-project ansible-tower
-
(Optional) Switch to the new project/namespace and add an application:
oc project ansible-tower ``` ``` oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
-
Create a pvc named postgresql. Sample PVC resource file named postgres-nfs-pvc.yaml
apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: labels: name: postgresql spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: ibmc-block-gold
Note: Change the storage class according to your OpenShift Storage Class listing.
oc create -f postgres-nfs-pvc.yaml
-
Ensure that the pvc is created.
oc get pvc
-
Modify the Ansible playbook to use insecure login.
sed -i "s/{{ openshift_skip_tls_verify | default(false)/{{ openshift_skip_tls_verify | default(true)/g" roles/kubernetes/tasks/openshift_auth.yml
-
Run the installation command to complete the setup:
./setup_openshift.sh -e openshift_host=https://<host>:<port> -e openshift_project=ansible-tower -e openshift_user=<openshift_user> -e openshift_token=<openshift-token> -e admin_password=<admin-pass> -e secret_key=<my-secret> -e pg_username=<pg_username> -e pg_password=<pg_password> -e rabbitmq_password=<rabbitmq-pass> -e rabbitmq_erlang_cookie=<rabbiterlangapwd>
- Modify the values for the following parameters:
openshift_host, openshift_user, openshift_token, admin_password, secret_key, pg_username, pg_password, rabbitmq_password, and rabbitmq_erlang_cookie
.
Where <host>
is the cluster_kube_apiserver_host, for examplehttps://api.green.coc-ibm.com:6443
.<port>
is the cluster_kube_apiserver_port.- To find the
<host>
and<port>
variables, run this command:kubectl get configmap -n kube-public -o yaml
. <openshift_user>
is the OpenShift admin user.<openshift-token>
is the token that you obtain by running this commandoc whoami -t
or login to the OpenShift console and click the user's Copy Login Command.<admin-pass>
is the password that you want to set for Ansible Tower admin user.<my-secret>
is the secret that you want to set. It can be a base64 encoded string.<pg_username>
is the username for postgresql.<pg_password
> is the password for postgresql.<rabbitmq_pass>
is the password for Rabbit MQ.<rabbiterlangapwd>
is the Rabbit MQ erlang cookie.
- Modify the values for the following parameters:
-
Log in to Ansible Tower and import the license from the
temporary-tower-license.txt
downloaded in Before you begin section. The first time you log in to Ansible Tower, the license screen is automatically displayed:http://<ansible-tower-host>
Run this command to locate the
value: oc get route -n ansible-tower
{: codeblock} The default admin-username is
admin
and password is the password you set for theadmin_password
parameter during installation, in thesetup_openshift.sh
command.
Integrate Ansible Tower with IBM Cloud Pak for Multicloud Management
Enable navigation to Red Hat Ansible Tower within the IBM Cloud Pak console.
Complete the following steps on a Linux system. These steps enable navigation to Ansible from the IBM Cloud Pak console:
-
Obtain the menu customization script,
automation-navigation-updates.sh
. See Before you begin. You must run the script on a Linux operating system. -
Install and authenticate
kubectl
. For more information, see Installing the Kubernetes CLI (kubectl)). -
Download and configure the JQ tool by using the following commands:
wget -O jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 chmod +x ./jq mv jq /usr/bin
For more information, see Download jq.
-
Copy the
automation-navigation-updates.sh
script to a directory location. Set the file permissions on the script and run the script to enable navigation to your Ansible instance:chmod 755 ./automation-navigation-updates.sh ./automation-navigation-updates.sh -a <name>
where <name> is the name that is used for the
openshift_project
paramater in step 10.
For example,./setup_openshift.sh -e openshift_project=ansible-tower
. In this example,ansible-tower
is the name that is used. -
Verify that the Ansible Tower instance is in the IBM Cloud Pak console navigation menu. From the IBM Cloud Pak navigation menu, click Automate infrastructure > Ansible automation.
You have now successfully installed Red Hat Ansible Tower and integrated it with IBM Cloud Pak console in IBM Cloud.