Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Horizontal Navigation Bar
idAnsible Tower


Horizontal Navigation Bar Page
idAbout
titleAbout

Ansible Tower is an agentless Open Source automation engine that can be used to automate software provisioning, configuration management, application deployment, and a host of other IT activities. Ansible Tower is a web-based solution that makes Ansible even easier to use for IT teams of all kinds. It is designed to be the hub for all your automation tasks and to make Ansible more useable in an Enterprise setting. Ansible Tower provides additional features not available with Ansible Core, including:

  • Unified graphical user interface (GUI)
  • Role-Based Access Controls (RBAC)
  • Complex execution patterns (Scheduling, workflows, survey-based execution)
  • External tool integration (Jenkins, etc.)
  • Centralized Inventory Management
  • Monitoring and auditing




Horizontal Navigation Bar Page
idGetting Started
titleGetting Started

QUICK START GUIDE


Requesting Access to an Ansible Tower Organization

Step 1: If you do not have a HARP account or an EIDM or EUA account, register for a HARP ID. For instructions on the HARP registration process, refer to the HARP page.

Step 2: Once the HARP account has been created, log into HARP and request a QualityNet Ansible Tower entitlement via a HARP User Role. 

  • Select User Roles from the top of the page and select Request a Role.
  • On the Select a Program Page, select QualityNet-Ansible.
  • On the Select an Organization page, select your Contract name.
  • On the Select Roles page, select QualityNet-Ansible user role (choose one)
    • Ansible_SO
    • Ansible_User
    • Ansible_Admin
  • Select the Submit button
  • Enter your reason for requesting the selected role in the Request Reason text field.
  • Select the Submit button

Step 3:  The organization's Security Official reviews and approves/denies the user role request. You will be notified via email that your request has been submitted, and again when your role has been approved or denied.

Step 4:Log into Ansible Tower https://tower.hcqis.org using your HARP credentials.


Accessing Ansible Tower:

Step 1: If you do not have a HARP account or an EIDM or EUA account, register for a HARP ID. For instructions on the HARP registration process, refer to the HARP page.

Step 2: Log into Zscaler

Step 3: Log into Ansible Tower at  https://tower.hcqis.org/ using your HARP credentials. Alternatively, you may also log in to the CMS.gov|IDM application portal at https://idm.cms.gov and select the Ansible Tower tile

Note: you must be connected to Zscaler before logging into Ansible Tower



Requesting a New Ansible Tower Organization

The Security Official (SO) for the organization may request Ansible Tower access on behalf of users for their contract or the user may request access for themselves.

Step 1: Log into ServiceNow athttps://idm.cms.gov/using your HARP credentials

Step 2: Select ServiceNow after logging in.

Step 3: Locate SecDevOps Request

  • Type “catalog” in the Filter Navigator
  • Select IT Services Catalog
  • Select SecDevOps
  • Select ADO Onboarding Request
  • Select Ansible Tower Onboarding Request
  • Complete online form and select Submit.

Required Information for online form:

  • Name of the new Ansible Tower Organization
  • A brief justification for the new Ansible Tower Organization
    • EX: This new Org will be used by the <Your LOB> team to subdivide major applications that are managed by different teams on our program.



Horizontal Navigation Bar Page
idResources
titleResources


For more information on Ansible Tower please refer to the Ansible Tower Confluence page. This information is continually updated.


Horizontal Navigation Bar Page
titleRelease Notes

Coming Soon


Horizontal Navigation Bar Page
idFAQs
titleFAQs

FAQs


Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleGeneral


Expand
titleWhat is Ansible Tower?

Ansible Tower is an agentless Open Source automation engine that can be used to automate software provisioning, configuration management, application deployment, and a host of other IT activities. Ansible Tower is a web-based solution that makes Ansible even easier to use for IT teams of all kinds. 


Expand
titleWhy don't my changes appear in Tower after being pushed to GitHub?

By default Projects in tower do not automatically pull from Git on a schedule. By default SCM updates will only occur on creation, and when manually requested. Schedules must be configured manually, which is covered in the Tower documentation.


Expand
titleWhy doesn't my playbook appear in the dropdown during job template creation?

If your playbook does not appear in this dropdown:

Usually this is because an SCM update has not been performed, so tower has an outdated version of your git repo. See 'Why don't my changes appear in Tower after being pushed to GitHub?' .

It's also possible that there is a syntax issue with your playbook, as Tower attempts to parse the playbook before displaying it. Verify that your playbook is syntactically correct.


Expand
titleWhy does my Jenkins pipeline fail with 'Unable to find job template'?

Usually this is caused by a lack of permissions for your service account. Your DevOps service account must have the 'execute' role for your template. You can grant this permission to the account directly, or to a team that it's a member of. Granting this permission is covered in the Tower documentation.


Expand
titleWhy is my job sitting in 'pending' state?

There are 2 common reasons for a job to sit in 'pending' state:

  • Blocked awaiting an SCM update. If a project is configured to 'update on launch', then jobs will remain in pending state until the SCM update is completed.
  • Blocked by a concurrent job. If a job template is configured without 'enable concurrent execution', executions of the template that share an inventory will block.


Expand
titleMy job failed due to an SCM update failure. How do I find the SCM Update logs?

SCM updates execute as a distinct job type 'project_update', and can be searched for from the job screen using 'type:project_update' as a parameter.

The simplest way to find the job relevant to your failed job is to view your job, and click the 'view project sync results' link:


Expand
titleMy Ansible playbook is returning an error that is unclear

Ansible errors can sometimes be cryptic, especially for those unfamiliar with Python. The most common issues are syntactical, so start with the syntax checking FAQ item. For more complex issues, often the simplest route is to rely on the troubleshooting work already done by others. The Ansible GitHub Issues page includes years of troubleshooting discussions, with examples of errors received and their solutions. Often searching for your error there will result in several similar examples, with explanations and solutions.


Expand
titleWhere can I find quality sample code?

Github is full of publically available Ansible roles and playbooks, and is a great place to start when looking for relevant examples.

Jeff Geerling has written a good book on Ansible, and he provides all of the code samples for free on github.

For examples of how to use a specific module, the most reliable source is always the official documentation.


Expand
titleWhich module should I use to execute shell commands?

There are three modules that can be used to interact with a target and simulate human input. Links to documentation for each, as well as notes on use-cases:

  • Command
    • Given command is passed directly into Popen on the target, with no shell . Ex. 'date' is run directly.
    • Shell functions like redirection, variable substitution, etc will not function
    • No profiles (ex. bashrc, .profile) will be loaded
    • Python required on target, command executed as a child process of Ansible's python interpreter.
  • Shell
    • Not actually a distinct module. Uses 'command' under the covers, but prepends a shell executable to your commands. Ex: 'date' becomes '/bin/sh date' .
    • Shell functions are available
    • Profiles will be loaded based on shell configuration
    • Python required on target, shell executed as a child process of Ansible's python interpreter.
  • Raw
    • Module is implemented entirely server-side, nothing is done on the target other than execution.
    • Command is passed into Ansible's SSH connection directly, without passing through Python.
    • Profiles and shell configuration can be configured based on the command provided.
    • Can be used to install Python prior to other modules
    • Can be used to workaround Python bugs on unsupported or out-of-date systems (Solaris legacy)

It's generally recommended to work 'down' through these options as dictated by your requirements. Ideally Ansible code should be target agnostic and idempotent, and that gets more difficult with Shell and especially Raw.



Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleAccess


Expand
titleWhat are the requirements for requesting access?

All users requesting Ansible Tower access must first have access to ServiceNow.  For instructions on the process, refer to the ServiceNowhandout.

All users requesting Ansible Tower access must first have access to Zscaler.  For instructions on the process, refer to the Zscalerhandout.


Expand
titleHow do I log into Ansible Tower?

Step 1: If you did not have an Active Directory (AD) account previously, you will have an AD account provisioned for you. After your request has been approved, you will receive an email or phone call from the HIDS Windows team with details on your Active Directory (AD) account and VIP installation instructions.

Info

If you haven't received your account details and instructions within 24 hours, please contact the QualityNet Service Desk at 1-866-288-8914 or ServiceCenterSOS@cms.hhs.gov

Step 2: Log into Ansible Tower at  https://tower.hcqis.org/ using your AD credentials.

Note

You must be connected to Zscaler before logging into Ansible Tower



















Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleNeed Help ?

If you need help or assistance please contact the HIDS DevOps team. They can be reached via the following methods:

  • Service Center: For technical assistance with any account related issues, please contact the Service Center at:

Phone: (866) 288-8914 (TRS:711)

Slack: #help-service-center-sos

Email: ServiceCenterSOS@cms.hhs.gov