Now that vRealize Automation 8.1 has been released, I am keen to try out the new integration with RedHat Ansible Tower. Having had to either create my own integration to it with vRA 6.x or 7.x or use a third party plugin, both of which have their drawbacks, the prospect of having a native integration is quite exciting! Before even touching vRA 8.1 though, I'll need an Ansible Tower host...

In my homelab CentOS is the defacto standard for linux servers. It's similar enough to (RedHat Enterprise Linux) RHEL that most commands and scripts are transferable and it doesn't need any sort of license or subscription. I recently created my own vSphere templates for CentOS 7 and CentOS 8 using Packer (more to follow in another post on that) and this is the perfect use-case to try it out. As for why I'm writing this post, yes RedHat have their own documentation, but I found it a little difficult to follow at times and it's nice to be able to refer back to this later.

01 - Deploy a new server

My first step was deploying a new CentOS 8 server from template and giving it a static IP address. And yes, I also added it to DNS! I also configured it with 2 vCPUs, 4GB RAM and a 50GB disk. The RedHat docs highlight that these are minimum requirements for Tower.

02 - Create SSL certificates

I've also been rolling out trusted SSL certificates everywhere lately rather than relying on self-signed ones. Ansible Tower should be no different. I have a process that is partially scripted and just requires me to modify a configuration file, copy and paste the resulting CSR into my web interface of my Microsoft Intermediate CA and download the issued certificate. A couple of commands in and around that process take care of producing the necessary files. (This step might be optional, but I prefer to do it.)

The SSL certificate files produced for Ansible Tower

03 - Add the EPEL release repository

The installation process for Ansible Tower relies on opensource Ansible to execute. This means that you need to have Ansible installed to run the Tower setup. You won't find Ansible in the standard repositories that CentOS has though, you have to add RedHat's epel-release respository:

sudo dnf install -y epel-release
First login and installaing epel-release

04 - Expand the disk size in CentOS

I almost forgot this step. My new CentOS template has a 16GB standard disk size. Even though I made the underlying disk bigger when I cloned it, the partitions and filesystems haven't been updated to reflect it. Luckily I have a script that I use:

#!/bin/bash

# Grows root logical volume to maximum size for the disk on Centos OS
# @author Michael Poore
# @website https://blog.v12n.io

# Check for required packages and install
if ! rpm -qa | grep growpart; then
    /usr/bin/yum install -y cloud-utils-growpart
fi

# Get logical volume path for root
rootPath=$( df / | awk '!/Used/ {print $1}' )

# Get volume group name
vgName=$( lvs --select lv_name="root" | awk '!/LSize/ {print $2}' )

# Get physical volume name etc
pvName=$( pvdisplay --select vg_name="$vgName" | grep "PV Name" | awk '{print $3}' )
pvDevice=$( echo $pvName | grep -o '\/dev\/[a-z]*' )
partNum=$( echo $pvName | grep -o '[0-9]' )

# Extend root volume
growpart $pvDevice $partNum
pvresize $pvName
lvextend -l +100%FREE $rootPath
xfs_growfs /
Script to grow root logical volume to fill the underlying physical disk in CentOS

After running it my root filesystem had 46GB free space.

05 - Prepare SSL certificate files

If you're going to be using your own certificates then it's time to get them in place. I put these files in /etc/ssl. There may be a better place for them but it worked for me.

SSL certificate files

06 - Install Open Source Ansible

If they're not present already, I'd also suggest adding vim and curl too:

sudo dnf install -y ansible vim curl

07 - Download and extract Ansible Tower

Ansible Tower doesn't come as a package that you can install with yum or dnf. It has to be downloaded more manually and then unpacked.

curl -k -O https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz
Download the latest Ansible Tower setup
tar xvzf ansible-tower-setup-latest.tar.gz
Unpacking the latest Ansible Tower setup

08 - Modifying the configuration file

Don't rush off and run setup.sh just yet! It's tempting I know, but there's a configuration file that needs some modification first. The files that were just extracted will have ended up in a directory called "ansible-tower-setup-<version>", where the version will depend on what the latest version actually is. At the time of writing it's 3.6.4-1. Change in to that directory and edit the "inventory" file with your preferred editor.

The items that you MUST set are:

  • admin_password
  • pg_password
  • rabbitmq_password

These are illustrated below by large red arrows.

If you plan to use your own SSL certificates, then the two web_server* entries (in the green box) should be modified to provide the path to your certificate chain and private key. Uncomment these lines and provide the path.

09 - Run the setup

Once you have saved the inventory file you can safely run setup.

sudo ./setup.sh

Sit back and wait or go and grab some tea / coffee / other delicious beverage - it'll be a few minutes.

A tilted wine glass having red nectar poured into. Have you ever thought: "When is the best moment in anything ? ". Is it not that the best moment of your vacation is when you lock the front door of your house and turn your back to it ? Every subsequent moment just brings you closer to the end of the vacation. Drinking wine is no different. Pouring wine in the glass is the peek moment of the ceremony. After that, every drop you drink degrades your glass to an emptier one. That is of course until you fill it up again. But then is it not that you just get a new peek moment of a new ceremony ?.
Photo by Terry Vlisidis / Unsplash

There will be some red errors that flash up occasionally, even if everything is going well. It took about 12 - 15 minutes for my installation to complete, but when it did I was greeted with the following:

Ansible Tower setup is complete

10 - First login

There's no time like the present to test it out. Simply point a browser at https://<server-name> and go!

Ansible Tower first login

Note that because I provided my own SSL certificates, signed by a CA that my browser trusts, the padlock on the address bar isn't alerting me to an untrusted certificate.

To login via the UI, use the username "admin" and the password that you set in the inventory file for the item admin_password.

You'll now get prompted for a license, you're on your own there!

Ansible Tower license requested on first login

I hope this was helpful. I'm going to see how this integration with vRealize Automation 8.1 works now...