• This repository has been archived on 24/May/2024
  • Stars
    star
    200
  • Rank 195,325 (Top 4 %)
  • Language
    Python
  • License
    Other
  • Created about 6 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

ansible-runner-service

This project wraps the ansible_runner interface inside a REST API enabling ansible playbooks to be executed and queried from other platforms.

The incentive for this is two-fold;

  • provide Ansible integration to non-python projects
  • provide a means of programmatically running playbooks where the ansible engine is running on a separate host or in a separate container

Features

The core of this project is ansible_runner, so first of all, a quick call out to those folks for such an awesome tool!

Security

  • https support (http not supported)
    • production version:
      • uses TLS mutual authentication. (<misc/nginx> folder provides a container to be used in production)
      • Valid client and server certificates must be used to access the API (See documentation in <misc/nginx> folder)
    • test version:
      • uses self-signed if existing crt/key files are not present (<misc/docker> provides a container to be used in test systems)
      • if not present, generates self-signed on first start up
  • creates or reuses ssh pub/priv keys for communication with target hosts

Monitoring

  • /metrics endpoint provides key metrics for monitoring the instance with Prometheus
  • a sample Grafana dashboard is provided in the misc/dashboards directory to track activity

Playbook Execution

  • exposes playbooks by name found within the project folder
  • supports Ansible environments that use private libraries (ie. the library directory is stored within the project folder)
  • playbooks can be run with tags to change execution behavior
  • playbooks can use limit to restrict actions to a specific host
  • playbooks can use check parameter to run the ansible-runner in check mode
  • running playbooks may be cancelled
  • supports execution of concurrent playbooks

Playbook State

  • playbook state and output can be queried during and after execution
  • playbook state shows overall status, with current active task name
  • the caller can request all events associated with current or past playbook runs
  • events may be filtered for specific output e.g. ?task=RSEULTS to show events with a taskname of RESULTS
  • playbook state is cached to improve API response times

Inventory management

  • hosts and ansible groups are managed through the API /groups and /hosts endpoints
  • Before a host can be added to the inventory, it is checked for dns, and passwordless ssh
  • missing public keys on 'candidate' hosts, result in the instance's public key being returned to the caller. The requester can then arrange for this key to be installed on the candidate host.
  • host and group vars supported either inside the 'hosts' file, or in the host_vars/group_vars sub-directories

Developer Friendly

  • simple to use REST API allowing playbooks to be run, and results/state queried
  • provides a /api endpoint describing each endpoint
  • /api content is automatically generated and has no external dependencies
  • each description includes an curl command example, together with output

Deployment

  • supports docker - Dockerfile and README included
  • cross platform support (docker image uses CentOS7 base, build process executes against Ubuntu)
  • can be packaged as an rpm or run as a container
  • designed to offer core ansible functionality, supplemented by a users set of playbooks/roles/library
  • supports configuration options through a specific /etc directory
  • configuration options may be overridden at the command line for diagnostics
  • all relevant activity is logged

Prerequisites

So far, testing has been mainly against Fedora (28) and the CentOS7 for the docker image. Other distros may work fine (Travis build uses Ubuntu Trusty for example!).

Package Dependencies

  • Python 3.6
  • pyOpenSSL (python3-pyOpenSSL on Fedora, CentOS pyOpenSSL)
  • ansible_runner 1.1.1 or above

(see requirements.txt for a more complete list of the python dependencies)

if in doubt, look in the <misc/docker> folder and build the container!

Installation

Try before you buy...assuming you have an environment that meets the python3 dependencies, simply unzip the archive and run :)

python3 ansible_runner_service.py

When you run from any directory outside of /usr, the script regards this as 'dev' mode. In this mode, all files and paths are relative to the path that you've unzipped the project into.

For 'prod' mode, a setup.py is provided. Once the package is installed and called from /usr/*/bin, the script will expect config and output files to be found in all the normal 'production' locations (see proposed file layout below)

sudo python3 setup.py install --record installed_files --single-version-externally-managed

Once this is installed, you may start the service with

ansible_runner_service

Production ready container

A container suitable for production systems can be build using the 'Dockerfile' present in the project root folder. It uses nginx with mutual TLS authentication to provide the Ansible Runner Service API.

Check documentation in <misc/nginx/README.md> folder for more information.

API Endpoints

Once the service is running, you can point your browser at https://localhost:5001/api to show which endpoints are available. Each endpoint is described along with a curl example showing invocation and output.

API endpoints

You may click on any row to expand the description of the API route and show the curl example. The app uses a self-signed certificate, so all examples use the -k parameter (insecure mode).

Note: It is not the intent of this API to validate the parameters passed to it. It is assumed that parameter selection and validation happen prior to the API call.

Here's a quick 'cheat sheet' of the API endpoints.

API Route Description
/api Show available API endpoints (this page)
/api/v1/groups List all the defined groups in the inventory
/api/v1/groups/<group_name> Manage groups within the inventory
/api/v1/groupvars/<group_name> Manage group variables
/api/v1/hosts Return a list of hosts from the inventory
/api/v1/hosts/<host_name> Show group membership for a given host
/api/v1/hosts/<host_name>/groups/<group_name> Manage ansible control of a given host
/api/v1/hostvars/<host_name>/groups/<group_name> Manage host variables for a specific group within the inventory
/api/v1/jobs/<play_uuid>/events Return a list of events within a given playbook run (job)
/api/v1/jobs/<play_uuid>/events/<event_uuid> Return the output of a specific task within a playbook
/api/v1/playbooks Return the names of all available playbooks
/api/v1/playbooks/<play_uuid> Query the state or cancel a playbook run (by uuid)
/api/v1/playbooks/<playbook_name> Start a playbook by name, returning the play's uuid
/api/v1/playbooks/<playbook_name>/tags/ Start a playbook using tags to control which tasks run
/metrics Provide prometheus compatible statistics which describe playbook activity

Testing

Testing to date has all been lab based, so please bear this in mind if considering using this tool for production use cases (bug reports welcome!). Playbook integration with Ceph and Gluster has been the primary focus together with the probe-disks.yml playbook. Did you spot the theme?..It's all about the storageβ„’ :)

For example, with ceph the osd-configure.yml playbook has been tested successfully.

Manual Testing

The archive, downloaded from github, contains a simple playbook that just uses the bash sleep command - enabling you to quickly experiment with the API.

Use the steps below (test mode/test container version <misc/docker>), to quickly exercise the API

  1. Get the list of available playbooks (should just be test.yml) curl -k -i https://localhost:5001/api/v1/playbooks -X GET
  2. Run the runnertest.yml playbook, passing the time_delay parameter (30 secs should be enough). curl -k -i -H "Content-Type: application/json" --data '{"time_delay": 30}' https://localhost:5001/api/v1/playbooks/runnertest.yml -X POST
  3. The previous command will return the playbooks UUID. Use this identifier to query the state or progress of the run. curl -k -i https://localhost:5001/api/v1/playbooks/f39069aa-9f3d-11e8-852f-c85b7671906d -X GET
  4. Get a list of all the events in a playbook. The return list consists of all the job event ID's curl -k -i https://localhost:5001/api/v1/jobs/f39069aa-9f3d-11e8-852f-c85b7671906d/events -X GET
  5. To get specific output from a job event, you can query the job event curl -k -i https://localhost:5001/api/v1/jobs/f39069aa-9f3d-11e8-852f-c85b7671906d/events/13-c85b7671-906d-e52d-d421-000000000008 -X GET

Obviously you'll need to change the playbook uuid and job uuids for your run :)

Tips & Tricks

  1. Tweaking the environment:The script uses a configuration module which is accessible across the different modules within the project. There are two ways that settings in the configuration module can be overridden;

    • by using a config.yaml file
    • by providing a setting value when starting the ansible_runner_service program
  2. Overriding configuration at run time, lets you do quick tests like this;

    • start the service, but don't perform any passwordless ssh tests
    $ ssh_checks=false python3 ansible_runner_service
    
    • change the target user when validating ssh connection is in place
    $ target_user=root python3 ansible_runner_service
    

Automated Build & Testing

The project uses Travis CI integration to check the following;

  • Installation
  • code style (using flake8)
  • Ansible inventory management (groups/hosts)
  • API endpoints using test data and a test playbook

For more info, look at the .travis.yml file.

File Layout (Proposed)

/etc/ansible-runner-service

  • logging.yaml
  • config.yaml
  • ansible-runner-service.crt (used only with the development Flask server)
  • ansible-runner-service.key (used only with the development Flask server)
  • certs
    • client (optional placement for store authorized client certificates)
    • server
      • server.crt (server certificate issued by )
      • server.key (server certificate key)
      • ca.crt (certificate authority cert to validate client certificates) /usr/share/ansible-runner-service
  • artifacts
  • inventory
  • env
  • project
    • roles (optional)
    • library (optional)
    • test.yaml
  • roles

/var/log/ansible-runner-service.log

/usr/share/doc/ansible-runner-service

  • README.md
  • LICENSE.md

/etc/systemd/system

  • ansible-runner-service.service

/usr/bin/ or /usr/local/bin

  • ansible_runner_service

More Repositories

1

ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
Python
58,550
star
2

awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Python
13,864
star
3

ansible-examples

A few starter examples of ansible playbooks, to show features and how they work together. See http://galaxy.ansible.com for example roles from the Ansible community for deploying many popular applications.
Shell
11,590
star
4

molecule

Molecule aids in the development and testing of Ansible content: collections, playbooks and roles
Python
3,849
star
5

ansible-lint

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you
Python
3,436
star
6

ansible-container

DEPRECATED -- Ansible Container was a tool to build Docker images and orchestrate containers using only Ansible playbooks.
Python
2,191
star
7

workshops

Training Course for Ansible Automation Platform
Jinja
1,708
star
8

ansible-modules-core

Ansible modules - these modules ship with ansible
Python
1,279
star
9

awx-operator

An Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. πŸ€–
Jinja
1,234
star
10

ansible-runner

A tool and python library that helps when interfacing with Ansible directly or as part of another system whether that be through a container image interface, as a standalone tool, or as a Python module that can be imported. The goal is to provide a stable and consistent interface abstraction to Ansible.
Python
949
star
11

ansible-modules-extras

Ansible extra modules - these modules ship with ansible
Python
942
star
12

galaxy

Legacy Galaxy still available as read-only on https://old-galaxy.ansible.com - looking for the new galaxy -> https://github.com/ansible/galaxy_ng
Python
850
star
13

ansible-jupyter-kernel

Jupyter Notebook Kernel for running Ansible Tasks and Playbooks
Python
518
star
14

community

This repository is being archived. See https://github.com/ansible-community/presentations and https://github.com/ansible-community/meetings for the new locations
HTML
487
star
15

lightbulb

Lightbulb has been deprecated and replaced by Ansible Workshops
HTML
480
star
16

ansible-lockdown

Archived, new content in https://github.com/ansible-lockdown
454
star
17

ansible-docker-base

Ansible base Images for easy Ansible-Playbook-based Docker builds
406
star
18

ansible-navigator

A text-based user interface (TUI) for Ansible.
Python
369
star
19

tower-cli

THIS TOOL IS NO LONGER UNDER ACTIVE DEVELOPMENT. This tool is being phased out in favor of the new official AWX CLI
Python
364
star
20

vscode-ansible

vscode/vscodium extension for providing Ansible auto-completion and integrating quality assurance tools like ansible-lint, ansible syntax check, yamllint, molecule and ansible-test.
TypeScript
352
star
21

test-playbooks

playbook-tests
Python
346
star
22

event-driven-ansible

Ansible Collection for EDA
Python
274
star
23

ansible-builder

An Ansible execution environment builder
Python
264
star
24

ansible-lint-action

❗️Replaced by https://github.com/marketplace/actions/run-ansible-lint
254
star
25

ansible-language-server

🚧 Ansible Language Server codebase is now included in vscode-ansible repository
TypeScript
248
star
26

galaxy_ng

Ansible Galaxy Server - Issues on https://forum.ansible.com Docs on https://galaxy-ng.readthedocs.io/
Python
213
star
27

ansibullbot

Bot for management of Ansible issues and PRs on GitHub.
Python
203
star
28

terraform-provider-ansible

community terraform provider for ansible
Go
192
star
29

ansible-rulebook

Python
190
star
30

product-demos

Jinja
184
star
31

receptor

Project Receptor is a flexible multi-service relayer with remote execution and orchestration capabilities linking controllers with executors across a mesh of nodes.
Go
160
star
32

pytest-ansible

A pytest plugin that enables the use of ansible in tests, enables the use of pytest as a collection unit test runner, and exposes molecule scnearios through a pytest fixture.
Python
149
star
33

awx-ee

An Ansible execution environment for AWX project
137
star
34

creator-ee

Ansible Execution environment targeted for content creators. It includes most development tools such ansible-lint, molecule, ...
Shell
117
star
35

mazer

Experimental Ansible Galaxy Content Manager
Python
114
star
36

ansible-for-rubyists

Ansible is written in Python, but you can write modules in any language. Here are some Ruby examples to get you started.
Ruby
108
star
37

immutablish-deploys

Python
99
star
38

proposals

Repository for sharing and tracking progress on enhancement proposals for Ansible.
91
star
39

ansible-documentation

Ansible community documentation
Python
83
star
40

ansible-container-examples

A few starter applications to demonstrate features and provide examples.
Python
76
star
41

ansible-creator

The fastest way to generate all your ansible content!
Python
75
star
42

ansible-kubernetes-modules

DEPRECATED Ansible role containing pre-release K8s modules
Python
73
star
43

instruqt

Self-paced instruqt Training material
Shell
71
star
44

ansible-ui

Ansible UI
TypeScript
67
star
45

ansible-hub-ui

Ansible Automation Hub UI
TypeScript
66
star
46

tacacs_plus

A Python-based TACACS+ client that supports authentication, authorization and accounting.
Python
64
star
47

ansible-dev-tools

Ansible automation developer tools
Python
63
star
48

ansible-container-demo

Manage the application lifecycle from development to deployment using Ansible Container
JavaScript
61
star
49

pytest-mp

multiprocessing.Process(target=pytest_runtest_protocol, args=(your_test, None))
Python
61
star
50

pylibssh

Python bindings specific to Ansible use case for libssh https://www.libssh.org/
Cython
60
star
51

galaxy_collection

Collection of modules and roles to configure Automation Hub
Jinja
58
star
52

autoscaling-blog

Companion playbooks to an article at http://www.ansible.com/blog/autoscaling-infrastructures
56
star
53

tox-ansible

The tox-ansible plugin dynamically creates a full matrix of python interpreter and ansible-core version environments for running integration, sanity, and unit for an ansible collection both locally and in a Github action. tox virtual environments are leveraged for collection building, collection installation, dependency installation, and testing.
Python
53
star
54

ansible-tower-samples

Ansible Tower Playbook Samples
46
star
55

schemas

❗️Schemas are now managed inside ansible-lint project
TypeScript
44
star
56

ansible-baseline

A baseline playbook for testing Ansible performance
Python
41
star
57

awx-resource-operator

Jinja
41
star
58

role-secure-docker-daemon

Ansible role to generate server and client certificates for your docker daemon
Shell
38
star
59

workshop-examples

This repository contains demo playbooks and roles used in our Ansible Workshops.
37
star
60

ansible.github.com

nothing to see here, this just makes ansible.github.com/io a redirect to the main project page
JavaScript
35
star
61

ansible-blog-examples

Example playbooks from posts on the Ansible blog (https://www.ansible.com/blog)
Python
34
star
62

eda-server-operator

Jinja
34
star
63

eda-server-prototype

Python
33
star
64

awx-facts-playbooks

Repository containing playbooks to support fact scanning in Ansible Tower and AWX.
Python
33
star
65

ansible-risk-insight

Ansible Risk Insight (ARI) is the tool to evaluate the quality and risk of the ansible content.
Python
32
star
66

galaxy-lint-rules

Ansible Lint rules used by Galaxy and Mazer to evaluate Ansible content
Python
29
star
67

tower-example

Ansible Tower Example Playbooks
28
star
68

ansible-lightspeed

This repository is no longer in use. The Ansible Lightspeed with IBM watsonx Code Assistant product documentation can be found at https://docs.redhat.com/en/documentation/red_hat_ansible_lightspeed_with_ibm_watsonx_code_assistant.
28
star
69

ansible-runner-http

Python
28
star
70

distro-test-containers

Distribution specific containers for Ansible integration testing.
Dockerfile
27
star
71

galaxy-importer

Galaxy content importer
Python
26
star
72

project-config

Zuul configuration files for the Ansible tenant
Python
25
star
73

awx-logos

Less
25
star
74

role-install-gcloud

Install Google Cloud SDK and Kubernetes kubectl CLI.
Shell
24
star
75

ansible-zuul-jobs

Zuul job definitions for the Ansible tenant.
Python
23
star
76

ansible-sdk

The Ansible SDK
Python
23
star
77

azure-testing

Former home for Ansible Azure module testing. Testing is now part of the main Ansible repository.
21
star
78

network-infra-playbooks

Playbooks and roles for installing and managing Ansible networking CI
Shell
21
star
79

ansible-policy

ansible-policy is a prototype implementation which allows us to define and set constraints to the Ansible project in OPA Rego language.
Python
21
star
80

galaxy-issues

This repository exists solely for the tracking of user issues with Ansible Galaxy.
20
star
81

vcenter-test-container

vCenter simulator container for testing.
Python
20
star
82

docsite

Static HTML and assets for docs.ansible.com
HTML
19
star
83

ansible-content-actions

Combine GitHub Actions to create a streamlined workflow for testing Ansible collection repositories on GitHub.
19
star
84

django-gulp-nginx

Django + PostgreSQL + Nginx with Gulp-built static assets framework, managed with Ansible Container
JavaScript
19
star
85

aap-docs

Asciidoc technical content for Ansible Automation Platform
19
star
86

terraform-provider-aap

Terraform Provider for Ansible Automation Platform
Go
18
star
87

pinakes

Python
18
star
88

ansible_tower_client_ruby

Ruby gem for the Ansible Tower REST API
Ruby
18
star
89

ansible-compat

A python package containing functions that help interacting with various versions of Ansible
Python
18
star
90

community-docs

docs.ansible.com/community
18
star
91

ambassadors

A repository of useful materials for Ansible Ambassadors around the world.
17
star
92

team-devtools

Shared practices, workflows and decisions impacting Ansible devtools projects
Dockerfile
17
star
93

test-network-modules

Playbooks for testing Ansible core network modules
JavaScript
17
star
94

ansible-dev-environment

Build and maintain a development environment including ansible collections and their python dependencies
Python
17
star
95

docker-testing

New Docker modules.
Shell
17
star
96

network

Ansible collection for network devices
16
star
97

tower-nagios-integration

Scripts and documentation related to the integration of Ansible Tower with Nagios.
Python
15
star
98

django-template

A Django project template for Ansible Container
Python
15
star
99

logos

Ansible upstream logos
Shell
14
star
100

nginx-container

Add an nginx service to your Ansible Container project
Python
14
star