Ansible Tower
  • Dark
    Light
  • PDF

Ansible Tower

  • Dark
    Light
  • PDF

Ansible Tower

The Ansible Tower Adapter is used to manage and provide an API for Ansible Tower, a build, configuration, and orchestration system.

  • Ansible Tower needs to be installed on a server that IAP can access.
  • Ansible Tower does not need to be installed on the same server that IAP is on.
  • Refer to the Minimum System Requirements located in the IAP Installation guide for the required version.
Name Method
Adhoc Command GET, POST, DELETE
Credential GET, POST, PUT, DELETE
Dashboard GET
Group GET, POST, PUT, DELETE
Host GET, GET FILTERED (as in getDevicesFiltered), POST, PUT, DELETE
Inventory GET, POST, PUT, DELETE
Job GET, GET RESULT, POST, PUT, DELETE
Job Event GET
Job Template GET, POST, PUT, DELETE, LAUNCH, LAUNCH SYNC, DRY RUN SYNC
Organization GET, POST, PUT, DELETE (limitation of 1 in test environment)
Playbook GET LIST
Project GET, POST, PUT, DELETE
Workflow Job GET, GET RESULT, POST, PUT, DELETE
Token GET
Generic GET, POST, PUT, DELETE

Adapter Properties

Property Type Description
host String Required. The IP or hostname of the Ansible Tower server.
port Number Required. The port number of the Ansible Tower server.
protocol String Optional. Tells the adapter whether to use HTTP or HTTPS (http is the default).
credentials.username String Required. The username to use when connecting to the Ansible Tower server.
credentials.password String Required. The password to use when connecting to the Ansible Tower server.
credentials.token String Required. The token provided by your Ansible Tower license file.
stub Boolean Optional. Indicates whether the stub should be run instead of making calls to Ansible Tower (very useful during basic testing). The default is false which means connect to Ansible Tower.
throttle.throttle_enabled Boolean Optional. Defaults to false and simply states whether the adapter should use throttling or not.
throttle.number_pronghorns Number Optional. Defaults to 1 and states whether throttling is done in a single IAP instance or whether requests are being throttled across multiple IAPs. This is an important property for performance enhancements. Throttling in a single IAP uses an in memory queue so there is less overhead. Throttling across multiple IAPs requires putting the request and queue information into a shared resource, e.g. the database, so that each IAP can determine what is running and what is next to run. This requires additional IO overhead.
throttle.sync_async String Optional. Is not used at this time. It is for future expansion of the throttling engine.
throttle.max_in_queue Number Optional. Represents the maximum number of requests that IAP should allow into the queue before rejecting requests. This is not necessarily a limit on what IAP can handle, but more about timely responses to the requests. The current default is 1000.
throttle.concurrent_max Number Optional. Defines the number of requests that IAP can send to Ansible Tower at one time. The default is 1, meaning each request must be sent to Ansible Tower in a serial manner.
throttle.expire_timeout Number Optional. Defaults to 0. This is a graceful timeout of the request session. After the request has completed, IAP will wait the additional expire timeout time (in milliseconds) prior to sending the next request.
throttle.avg_runtime Number Optional. An approximate average of how long it takes Ansible Tower to handle each request. This is an important number that has performance implications. If the number is defined too low, it puts extra burden on IAP CPU and memory as the requests will continually try to see if they can run. If the number is defined too high, requests may wait longer than they need to before running. The number does not need to be exact but the throttling strategy depends heavily on this number being within reason. If averages range from 50 to 250 milliseconds, pick an average run-time somewhere in the middle so that when Ansible Tower performance is exceptional you might be a little slower than you might like, but when it is poor you still run efficiently. Default is 200 milliseconds.
request.number_retries Number Tells IAP how many times to retry a request that has either aborted or taken the limit error before giving up and returning an error.
request.limit_retry_error Number Optional. The HTTP error status number which defines that no capacity was available and thus after waiting a short interval the adapter can retry the request. The number defaults to 0.
request.attempt_timeout Number Optional. How long IAP should wait before aborting the attempt. On abort, IAP will back off the requests and run a Healthcheck until it re-establishes connectivity to Ansible Tower. Then it will re-attempt the request that aborted. The attempt timeout defaults to 5000 milliseconds.
request.archiving Boolean Optional. Defaults to false. It archives the request, the results and the various times (wait time, Ansible Tower time, and overall time) in the ansibletower_results collection in MongoDB. Before enabling this capability think about how much to archive and develop a strategy for cleaning up the collection in the database so that it does not become too large, especially if the responses are large.
request.ssl.enabled Boolean If you require SSL then change this to true. SSL can work two different ways, you can accept invalid certifications (only recommended for lab environments) by setting the flag to true or you can provide a CA file. If SSL is enabled and the accept invalid certifications is false, then the CA file is required.
request.ssl.accept_invalid_cert Boolean Flag indicating whether untrusted certificates are accepted.
request.ssl.accept_invalid_cert Boolean Flag indicating whether untrusted certificates are accepted.
request.ssl.ca_file String Path to the certificate authority chain containing a list of trusted certificates.
request.ssl.ciphers String The trusted set of SSL ciphers to negotiate with the remote host.

Sample Configuration

A sample Ansible Tower configuration is provided below for reference. Be sure to configure the following properties.

  • host
  • port
  • protocol
  • credentials.username
  • credentials.password
  • credentials.token
  • request.ssl.enabled
  • request.ssl.ca_file
  • request.ssl.ciphers
{
  "id": "ansibletower",
  "type": "AnsibleTower",
  "properties": {
    "host": "localhost",
    "port": 443,
    "protocol": "https",
    "credentials": {
      "username": "admin",
      "password": "$ENC87eb897b507afc1796db49409dd0261985802f84aad3469e",
      "token": "token"
    },
    "stub": false,
    "throttle": {
      "throttle_enabled": false,
      "number_pronghorns": 1,
      "sync_async": "sync",
      "max_in_queue": 1000,
      "concurrent_max":1,
      "expire_timeout":0,
      "avg_runtime": 200
    },
    "request": {
      "number_retires":3,
      "limit_retry_error":401,
      "attempt_timeout":5000,
      "archiving":false,
      "ssl": {
        "enabled": true,
        "accept_invalid_cert": false,
        "ca_file": "/etc/ssl/ca.cert",
        "ciphers": "DHE-RSA-AES256-SHA"
      }
    }
  }
}