Documentation

3. Installing Ansible Tower

As Tower can be installed in various ways by choosing the best mode for your environment and making any necessary modifications to the inventory file:

3.1. Tower Installation Scenarios

Tower can be installed using one of the following scenarios:

Single Machine:

  • As an integrated installation:
    • This is a single machine install of Tower - the web frontend, REST API backend, and database are all on a single machine. This is the standard installation of Tower. It also installs PostgreSQL from your OS vendor repository, and configures the Tower service to use that as its database.
  • With an external database (2 options available):
    • Tower with remote DB configuration: This install the Tower server on a single machine and configures it to talk to a remote instance of PostgreSQL (9.4 or later) as its database. This remote PostgreSQL can be a server you manage, or can be provided by a cloud service such as Amazon RDS.
    • Tower with a playbook install of a remote Postgres system: This installs the Tower server on a single machine and installs a remote Postgres database via the playbook installer (managed by Tower).

Note

1). Tower will not configure replication or failover for the database that it uses, although Tower should work with any replication that you have. 2). The database server should be on the same network or in the same datacenter as the Tower server for performance reasons.

Active/Passive Redundancy Multi-Machine:

Tower can be installed in an active-passive redundancy mode. In this mode, Tower runs with one ‘primary’ node active at any time, and any number of passive ‘secondary’ nodes that can be made active if necessary.

  • An Active/Passive Tower setup can also be installed with an external database (2 options available):
    • Tower with remote DB configuration: This install the Tower server on a single machine and configures it to talk to a remote instance of PostgreSQL as its database. This remote PostgreSQL can be a server you manage, or can be provided by a cloud service such as Amazon RDS.
    • Tower with a playbook install of a remote Postgres system: This installs the Tower server on a single machine and installs a remote Postgres database via the playbook installer (managed by Tower).

Note

Running in a redundancy setup requires any database that Tower uses to be external–Postgres must be installed on a machine that is not one of the primary or secondary tower nodes. When in a redundant setup, the remote Postgres version requirements is Postgresql 9.4.x.

3.2. Setting up the Inventory File

As you edit your inventory file, there are a few things you must keep in mind:

  • The contents of the inventory file should be defined in ./inventory, next to the ./setup.sh installer playbook.
  • For installations and upgrades: If you need to make use of external databases, you must ensure the database sections of your inventory file are properly setup. Edit this file and add your external database information before running the setup script.
  • For redundant installations: If you are creating a redundant setup, you must replace localhost with the hostname or IP address of the primary instance.
  • For installations: When performing an installation, you must supply any necessary passwords in the inventory file.
  • For upgrades: When upgrading, your prior configuration should migrate over and filling out the passwords in the inventory file should be unnecessary.
admin_password='password'
redis_password='password'
pg_password='password'

Note

Redis passwords must not contain spaces or any of the following characters: @, :, -, \, /, #

For example, Passw0rd is acceptable, but P@ssword is not. (It is not recommended that you use this example password as anything other than an example. Setting your actual password to anything other than a secure password that is only known by you or your trusted administration staff is extremly dangerous.)

Example Inventory file

[primary]
localhost ansible_connection=local

[secondary]

[database]

[all:vars]
admin_password='password'
redis_password='password'

pg_host=''
pg_port=''

pg_database='awx'
pg_username='awx'
pg_password='password'

Example Inventory file for an external existing database

[primary]
node1.example.com ansible_connection=local

[secondary]
node2.example.com

[database]

[all:vars]
admin_password='password'
redis_password='password'

pg_host=‘database.example.com’
pg_port=’5432’

pg_database='awx'
pg_username='awx'
pg_password='password'

Example Inventory file for external database which needs installation

[primary]
node1.example.com ansible_connection=local

[secondary]
node2.example.com

[database]
database.example.com

[all:vars]
admin_password='password'
redis_password='password'

pg_host=‘database.example.com’
pg_port=’5432’

pg_database='awx'
pg_username='awx'
pg_password='password'

Once any necessary changes have been made, you are ready to run ./setup.sh.

Note

Root access to the remote machines is required. With Ansible, this can be achieved in different ways:

  • ansible_ssh_user=root ansible_ssh_password=”your_password_here” inventory host or group variables
  • ansible_ssh_user=root ansible_ssh_private_key_file=”path_to_your_keyfile.pem” inventory host or group variables
  • ANSIBLE_BECOME_METHOD=’sudo’ ANSIBLE_BECOME=True ./setup.sh
  • ANSIBLE_SUDO=True ./setup.sh

3.3. The Setup Playbook

Note

Ansible Tower 3.0 simplifies installation and removes the need to run ./configure/ as part of the installation setup. Users of older versions should follow the instructions available in the v.2.4.5 (or earlier) releases of the Tower Documentation available at: http://docs.ansible.com/

The Tower setup playbook script uses the inventory file and is invoked as ./setup.sh from the path where you unpacked the Tower installer tarball.

root@localhost:~$ ./setup.sh

The setup script takes the following arguments:

  • -h – Show this help message and exit
  • -i INVENTORY_FILE – Path to Ansible inventory file (default: inventory)
  • -e EXTRA_VARS – Set additional Ansible variables as key=value or YAML/JSON (i.e. -e bundle_install=false forces an online installation)
  • -b – Perform a database backup in lieu of installing
  • -r – Perform a database restore in lieu of installing (a default restore path is used unless EXTRA_VARS are provided with a non-default path, as shown in the code example below)
./setup.sh -e 'restore_backup_file=/path/to/nondefault/location' -r

Note

Please note that a issue was discovered in Tower 3.0.0 and 3.0.1 that prevented proper system backups and retorations.

If you need to back up or restore your Tower v3.0.0 or v3.0.1 installation, use the v3.0.2 installer to do so.

After calling ./setup.sh with the appropriate parameters, Tower is installed on the appropriate machines as has been configured. Setup installs Tower from RPM or Deb packages using repositories hosted on ansible.com.

Once setup is complete, use your web browser to access the Tower server and view the Tower login screen. Your Tower server is accessible from port 80 (http://tower.company.com/).

Login form

If the installation of Tower fails and you are a customer who has purchased a valid license for Ansible Tower, please contact Ansible via the Red Hat Customer portal at https://access.redhat.com/.

3.4. Changing the Password

Once installed, if you log into the Tower instance via SSH, the default admin password is provided in the prompt. You can then change it with the following command (as root or as AWX user):

tower-manage changepassword admin

After that, the password you have entered will work as the admin password in the web UI.