Tower server errors are logged in /var/log/tower
. Supervisors logs can be found in /var/log/supervisor/
. Apache web server errors are logged in the httpd error log. Configure other Tower logging needs in /etc/tower/conf.d/
.
Explore client-side issues using the JavaScript console built into most browsers and report any errors to Ansible via the Red Hat Customer Portal at https://access.redhat.com/.
If you are unable to run the helloworld.yml
example playbook from the Quick Start Guide or other playbooks due to host connection errors, try the following:
ssh
to your host? Ansible depends on SSH access to the servers you are managing.If you are unable to run the helloworld.yml
example playbook from the Quick Start Guide or other playbooks due to playbook errors, try the following:
--user=username
or -u username
commands to specify a user.yamlint
to check your playbook. For more information, refer to the YAML primer at: http://docs.ansible.com/YAMLSyntax.html-
are considered list items or plays. Items with the format of key: value
operate as hashes or dictionaries. Ensure you don’t have extra or missing -
plays.If you are having trouble running a job from a playbook, you should review the playbook YAML file. When importing a playbook, either manually or via a source control mechanism, keep in mind that the host definition is controlled by Tower and should be set to hosts: all
.
Ansible by default gathers “facts” about the machines under its management, accessible in Playbooks and in templates. To view all facts available about a machine, run the setup
module as an ad hoc action:
ansible -m setup hostname
This prints out a dictionary of all facts available for that particular host. For more information, refer to: https://docs.ansible.com/ansible/playbooks_variables.html#information-discovered-from-systems-facts
While Ansible does not require a configuration file, OS packages often include a default one in /etc/ansible/ansible.cfg
for possible customization. You can also install your own copy in ~/.ansible.cfg
or keep a copy in a directory relative to your playbook named as ansible.cfg
.
To learn which values you can use in this file, refer to the configuration file on github.
Using the defaults are acceptable for starting out, but know that you can configure the default module path or connection type here, as well as other things.
If your playbooks are not showing up in the Job Template drop-down list, here are a few things you can check:
chown awx -R /var/lib/awx/projects/
If you are attempting to run a playbook Job and it stays in the “Pending” state indefinitely, try the following:
supervisorctl status
./var/
partition has more than 1 GB of space available. Jobs will not complete with insufficient space on the /var/
partition.ansible-tower-service restart
on the Tower server.If you continue to have problems, run sosreport
as root on the Tower server, then file a support request with the result.
When issuing a cancel
request on a currently running Tower job, Tower issues a SIGINT
to the ansible-playbook
process. While this does cause Ansible to exit, Ansible is designed to finish tasks before it exits and only does so after the currently running play has completed.
With respect to software dependencies, if a running job is canceled, the job is essentially removed but the dependencies will remain.
When working with Ansible Tower, you can use the API to obtain the Ansible outputs for commands in JSON format.
To view the Ansible outputs, browse to:
https://<tower server name>/api/v1/jobs/<job_id>/job_events/
Instances have been reported where reusing the external DB during subsequent HA installations causes installation failures.
For example, say that you performed an HA installation. Next, say that you needed to do this again and performed a second HA installation reusing the same external database, only this subsequent installation failed.
When setting up an external HA database which has been used in a prior installation, the HA database must be manually cleared before any additional installations can succeed.
The PRoot functionality in Ansible Tower limits which directories on the Tower file system are available for playbooks to see and use during playbook runs. You may find that you need to customize your PRoot settings in some cases. To fine tune your usage of PRoot, there are certain variables that can be set:
# Enable proot support for running jobs (playbook runs only).
AWX_PROOT_ENABLED = False
# Command/path to proot.
AWX_PROOT_CMD = 'proot'
# Additional paths to hide from jobs using proot.
AWX_PROOT_HIDE_PATHS = []
# Additional paths to show for jobs using proot.
AWX_PROOT_SHOW_PATHS = []
To customize your PRoot settings, navigate to the /etc/tower/settings.py
file. Once your changes have been saved, restart services with the ansible-tower-service restart
command.
Ansible Tower uses port 8080 on the Tower server to stream live updates of playbook activity and other events to the client browser. If this port is already in use or is blocked by your firewall, you can reconfigure Tower to use a different port.
local_settings.json
file, add an entry for websocket_port
, and set the value to the desired port, such as: {"websocket_port": 8080}
./etc/awx/settings.py
and add a new line like the following (in this example, 8081 is your new desired port): SOCKETIO_LISTEN_PORT=8081
ansible-tower-service restart
.Note that local_settings.json
is removed when upgrading Tower to a new release. You must recreate and reapply the change on each upgrade of Tower.
By default, Tower only shows instances in a VPC that have an Elastic IP (EIP) associated with them. To see all of your VPC instances, perform the following steps:
Source Variables
box, enter:vpc_destination_variable: private_ip_address
Next, save and then trigger an update of the group. Once this is done, you should be able to see all of your VPC instances.
Note
Tower must be running inside the VPC with access to those instances if you want to configure them.
Ansible Tower has a full-featured command line interface. It communicates with Tower via Tower’s REST API. You can install it from any machine with access to your Tower machine, or on Tower itself.
Installation can be done using the pip
command:
pip install ansible-tower-cli
Refer to api_towercli and https://github.com/ansible/tower-cli/blob/master/README.md for configuration and usage instructions.
During the installation process, you are prompted to enter an administrator password which is used for the admin
superuser/first user created in Tower. If you log into the instance via SSH, it will tell you the default admin password in the prompt. If you need to change this password at any point, run the following command as root on the Tower server:
tower-manage changepassword admin
Next, enter a new password. After that, the password you have entered will work as the admin password in the web UI.
Credentials supplied by Tower will not flow to the jump host via ProxyCommand. They are only used for the end-node once the tunneled connection is set up.
To make this work, configure a fixed user/keyfile in the AWX user’s SSH config in the ProxyCommand definition that sets up the connection through the jump host. For example:
Host tampa
Hostname 10.100.100.11
IdentityFile [privatekeyfile]
Host 10.100..
Proxycommand ssh -W [jumphostuser]@%h:%p tampa
Note
You must disable PRoot by default if you need to use a jump host. You can disable PRoot by navigating to the /etc/tower/settings.py
file, setting AWX_PROOT_ENABLED=False
, then restarting services with the ansible-tower-service restart
command.