12. Bubblewrap functionality and variables¶
The bubblewrap functionality in Ansible Tower limits which directories on the Tower file system are available for playbooks to see and use during playbook runs. You may find that you need to customize your bubblewrap settings in some cases. To fine tune your usage of bubblewrap, there are certain variables that can be set.
- Disabling bubblewrap support:
- To disable bubblewrap support for running jobs (playbook runs only), ensure you are logged in as the Admin user and click on the settings gear
in the upper right-hand corner. Click on the “Configure Tower” box, then click on the “Jobs” tab. Scroll down until you see “Enable Job Isolation” and change the radio button selection to “off”.
- To disable bubblewrap support for running jobs (playbook runs only), ensure you are logged in as the Admin user and click on the settings gear
- Enabling bubblewrap support:
- To enable bubblewrap support for running jobs (playbook runs only), ensure you are logged in as the Admin user and click on the settings gear in the upper right-hand corner. Click on the “Configure Tower” box, then click on the “Jobs” tab. Scroll down until you see “Enable Job Isolation” and change the radio button selection to “on”.
- To enable bubblewrap support for running jobs (playbook runs only), ensure you are logged in as the Admin user and click on the settings gear
By default, the Tower will use the system’s tmp directory (/tmp by default) as its staging area. This can be changed in the Job Isolation Execution Path field of the Configure tower screen, or by updating the following entry in the settings file:
AWX_PROOT_BASE_PATH = "/opt/tmp"
If there is other information on the system that is sensitive and should be hidden, you can specify those in the Configure Tower screen in the Paths to Hide to Isolated Jobs or by updating the following entry in the settings file:
AWX_PROOT_HIDE_PATHS = ['/list/of/', '/paths']
If there are any directories that should specifically be exposed, you can specify those in the Configure Tower screen in the Paths to Expose to Isolated Jobs or by updating the following entry in the settings file:
AWX_PROOT_SHOW_PATHS = ['/list/of/', '/paths']
Note
The primary file you may want to add to
AWX_PROOT_SHOW_PATHSis/var/lib/awx/.ssh, if your playbooks need to use keys or settings defined there.
If you made changes in the settings file, be sure to restart services with the ansible-tower-service restart command after your changes have been saved.