7. Using virtualenv with Ansible Tower¶
Ansible Tower 3.0 and later uses virtualenv. Virtualenv creates isolated Python environments to avoid problems caused by conflicting dependencies and differing versions. Virtualenv works by simply creating a folder which contains all of the necessary executables and dependencies for a specific version of Python. Ansible Tower creates two virtualenvs during installation–one is used to run Tower, while the other is used to run Ansible. This allows Tower to run in a stable environment, while allowing you to add or update modules to your Ansible Python environment as necessary to run your playbooks. For more information on virtualenv, see the Python Guide to Virtual Environments and the Python virtualenv project itself.
By default, the virtualenv is located at
/var/lib/awx/venv/ansibleon the file system.
Tower also pre-installs a variety of third-party library/SDK support into this virtualenv for its integration points with a variety of cloud providers (such as EC2, OpenStack, Azure, etc.) Periodically, you may want to add additional SDK support into this virtualenv, which is described in further detail below.
Note
It is highly recommended that you run umask 0022 before installing any packages to the virtual environment. Failure to properly configure permissions can result in Tower service failures. An example follows:
# source /var/lib/awx/venv/ansible/bin/activate
# umask 0022
# pip install --upgrade pywinrm
# deactivate
In addition to adding modules to the virtualenv that Tower uses to run Ansible, you can create new virtualenvs as described below.
7.1. Preparing a new custom virtualenv¶
Tower allows a different virtualenv to be specified and used on Job Template runs. To choose a custom virtualenv, first create one under /var/lib/awx/venv/:
$ sudo virtualenv /var/lib/awx/venv/my-custom-venv
Your newly created virtualenv needs a few base dependencies to properly run playbooks (Tower uses memcached as a placeholder for playbook artifacts):
$ sudo /var/lib/awx/venv/my-custom-venv/bin/pip install python-memcached psutil
From here, you can install additional Python dependencies that you care about, such as a per-virtualenv version of Ansible itself:
$ sudo /var/lib/awx/venv/my-custom-venv/bin/pip install -U "ansible == X.Y.Z"
Or you can add an additional third-party SDK that is not included with the base Tower installation:
$ sudo /var/lib/awx/venv/my-custom-venv/bin/pip install -U python-digitalocean
If you want to copy them, the libraries included in Tower’s default virtualenv can be found using pip freeze:
$ sudo /var/lib/awx/venv/ansible/bin/pip freeze
In a clustered Tower installation, you need to ensure that the same custom virtualenv exists on every local file system at /var/lib/awx/venv/. Custom virtualenvs are supported on isolated instances. If you are using a custom virtual environment, it needs to also be copied or replicated on any isolated node you would be using, not just on the Tower node.
7.2. Assigning custom virtualenvs¶
Once you have created a custom virtualenv, you can assign it at the Organization, Project, or Job Template level:
PATCH https://awx-host.example.org/api/v2/organizations/N/
PATCH https://awx-host.example.org/api/v2/projects/N/
PATCH https://awx-host.example.org/api/v2/job_templates/N/
Content-Type: application/json
{
'custom_virtualenv': '/var/lib/awx/venv/my-custom-venv'
}
An HTTP GET request to /api/v2/config/ provides a list of detected installed virtualenvs:
{
"custom_virtualenvs": [
"/var/lib/awx/venv/my-custom-venv",
"/var/lib/awx/venv/my-other-custom-venv",
],
...
}
You can also specify the virtual environment to assign to an Organization, Project, and Job Template from their respective edit screens in the Ansible Tower User Interface. Select the virtualenv from the Ansible Environment drop-down menu, as shown in the example below:
