Documentation

17. Tower Configuration

You can configure various Tower settings within the Settings screen in the following tabs:

_images/ug-settings-menu-screen.png

Each tab contains fields with a Reset button, allowing you to revert any value entered back to the default value. Reset All allows you to revert all the values in the Edit Tower Configuration to their factory default values.

Save applies changes you make, but it does not exit the edit dialog. To return to the Configure Tower screen, click the Settings (settings) icon from the left navigation bar or use the breadcrumbs at the top of the current view.

17.1. Authentication

Through the Tower user interface, you can set up a simplified login through various authentication types: GitHub, Google, LDAP, RADIUS, and SAML. After you create and register your developer application with the appropriate service, you can set up authorizations for them. Since configuration files are now saved to the PostgreSQL DB in Ansible Tower 3.1 instead of flat files, setting up authorizations in the Ansible Tower User Interface is the recommended method.

  1. From the left navigation bar, hover over the Settings (settings) icon and select Authentication or click the Authentication tab from the Settings screen.

  2. The Authentication window opens. Select the appropriate authentication type from the row of tabs across the top of the window.

_images/configure-tower-auth.png

Different authentication types require you to enter different information. Be sure to include all the information as required.

Note

For more detail about each authentication type, refer to the Setting up Social Authentication section of the Ansible Tower Administration Guide.

  1. Click Save to apply the settings or Cancel to abandon the changes.

17.2. Jobs

The Jobs tab allows you to configure the types of modules that are allowed to be used by Tower’s Ad Hoc Commands feature, set limits on the number of jobs that can be scheduled, define their output size, and other details pertaining to working with Jobs in Tower.

  1. From the left navigation bar, hover over the Settings (settings) icon and select Jobs or click the Jobs tab from the Settings screen.

  2. Set the configurable options from the fields provided. Click the tooltip help icon next to the field that you need additional information or details about. Refer to the Isolated Instance Groups section for details about configuring durations for isolated instance groups. Refer to the Ansible Galaxy Support section for details about configuring Galaxy settings.

Note

The values for all the timeouts are in seconds.

_images/configure-tower-jobs.png
  1. Click Save to apply the settings or Cancel to abandon the changes.

17.3. System

The System tab allows you to define the base URL for the Tower host, configure alerts, enable activity capturing, control visibility of users, enable certain Tower features and functionality through a license file, and configure logging aggregation options.

  1. From the left navigation bar, hover over the Settings (settings) icon and select System or click the System tab from the Settings screen.

  2. The System window opens. Select an option from the row of tabs across the top of the window:

  • Misc. System: define the base URL for the Tower host, enable tower administration alerts, and allow all users to be visible to organization administrators.

  • Activity Stream: enable or disable activity stream.

  • Logging: configure logging options based on the type you choose:

    _images/configure-tower-system-logging-types.png

    For more information about each of the logging aggregation types, refer to the Tower Logging and Aggregation section of the Ansible Tower Administration Guide.

  1. Set the configurable options from the fields provided. Click the tooltip help icon next to the field that you need additional information or details about.

_images/configure-tower-system.png

Note

The Allow External Users to Create Oauth2 Tokens setting is disabled by default. This ensures external users cannot create their own tokens. If you enable then disable it, any tokens created by external users in the meantime will still exist, and are not automatically revoked.

  1. Click Save to apply the settings or Cancel to abandon the changes.

17.4. User Interface

The User Interface tab allows you to set Tower analytics settings, as well as configure custom logos and login messages.

Access the User Interface settings by hovering over the Settings (settings) icon from the left navigation bar and select User Interface or click the User Interface tab from the Settings screen.

_images/configure-tower-ui.png

17.4.1. Usability Analytics and Data Collection

Usability data collection is included with Tower to collect data to better understand how Tower users specifically interact with Tower, to help enhance future releases, and to continue streamlining your user experience.

Only users installing a trial of Tower or a fresh installation of Tower are opted-in for this data collection.

If you want to change how you participate in this analytics collection, you can opt out or change your settings using the Configure Tower user interface, accessible from the Settings (settings) icon from the left navigation bar.

Ansible Tower collects user data automatically to help improve the Tower product. You can control the way Tower collects data by setting your participation level in the User Interface tab in the settings menu.

_images/configure-tower-ui-tracking_state.png
  1. Select the desired level of data collection from the User Analytics Tracking State drop-down list:

  • Off: Prevents any data collection.

  • Anonymous: Enables data collection without your specific user data.

  • Detailed: Enables data collection including your specific user data.

  1. Click Save to apply the settings or Cancel to abandon the changes.

For more information, see the Red Hat privacy policy at https://www.redhat.com/en/about/privacy-policy.

17.4.2. Custom Logos and Images

Ansible Tower supports the use of a custom logo. You can add a custom logo by uploading an image; and supply a custom login message from the User Interface settings of the Settings (settings) menu.

_images/configure-tower-ui.png

For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG, and JPEG formats are supported.

If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal by adding it to the Custom Login Info text field.

For example, if you uploaded a specific logo, and added the following text:

_images/configure-tower-ui-logo-filled.png

The Tower login dialog would look like this:

_images/configure-tower-ui-angry-spud-login.png

Selecting Revert will result in the appearance of the standard Ansible Tower logo.

_images/login-form-empty.png

17.5. License

Starting with 3.8, Ansible Tower uses available subscriptions or a subscription manifest to authorize the use of Tower. Previously, Tower used a license key and a JSON dictionary of license metadata. Even if you already have valid licenses from previous versions, you must still provide your credentials or a subscriptions manifest again upon upgrading to Tower 3.8. To obtain your Tower subscription, you can either:

  1. Provide your Red Hat or Satellite username and password on the license page.

  2. Obtain a subscriptions manifest from your Subscription Allocations page on the customer portal. See Obtaining a subscriptions manifest for more detail.

If you have a Red Hat Ansible Automation Platform subscription, use your Red Hat customer credentials when you launch Tower to access your subscription information (see instructions below).

If you do not have a Red Hat Ansible Automation Platform subscription, you can request a trial subscription here or click Request Subscription and follow the instructions to request one.

Disconnected environments with Satellite will be able to use the login flow on vm-based installations if they have configured subscription manager on the Tower instance to connect to their Satellite instance. Recommended workarounds for disconnected environments without Satellite include [1] downloading a manifest from access.redhat.com in a connected environment, then uploading it to the disconnected Tower instance, or [2] connecting to the Internet through a proxy server.

Note

In order to use a disconnected environment, it is necessary to have a valid Ansible Tower entitlement attached to your Satellite organization’s manifest. This can be confirmed by using hammer subscription list \--organization <org_name>.

If you have issues with the subscription you have received, please contact your Sales Account Manager or Red Hat Customer Service at https://access.redhat.com/support/contact/customerService/.

When Tower launches for the first time, the Tower Subscription screen automatically displays.

no license

Use your Red Hat credentials (username and password) to retrieve and import your subscription, or upload a subscription manifest you generate from https://access.redhat.com/management/subscription_allocations.

  1. Enter your Red Hat customer credentials (username and password) and click Get Subscriptions. Use your Satellite username/password if your Tower cluster nodes are registered to Satellite via Subscription Manager. See Installing Satellite instances on Tower for more information.

Alternatively, if you have a subscriptions manifest, you can upload it by browsing to the location where the file is saved to upload it (the subscription manifest is the complete .zip file, not its component parts). See Obtaining a subscriptions manifest for more detail.

Note

If the Browse button is grayed-out, clear the username and password fields to enable the Browse button.

  1. The subscription metadata is then retrieved from the RHSM/Satellite API, or from the manifest provided.

  • If it is a subscription manifest, Tower will use the first valid subscription included in your manifest file. This is why it is important to only include the subscription you want applied to the Tower installation.

  • If you entered your credential information (username/password), Tower retrieves your configured subscription service. Then it prompts you to choose the subscription you want to run (the example below shows multiple subscriptions) and entitles Tower with that metadata. You can log in over time and retrieve new subscriptions if you have renewed.

Note

When your subscription expires (you can check this on the License settings in the Configure Tower screen of the UI), you will need to renew it in Tower by one of these two methods.

_images/license-password-entered.png

If you encounter the following error message, you will need the proper permissions required for the Satellite user with which the Tower admin uses to apply a subscription.

_images/tower-license-error-satellite-user.png

The Satellite username/password is used to query the Satellite API for existing subscriptions. From the Satellite API, Tower gets back some metadata about those subscriptions, then filter through to find valid subscriptions that you could apply, which are then displayed as valid subscription options in the UI.

The following Satellite roles grant proper access:

  • Custom with view_subscriptions and view_organizations filter

  • Viewer

  • Administrator

  • Organization Admin

  • Manager

As the Custom role is the most restrictive of these, this is the recommend role to use for your Tower integration. Refer to the Satellite documentation on managing users and roles for more detail.

Note

The System Administrator role is not equivalent to the Administrator user checkbox, and will not provide sufficient permissions to access the subscriptions API page.

  1. Proceed by checking the End User License Agreement.

  2. The bottom half of the license screen involves analytics data collection. This helps Red Hat improve the product by delivering you a much better user experience. For more information about data collection, refer to Usability Analytics and Data Collection. This option is checked by default, but you may opt out of any of the following:

  • User analytics collects data from the Tower User Interface.

  • Automation analytics provides a high level analysis of your automation with Ansible Tower, which is used to help you identify trends and anomalous use of Tower. For opt-in of Automation Analytics to have any effect, your instance of Ansible Tower must be running on Red Hat Enterprise Linux. See instructions described in the Automation Analytics section.

Note

At this time, Automation Insights is not supported when Ansible Tower is running in the OpenShift Container Platform. You may change your analytics data collection preferences at any time, as described in the Usability Analytics and Data Collection section.

  1. After you have specified your tracking and analytics preferences, click Submit.

Once your subscription has been accepted, Tower briefly displays the license screen and navigates you to the Dashboard of the Ansible Tower interface. For later reference, you can return to the license screen by clicking the Settings (settings) icon from the left navigation bar and select the License tab from the Settings screen.

license accepted