A workflow job template links together a sequence of disparate resources that accomplishes the task of tracking the full set of jobs that were part of the release process as a single unit. These resources may include:
The () menu opens a list of the workflow and job templates that are currently available. The default view is collapsed (Compact), showing the template name, template type, and the statuses of the jobs that ran using that template, but you can click Expanded to view more information. This list is sorted alphabetically by name, but you can sort by other criteria, or search by various fields and attributes of a template. From this screen, you can launch (), copy ( ), and remove ( ) a job template. Before deleting a job template, be sure it is not used in a workflow job template.
Only workflow templates have the Workflow Visualizer icon () as a shortcut for accessing the workflow editor.
Workflow templates can be used as building blocks for another workflow template. Many parameters in a workflow template allow you to enable Prompt on Launch that can be modified at the workflow job template level, and do not affect the values assigned at the individual workflow template level. For instructions, see the Workflow Visualizer section.
To create a new workflow job template:
- Prompt on Launch: If selected, you can provide an inventory when this workflow template is launched, or when this workflow template is used within another workflow template.
- Prompt on Launch: If selected, even if a default value is supplied, you will be prompted upon launch to choose a limit.
- Check Enable Concurrent Jobs to allow simultaneous runs of this workflow. Refer to Ansible Tower Capacity Determination and Job Impact for additional information.
- Check Enable Webhooks to turn on the ability to interface with a predefined SCM system web service that is used to launch a job template. Currently supported SCM systems are GitHub and GitLab.
If you enable webhooks, other fields display, prompting for additional information:
- Webhook Service: Select which service to listen for webhooks from
- Webhook Credential: Optionally, provide a GitHub or GitLab personal access token (PAT) as a credential to use to send status updates back to the webhook service. Before you can select it, the credential must exist. See Credential Types to create one.
Upon Save, additional fields populate and the Workflow Visualizer automatically opens.
- Webhook URL: Automatically populated with the URL for the webhook service to POST requests to.
- Webhook Key: Generated shared secret to be used by the webhook service to sign payloads sent to Tower. This must be configured in the settings on the webhook service in order for Tower to accept webhooks from this service.
For additional information on setting up webhooks, see Working with Webhooks.
Pass extra command line variables to the playbook. This is the “-e” or “–extra-vars” command line parameter for ansible-playbook that is documented in the Ansible documentation at Passing Variables on the Command Line.
Provide key/value pairs using either YAML or JSON. These variables have a maximum value of precedence and overrides other variables specified elsewhere. An example value might be:git_branch: production release_version: 1.5
For more information about extra variables, refer to Extra Variables.
- Prompt on Launch: If selected, even if a default value is supplied, you will be prompted upon launch to choose command line variables.
If you want to be able to specify
extra_varson a schedule, you must select Prompt on Launch for EXTRA VARIABLES on the workflow template, or a enable a survey on the workflow template, then those answered survey questions become
Saving the template exits the Workflow Template page and the Workflow Visualizer opens to allow you to build a workflow. See the Workflow Visualizer section for further instructions. Otherwise, you may close the Workflow Visualizer to return to the Details tab of the newly saved template in order to review, edit, add permissions, notifications, schedules, and surveys, or view completed jobs and build a workflow template at a later time. Alternatively, you can click Launch to launch the workflow, but you must first save the template prior to launching, otherwise, the Launch button remains grayed-out. Also, note the Notifications tab is present only after the template has been saved.
You can verify the template is saved when the newly created workflow template appears on the list of templates at the bottom of the screen.
If an inventory was specified on the workflow template, the inventory displays in the Templates list view.
Clicking on Permissions allows you to review, grant, edit, and remove associated permissions for users as well as team members.
Click the button to create new permissions for this workflow template.
In this example, two users and one team have been selected and each have been granted permissions for this Workflow Template.
Note that you do not have to choose between teams or users, and that you can assign permissions to both at the same time.
Clicking on Notifications allows you to review any notification integrations you have setup. The Notifications tab is present only after the template has been saved.
Use the toggles to enable or disable the notifications to use with your particular template. For more detail, see Enable and Disable Notifications.
If no notifications have been set up, click the NOTIFICATIONS link from inside the gray box to create a new notification.
Refer to Notification Types for additional details on configuring various notification types.
The Completed Jobs tab provides the list of workflow templates that have ran. Click Expanded to view the various details of each job.
If a workflow-level inventory was specified at run-time, the inventory name displays in the workflow job in the jobs list:
From this view, you can click the job ID - name of the workflow job and see its graphical representation. The example below shows the job details of the 141 - WF using JT workflow job.
If a workflow template is used in another workflow, the jobs details indicate a parent workflow.
In the above example, click the parent workflow template, Overall, to view its Job Details page and the graphical details of the nodes and statuses of each as they were launched.
Clicking on Schedules allows you to review any schedules set up for this template.
To schedule a job template run, click the Schedules tab.
If a workflow template used in a nested workflow has a survey, or the Prompt on Launch selected for the inventory option, the PROMPT button displays next to the SAVE and CANCEL buttons on the schedule form. Clicking the PROMPT button shows an optional INVENTORY step where you can provide or remove an inventory or skip this step without any changes.
Workflows containing job types of Run or Check provide a way to set up surveys in the Workflow Job Template creation or editing screens. Surveys set extra variables for the playbook similar to ‘Prompt for Extra Variables’ does, but in a user-friendly question and answer way. Surveys also allow for validation of user input. Click the button to create a survey.
Use cases for surveys are numerous. An example might be if operations wanted to give developers a “push to stage” button they could run without advanced Ansible knowledge. When launched, this task could prompt for answers to questions such as, “What tag should we release?”
Many types of questions can be asked, including multiple-choice questions.
To create a survey:
Use the ON/OFF toggle button at the top of the screen to quickly activate or deactivate this survey prompt.
A stylized version of the survey is presented in the Preview pane. For any question, you can click on the Edit button to edit the question, the Delete button to delete the question, and click and drag on the grid icon to rearrange the order of the questions.
The Required setting on a survey question determines whether the answer is optional or not for the user interacting with it.
Behind the scenes, optional survey variables can be passed to the playbook in
extra_vars, even when they aren’t filled in.
extra_varis passed to the playbook.
length > 0, no survey
extra_varis passed to the playbook.
length === 0, that survey
extra_varis passed to the playbook, with the value set to an empty string ( “” ).
Ansible Tower 3.1 introduced the Workflow Visualizer (formerly Workflow Editor), which provides a graphical way of linking together job templates, workflow templates, project syncs, and inventory syncs to build a workflow template. Before building a workflow template, refer to the Workflows section for considerations associated with various scenarios on parent, child, and sibling nodes.
You can set up any combination of two or more of the following node types to build a workflow: Template (Job Template or Workflow Job Template), Project Sync, Inventory Sync, or Approval. Each node is represented by a rectangle while the relationships and their associated edge types are represented by a line (or link) that connects them.
If selecting an Approval node, see Approval nodes for further detail.
Selecting a node provides the available valid options associated with it. Access detail about the node by clicking the tooltip next to it.
If you select a job template that does not have a default inventory when populating a workflow graph, the inventory of the parent workflow will be used. Though a credential is not required in a job template, you will not be able to choose a job template for your workflow if it has a credential that requires a password, unless the credential is replaced by a prompted credential.
For subsequent nodes, you can select one of the following scenarios (edge type) to apply to each:
- Always: Continue to execute regardless of success or failure.
- On Success: Upon successful completion, execute the next template.
- On Failure: Upon failure, execute a different template.
Hovering over a node allows you to add another node, edit an existing link , or delete the selected node.
Likewise, if a workflow template used in the workflow has Prompt on Launch selected for the inventory option, use the wizard to supply the inventory at the prompt. If the parent workflow has its own inventory, it will override any inventory that is supplied here.
For job templates with promptable fields that are required, but don’t have a default, you must provide those values when creating a node before the Select button becomes enabled. The two cases that disable the Select button until a value is provided via the Prompt button: 1) when you select the Prompt on Launch checkbox in a job template, but do not provide a default, or 2) when you create a survey question that is required but don’t provide a default answer. However, this is NOT the case with credentials. Credentials that require a password on launch are not permitted when creating a workflow node, since everything needed to launch the node must be provided when the node is created. So, if a job template prompts for credentials, Tower prevents you from being able to select a credential that requires a password.
You must also click Select when the prompt wizard closes in order to apply the changes at that node. Otherwise, any changes you make will revert back to the values set in the actual job template.
A template that is associated with each workflow node will run based on the selected run scenario as it proceeds. Click the compass () icon to display the legend for each run scenario and their job types.
Clicking Close on this pane will not save your work, but instead, closes the entire Workflow Visualizer and you will have to start over.
Choosing an Approval node requires user intervention in order to advance the workflow. This functions as a means to pause the workflow in between playbooks so that a user can give approval to continue on to the next playbook in the workflow, giving the user a specified amount of time to intervene, but also allows the user to continue as quickly as possible without having to wait on some other trigger.
The default for the timeout is none, but you can specify the length of time before the request expires and automatically gets denied. After selecting and supplying the information for the approval node, it displays on the graphical view with a pause () icon next to it.
The approver is anyone who can execute the workflow job template containing the approval nodes, has org admin or above privileges (for the org associated with that workflow job template), or any user who has the Approve permission explicitly assigned to them within that specific workflow job template.
If pending approval nodes are not approved within the specified time limit (if an expiration was assigned) or they are denied, then they are marked as “timed out” or “failed”, respectively, and move on to the next “on fail node”. If approved, the “on success” path is taken. If you try to POST in the API to a node that has already been approved, denied or timed out, an error message notifies you that this action is redundant, and no further steps will be taken.
Below shows the various levels of permissions allowed on approval workflows:
You can add a sibling node by clicking the on the parent node:
You can insert another node in between nodes by hovering over the line that connects the two until the appears. Clicking on the automatically inserts the node between the two nodes.
To add a root node to depict a split scenario, click the button again:
At any node where you want to create a split scenario, hover over the node from which the split scenario begins and click the . This essentially adds multiple nodes from the same parent node, creating sibling nodes:
When adding a new node, the PROMPT button applies to workflow templates as well. Workflow templates will prompt for inventory and surveys.
If you want to undo the last inserted node, click on another node without making a selection from the right pane. Or, click Cancel from the right pane.
Below is an example of a workflow that contains all three types of jobs that is initiated by a job template that if it fails to run, proceed to the project sync job, and regardless of whether that fails or succeeds, proceed to the inventory sync job.
Remember to refer to the Key at the top of the window to identify the meaning of the symbols and colors associated with the graphical depiction.
In a workflow with a set of sibling nodes having varying edge types, and you remove a node that has a follow-on node attached to it, the attached node automatically joins the set of sibling nodes and retains its edge type:
The following ways you can modify your nodes:
This button only appears in the right hand panel if the target or child node has more than one parent. All nodes must be linked to at least one other node at all times so you must create a new link before removing an old one.
Click the settings icon () to zoom, pan, or reposition the view. Alternatively, you can drag the workflow diagram to reposition it on the screen or use the scroll on your mouse to zoom.
Launch a workflow template by any of the following ways:
Along with any extra variables set in the job template and survey, Tower automatically adds the same variables as those added for a job template upon launch. Additionally, Tower automatically redirects the web browser to the Jobs Details page for this job, displaying the progress and the results.
Events related to approvals on workflows display in the Activity Stream () with detailed information about the approval requests.
Ansible Tower allows you the ability to copy a workflow template. If you choose to copy a workflow template, it does not copy any associated schedule, notifications, or permissions. Schedules and notifications must be recreated by the user or admin creating the copy of the workflow template. The user copying the workflow template will be granted the admin permission, but no permissions are assigned (copied) to the workflow template.
A new template opens with the name of the template from which you copied and a timestamp.
Select the copied template and replace the contents of the Name field with a new name, and provide or modify the entries in the other fields to complete this template.
If a resource has a related resource that you don’t have the right level of permission to, you cannot copy the resource, such as in the case where a project uses a credential that a current user only has Read access. However, for a workflow template, if any of its nodes uses an unauthorized job template, inventory, or credential, the workflow template can still be copied. But in the copied workflow template, the corresponding fields in the workflow template node will be absent.
extra_vars validation was added in Ansible Tower 3.0.0.
extra_vars passed to the job launch API are only honored if one of the following is true:
ask_variables_on_launchis set to True
When you pass survey variables, they are passed as extra variables (
extra_vars) within Tower. This can be tricky, as passing extra variables to a workflow template (as you would do with a survey) can override other variables being passed from the inventory and project.
For example, say that you have a defined variable for an inventory for
debug = true. It is entirely possible that this variable,
debug = true, can be overridden in a workflow template survey.
To ensure that the variables you need to pass are not overridden, ensure they are included by redefining them in the survey. Keep in mind that extra variables can be defined at the inventory, group, and host levels.
The following table notes the behavior (hierarchy) of variable precedence in Ansible Tower as it compares to variable precedence in Ansible.
Ansible Tower Variable Precedence Hierarchy (last listed wins)