• Zach Biles

AWX Isolated Node

Isolated nodes in AWX/Tower are used to do work in remote or secured networks. The only connection required is SSH between the "controller" node (the main AWX/Tower instance), and your remote node. This device can now do work for you in this remote network.


The problem with setting these up is that I have yet to find a complete step-by-step guide on how to get this setup. I'm hoping this will help others get this working for them. This is a bit different than just adding "worker" nodes to AWX/Tower, as there's limited connectivity. Otherwise, for normal "worker" nodes for AWX/Tower, they require full connectivity to the "control" node.


Setup:

On your isolated node, create a user called awx with a strong password. (should be able to use whatever username you want, but I haven't had time to test this)


Log into your "controller" node, and we will use some awx-manage commands to provision this new worker node. Make sure to save they key generated in command one in a vault or safe for use later.

awx-manage generate_isolated_key

awx-manage provision_instance --hostname <isolated_node_hostname> --is-isolated

awx-manage register_queue --queuename <queue_name> --hostname <isolated_node_hostname> --controller <controller_name>

Log back into your isolated node, and add that key to ssh authorized hosts for the awx user.


Once this key is added, there is a testing command from the control node you can run to verify connectivity. Remember, permissions are always still in play, so make sure your awx user has rights to whatever it might need to do locally on that box, for thing like installing packages or creating files/directories. You can also use a user in your actual jobs that has these rights as well.

awx-manage test_isolated_connection --hostname <isolated_node_hostname>

Assuming this test is successful, you should now see a new instance group in AWX:


If you look inside it you can see your worker nodes assigned to this instance.


You can now tweak how many forks you want to do and view capacity as jobs are running to see if you need to add more nodes to comply with the load.


Now you can assign templates to your instance groups to do work from these nodes.


Now whatever templates you assign to this new instance group will be run from any nodes as part of this instance group. Keep this in mind when building new instance nodes and assigning templates. Make sure your isolated node can reach the devices you intend to manage when you're assigning templates.

Recent Posts

See All

Variables in Ansible

This will be a short post today, feeling pretty dumb. Just learned the hard way that Ansible variable names can not start with numbers. It even says so in the first line of the documentation on variab

Linux Patching with Ansible

Today I ran into an issue building a patching playbook for my Linux VMs. I have a mix of Ubuntu, and a couple of CentOS versions. I began with testing against Ubuntu and CentOS 8, and everything worke

LINKS
ABOUT

info@sisulink.com

Inside TechTank

3709 1st Ave

Hibbing, MN 55746, USA

SOCIAL
  • sisuLink on Facebook!

© 2020 sisuLink.