Previously I wrote about using Ansible to manage the configuration of Linux servers. I love using Ansible and use it almost every day, however in a large Enterprise environment with multiple users and a lot of Ansible roles and playbooks, sometimes using Ansible on its own becomes difficult to maintain.
In this post I’m going to run through configuring Oracle Linux Automation Manager. Oracle’s Automation Manager is essentially a rebranded fork of Ansible Tower and provides a web user interface to easily manage your Ansible deployments and inventory.
I’m demonstrating the use of OLAM instead of the upstream Ansible Tower or AWX because I’ve had recent experience deploying Automation Manager in an Oracle Enterprise environment. Oracle provide access to Automation Manager directly in their Yum repositories for Oracle Linux 8 which makes installation really simple, particularly if you already run Oracle Linux. However, if you have other RHEL variants you might benefit from choosing Ansible Tower or AWX itself.
In this post I’ll install OL Automation Manager onto an Oracle Linux 8 virtual machine. To avoid having to install a fresh guest VM of OL8, I’ll just use Vagrant and an OL8 box from Oracle. I assume you already have VirtualBox and Vagrant installed, however if you don’t you should set those up first.
I’m using Red Hat Enterprise Linux 8 as the host OS that you can download for free with a Red Hat Developer subscription, however any host OS capable of running VirtualBox and Vagrant will also work. Open a terminal and create the location to store your Vagrant project.
$ mkdir boxes $ cd boxes $ mkdir OracleLinux8 $ cd OracleLinux8
I called my project folder OracleLinux8 but you can call it whatever you want. Inside the project folder, create a Vagrantfile specifying the Oracle Linux 8 box you want to use.
$ vagrant init oraclelinux/8 https://oracle.github.io/vagrant-projects/boxes/oraclelinux/8.json
Open the created Vagrantfile and uncomment the forwarded_port configuration. Because Automation Manager uses an SSL certificate you’ll have to forward port 443 as well as port 80. You probably don’t need to forward port 80 but I did anyway.
Next type ‘vagrant up’ to boot the virtual machine. If this is the first time using this particular box you might have to wait while the box is downloaded. After a while though, you should see the vagrant startup process complete and you can ssh into the machine with ‘vagrant ssh’.
Once inside the Oracle Linux vm you can start the installation of Oracle Linux Automation Manager. First we have to enable the Automation Manager repository.
$ sudo dnf install oraclelinux-automation-manager-release-el8 $ sudo dnf config-manager --enable ol8_automation
Then install Automation Manager using DNF.
$ sudo dnf install ol-automation-manager
That should only take a moment. Next you’ll need to edit the file /etc/redis.conf and add the following two lines at the bottom of the file.
unixsocket /var/run/redis/redis.sock unixsocketperm 775
Now you can launch the configuration script.
$ sudo /var/lib/ol-automation-manager/ol-automation-manager-DB-init.sh
Next, as the awx user that was created during installation, run the following:
$ sudo su -l awx -s /bin/bash $ awx-manage migrate $ awx-manage createsuperuser --username admin --email [email protected]
The awx-manage migrate command sets up the initial database settings and the createsuperuser command sets up the adminstrator user account to manage Automation Manager. In the –email [email protected] you should add your own email address. You’ll be asked to setup a password for the admin user.
$ awx-manage create_preload_data $ awx-manage provision_instance --hostname=olhost $ awx-manage register_queue --queuename=tower --hostnames=olhost $ awx-manage setup_managed_credential_types
Change the hostname(s) to whatever suits your environment. I used olhost for the purposes of this demonstration. You can now type exit to leave the awx user session and go back to the rest of the setup as your normal (vagrant) user.
Next generate an SSL certificate so you can access Automation Manager over HTTPS.
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/tower/tower.key -out /etc/tower/tower.crt
And replace the default /etc/nginx/nginx.conf configuration script with the this one.
Finally, modify the /etc/tower/settings.py file CLUSTER_HOST_ID parameter at line 29, replacing “awx” with the hostname of your server, in my case “olhost”.
You can now start OL Automation Manager.
$ sudo systemctl enable --now ol-automation-manager.service
For me, starting the service returned the error message:
A dependency job for ol-automation-manager.service failed. See 'journalctl -xe' for details.
Running ‘sudo journalctl -xe’ showed me that Nginx failed to start. The first time I did this it took me a while of looking through the configurations and the permission settings to try and find the issue, but it turned out SELinux was in the way. As this is just a VM for local testing purposes I’m going to disable SELinux by setting SELINUX=disabled in /etc/selinux/config and restart the vm. Once that was done re-running the systemctl command to start the service worked as expected.
Note: Let’s not disable SELinux in production environments unless you know what you’re doing. This demonstration is for testing purposes only.
Head over to the browser and type https://localhost:4443 into the address bar, you might see the Security Risk warning as this is a self-signed SSL certificate, it’s ok to accept the risk and continue. If everything went according to plan you should now see the Automation Manager login screen.
Login with the admin credentials you created during installation and start exploring Oracle Linux Automation Manager.