Why?
You might want to run Ansible commands directly from the Ansible Tower server itself to debug a specific issue. While it’s generally not recommended to have manual projects that are not at all tied to a version control system like Git, there are rare moments you might need it. I certainly did!
I hit an issue with a specific AWS Ansible module and nothing seemed to get it working. From my laptop directly to AWS, the module worked great. So something was clearly different.
You might think… “Don’t I just run ansible-playbook from the server and that’s it?”. Yes, this works for the basic modules that don’t require special Python modules. For those that do, such as AWS modules require the boto3 Python module, you will need a little magic.
- Openbsd-run is an Ansible playbook embedded in type-annotated Python which allows for running the Ansible playbooks directly or via command line. The goal is to trivialize deploying and maintaining OpenBSD-based services. NOTE: This is a work-in-progress that at times may require you are well-versed in Ansible, Python, and OpenBSD.
- Python installed on your Ansible controller host – This tutorial will be using Python v2, but v3 should work just as well. The pip package installed on the Ansible controller. A Windows 2012 R2 or greater computer for Ansible to manage – This tutorial will use two Windows Server 2012 R2 Standard machines as remote nodes with IP addresses of.
- This API is intended for internal Ansible use. Ansible may make changes to this API at any time that could break backward compatibility with older versions of the API. Because of this, external use is not supported by Ansible. If you want to use Python API only for executing playbooks or modules, consider ansible-runner first.
So let’s get into it!
The Problem
As previously stated, running ansible-playbook command should work but sadly it doesn’t include the extra Python modules necessary for Ansible modules like those for AWS where it needs the boto3 Python module.
Apr 06, 2015 # Get pip sudo apt-get install -y python-pip # Get virtualenv and create one sudo pip install virtualenv cd /path/to/runner/script virtualenv./.env source./env/bin/activate # Install Ansible into the virtualenv pip install ansible. Then, with the environment active, we call upon Ansible from our Python scripts.
Let’s login directly to our Ansible Tower server and go to the default projects folder where we can create a folder for our playbook.
As an example, let’s use this simple playbook that gets all AWS regions. You can of course use an existing playbook that you created or want to test.
And notice the error we get when we run it - boto3 is missing and required.
Let’s check which Python interpreter ansible-playbook is using.
So let’s now see if python2 has the boto3 module. We run the same Python interpreter and check by importing the boto3 module.
However, when we run this same playbook within Ansible Tower it succeeds without any errors. What is Ansible Tower doing that is different?
Do not install pip and install the boto3 module yourself! It is not a good idea to make changes like this to the Ansible Tower server. Read below for the right solution.
Let’s keep going…
Let’s search for the boto3 module on the server.
So now we have found the location where Ansible Tower holds these extra Python modules. Now what?
Well, we could tell Python where to find these modules by using the environment variable PYTHONPATH and setting it to both of the site-packages paths as shown below, but this is not the best solution!
The Solution
So how does it work within Ansible Tower?
Ansible Tower 3.0 and later uses virtualenv. Virtualenv creates isolated Python environments to avoid problems caused by conflicting dependencies and differing versions.
Virtualenv works by simply creating a folder which contains all of the necessary executables and dependencies for a specific version of Python. (In our case, the boto3 module!)
Ansible Tower creates two virtualenvs during installation – one is used to run Tower, while the other is used to run Ansible. This allows Tower to run in a stable environment, while allowing you to add or update modules to your Ansible Python environment as necessary to run your playbooks. For more information on virtualenv, see the Python Guide to Virtual Environments.
So how do we access this virtualenv?
On the Ansible Tower server, run the following command as root:
You will then get a new prompt looking similar to this:
Now when we run the ansible-playbook command the Python interpreter in the virtual environment will be invoked with all the necessary modules and dependencies that come included with Ansible Tower.
This is exactly the error I saw in Ansible Tower and now I have finally reproduced the problem I originally saw in Ansible Tower. Now I can properly debug it and figure out what is wrong. In fact, this was how I eventually logged the following Ansible issue.
I hope this has helped you get to know Ansible Tower a bit better.
Advanced
As a bonus, you can additionally use this virtual environment to properly add new Python modules that you might need that did not come included with Ansible Tower. To do so, start in the virtual environment and then run the pip command to install the required module.
Be careful! Note the modules you install because you will need to make sure they are installed on each Ansible Tower node! Additionally it is good to document this somewhere so you can install Ansible Tower again on another environment one day. Otherwise you will forget you ever installed that module.
Good luck!
Note
This API is intended for internal Ansible use. Ansible may make changes to this API at any time that could break backward compatibility with older versions of the API. Because of this, external use is not supported by Ansible. If you want to use Python API only for executing playbooks or modules, consider ansible-runner first.
There are several ways to use Ansible from an API perspective. You can usethe Ansible Python API to control nodes, you can extend Ansible to respond to various Python events, you canwrite plugins, and you can plug in inventory data from external data sources. This documentgives a basic overview and examples of the Ansible execution and playbook API.
If you would like to use Ansible programmatically from a language other than Python, trigger events asynchronously,or have access control and logging demands, please see the AWX project.
Note
Because Ansible relies on forking processes, this API is not thread safe.
This example is a simple demonstration that shows how to minimally run a couple of tasks:
Python Ansible Runners
Note
Ansible emits warnings and errors via the display object, which prints directly to stdout, stderr and the Ansible log.
The source code for the ansiblecommand line tools (lib/ansible/cli/) is available on GitHub.
Python Ansible Runner
See also
Developing dynamic inventory integrations
Getting started on developing a module
How to develop plugins
Mailing list for development topics
Python Ansible Runner 2
Python Ansible Runner Download
#ansible IRC chat channel