DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel
Explore NY Stream

How To Install and Configure Ansible Tower on CentOS 8 / RHEL 8

— ny_wk

How To Install and Configure Ansible Tower on CentOS 8 / RHEL 8
Are you looking to centralize and scale your Ansible automation, moving beyond command-line playbooks to a powerful, web-based management solution? This comprehensive guide will walk you through how to install and configure Ansible Tower on CentOS 8 or RHEL 8, transforming your infrastructure automation into an enterprise-grade operation. Get ready to streamline your DevOps workflows, manage credentials securely, and implement robust role-based access control for your entire team.

Yaar, managing Ansible playbooks and inventories manually across a large team can get pretty hectic, right? Especially when you're dealing with multiple environments, sensitive credentials, and the need for proper access control. That's where Ansible Tower steps in, mere dost. Think of it as the ultimate control center for your Ansible infrastructure, giving you a slick UI, a robust REST API, and a whole lot of features to make your life as a DevOps engineer much, much easier. It's like taking your local chai-stand operations and turning them into a professional caf̩ chain with proper management and reporting Рekdum next level!

Ansible Tower, now known as Red Hat Ansible Automation Platform (AAP) for newer versions, is essentially the enterprise-grade solution that elevates your automation game. While Ansible Core is fantastic for running playbooks from your local machine, Tower provides that much-needed layer of management, visibility, and control that becomes indispensable in complex, collaborative environments. It centralizes your Ansible projects, allows for job scheduling, provides role-based access control (RBAC), and offers a beautiful graphical interface for managing inventories and monitoring job outputs in real-time. No more sharing SSH keys via chat, no more guessing who ran what playbook, and certainly no more manual cron jobs for your automation runs. It's about bringing structure and security to your powerful automation.

In this detailed guide, we’re going to roll up our sleeves and get our hands dirty installing and configuring Ansible Tower on CentOS 8 / RHEL 8. We’ll cover everything from the basic prerequisites and system preparation to the core installation steps and initial post-setup configurations. By the end of this, you’ll have your own Ansible automation powerhouse ready to tackle your organization’s biggest challenges. Let’s dive in!

Understanding Ansible Tower: Beyond the Command Line

So, what exactly is Ansible Tower and why do we need it when Ansible Core already exists? Good question, junior. Imagine you have a small garden, and you manage it perfectly fine by hand. That's Ansible Core. Now imagine you're managing acres of farmland with different crops, multiple workers, and strict schedules. You wouldn't use your bare hands, right? You'd need tractors, irrigation systems, and a proper farm manager – that's Ansible Tower.

Ansible Core is the engine, the command-line tool that executes your playbooks. It's powerful, simple, and agentless. But as your infrastructure grows, and your team expands, you hit scaling bottlenecks. This is where Tower shines, providing:

  • Centralized Management: All your Ansible projects, inventories, credentials, and playbooks live in one place. No more scattered files or version conflicts.
  • Web-based UI & Dashboard: A user-friendly interface that gives you a bird's-eye view of all your automation. See host states, job summaries, and monitor configurations at a glance.
  • Role-Based Access Control (RBAC): Crucial for enterprise environments. You can define who can see, modify, and execute specific playbooks or access certain inventories. No more giving everyone root access just to run a deployment!
  • Job Scheduling: Schedule playbooks to run at specific times, automatically, for recurring tasks like patching, compliance checks, or daily backups.
  • Graphical Inventory Management: Visually manage your inventory, synchronize it with cloud providers (AWS, Azure, GCP), VMware, and other sources, ensuring your inventory is always up-to-date.
  • Secure Credential Management: Store sensitive SSH keys, API tokens, and passwords securely within Tower, encrypted and never exposed directly to users. This is a game-changer for security and compliance.
  • Real-time Job Outputs: Watch your playbook runs happen in real-time directly from the UI, with detailed logs and easy debugging.
  • Workflows: Orchestrate complex, multi-playbook processes. For instance, deploy an application, then run tests, then update monitoring, all as a single, sequential workflow.
  • REST API and CLI: Fully embed Tower into your existing CI/CD pipelines, ticketing systems, or other automation tools.

In short, Ansible Tower takes your raw automation power and makes it governable, auditable, and scalable. It's the difference between doing things manually and having a streamlined, professional operation.

Tower Editions & Features: Picking Your Automation Powerhouse

Just like cars come in different models, Ansible Tower also offers different editions, each tailored to varying organizational needs and budgets. While the specifics can change with Red Hat's product evolution (especially moving towards Ansible Automation Platform), traditionally, Tower offered editions like Self-Support (often a free trial), Standard, and Premium. Each edition builds upon the capabilities of the last:

  • Self-Support (Trial/Community): This is your starting point, often suitable for individuals or small teams exploring Tower's capabilities. It typically includes the core UI, real-time job outputs, remote command execution, job scheduling, and visual inventory management. It’s perfect for getting a feel for Tower's power.
  • Standard Edition: This is where things get serious for many businesses. On top of the Self-Support features, you get crucial additions like Workflows, built-in notifications (email, Slack, PagerDuty), full Role-Based Access Control, and integration with enterprise accounts (LDAP, Active Directory). This edition provides the necessary tools for collaborative automation and basic governance.
  • Premium Edition: The full Monty. This is designed for large enterprises with stringent compliance, high availability, and extensive scaling needs. It includes everything in the Standard edition, plus crucial features like comprehensive Audit Trails, deep logging and analytics integration, 24/7 support, and the ability for Scale-Out Clustering for high availability and performance.

The pricing for Standard and Premium editions is typically subscription-based and depends on the number of managed nodes (hosts). The Self-Support version often serves as a free trial, allowing you to experience Tower's capabilities before committing to a paid subscription. For up-to-date pricing and feature matrices, always refer to Red Hat's official Ansible Automation Platform documentation.

Prerequisites for a Smooth Ansible Tower Installation

Before we jump into the installation commands, we need to ensure our CentOS 8 or RHEL 8 server is ready. Think of it like preparing your kitchen before you start cooking – everything needs to be in place for a delicious outcome! Neglecting these can lead to frustrating errors down the line. So, pakka, pay attention to these requirements:

1. Supported Operating System:
Our focus here is CentOS 8 or Red Hat Enterprise Linux 8 (RHEL 8). These are enterprise-grade operating systems, known for their stability and security, making them ideal hosts for a critical component like Ansible Tower. Earlier versions like CentOS 7 / RHEL 7 were also supported, but for modern deployments, sticking with RHEL 8 or its derivatives is the way to go. Make sure you're running a 64-bit kernel and runtime, which is standard for most modern server installations.

2. Hardware Requirements:
These are minimums, but for any serious production environment, you should always aim higher. Ram aur disk space mein kanjoosi nahi karni chahiye, boss!

  • Processor: A modern multi-core processor is recommended.
  • RAM:
    • Minimum: 2 GB RAM (for very small trial/Vagrant setups, less than 10 hosts).
    • Recommended: 4+ GB RAM. For environments with up to 100 hosts and moderate concurrency, 8 GB is a good starting point. For larger environments or high concurrency (e.g., 100+ simultaneous forks), 16 GB or more might be necessary.
    • For Amazon EC2 (older guidance, but provides a sizing idea):
      • Less than 100 hosts: `m3.medium` instance size or larger.
      • More than 100 hosts: `m3.xlarge` instance size or larger.
  • Hard Disk Space:
    • Minimum: 20 GB. This is for the OS, Tower application, and basic logging.
    • Recommended: 50-100 GB or more, especially if you plan to store a lot of job history, project files, or need space for external database backups.
    • For HA MongoDB setups (example for older Tower versions): A rough estimate can be `(NumberOfHostsIninventory) * (NumberOfScans) * (AverageModuleFactSize) * (NumberOfModulesScanning)`. This formula highlights that the amount of data stored can grow significantly with inventory size and scan frequency.

3. Ansible Core:
You'll need a stable release of Ansible Core. The good news is, when you install Ansible Tower, Ansible Core is typically installed as a dependency, so you usually don't need to install it separately beforehand. Tower uses Ansible Core to execute all the automation tasks it orchestrates.

4. Database:
Ansible Tower uses PostgreSQL as its backend database. During installation, you typically have the option to install and configure an internal PostgreSQL instance (bundled with Tower) or connect to an external, pre-existing PostgreSQL database. For production, an external, highly available PostgreSQL setup is often preferred for scalability and resilience.

5. Network & Firewall:
Ensure your server has proper network connectivity and DNS resolution. You'll also need to configure your firewall to allow incoming connections to Ansible Tower's web interface (typically port 80/443 for HTTP/HTTPS) and potentially other ports if you're using an external database or other integrated services.

6. Root/Sudo Privileges:
You'll need `sudo` privileges or root access to perform system-level installations and configurations.

With these prerequisites checked, your server will be a solid foundation for your Ansible Tower installation. Chalo, ab aage badhte hain!

Step-by-Step Installation of Ansible Tower on CentOS 8 / RHEL 8

Alright, junior, this is where the real action begins! We're going to walk through the actual installation process. Remember, modern Red Hat Ansible Automation Platform installations generally involve downloading an installer bundle and then running a setup script. I’ll guide you through the typical flow.

Step 1: System Update and EPEL Repository Setup

First things first, let's update our system and ensure we have the Extended Packages for Enterprise Linux (EPEL) repository enabled. EPEL provides additional high-quality packages that are not part of the core RHEL/CentOS distribution but are often required by other applications. For CentOS 8 / RHEL 8, `dnf` is the package manager of choice.

Open your terminal and run the following commands:

sudo dnf update -y

This command updates all installed packages to their latest versions, ensuring you have the most recent security patches and bug fixes. It's always a good practice to start with an updated system. After the update, a reboot might be necessary if kernel or critical system components were updated. If so, restart your server with `sudo reboot`.

Now, let's add the EPEL repository:

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y

This command directly downloads and installs the EPEL repository package for RHEL/CentOS 8. You'll see output similar to this, confirming the installation:

Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 1.6 kB/s | 4.5 kB 00:02
...
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 562 kB/s | 6.4 MB 00:11
...

After installing EPEL, it's a good idea to run `sudo dnf repolist` to verify that the EPEL repository is listed and enabled.

Step 2: Install Essential Dependencies

Ansible Tower relies on several tools and libraries. Let's install some common ones that might be needed by the installer, especially Python-related packages, `git`, and `wget` for downloading.

sudo dnf install python3 python3-pip git wget -y

While `python3` is usually present, `python3-pip` is essential for Python package management, and `git` will be useful for syncing your Ansible projects. `wget` is a handy tool for downloading files.

Step 3: Download the Ansible Tower Installer Bundle

Ansible Tower (or Red Hat Ansible Automation Platform) is typically distributed as an installer bundle. You'll usually download this from the Red Hat Customer Portal if you have a subscription, or obtain a trial version. For this guide, we'll assume you have access to such a bundle. The file will often be named something like `ansible-tower-setup-X.Y.Z.tar.gz` or `ansible-automation-platform-installer-X.Y.Z.tar.gz`.

First, navigate to a directory where you want to store the installer, often `/tmp` or `/opt`:

cd /opt

Then, download the installer bundle. (Replace `YOUR_TOWER_BUNDLE_URL` with the actual download link you obtain from Red Hat. If you're using a local file, just copy it to `/opt`).

sudo wget YOUR_TOWER_BUNDLE_URL

Once downloaded, extract the bundle:

sudo tar -xvzf ansible-tower-setup-X.Y.Z.tar.gz

This will create a directory, typically named `ansible-tower-setup-X.Y.Z` (or similar for AAP), containing the installation scripts and related files. Navigate into this directory:

cd ansible-tower-setup-X.Y.Z/

Step 4: Configure the Inventory File for Installation

This is a crucial step! Inside the extracted installer directory, you'll find an `inventory` file. This file acts as an Ansible inventory for the Tower installer itself, allowing you to define installation parameters, database settings, and passwords. You'll need to edit this file carefully.

Open the `inventory` file using your favorite text editor (e.g., `vi` or `nano`):

sudo vi inventory

Here are the key parameters you'll need to configure. The file is well-commented, so read through it thoroughly. Pay special attention to the `[all:vars]` section and the database configuration.

  • admin_password='your_tower_admin_password': This sets the password for the initial `admin` user in Ansible Tower's web interface. Choose a strong, secure password.
  • pg_host='': If you're using an external PostgreSQL database, provide its IP address or hostname here. For an internal database (which the installer will set up on the same machine), leave it blank.
  • pg_port='5432': The port for your PostgreSQL database.
  • pg_username='awx': The username for the PostgreSQL database.
  • pg_password='your_pg_password': The password for the PostgreSQL user. Again, choose a strong password. This is different from the admin password.
  • rabbitmq_username='awx': The username for the RabbitMQ message queue.
  • rabbitmq_password='your_rabbitmq_password': The password for the RabbitMQ user.
  • secret_key='your_secret_key': A unique, random string used for cryptographic signing. You can generate a random string for this.
  • # enforce_https=False: For production, you should enable HTTPS. For initial setup, you might leave it commented or set to `False` if you're behind a load balancer handling SSL.

Example snippet of the `inventory` file (highly simplified):


# A sample inventory file for the Ansible Tower installation.
# Fill this out for your specific environment.

[all:vars]
admin_password='SuperSecureAdminPassword123!'
pg_host=''                 # Leave blank for local PostgreSQL
pg_port='5432'
pg_username='awx'
pg_password='SuperSecurePGPassword123!'
rabbitmq_username='awx'
rabbitmq_password='SuperSecureRABBITMQPassword123!'
secret_key='a_really_long_and_random_string_for_security!'
# enforce_https=False      # Set to True for production with proper certificates

# If you have an external PostgreSQL server, uncomment and configure
# [database]
# hostname or IP

# If you want to install Tower on a different host than the database,
# you would define multiple groups. For a single-node install,
# all components will be on the 'localhost' group.

[tower]
localhost ansible_connection=local

[web]
localhost ansible_connection=local

[ui]
localhost ansible_connection=local

[database]
localhost ansible_connection=local

[rabbitmq]
localhost ansible_connection=local

Make sure all passwords are strong and unique. Save and close the file.

Step 5: Run the Ansible Tower Setup Script

Once your `inventory` file is configured, running the installation is just one command away. The installer itself is an Ansible playbook, which makes the installation process robust and idempotent.

From within the extracted installer directory (`ansible-tower-setup-X.Y.Z/`), execute the setup script:

sudo ./setup.sh

The installation process will begin. It might take some time (10-30 minutes, depending on your system's resources and internet speed, as it needs to download and install various packages, set up PostgreSQL, RabbitMQ, and the Tower application components). You'll see a lot of output as Ansible runs its tasks.

Important: Keep an eye on the output for any errors. If it fails, the output will usually give you clues on what went wrong (e.g., missing dependencies, incorrect passwords in the inventory file, firewall issues).

Step 6: Configure Firewall and SELinux (If Necessary)

After the installation completes, you'll need to ensure your firewall (firewalld on RHEL/CentOS 8) allows traffic to the Tower web interface. By default, Tower runs on HTTP (port 80) and HTTPS (port 443).

sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload

Regarding SELinux, for enterprise systems, disabling it is generally not recommended. Tower is designed to work with SELinux enabled. However, if you encounter issues, you might temporarily set it to permissive mode for troubleshooting (sudo setenforce 0) and then back to enforcing (sudo setenforce 1) once resolved. For a permanent change, edit `/etc/selinux/config`. If you disable it, make sure you understand the security implications. Dekho, security is non-negotiable, always prioritize it.

Post-Installation: Initial Configuration and First Steps with Ansible Tower

Congratulations, junior! You've successfully installed Ansible Tower on CentOS 8 / RHEL 8. Now, let's explore the UI and get it ready for some real automation.

Accessing the Tower Web UI

Open your web browser and navigate to the IP address or hostname of your Tower server. You should be greeted by the Ansible Tower login screen:

http://YOUR_TOWER_SERVER_IP_OR_HOSTNAME

Use the username `admin` and the `admin_password` you set in the `inventory` file during installation to log in.

Applying Your License

Upon first login, Tower will prompt you to upload a license file. If you have a Red Hat subscription, download your license from the customer portal. If you're using a trial version, there might be an option to obtain a trial license directly from the UI or Red Hat's website. A license is essential for Tower to function beyond a very limited trial period.

Initial Dashboard Overview

Once licensed, you'll land on the Tower dashboard. This is your mission control! You'll see:

  • Job Status: A summary of recent and ongoing automation jobs.
  • Host Health: An overview of your managed hosts.
  • Inventory Sync Status: How recently your inventories were synchronized.
  • Other useful metrics.

Key Configurations: Getting Started with Automation

To start automating, you'll need to configure a few basic components in Tower:

1. Add Credentials:
Go to Resources > Credentials. This is where you securely store SSH keys, usernames/passwords, cloud API tokens, and other sensitive information. Create new credentials for:

  • Machine Credentials: Your SSH key or username/password to connect to your target hosts.
  • SCM (Source Code Management) Credentials: If your Ansible playbooks are in a private Git repository, you'll need credentials to access it.
  • Cloud Credentials: For dynamic inventories (AWS, Azure, GCP).

2. Add an Inventory:
Go to Resources > Inventories. You can create a static inventory (manually add hosts) or a dynamic inventory that syncs with your cloud provider or other CMDBs. This is where Tower gets the list of hosts it will manage.

3. Create a Project:
Go to Resources > Projects. A project points to your Ansible playbook repository (e.g., a Git repository, or a local path on the Tower server). This tells Tower where to find your automation code.

4. Create a Job Template:
Go to Resources > Job Templates. This is the core of running automation in Tower. A Job Template ties together an inventory, a project (which contains your playbooks), credentials, and the specific playbook you want to run. It also allows you to define extra variables, limits, and other execution options.

Once you have a Job Template, you can launch it with a single click, schedule it, or integrate it into a workflow. This process transforms your raw Ansible playbooks into manageable, repeatable, and auditable automation jobs.

For more in-depth learning, check out Red Hat's official documentation for Ansible Automation Platform – it’s a goldmine of information!

Troubleshooting Common Ansible Tower Installation Issues

Even for experienced engineers, sometimes installations don't go as smoothly as a fresh cup of chai. Here are some common issues you might encounter and how to troubleshoot them, yaar:

  • Firewall Blocking Access:

    Symptom: You can't reach the Tower login page in your browser.

    Fix: Ensure ports 80 (HTTP) and 443 (HTTPS) are open on your Tower server's firewall. Verify with `sudo firewall-cmd --list-all` and add if missing: sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload

  • SELinux Issues:

    Symptom: Various "permission denied" errors in logs, or services failing to start.

    Fix: While Tower is designed to work with SELinux, it can sometimes be overly restrictive. Check `/var/log/audit/audit.log` or `sudo journalctl -xe` for SELinux denials. You can try temporarily setting SELinux to permissive mode (`sudo setenforce 0`) to see if the problem resolves. If it does, generate a custom SELinux policy, or if it's a non-production environment, consider setting `SELINUX=permissive` in `/etc/selinux/config` (and reboot) as a last resort. But remember, this lowers your security posture.

  • Incorrect `inventory` File Configuration:

    Symptom: Installation fails with errors about database connectivity, RabbitMQ issues, or incorrect admin password.

    Fix: Double-check all entries in your `inventory` file, especially passwords (`admin_password`, `pg_password`, `rabbitmq_password`) and hostnames/IPs. A simple typo can halt the entire process. Ensure strong passwords are used and quoted correctly.

  • Resource Constraints (RAM/Disk):

    Symptom: Installation hangs, services fail to start, or the UI is extremely slow after installation.

    Fix: Verify your server meets the minimum and recommended hardware requirements. Check `free -h` for RAM and `df -h` for disk space. Lack of RAM often causes slow performance or out-of-memory errors during service startup.

  • PostgreSQL/RabbitMQ Connectivity:

    Symptom: Installation fails while trying to set up or connect to internal/external database or message queue.

    Fix: If using an external database, ensure network connectivity and correct credentials in the `inventory` file. For an internal setup, check system logs (`sudo journalctl -xe`) for PostgreSQL or RabbitMQ service startup failures. They might be competing for ports or have configuration issues.

  • Installer Bundle Corruption:

    Symptom: `tar` errors during extraction or `setup.sh` script not found/executable.

    Fix: Redownload the installer bundle to ensure it's not corrupted. Verify its integrity if a checksum is provided by Red Hat. Ensure the downloaded file is indeed a `.tar.gz` and you have permissions to execute the `setup.sh` script (add execute permissions with `chmod +x setup.sh`).

Debugging is part of the game, junior. Don't get disheartened. The logs are your best friend. Read them carefully, search for error messages, and use your favorite search engine. You'll get there, pakka!

Key Takeaways

  • Ansible Tower (now Ansible Automation Platform) is essential for enterprise-grade automation: It centralizes management, provides a UI, RBAC, secure credential management, and job scheduling, moving beyond basic Ansible Core capabilities.
  • Careful planning for prerequisites is crucial: Ensure your CentOS 8 / RHEL 8 server meets the specified hardware (RAM, disk) and OS requirements, and that you have sufficient `sudo` privileges.
  • EPEL repository is a must-have: It provides critical additional packages needed for Ansible Tower and its dependencies on RHEL/CentOS systems.
  • The `inventory` file is your installation blueprint: Meticulously configure `admin_password`, database credentials, and `secret_key` in this file before running the setup script.
  • Post-installation firewall configuration is vital: Remember to open ports 80 and 443 on your Tower server to access the web UI after a successful installation.

Frequently Asked Questions

What is the difference between Ansible Core and Ansible Tower (AAP)?

Ansible Core is the command-line automation engine, great for basic task execution. Ansible Tower (now Ansible Automation Platform - AAP) is a web-based UI and management system built on top of Ansible Core. It provides enterprise features like RBAC, secure credential management, job scheduling, graphical inventories, and API integration, making it ideal for scaling automation in team-based or complex environments. Essentially, Core executes, Tower manages and orchestrates.

Can I install Ansible Tower on other Linux distributions besides CentOS/RHEL 8?

Historically, Ansible Tower supported other distributions like Ubuntu LTS versions. However, Red Hat Ansible Automation Platform's official support is primarily focused on Red Hat Enterprise Linux (RHEL) and its derivatives like CentOS Stream for development, and specific versions of Ubuntu are also supported. For enterprise deployments, sticking to RHEL 8/9 is generally recommended due to Red Hat's native support for their own product.

Is Ansible Tower free to use?

Ansible Tower itself is a commercial product from Red Hat, requiring a subscription. However, a self-support or trial version is often available for evaluation, which may have limited features or a time-bound license. The open-source upstream project for Ansible Tower is called AWX, which is free to use but typically requires more manual setup and community support.

How do I update Ansible Tower after installation?

Updating Ansible Tower (or AAP) typically involves downloading a new installer bundle, similar to the initial installation. The installer is designed to handle upgrades. You'll often run the `setup.sh` script from the new bundle, pointing it to your existing Tower installation, and it will perform the necessary database migrations and software updates. Always back up your Tower database and configurations before attempting an upgrade!

There you have it, junior! Setting up Ansible Tower on CentOS 8 / RHEL 8 is a significant step towards mastering enterprise automation. It might seem like a lot of steps, but once it's up and running, you'll wonder how you ever managed without it. This powerful tool will empower your team to deploy, manage, and scale infrastructure and applications with unprecedented efficiency and control.

For a visual walkthrough and to see these steps in action, make sure to watch the full video on the @explorenystream YouTube channel. Don't forget to subscribe for more awesome DevOps content and hit that like button if this guide helped you conquer Ansible Tower! Keep learning, keep automating, and keep pushing those boundaries!