The Ansible Support Mailbox

December 3, 2015 by David Federlein

support header

Hi, I'm David Federlein and you may know me from such tickets to the Customer Success Team as “How does Tower’s Dynamic Inventory use Private IPs?" and “How do I import my Ansible inventory to Tower?" Or perhaps you just knew me from grade school. If that’s the case I’d like to apologize for that incident with the fake perfume that smelled like farts and further reassure you that I never again ordered any novelty items from the back of comic books.

In regards to Tower and Ansible, I am here today to share some tips that may be of help in your endeavor for automated nirvana. Perhaps after I’ve shared some of this with you I can one day have someone call me “Sir” without adding “you’re making a scene.” Let’s get down to business.

By now you should be familiar with our love of cowsay, but cows can be dangerous! Don't kid yourself: If a cow ever got the chance, he'd eat you and everyone you care about! So if you’d like to turn off the bovines throwing taunting barbs as you run your playbook, remember two things:

1) That cow is judging you.

2) You can set “nocows=1” in your ansible.cfg configuration file to make them stop.

I know what you’re thinking: “Psht, David, I already knew that. I thought you were going to tell us something interesting!” Well I have one thing to say to that, and it’s “Aim low. Aim so low no one will even care if you succeed.” However to avoid not delivering on a promise, let’s talk about some of the things we’ve seen often on the Customer Success team. To do so, I’ve compiled two letters to Support.

First we have a letter from Springfield, Oregon:

"Dear Support,

I am currently using Tower to control hosts inside a VPC and need to use a bastion host to proxy SSH connections through. Can Tower do this?


Dear Authorized_Keymaster,

YES! You can do this. Tower will respect custom SSH configs that allow for a variety of connection options. In fact, anything you can get working from the command line by editing ~/.ssh/config will also work with Tower. You’ll need to take a few steps to make this work, which we’ve detailed here.

First, the shell user Tower executes as is the awx user. So you’ll need to place the config and keys needed in /var/lib/awx/.ssh and then you’ll need to set a configuration in /etc/tower/ to allow proot to access that config file at run time.

Second, you’ll also want to wear an “Undead Elvis” Halloween mask when executing all job templates that would need to use this configuration. Not because it’s technically required, but because the look on your coworker’s faces will bring you joy for years to come. Trust me.


Next up, we have a letter from Shelbyville, Kentucky:

“Dear Support,

Why does the Tower installer need the Internet? I need to install this on a network that has limited or no Internet access.

Bored in the Datacenter”

Dear Bored,

Funny you should ask this, because beginning with version 2.3.0, Tower has a bundled installation tarball that works with RHEL/CentOS 6 or 7. If you’d like, you can read our instructions here.

Just download the bundled installer, make note of our instructions in the READMEs and you’re off to the races! I should note that you’ll need to have a local mirror of the extras repository for RHEL/Centos 7 and the optional repo for RHEL/Centos 6 available for the installation.

In closing, I’d like to extend an invitation to everyone reading this to our twice-monthly two-hour “Intro to Ansible” class, which is delivered by the Customer Success Team’s own Engineer-Extraordinaire Michelle Perz. Check out times and registration info here. If you do join, please tell Michelle that you found out about the class in this blog post and that you have a coupon code for her to sing “Habanera” from Carmen to the class. That coupon code is “ReallyNotReally.”

As you find new adventures in automation with Ansible and Tower, just remember the most wise and prescient advice I’ve ever heard from my elders:

"Sidewalk's for regular walkin', not for fancy walkin.'"

If anyone wants me, I'll be in my room.




Ansible Tower, Training


David Federlein

David Federlein is Director of Customer Success, Ansible, Red Hat, helping Enterprise Customers with Red Hat Ansible Tower support and training classes.

rss-icon  RSS Feed