Interim Ansible Setup (Pre-AWX)
Interim Ansible Setup (pre-AWX)
The intent of this document is to communicate how to use ansible for automation regarding the specifics of the Epic on Azure ecosystem.
Status as of end-of-week Feb. 21st - Manuel Palacios stated he believes AWX will be avalable by end of March 2025.
It will not cover the structure of ansible code, which is already well-documented here.
Ansible Servers
The table below shows the 2 Ansible servers in use along with their connection info and Azure subscdription locations of hosts they should target.
| Name | IP Address | Target Azure Subscriptions |
|---|---|---|
zwtlanssh101 | 10.150.241.198 | OHEMR-SUB-EPIC-TEST-001 |
zwplansew001 | 10.150.199.196 | OHEMR-SUB-EPIC-SHARED-001, OHEMR-SUB-EPIC-NPD-001, OHEMR-SUB-EPIC-PRO-001 |
Ansible Workflow
graph LR
A[External Workstation]
subgraph Optum
B[Dev VDI]
C[SAW VDI]
subgraph Azure
D[ansible-controller-node]
E["ansible-managed-node (linux)"]
F["ansible-managed-node (windows)"]
end
end
A --> B
B --> C
C -- SSH --> D
D -- SSH --> E
D -- WinRM --> F
Using Secure Administrative Workbench
You need to use a SAW VDI to access any servers including the above Ansible servers. These are steps to help ease that.
Preparing SSH via PuTTY
- Ensure you have completed the Setting Up SSH Access for the relevant servers
- You need a secondary MSID
- Generate a new id_rsa public and private key pair
- You need to submit a request to Add/Modify/Delete Access to Servers(s)
- Copy your private key to your SAW VDI
- This VDI session contains a shared clipboard, so using Notepad you can view, copy, and save your key
- Open PuTTYGen
- Click Conversions -> Import Key
- Browse to your key and choose the file
- Enter the passphrase for the key
- Click
Save Private Key - Save this key in an appropriate location
- Close PuTTYGen
- Open PuTTY
- Open Connection -> Data
- For
Auto-login usernamespecify your secondary ID - Open Connection -> Auth -> Credentials
- For
Private key file for authenticationclick Browse - Browse to the above key file
- Open Session
- Under
Saved Sessions, highlightDefault Settingsand clickSave- This ensures that all new sessions are created using these default settings
Preparing Git
You need to use Git to download the required runbooks, roles, and related repositories within each Ansible node. You have to use a Git Personal Access Token (PAT).
- Open GitHub Profile
- Click on Developer Settings
- Open Personal Access Tokens -> Tokens (classic)
- Click
Generate New Token->Generate New Token (classic) - Enter a
Notethat is easy to remember - Set an
Expirationthat is appropriate - Check the box for
repoonly - Click
Generate Token - Copy the token an appropriate location
- Open a SSH session to a relevant jumpbox
- Configure Git to remember your passwords: <!-- pragma: allowlist secret -->
git config --global credential.helper store - Run a requierd Git clone:
git clone https://github.com/abc/def - Enter your GitHub username (typically
MSID_uhg) - Enter your PAT as your
password
Preparing Ansible
Once you have successfully logged into one of the Ansible servers above, there are a series of steps to get access to the shared ansible installation available in a python virtual environment.
- Add to a group:
sudo usermod -aG automation_group <username>- Consider adding this to your
.bash_profile:echo "source /opt/automation/venv/bin/activate" >> ~/.bash_profile
- Consider adding this to your
- logout/log back in
- Run, if needed:
source /opt/automation/venv/bin/activate - Confirm:
ansible --version
That should get your user added to the correct group with permissions to use the virtual environment and then run the ansible command within that environment.
This will also give you access to the other ansible related commands like ansible-playbook and ansible-galaxy.