Navigation
AnsibleUpdated July 3, 2026

Interim Ansible Setup (Pre-AWX)

ansibleinterim-setuppre-awxansible-serversazure-subscriptionsworkflowmigration

Interim Ansible Setup (pre-AWX)

The intent of this document is to communicate how to use ansible for automation regarding the specifics of the Epic on Azure ecosystem.

Status as of end-of-week Feb. 21st - Manuel Palacios stated he believes AWX will be avalable by end of March 2025.

It will not cover the structure of ansible code, which is already well-documented here.

Ansible Servers

The table below shows the 2 Ansible servers in use along with their connection info and Azure subscdription locations of hosts they should target.

NameIP AddressTarget Azure Subscriptions
zwtlanssh10110.150.241.198OHEMR-SUB-EPIC-TEST-001
zwplansew00110.150.199.196OHEMR-SUB-EPIC-SHARED-001, OHEMR-SUB-EPIC-NPD-001, OHEMR-SUB-EPIC-PRO-001

Ansible Workflow

graph LR
  A[External Workstation]

  subgraph Optum
    B[Dev VDI]
    C[SAW VDI]

    subgraph Azure
      D[ansible-controller-node]
      E["ansible-managed-node (linux)"]
      F["ansible-managed-node (windows)"]
    end
  end

  A --> B
  B --> C
  C -- SSH --> D
  D -- SSH --> E
  D -- WinRM --> F

Using Secure Administrative Workbench

You need to use a SAW VDI to access any servers including the above Ansible servers. These are steps to help ease that.

Preparing SSH via PuTTY

  1. Ensure you have completed the Setting Up SSH Access for the relevant servers
  2. Copy your private key to your SAW VDI
    • This VDI session contains a shared clipboard, so using Notepad you can view, copy, and save your key
  3. Open PuTTYGen
  4. Click Conversions -> Import Key
  5. Browse to your key and choose the file
  6. Enter the passphrase for the key
  7. Click Save Private Key
  8. Save this key in an appropriate location
  9. Close PuTTYGen
  10. Open PuTTY
  11. Open Connection -> Data
  12. For Auto-login username specify your secondary ID
  13. Open Connection -> Auth -> Credentials
  14. For Private key file for authentication click Browse
  15. Browse to the above key file
  16. Open Session
  17. Under Saved Sessions, highlight Default Settings and click Save
    • This ensures that all new sessions are created using these default settings

Preparing Git

You need to use Git to download the required runbooks, roles, and related repositories within each Ansible node. You have to use a Git Personal Access Token (PAT).

  1. Open GitHub Profile
  2. Click on Developer Settings
  3. Open Personal Access Tokens -> Tokens (classic)
  4. Click Generate New Token -> Generate New Token (classic)
  5. Enter a Note that is easy to remember
  6. Set an Expiration that is appropriate
  7. Check the box for repo only
  8. Click Generate Token
  9. Copy the token an appropriate location
  10. Open a SSH session to a relevant jumpbox
  11. Configure Git to remember your passwords: <!-- pragma: allowlist secret --> git config --global credential.helper store
  12. Run a requierd Git clone: git clone https://github.com/abc/def
  13. Enter your GitHub username (typically MSID_uhg)
  14. Enter your PAT as your password

Preparing Ansible

Once you have successfully logged into one of the Ansible servers above, there are a series of steps to get access to the shared ansible installation available in a python virtual environment.

  1. Add to a group: sudo usermod -aG automation_group <username>
    • Consider adding this to your .bash_profile: echo "source /opt/automation/venv/bin/activate" >> ~/.bash_profile
  2. logout/log back in
  3. Run, if needed: source /opt/automation/venv/bin/activate
  4. Confirm: ansible --version

That should get your user added to the correct group with permissions to use the virtual environment and then run the ansible command within that environment.

This will also give you access to the other ansible related commands like ansible-playbook and ansible-galaxy.