AWX Isolated Node Setup

AWX Isolated Node Setup

Isolated nodes in AWX/Tower are used to do work in remote or secured networks. The only connection required is SSH between the “controller” node (the main AWX/Tower instance), and your remote node. This device can now do work for you in this remote network. 

The problem with setting these up is that I have yet to find a complete step-by-step guide on how to get this setup. I’m hoping this will help others get this working for them. This is a bit different than just adding “worker” nodes to AWX/Tower, as there’s limited connectivity. Otherwise, for normal “worker” nodes for AWX/Tower, they require full connectivity to the “control” node. 

Setup:

On your isolated node, create a user called awx with a strong password. (should be able to use whatever username you want, but I haven’t had time to test this)

Log into your “controller” node, and we will use some awx-manage commands to provision this new worker node. Make sure to save they key generated in command one in a vault or safe for use later.

awx-manage generate_isolated_key

awx-manage provision_instance --hostname <isolated_node_hostname> --is-isolated

awx-manage register_queue --queuename <queue_name> --hostname <isolated_node_hostname> --controller <controller_name>

Log back into your isolated node, and add that key to ssh authorized hosts for the awx user.

Once this key is added, there is a testing command from the control node you can run to verify connectivity. Remember, permissions are always still in play, so make sure your awx user has rights to whatever it might need to do locally on that box, for thing like installing packages or creating files/directories. You can also use a user in your actual jobs that has these rights as well.

awx-manage test_isolated_connection --hostname <isolated_node_hostname>

Assuming this test is successful, you should now see a new instance group in AWX:

New Isolated Node

If you click on the new node name you can see your worker nodes assigned to this instance.

Isolated Node Name

You can now tweak how many forks you want it to handle and view capacity as jobs are running to see if you need to add more nodes to comply with the load. Forks are how many job instances the node can handle. This will depend on the resources available on your isolated node.

Now you can assign templates to your instance groups to do work from these nodes.

Assign template to Instance Group

Now whatever templates you assign to this new instance group will be run from any nodes as part of this instance group. Keep this in mind when building new instance nodes and assigning templates. Make sure your isolated node can reach the devices you intend to manage when you’re assigning templates.

Leave a Reply

Your email address will not be published. Required fields are marked *