Enabling and configuring Automation Action Ansible sensor
The Automation Action Ansible sensor supports the Managing automation feature.
For more information, see Managing automation. The sensor is automatically deployed and installed after you install the Instana agent.
With this sensor, the Instana agent can run Ansible actions that have been imported into the action catalog in Instana. The sensor uses the Ansible automation connector to connect to the Ansible Automation Controller on which it is to run jobs.
Prerequisites
Before you enable this sensor, complete the following steps:
- Review the information in Securely using the automation framework.
- If the sensor is used in a self-hosted (on-premises) environment, ensure that the automation feature flag is enabled.
Enabling the sensor
The Automation Action Ansible sensor is disabled by default. To enable the sensor, update the agent configuration file as shown in the following example.
com.instana.plugin.action.ansible:
enabled: true # by default is false
url: <ansible_url> # Ansible Automation Controller url
apiPath: <api_path> # Optional, default path is /api/v2. For Ansible Automation Controller 2.5+, use /api/controller/v2
token: # the token to connect to Ansible Automation Controller
configuration_from:
type: vault
secret_key:
path: <secret_path>
key: <secret_key>
The following example shows the use of plain text token in the configuration and is for reference purpose only.
com.instana.plugin.action.ansible:
enabled: true # by default is false
url: <ansible_url> # Ansible Automation Controller url
apiPath: <api_path> # Optional, default path is /api/v2. For Ansible Automation Controller 2.5+, use /api/controller/v2
token: <ansbile_token> # the token to connect to Ansible Automation Controller
Modifying the number of concurrent Ansible actions
The Ansible sensor can run 10 concurrent Ansible actions, by default. To modify the maximum number of concurrent Ansible actions, add the maxConcurrentActions attribute to the Ansible sensor configuration in the agent configuration file as shown in the following example:
com.instana.plugin.action.ansible:
enabled: true
maxConcurrentActions: 5 # optional, default value is 10
Configuring default timeout
By default, an Ansible action times out after 300 seconds. If you want to change the default timeout for the Ansible action run, add the defaultTimeout attribute to the Ansible sensor configuration section in the agent configuration file as follows:
com.instana.plugin.action.ansible:
enabled: true
defaultTimeout: 30 # optional, default timeout is 300 seconds
Integrating a secret manager
If the Ansible action in your action catalog uses Vault parameters, you must integrate the host agent with a secret manager.
Configuring the Ansible automation connector
This step is only required if you use version 1.0.56 or older.
The previous versions of Automation Action Ansible sensor use an Ansible automation connector image. To use the sensor, make sure that a container management engine (Docker or Podman) is available on the Instana agent.
By using the Ansible automation connector image, the sensor connects to the Ansible automation controller and runs jobs on it. The automation connector image is pulled from the icr.io/instana/actions registry when the sensor is activated.
If the agent machine does not have access to the icr.io image registry, then set offline=true in the sensor configuration and load the automation connector image to the local registry on the agent system.
To configure the automation connector, update the agent configuration file as shown in the following example:
com.instana.plugin.action.ansible:
enabled: true
url: <ansible_url>
token:
configuration_from:
type: vault
secret_key:
path: <secret_path>
key: <secret_key>
connector:
container_mgmt_engine: docker|podman # the container management engine
host_port: 9080 # the port on the host to bind the connector container to
ready_timeout: 60 # optional, default timeout is 300 seconds
offline: false|true # optional, default is false
Loading automation connector image to the local registry
If the agent machine does not have access to the icr.io image registry, then load the image to the local image registry on the agent system.
To load the image to the local image registry on the agent system, complete the following steps:
-
On a machine with internet access, download the latest Ansible automation connector image:
docker pull icr.io/instana/actions/awx:latest -
Save the image to an archive file:
docker save <image_id> > /tmp/awx.tar -
Copy the archive to the agent machine and then load the image to the local image registry:
docker load < /tmp/awx.tar -
Tag the image:
docker tag <image_id> icr.io/instana/actions/awx:latest
Troubleshooting
You might encounter the following issue while using the Automation Action Ansible sensor:
API path configuration for Ansible Automation Controller 2.5 or later
Update the API path configuration when using Ansible Automation Controller 2.5 or later to resolve connection issues.
For Ansible Automation Controller 2.5 or later, the API path has changed from /api/v2 to /api/controller/v2. The sensor uses /api/v2 as the default path for backward compatibility with earlier versions.
If you experience connection issues or cannot retrieve job templates from Ansible Automation Controller 2.5 or later, update the apiPath parameter in your agent configuration (instanaAgentDir/etc/instana/configuration.yaml):
com.instana.plugin.action.ansible:
enabled: true
url: https://your-ansible-controller.example.com
apiPath: /api/controller/v2 # Required for Ansible Automation Controller 2.5+
token:
configuration_from:
type: vault
secret_key:
path: <secret_path>
key: <secret_key>To verify the correct API path, test with the following curl command:
curl -k -H "Authorization: Bearer <your_token>" https://your-ansible-controller.example.com/api/controller/v2/job_templates/If the curl command successfully returns job templates, the API path is correct.