Automation Action Ansible

The Automation Action Ansible sensor supports the Managing automation feature.

The sensor is automatically deployed and installed after you install the Instana agent.

With this sensor, the Instana agent can run Ansible actions that have been imported into the action catalog in Instana. The sensor uses the Ansible automation connector to connect to the Ansible Automation Controller on which it is to run jobs.

Enabling and configuring the sensor

The Automation Action Ansible sensor is disabled by default. To enable and configure the sensor, update the agent configuration file as covered in the following sections. Before you enable this sensor, review the information in Securely using the automation framework.

Prerequisites

The Automation Action Ansible sensor uses an Ansible automation connector image. To use the sensor, ensure that a container management engine (Docker or Podman) is available on the Instana agent.

To use the sensor in a self-hosted (on-premises) environment, ensure that the automation feature flag is enabled.

Enabling the sensor

To enable the sensor, update the agent configuration file as shown in the following example. Use the vault for token as shown in the example.

com.instana.plugin.action.ansible:
  enabled: true # by default is false
  url: <ansible_url> # Ansible Automation Controller url
  token: # the token to connect to Ansible Automation Controller
    configuration_from:
      type: vault
      secret_key:
        path: <secret_path>
        key: <secret_key> 

Configuring the Ansible automation connector

By using the Ansible automation connector image, the sensor connects to the Ansible automation controller and runs jobs on it. The automation connector image is pulled from the icr.io/instana/actions registry when the sensor is activated.

If the agent machine does not have access to the icr.io image registry, then set offline=true in the sensor configuration and load the automation connector image to the local registry on the agent system.

To configure the automation connector, update the agent configuration file as shown in the following example:

com.instana.plugin.action.ansible:
  enabled: true
  url: <ansible_url>
  token:
    configuration_from:
      type: vault
      secret_key:
        path: <secret_path>
        key: <secret_key>
  connector:
    container_mgmt_engine: docker|podman # the container management engine
    host_port: 9080 # the port on the host to bind the connector container to
    ready_timeout: 60 # optional, default timeout is 300 seconds
    offline: false|true # optional, default is false

Modifying the number of concurrent Ansible actions

The Ansible sensor can run 10 concurrent Ansible actions, by default. To modify the maximum number of concurrent Ansible actions, add the maxConcurrentActions attribute to the Ansible sensor configuration in the agent configuration file as shown in the following example:

com.instana.plugin.action.ansible:
  enabled: true
  maxConcurrentActions: 5  # optional, default value is 10

Default timeout configuration

By default, an ansible action times out after 300 seconds. If you want to change the default timeout for the ansible action run, add the defaultTimeout attribute to the ansible sensor configuration section in the agent configuration file as follows:

com.instana.plugin.action.ansible:
  enabled: true
  defaultTimeout: 30 # optional, default timeout is 300 seconds

Loading automation connector image to the local registry

If the agent machine does not have access to the icr.io image registry, then load the image to the local image registry on the agent system.

To load the image to the local image registry on the agent system, complete the following steps:

  1. On a machine with internet access, download the latest Ansible automation connector image:

    docker pull icr.io/instana/actions/awx:latest
    
  2. Save the image to an archive file:

    docker save <image_id> > /tmp/awx.tar
    
  3. Copy the archive to the agent machine and then load the image to the local image registry:

    docker docker load < /tmp/awx.tar
    
  4. Tag the image:

    docker tag <image_id> icr.io/instana/actions/awx:latest
    

Integrating a secret manager

If the Ansible action in your action catalog uses Vault parameters, you must integrate the host agent with a secret manager.