Automation Action Ansible
The Automation Action Ansible sensor supports the Managing automation feature.
The sensor is automatically deployed and installed after you install the Instana agent.
With this sensor, the Instana agent can run Ansible actions that have been imported into the action catalog in Instana. The sensor uses the Ansible automation connector to connect to the Ansible Automation Controller on which it is to run jobs.
Enabling and configuring the sensor
The Automation Action Ansible sensor is disabled by default. To enable and configure the sensor, update the agent configuration file as covered in the following sections. Before you enable this sensor, review the information in Securely using the automation framework.
Prerequisites
The Automation Action Ansible sensor uses an Ansible automation connector image. To use the sensor, ensure that a container management engine (Docker or Podman) is available on the Instana agent.
To use the sensor in a self-hosted (on-premises) environment, ensure that the automation feature flag is enabled.
Enabling the sensor
To enable the sensor, update the agent configuration file as shown in the following example. Use the vault for
token
as shown in the example.
com.instana.plugin.action.ansible:
enabled: true # by default is false
url: <ansible_url> # Ansible Automation Controller url
token: # the token to connect to Ansible Automation Controller
configuration_from:
type: vault
secret_key:
path: <secret_path>
key: <secret_key>
Configuring the Ansible automation connector
By using the Ansible automation connector image, the sensor connects to the Ansible automation controller and runs jobs on it. The automation connector image is pulled from the icr.io/instana/actions
registry when the sensor is
activated.
If the agent machine does not have access to the icr.io
image registry, then set offline=true
in the sensor configuration and load the automation connector image to the local registry on the agent system.
To configure the automation connector, update the agent configuration file as shown in the following example:
com.instana.plugin.action.ansible:
enabled: true
url: <ansible_url>
token:
configuration_from:
type: vault
secret_key:
path: <secret_path>
key: <secret_key>
connector:
container_mgmt_engine: docker|podman # the container management engine
host_port: 9080 # the port on the host to bind the connector container to
ready_timeout: 60 # optional, default timeout is 300 seconds
offline: false|true # optional, default is false
Modifying the number of concurrent Ansible actions
The Ansible sensor can run 10 concurrent Ansible actions, by default. To modify the maximum number of concurrent Ansible actions, add the
maxConcurrentActions
attribute to the Ansible sensor configuration in the agent configuration file as shown in the following example:
com.instana.plugin.action.ansible:
enabled: true
maxConcurrentActions: 5 # optional, default value is 10
Default timeout configuration
By default, an ansible action times out after 300 seconds. If you want to change the default timeout for the ansible action run, add the defaultTimeout
attribute to the ansible sensor configuration section in the agent configuration
file as follows:
com.instana.plugin.action.ansible:
enabled: true
defaultTimeout: 30 # optional, default timeout is 300 seconds
Loading automation connector image to the local registry
If the agent machine does not have access to the icr.io
image registry, then load the image to the local image registry on the agent system.
To load the image to the local image registry on the agent system, complete the following steps:
-
On a machine with internet access, download the latest Ansible automation connector image:
docker pull icr.io/instana/actions/awx:latest
-
Save the image to an archive file:
docker save <image_id> > /tmp/awx.tar
-
Copy the archive to the agent machine and then load the image to the local image registry:
docker docker load < /tmp/awx.tar
-
Tag the image:
docker tag <image_id> icr.io/instana/actions/awx:latest
Integrating a secret manager
If the Ansible action in your action catalog uses Vault parameters, you must integrate the host agent with a secret manager.