AWX modernization: Ansible Jewel

Hey folks, Jake here again,

We’ve got another update on the AWX modernization that we’d like to share with the Ansible community. As we’ve mentioned from the first announcement here in the forum, our goal has been to refactor AWX into a pluggable, service-based architecture.

Today I’m pleased to announce that, with the availability of the ansible/jewel source code, we’ve reached another significant milestone with our refactoring effort.

The Jewel project and AWX

The ansible/jewel repository provides a proxy layer that connects AWX, for job scheduling and execution, and other pluggable Ansible services.

In the quickstart below we’re going to spin up the Jewel API and an AWX development environment. This table shows you the services that we’ll create and their network locations:

To stand this up locally and try it for yourself, complete the following steps:

1. Fork or clone both the ansible/jewel and ansible/awx repositories.

2. Start an AWX development environment.
   2a. Open a terminal window in the root of the ansible/awx repository.
   2b. Build the development image with make docker-compose-build.
   2c. Start the environment with make docker-compose.
   2d. Note the superuser password. You can also find this with cat tools/docker-compose/_sources/secrets/admin_password.yml.
   2e. Check that AWX is listening on ports 8043 (HTTPS) and 8013 (HTTP). For example, try: curl -sk https://localhost:8043/api/v2/ping/.

3. Start a Jewel development environment.
   3a. Open another terminal window in the root of the ansible/jewel repository.
   3b. Build a headless image with make docker-compose-build HEADLESS=1.
   3c. Start Jewel with make docker-compose-basic HEADLESS=1.
   3d. Check that Jewel is running with curl -sk https://localhost:8000/api/gateway/v1/ -u admin:'<PASSWORD>'.
   3e. Register the AWX service with make register-services.
   3f. Ping AWX via the proxy with curl -sk https://localhost:443/api/controller/v2/ping/.

Your next step could be trying docs/service_token_authentication.md to set up JWT-based trust between Jewel and AWX so they can authenticate API calls. That requires running gw-manage generate_service_secret controller inside the Jewel container and configuring AWX’s RESOURCE_SERVER settings.

Contributions to the Jewel and AWX documentation are welcome. If you’re looking for more ways to get involved and contribute, see John’s Ansible Jewel: Connecting Ansible services post that announces the Jewel project.

Next steps

There are other goals we’ve set out here in the forum, such as simplifying the code base and making it easier to contribute. We want the community to help shape the project and steer technical direction of the AWX project. You can expect to hear more about this in the forum as follow on posts.

Useful links

• Forum: AWX topics
• Forum: Jewel topics
• Forum: Newsletter Category
• AWX project documentation
• AWX code repository

Great to hear that this has been released as OSS. Especially as someone whom already runs AWX, EDA server and soon HUB.

Alas this has just been released as OSS and clearly the repo was/has been designed for the downstream product (AAP). Is there going to be added as part of Jewels DEV lifecycle, the following:

• Official Builds

• UI Builds (Ansible UI project does contain the UI (platform sub-dir) and build however quay.io has access blocked {quay.io/ansible/platform})

• Operator Created

  • If no operator at least kustomize manifests so we can at least deploy it

• Documentation that at least covers features, deployment and setup.

The docker compose doesn’t work…

below are some patches to fix and allow building with the UI included, they address:

• There’s a bug in the version “getter” so it crashes and wont start.

• modification to make and dockerfile so that it clones the current ansible-ui repo and as part of build you can now omit HEADLESS=1 switch.

Apply the patches (i was on commit 63115747b1c4dcd675827869d287393ea9235488). run make docker-compose-build then make docker-compose-basic to start the containers. you’ll have to wait a bit for migrations to finish. I’d advise looking at the logs docker logs -f aap_gw_1 as the admin password will be in it and you’ll see when it’s ready. presto https://localhost:8000/ is available with the ui.

diff --git a/Makefile b/Makefile
index 42d7f7d4..a386117b 100644
--- a/Makefile
+++ b/Makefile
@@ -219,11 +219,18 @@ tools/generated/.django_ansible_base_head: update_django_ansible_base_hash
 
 ## Check to pull the latest platform-ui if needed
 tools/generated/.has_built_ui:
-	$(CONTAINER_ENGINE) pull quay.io/ansible/platform-ui:latest > tools/generated/last_ui_pull
-	if [ ! -f $@ ] || [ `cat tools/generated/last_ui_pull | grep "Image is up to date" | wc -l` == "0" ] ; then \
-	    echo "Updating UI"; \
-	    touch $@ ; \
-	fi
+	if [ ! -d tools/generated/ui ]; then \
+		git clone --depth=1 https://github.com/ansible/ansible-ui tools/generated/ui; \
+	fi; \
+	cd tools/generated/ui; \
+	if [ ! -d node_modules ]; then \
+		npm ci; \
+	fi; \
+	cd platform;\
+	if [ ! -f dist/index.html ]; then \
+		npm run build; \
+	fi; \
+	cd ../../../../;
 
 ## Build the cert file
 tools/generated/gateway.crt:
diff --git a/aap_gateway_api/version.py b/aap_gateway_api/version.py
index f0c4e0df..412ae90f 100644
--- a/aap_gateway_api/version.py
+++ b/aap_gateway_api/version.py
@@ -15,6 +15,10 @@ def generate_version():
             from setuptools_scm import get_version
 
             return get_version()
+
+        except LookupError:
+            return "Unknown"
+
         except ModuleNotFoundError:
             return "Unknown"

diff --git a/tools/ansible/roles/sources/templates/Dockerfile.j2 b/tools/ansible/roles/sources/templates/Dockerfile.j2
index ad1fa279..fbdde44a 100644
--- a/tools/ansible/roles/sources/templates/Dockerfile.j2
+++ b/tools/ansible/roles/sources/templates/Dockerfile.j2
@@ -103,7 +103,7 @@ ENV PYTHONPATH=/opt/aap_gateway/src
 {% if not headless | bool %}
 # Pull in the platform-ui, this can change frequently so it should be one of the last things we try and do
 # placeholder until public image available
-COPY --from=quay.io/ansible/platform-ui:latest /usr/share/nginx/html /opt/aap_gateway/platform_ui
+COPY tools/generated/ui/platform/dist /opt/aap_gateway/platform_ui
 {% endif %}
 
 USER 1000