How to access awx-operator api from playbook

Archives AWX Project
,
1

Hello Group,
I have seen a nice Red Hat vido on creating a playbook with a survey spec coded in Jinga.
This is very nice. The Red Hat Auto controller connects via the REST api to create a template with a survey spec from some jinga code.

I am using a version of AWX-OPERATOR based on a single node kubernetes pod.
I do not know what version of the operator I have, maybe ver. 19.

I can connect to the api from postman but so far do knot know how to connect to the api from a playbook hosted on the operator using the awx.awx.job_temolate module.

any suggestions?
Thanks, ewholz

2

Can you share what you have tried and what errors (if any) you are getting?
The module you mention just connects to the API just like you would have done with postman.

Per the module docs (https://docs.ansible.com/ansible/latest/collections/awx/awx/job_template_module.html) there are a couple of parameters you can use to make the connection including:
controller_host
controller_username
controller_password
controller_token
validate_certs

These fields can also be set by environment variables such as CONTROLLER_USERNAME.

  • The AWX Team
3

Hello There,
Thanks for this information. I will review you information here. I am using AWX-OPERATOR,
I have also tried this on a docker based version - ver 17, that requires a bash login to the awx_web image, etc. I get the same errors

my playbook uses the “awx.awx.job_template” module to build the template using this code
I need to review all the info you posted in terms of my installation. Here is the code I am trying to use:
This is a json file - backup.j2 which is called from a playbook using the “awx.awx.job_template” module

{

“name”: “Restore Survey”,

“description”: “Choose which date you want to restore to”,

“spec”: [

{

“type”: “multiplechoice”,

“question_name”: “Rollback to which date?”,

“question_description”: “Rollback revision date, which date do you want to revert to?”,

“variable”: “rollback_date”,

“choices”: [

{% for file in backups.files %}

{% if loop.last %}

“{{file.path.split(‘/’)[-1]}}”

{% else %}

“{{file.path.split(‘/’)[-1]}}”,

{% endif %}

{% endfor %}

],

“required”: true,

“default”: “{{backups.files[0].path.split(‘/’)[-1]}}”

}

]
}
4

Hello AWX project -

thanks for the info in first reply. I added tasks in the main playbook to verify those variables.
I get all those variables - the AAP host shows as “https://awx-b5659cc76-4rtsb”, i am using a username and password, I do not see where
I might get a token for the controller, etc.
I have the “backup-server” which can be the same ip of the awx box, 10.126.8.66, or the IP of another box on the network.
I have in my inventory: “backup-server” with a python definition at python3, and a cisco switch as one of the network devices.
For some reason the error message includes the IP of the switch, and this is where if tails: the error message is:
fatal: [10.127.8.103 → backup-server(10.126.8.66)

“The requested object could not be found at /api/v2/organizations/.”
So why is the switch IP there - I think that is why it is failing - this makes no sense to me…

The template build is called by this code: I am not trying to add a survey yet…

 - name: create restore job template
     ##debug:
       ##msg: "Templated Created Hello "
   awx.awx.job_template:
       name: "Network Automation - Restore"
       job_type: "run"
       organization: "Ansible Automation"
       inventory: "Network Toolkit"
       project: "Network Toolkit LabNet"
       playbook: "toolkit-master/playbooks/network_backup.yml"
       credential: '4'
       survey_enabled: true
  ##     survey_spec: "{{ lookup('template', '{{ playbook_dir }}/../network_setup/templates/backup.j2') }}"
       validate_certs: no
     delegate_to: backup-server  
  ## execution_environment: "Default execution environment"
     ##when: ansible_network_os is not defined
     run_once: true


I can create this template using tower-cli - but cannot add the surevey_spec the survey spec should be buildt from a jinja code file. Have not figured out how to add


jinja code file to the survey_spec. any ideas how I could include a jinja file in a POST method with postman, etc?


thanks for th info,


ewholz
5

A token can be generated for an AWX user through their user page see https://docs.ansible.com/automation-controller/latest/html/administration/oauth2_token_auth.html for more details.
But a username/password will work just fine instead of a token.

As far as the IPs go and this message: fatal: [10.127.8.103 → backup-server(10.126.8.66)
What is happening is that this playbook is running on some collection of servers (which may be only one) and 10.127.8.103 is one of those servers.
Because you have run_once on this task only one of the servers in the collection will be picked to run this task.
In the case above ansible picked 10.127.8.103 as the node that will run the task.
However, you have this task delegated to run on “backup-server”.
So this line is saying “fatal: [ I picked 10.127.8.103 to run this task but it was delegated to backup-server(10.126.8.66)”.

The error message generated “The requested object could not be found at /api/v2/organizations/.” is the module saying that it was unable to find the organization you specified.
Does the “Ansible Automation” organization exist in your AWX instance? If so, does the user you specified with username/password have access to read the organization?

  • The AWX Team
6

Well this is very interesting information - the user should have access to everything no matter what. I will review
your notes, and see If I can find my mistake or error.

Thank you VERY much for replying to my post. It is helpful to say the least,

ewholz

7

Well, everything looks ok to me, the user has access to everything. I ran the playbook in the debug more, here is a copy of the error message - pretty

obtuse but clearly something is not right - I am not sure what the error message is telling me:
“msg”: “The requested object could not be found at /api/v2/organizations/.”,
“exception”: " File "/tmp/ansible_awx.awx.job_template_payload_znvyjn9k/ansible_awx.awx.job_template_payload.zip/ansible_collections/awx/awx/plugins/module_utils/controller_api.py",
line 487, in make_request\n response = self.session.open(method, url.geturl(),
headers=headers, validate_certs=self.verify_ssl, follow_redirects=True,
data=data)\n File "/tmp/ansible_awx.awx.job_template_payload_znvyjn9k/ansible_awx.awx.job_template_payload.zip/ansible/module_utils/urls.py",
line 1446, in open\n
return urllib_request.urlopen(request, None, timeout)\n
File "/usr/lib64/python3.6/urllib/request.py",
line 223, in urlopen\n return opener.open(url, data, timeout)\n
File "/usr/lib64/python3.6/urllib/request.py", line 532, in open\n
response = meth(req, response)\n File "/usr/lib64/python3.6/urllib/request.py",
line 642, in http_response\n ‘http’, request, response, code, msg, hdrs)\n File "/usr/lib64/python3.6/urllib/request.py",
line 570, in error\n return self._call_chain(*args)\n
File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain\n
result = func(*args)\n File "/usr/lib64/python3.6/urllib/request.py",
line 650, in http_error_default\n raise HTTPError(req.full_url, code, msg, hdrs, fp)\n"

let me know what you think, thanks,
ewholz

8

Ok, let’s see if we can troubleshoot this.

Start by loading this page as the user: https:///api/v2/organizations/?name=Ansible+Automation
At the top of the page should be a “count” field, make sure that is 1.
Org names are unique so count should ever be > 1 when filtering on a name.
If it happens to be 0 then just load the page https:///api/v2/organizations/ and see if you can find the name associated with the Ansible Automation organization. Maybe there are extra spaces or special characters in the name?

Something else you could try if the user you are using is a system admin would be running a task like:

  • name: Create an organization
    awx.awx.organization:
    name: “Ansible Automation”

You may want to add description or other options to match how your organization is built in AWX.

If all of the parameters match what is in AWX this should return “OK” instead of “Changed”.

-The AWX Team

P.S. If you want to try something a little more interactive then email, try connecting with us via IRC/Matrix.

9

Hello AWX Project
Thanks for the support on this. I have to use email, as we are “air gapped”

I have two issues I think - one is the fact that the “controller” is a kubernetes pod, so a playbook shows the https://awx-funnyletters-etc address which is the

address of the controller in the pod - the other address is the server hosting the kubernetes cluster: https://lab-awx.testnet.com. from the server address I can access everything

from the api i.e. https://lab-awx.testnet.com/api/v2/organizations/?name=Ansible+Automation, etc. I have tried to use that address in the credentials as well.
I will abort this task for a while - it is possible that there is some sort of mis-configuration in the AWX-OPERATOR itself.
Thanks again for the reponses on this - If I come up with something I will post here,

ewholz