I’m not sure if this is the right venue (point me elsewhere if necessary) but…
I’ve not found anything that talks about organizations other than how to add and admin them. If a small “company” is one - why would you want more than one organization? I can see doing that if you are multi-hosting larger companies with multiple “divisions”. Are there examples out there where one or many make sense (and could that be added to the beginning of the tower docs on organizations)?
thx
jim
The main purpose of organizations is multi-tenancy. Each organization restricts access to projects/inventories/jobs to only a subset of users, allowing one AWX/Tower server/cluster to serve different subsets of users as though they had their own separate server. While all organizations are sharing some resources with each other (the database), instance groups and isolated nodes allow each organization to have a certain reserved capacity for running jobs.
For a small company, one organization may be all you need. For a large company, each organization may represent a division/department or a product/project/site within the company. The way you map organizations to your own company structure is up to you.
In Tower, the self-support edition is limited to only one organization, while the standard/premium editions can have multiple (https://www.ansible.com/products/tower/editions).
Is there a way for a team member to create an template and give permission to run this template to another team that is not in the same organization? I have a customer with development and operations in different companies and would like to get the development team to what to be done on production servers via a Ansible tower template. The only working solution I’ve found is to get an admin to give operations team privileges or to put a operations team in the same organization. The best solution I can think of would be that the dev team could delegate to another org to run template with the inventory decided at runtime.
Regards
Kjell
So far as I understand, organizations are the top-level of hierarchy, and you can’t delegate things between different orgs (at least that’s not what they are made to do).
I have a customer with development and operations in different companies and would like to get the development team to what to be done on production servers via a Ansible tower template.
I think the correct way to do this would be to create Development and Ops Teams within the same Organization, and then you should be able to trivially share content between the two using the permissions tab available on the detail view of any resource.
Actually I am wrong, hah. Investigating this flow now, I’ll report back after I figure this out!
This is actually pretty simple. Any user that is admin of both the org the prod team is in and the org the dev team is in can go to the permissions tab of the JT you want to share and delegate it between the teams. All you have to do is select the team and give them the “execute” role. Note the delegator can be e a system admin account, or just a regular user who has been assigned to org admin of both orgs.
Hope that helps and sorry for the initial confusion on my part,
John