In this article, I will show how to install and manage Red Hat Ansible Tower on Red Hat OpenShift Container Platform. Ansible Tower helps you scale IT automation, manage complex deployments, and improve productivity. You can centralize and control your IT infrastructure with a visual dashboard, and it provides role-based access control, job scheduling, integrated notifications, graphical inventory management, and more.

As you may know, Ansible Tower 3.3, the latest release of this automation platform, was released a few weeks ago and added new features. From the release notes you'll see that Ansible Tower 3.3 added support for a container-based installation on top of OpenShift

In this blog, we'll see how easy it is to set up Ansible Tower 3.3 on OpenShift and have it running as a container in just a few minutes.

Overview of the process

We'll follow these steps:

  1. Log in on an existing OpenShift installation.
  2. Create a dedicated project where Ansible Tower will be installed.
  3. Create a persistent volume claim (PVC) and, if it's not already present, create a physical volume (PV).
  4. Start the installation process.
  5. Finally, use Ansible Tower as a service and perform a scale-out.

Resources and requirements

Refer to the following resources:

The requirements mentioned in OpenShift Deployment and Configuration for Ansible Tower on OpenShift are:

  • Red Hat OpenShift 3.6+
  • Per-pod default resource requirements:
    • 6GB RAM
    • 3 CPU cores
  • OpenShift command-line tool (oc) on the machine running the installer
  • A set-up and running OpenShift cluster
  • Admin privileges for the account running the OpenShift installer


So let's start to create the Ansible Tower prerequisites on OpenShift. First, let's log in:

$ oc login myamazingopenshiftcluster -u myuser -p mypassword
Username: myuser
Login successful.

You have access to the following projects and can switch between them with 'oc project <projectname>':


Using project "default".

The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y

Login successful.

Let's create a new project called tower:

$ oc new-project tower

Now using project "tower" on server "https://myamazingopenshiftcluster :443".

You can add applications to this project with the 'new-app' command. For example, try:

$ oc new-app centos/ruby-22-centos7~

to build a new example application in Ruby.

As additional prerequisites, Ansible Tower requires a PVC to be used by a Postgres database to persist its data.

In our case, we are going to create a 10 GB PVC using this YAML file:

$ cat postgres-nfs-pvc
apiVersion: v1
kind: PersistentVolumeClaim
name: postgresql
- ReadWriteOnce
storage: 10Gi

Now we can ask OpenShift to create the PVC for us:

$ oc create -f postgres-nfs-pvc

persistentvolumeclaim "postgresql" created

Our PVC will be bound to a PV that matches the access method and size.

If you don't have a PV that will be claimed by our PVC, you can follow the official OpenShift documentation to create it.

$ oc get pvc

postgresql   Bound  vol118    10Gi     RWO,RWX        2s


Last, you have to download the installation setup tar file,  untar it, and then execute the following:

$ ./ -e openshift_host=https://myamazingopenshiftcluster:443 -e openshift_project=tower -e openshift_user=myuser -e openshift_password=mypassword -e admin_password=toweradminpwd-e secret_key=mysecret -e pg_username=postgresuser -e pg_password=postgrespwd -e rabbitmq_password=rabbitpwd -e rabbitmq_erlang_cookie=rabbiterlangpwd

The script will execute some Ansible playbooks and those will manage for you the entire installation by creating your pods, services, and routes.

That's all! In a few minutes, Ansible Tower will be up and running.

Ansible Tower set up in Red Hat OpenShift Container Platform


Let's now investigate how Ansible Tower was installed. As you may notice from the UI, there is one pod composed of four containers managed through a StatefulSet.

Run the following command from the CLI:

$ oc describe sts ansible-tower
Name: ansible-tower
Namespace: tower
CreationTimestamp: Tue, 09 Oct 2018 17:14:51 +0200
Selector: app=ansible-tower,name=ansible-tower-web-deploy,service=django
Labels: app=ansible-tower
Replicas: 1 desired | 1 total
Pods Status: 1 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app=ansible-tower
Service Account: awx

output truncated

As you may notice, the Replicas value is 1, so one pod (that is, one Ansible Tower instance) will be running.

The good thing is that if you can scale up your StatefulSet replica count, Ansible Tower will be scaled accordingly!

You can manage this change by using the UI and editing the YAML file or by using oc.

Take a look at the current status:

$ oc get sts
ansible-tower 1       1       3d

Here's how to scale up:

$ oc scale --replicas=2 sts ansible-tower
statefulset "ansible-tower" scaled

Now check the running configuration again:

$ oc get sts
ansible-tower 2       2       3d

Here's what the web console shows now:

The result after scaling up


That's all! If you want to see a short demo of the process, check out this video:



Last updated: October 12, 2020