Introduction to Event-Driven Ansible
- Section GitOps with Event-Driven Ansible
- Guided Exercise: GitOps with Event-Driven Ansible
- Event-Driven Ansible and NetOps
- Guided Exercise: Event-Driven Ansible and NetOps
- Guided Exercise: Event-Driven Ansible and Automated Notifications
- Guided Exercise: Triggering Event-Driven Ansible from a Chat Room
- Summary
Abstract
| Goal |
Explore some examples of use cases for Event-Driven Ansible. |
| Objectives |
|
| Sections |
|
Configure Event-Driven Ansible to react to events generated by Git operations, such as push notifications or pull requests, and be able to use these events to build a GitOps workflow.
A webhook is a user-defined HTTP callback, performed as an HTTP POST request, which allows applications to communicate and share information with each other. Most often, webhooks are used to inform applications about events. The message sent by the POST request is usually formatted as JSON or XML content or as form data that the application can interpret. Webhook calls are usually authenticated to ensure that unauthorized requests are rejected.
Previously you learned that Event-Driven Ansible can react to incoming webhook events by using the ansible.eda.webhook event source plug-in.
If the webhook events come from a Git repository, triggered by operations such as new commits being added to a particular branch, then Event-Driven Ansible controller can communicate with automation controller to perform specific tasks.
For example, a new commit to a Git repository could cause Event-Driven Ansible controller to trigger a workflow template in automation controller. The workflow template might update a related project and then launch a job template that uses that project.
The following diagram shows a continuous integration workflow using webhooks and Event-Driven Ansible.
 |
You can create the following Ansible Rulebook as a starting point to test webhooks sent from a Git repository:
---
- name: Capture events posted from Git server
hosts: all
sources:
- name: Match events posted to port 5000
ansible.eda.webhook:
host: 0.0.0.0
port: 5000
rules:
- name: Debug if the webhook has a payload
condition: event.payload is defined
action:
debug:On receiving an event payload, the single rule prints the event data by using the debug action.
Before Event-Driven Ansible controller can react to Git webhook events, you must configure your Git repository to send webhooks.
Your Git repository server can be any implementation that can send webhooks, such as GitHub, GitLab, Gitea, and so on. In this course, GitLab is used as the Git repository server.
Note
GitLab is used as the example Git repository server for presentations and hands-on activities in this course, because it is commonly used and because it is representative of the way a number of Git repository servers work.
If you are not using GitLab as your Git repository, you can probably configure your Git repository server by using a procedure similar to the one that this course illustrates using GitLab. Documentation links for GitHub and Gitea are included at the end of this section.
Before you can configure webhooks on your GitLab server, an administrator of that server must configure it to use webhooks. Use the following procedure to configure webhooks:
Log in to the GitLab web UI as a user that has an
adminrole.Scroll down and click the box.
In the sidebar, go to → .
Scroll down to the section and expand it.
Make sure that the Event-Driven Ansible controller to which you want to send webhook notifications is listed under .
The result should appear similar to the following:
Figure 3.2: Enabling GitLab for webhook notifications to Event-Driven Ansible controllerClick .
After making this configuration change, regular users can create webhooks for their Git projects.
Perform the following procedure on every project that is expected to use webhooks:
Log in to the GitLab web UI as a regular user.
Navigate to the Git projects under → .
Click the link for the Git project to configure.
Go to → and select .
On the configuration page, enter the URL of the webhook endpoint into the field.
Important
At the time of writing this course it is not yet possible to enable TLS support for the webhook by specifying the path to the certificate and key files, so you must use
http(nothttps) in the URL of the webhook endpoint.The result should appear similar to the following:
Figure 3.3: Webhook example of URL configurationIn the section, select which events trigger the webhook notification, such as or . Select as many triggers as you want.
Click .
Before testing a GitLab webhook, you must ensure the following:
You have a running rulebook that listens for the webhook event. The rulebook might be running using the
ansible-rulebookcommand, or as a rulebook activation in Event-Driven Ansible controller.The machine running the rulebook allows firewall access to the specified port, such as port 80, port 443, or port 5000.
Follow this procedure to test a configured webhook in GitLab:
Log in to the GitLab web UI as a regular user and go to → .
Click the link for the Git project to test.
Click → . If you configured the hook correctly, you see the
Hook executed successfully: HTTP 200message.
Note
If your rulebook is not running yet or the firewall has the port for the webhook closed, you receive the Hook execution failed message, indicating a refused connection.
After testing a webhook, you can obtain values from the event and use this information to create rules in rulebooks.
From the page for a project, click and then scroll down to the section to see the list of results for your tests.
Figure 3.4: List of recent webhook eventsClick for the event that you are interested in.
Scroll down to the section.
 |
Headers example for a webhook push event
You can use event header information to create rules that match a specific event type.
Important
Keys in the event payload can only contain letters, numbers, and underscores.
If you want to use the event header information to create rules, then you must use the ansible.eda.dashes_to_underscores filter in the event source plug-in:
---
- name: Capture events posted from Git server
hosts: all
sources:
- name: Match events posted to port 5000
ansible.eda.webhook:
host: 0.0.0.0
port: 5000
filters:
- ansible.eda.dashes_to_underscores:The ansible.eda.dashes_to_underscores filter converts the dashes to underscores.
The following examples assume that you specified the ansible.eda.dashes_to_underscores filter for the event source plug-in, so that the hyphens in the displayed header output are converted to underscores in the conditions.
You can use the following rule to capture push events:
rules:
- name: Get push event details
condition: event.meta.headers.X_Gitlab_Event == "Push Hook"You can use the following rule to capture merge events:
rules:
- name: Get merge event details
condition: event.meta.headers.X_Gitlab_Event == "Merge Request Hook"With these new conditions, you can run your rulebook and test the event again, analyze the View details output, and increase the number of conditions for the rulebook rules.
By refining your rule conditions, you can ensure that your rule only applies to the events that are important to you.
The following rulebook runs the Development deploy job template in automation controller in response to push events from the devel branch of your gitops_app project in GitLab:
---
- name: Capture events posted from Git server
hosts: all
sources:
- name: Match events posted to port 5000
ansible.eda.webhook:
host: 0.0.0.0
port: 5000
filters:
- ansible.eda.dashes_to_underscores:
rules:
- name: Respond to push event
condition: >
event.payload.repository.name == "gitops_app"
and event.meta.headers.X_Gitlab_Event == "Push Hook"
and event.payload.ref is search("devel")
action:
run_job_template:
name: Development deploy
organization: DefaultReferences
GitLab documentation on webhooks is available at https://docs.gitlab.com/ee/user/project/integrations/webhooks.html
GitHub documentation on webhooks is available at https://docs.github.com/en/webhooks/
Gitea documentation on webhooks is available at https://docs.gitea.com/usage/webhooks