DO467 - ch08s06

This command ensures that automation controller is installed and configured with any necessary resources created in previous exercises. It also creates additional Vault credentials and uploads a new playbook into the Git repository.

[student@workstation ~]$ lab start code-api

Procedure 8.3. Instructions

In a web browser, log in to automation controller as admin and set the fact cache timeout to one day.
1. Navigate to https://controller.lab.example.com and log in as the admin user with redhat as the password.
2. Navigate to Settings, and on the Jobs section click Jobs settings to open the Details page. 1.3) Scroll down and click Edit.
3. Set Per-Host Ansible Fact Cache Timeout to 86400 seconds (one day), and then click Save.
Navigate to https://controller.lab.example.com/api/ to examine the browsable API on that automation controller, using a new tab in your web browser.
1. Open a new tab in your web browser, and navigate to https://controller.lab.example.com/api/. You should see the browsable API for automation controller. Because you logged in as admin on this web browser and have not logged out, you are authenticated to the API as the admin user.
2. Click one of the /api/v2/ link to access the browsable list of all the available resources accessible throughout the API.
3. From the list, click the /api/v2/ping/ link to access that URI. On the instances object for the controller.lab.example.com node you can see the heartbeat time stamp value.
  An external program can use this URI to verify that the automation controller server is operating.
```
...output omitted...
    "instances": [
        {
            "node": "controller.lab.example.com",
            "node_type": "hybrid",
            "uuid": "0230c1cb-5f20-4db4-b186-394bc8e9ccea",
            "heartbeat": "2022-06-14T17:07:55.992650Z",
            "capacity": 36,
            "version": "4.2.0"
        }
...output omitted...
```
In your web browser, use the API to launch a job from the existing Refresh Fact Cache job template.
1. Click the Version 2 link at the top of the page to return to the /api/v2/ URI.
2. Click the /api/v2/job_templates/ link to access the list of available job templates.
3. From the list of results, locate the job template containing "name": "Refresh Fact Cache". Scroll up to find its url resource and click the link to access the template. The link should be /api/v2/job_templates/11/ or similar. (The number at the end of the link might be a different number.)
4. Look for the job template’s related resource named launch. Click the link associated with that resource. The link should be /api/v2/job_templates/11/launch/ or similar.
```
...output omitted...
            "schedules" : "/api/v2/job_templates/11/schedules/",
            "launch" : "/api/v2/job_templates/11/launch/",
            "notification_templates_success" : "/api/v2/job_templates/11/notification_templates_success/"
...output omitted...
```
  This link sends a GET request to the launch resource for that job template, providing details about what information is needed to launch a job from the template.
5. To watch the execution of the job you are about to launch, return to the automation controller web UI tab. Click Views → Jobs in the navigation bar.
6. Go back to the https://controller.lab.example.com/api/v2/job_templates/11/launch/ tab.
  Go to the bottom of the page and click POST to launch the job.
  The page immediately refreshes with JSON information about the launched job, including the job id number.
7. Quickly switch to the tab displaying the Jobs page in the automation controller web UI.
  The launched job should be at the top of the list of jobs that have been run. You can confirm it is the job you launched by matching its ID in the web UI on this tab with the id in the JSON output for the job on the other tab.

Use curl to launch a job from an existing job template through the API.

Search for the Refresh Fact Cache job template by using the API with a name filter. Determine the ID of the job template. This ID should be the same as the one that you saw using your web browser earlier in this exercise.

[student@workstation ~]$ curl -X GET --user admin:redhat \
> https://controller.lab.example.com/api/v2/job_templates/?name="Refresh Fact Cache" \
> -k -s | jq

In the preceding command, the -k option instructs curl to operate even if it cannot verify the SSL certificate. The -s option instructs curl to only display the returned data; it does not display progress or error messages.

            "survey_spec" : "/api/v2/job_templates/11/survey_spec/",
            "launch" : "/api/v2/job_templates/11/launch/",
            "activity_stream" : "/api/v2/job_templates/11/activity_stream/",
            "jobs" : "/api/v2/job_templates/11/jobs/",

Now that you have confirmed the ID for the Refresh Fact Cache job template, use that number and the job template’s launch resource to get information about how to launch the job.

[student@workstation ~]$ curl -X GET --user admin:redhat \
> https://controller.lab.example.com/api/v2/job_templates/11/launch/ -k -s \
> | jq
{
   "passwords_needed_to_start" : [],
   "ask_limit_on_launch" : false,
   "ask_inventory_on_launch" : false,
   "can_start_without_user_input" : true,
   "defaults" : {
...output omitted...

Because you can launch this job without user input, you can issue a POST request to the same URL to launch the job, without providing any additional data.

[student@workstation ~]$ curl -X POST --user admin:redhat \
> https://controller.lab.example.com/api/v2/job_templates/11/launch/ -k -s \
> | jq
{
...output omitted...
   "unified_job_template" : 11,
   "skip_tags" : "",
   "execution_environment" : 3,
   "job_type" : "run",
   "forks" : 0,
   "job_slice_number" : 0,
   "job_template" : 11,
   "extra_vars" : "{}",
   "created" : "2022-06-17T20:35:38.191129Z",
...output omitted...
   "use_fact_cache" : true,
   "result_traceback" : "",
   "artifacts" : {},
   "job_env" : {},
   "project" : 10,
   "id" : 7,
   "ignored_fields" : {},
   "job" : 7,
   "job_cwd" : "",
...output omitted...
}

Pay attention to the id number for the launched job in the JSON output.

Return to the automation controller web UI tab that displays the Jobs page.
The job launched by the curl command should now be at the top of the list of jobs that have run. Again, you can confirm that it is the job you just launched by comparing the ID in the web UI with the id you just saw in the JSON output from the curl command.

You have been provided with a playbook named api_controller.yml that uses the automation controller API to launch a job from an existing job template. Look at the playbook to see how it works.

The username and password to access the API are stored in this playbook, and so it is encrypted using the ansible-vault command, with a password of redhat.

From a terminal, create the /home/student/git-repos directory if it does not already exist, and then change into it.
```
[student@workstation ~]$ mkdir -p ~/git-repos/
[student@workstation ~]$ cd ~/git-repos/
```

Clone the https://git.lab.example.com/git/internal_web.git repository, which contains the api_controller.yml playbook, to the /home/student/git-repos directory.

[student@workstation git-repos]$ git clone \
> https://git.lab.example.com/git/internal_web.git
Cloning into 'internal_web'...
...output omitted...
[student@workstation git-repos]$ cd internal_web

Inspect the contents of the api_controller.yml playbook. The contents of the file are encrypted:

[student@workstation internal_web]$ cat api_controller.yml
$ANSIBLE_VAULT;1.1;AES256
62633766376433336366313731643761663863656339623938646234386334633764646436626363
3065366133316630616164343461366465323833626631660a373165303136383236653033613663
31646132653439646464363735666236653636393761336632326138373137343438626430663039
3165356237326236310a373034323434336364383037623536623961356263333863396334303163
...output omitted...

You can use the ansible-vault view command to temporarily decrypt and display the contents of the playbook:

[student@workstation internal_web]$ ansible-vault view api_controller.yml
Vault password: redhat
...output omitted...
  vars:
    controller_user: admin
    controller_pass: redhat
    controller_host: controller.lab.example.com
  tasks:

    - name: Launch Job
      uri:
        url: https://{{ controller_host }}/api/v2/job_templates/Internal%20Web%20Access/launch/
        method: POST
        validate_certs: no
        return_content: yes
        user: "{{ controller_user }}"
        password: "{{ controller_pass }}"
        force_basic_auth: yes
        status_code: 201

...output omitted...

In automation controller, create a new Vault credential named Vault Usage that contains the password to decrypt the api_controller.yml playbook.
1. Click Resources → Credentials and then click Add.
2. On the Create New Credential page, fill in the details as follows:
  Field Value
  Name Vault Usage
  Description To unlock api_controller.yml
  Credential Type Vault
  Password redhat
3. Click Save.
A job template named API Usage that launches the api_controller.yml playbook has already been partially configured for you. Edit the job template to associate the Vault Usage credential with it so that automation controller can decrypt the playbook.
1. Navigate to Resources → Templates.
2. Click the Edit Template icon for the API Usage job template.
3. Click the search icon under Credentials. In the Select Credentials window, click the Selected Category list to access the list of available credential types. Choose Vault from the list.
4. In the lower pane, select the Vault Usage credential name, and then click Select to add this new credential to the API Usage job template.
5. Click Save at the bottom of the Edit Details page.
Launch a new job based on the modified API Usage job template.
1. Navigate to Resources → Templates.
2. Launch the job by clicking the Launch Template icon for the API Usage job template.
  Observe the output of the job. The Print Output task shows how the automation controller API was used by the job playbook to launch a second job.
3. Click Jobs in the navigation bar.
  A new job named Internal Web Access has been launched. This new job was launched by the job you launched using the API Usage job template.

Field	Value
Name	`Vault Usage`
Description	`To unlock api_controller.yml`
Credential Type	Vault
Password	`redhat`

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish code-api

This concludes the section.

Discuss Managing Enterprise Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Managing Enterprise Automation with Red Hat Ansible Automation Platform group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Managing Enterprise Automation with Red Hat Ansible Automation Platform! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO467.Read more about Managing Enterprise Automation with Red Hat Ansible Automation Platform here.

312

Revision: do467-2.2-08877c1