From Tower documentation:
An Isolated Node is an Ansible Tower node that contains a small piece of software for running playbooks locally to manage a set of infrastructure. It can be deployed behind a firewall/VPC or in a remote datacenter, with only SSH access available. When a job is run that targets things managed by the isolated node, the job and its environment will be pushed to the isolated node over SSH, where it will run as normal. Periodically, the master Ansible Tower cluster will poll the isolated node for status on the job, updating in as close to real-time as possible. When it finishes, the remote execution on the isolated node will be cleaned up, and the job status will be updated in Ansible Tower.
Build manually or intergate this step in to CI/CD pipeline.
Example:
cd docker/isolated
build -t dockerhost/docker-repo/awx/awx_isolated:docker_tag .
docker push dockerhost/docker-repo/awx/awx_isolated:docker_tagAWX and Isolated nodes can be configured with ssh key pair (one?) generated by AWX and with external ssh key pairs. In first scenario AWX generates key pair and stores crypted private key inside database. This kay pair will be used for ALL connections and setting IdentityFile in configuration isn't needed. In second scenario all keys are generated by user.
ansible-playbook -i inventory/demo-with-isolated -e @vars/demo.yml -e @vars/add-isolated-awx-key.yml --tags base awx.yml --limit awx_instance_group_isolated_group_one,awx_instance_group_isolated_group_two
ansible-playbook -i inventory/demo-with-isolated -e @vars/demo.yml -e @vars/add-isolated-awx-key.yml -e task=setup --tags awx,isolated awx.yml
ansible-playbook -i inventory/demo-with-isolated -e @vars/demo.yml -e @vars/add-isolated-awx-key.yml --tags awx,isolated awx.ymlansible-playbook -i inventory/demo-with-isolated -e @vars/demo.yml -e @vars/add-isolated-extermal-keys.yml --tags base awx.yml --limit awx_instance_group_isolated_group_one,awx_instance_group_isolated_group_two
ansible-playbook -i inventory/demo-with-isolated -e @vars/demo.yml -e @vars/add-isolated-extermal-keys.yml -e task=setup --tags awx,isolated awx.yml
ansible-playbook -i inventory/demo-with-isolated -e @vars/demo.yml -e @vars/add-isolated-extermal-keys.yml --tags awx,isolated awx.ymldocker exec -ti awx_task bash
awx-manage provision_instance --hostname=awxn001iso.domain --is-isolated
awx-manage register_queue --queuename=isolated --hostnames=awxn001iso.domain --controller=tower
# wait 10 minutes (default AWX_ISOLATED_PERIODIC_CHECK value)
awx-manage list_instances
# new instance must be with healthy status in dedicated queueSelect instance group (in this example 'isolated') in job template under the instance groups field.
The following durations associated with isolated groups can be configured in the Jobs tab of the Settings menu or via Ansible variables:
| Setting | Ansible | Description |
|---|---|---|
| AWX_ISOLATED_CHECK_INTERVAL | awx_isolated_nodes_check_interval default('30') | The number of seconds to sleep between status checks for jobs running on isolated nodes |
| AWX_ISOLATED_LAUNCH_TIMEOUT | awx_isolated_nodes_launch_timeout default('600') | The timeout (in seconds) for launching jobs on isolated nodes |
| AWX_ISOLATED_CONNECTION_TIMEOUT | awx_isolated_nodes_connection_timeout default('10') | Ansible connection timeout (in seconds) for communicating with isolated instances |
| AWX_ISOLATED_PERIODIC_CHECK | awx_isolated_nodes_periodic_check default('600') | The time (in seconds) between the periodic isolated heartbeat status check |
All examples can be found in add-isolated-awx-key.ymland add-isolated-extermal-keys.ymlvar files