Tip
Check out the repository on GitHub
Check out the demo at: demo.webui.ansibleguy.net |
Login: User demo
, Password Ansible1337
Warning
DISCLAIMER: This is an unofficial community project! Do not confuse it with the vanilla Ansible product!
4 - Config¶
Tip: You can use the key-combination SHIFT + S
to quick-safe your changes.
WebUI¶
Runtime system configuration can be managed using the WebUI System - Config
page.
Jobs¶
Jobs can be managed at the Jobs - Manage
page.
Tip: The file-browsing also allows you to use your keyboard. Select using Up/Down/Enter keys and auto-complete input using the Tab key!
Permissions, Users, Groups¶
See: Usage - Privileges
Repositories¶
See: Usage - Repositories
Environmental variables¶
You can find the currently set environmental variables at the System - Config
page.
Config File¶
You are able to provide the following settings by using a YAML config-file.
WARNING: If possible - set your secrets as environmental variables. Users that are allowed to execute/modify jobs are be able to read the content of the config-file
Provide it by flag:
python3 -m ansibleguy-webui -c /etc/ansible-webui/config.yml
Provide it by env-var:
AW_CONFIG=/etc/ansible-webui/config.yml
Example config:
# env-vars without the 'AW_' prefix
DB: '/etc/ansible-webui/aw.db'
PORT: 8000
SECRET: 'sflsjklfdsjlfsDlNDIDEÜNfsnfa-ehöajklsfnn,sf,sdfs,i3uo'
HOSTNAMES: ['webui.ansibleguy.net', 'cname.webui.ansibleguy.net']
RUN_TIMEOUT: 600
SSH_KNOWN_HOSTS: '/etc/ansible-webui/known_hosts'
AUTH: 'saml'
SAML:
METADATA_AUTO_CONF_URL: 'https://<YOUR-IDP>/metadata'
...
Docker usage:
# safe config to /etc/ansible-webui/config.yml on your host system
sudo docker run -d ... --env AW_CONFIG=/etc/aw/config.yml --volume /etc/ansible-webui/:/etc/aw/ ansible0guy/webui:latest
Settings¶
Only Env¶
Some settings are only available as environmental variables.
AW_SECRET
Define a secret key to use for cookie and password encryption. By default it will be re-generated at service restart. It has to be set for job-secrets like passwords to be loadable after restart. It has to be at least 30 characters long!
WARNING: If possible - set this secret as environmental variable. Users that are allowed to execute/modify jobs are be able to read the content of the config-file
AW_ADMIN
Define the user-name for the initial admin user.
AW_ADMIN_PWD
Define the password for the initial admin user.
AW_PROXY
Set if Ansible-WebUI is operated behind a proxy-server.
AW_HOSTNAMES
Set a comma-separated list of hostnames that are in use and should be trusted. If not set you might encounter ‘CSRF’ errors.
AW_DB
Define the path where the SQLite3 database is placed. Default:
${HOME}/.config/ansible-webui/aw.db
AW_PORT
Port to listen on. Default:
8000
AW_LISTEN
IP Address to listen on. Default:
127.0.0.1
AW_SSL_CERT
Optionally provide the path to a ssl certificate to use. Use a (full-)chain if not self-signed.
WARNING: You should use a proxy in front of this application in production setups.
AW_SSL_KEY
Optionally provide the path to an unencrypted ssl key to use.
WARNING: You should use a proxy in front of this application in production setups.
AW_AUTH
Choose the authentication mode you want to use.
One of
saml
,ldap
orlocal
. Default:local
If the mode is set to
saml
orldap
- you need to define its config inside the config file.
General System Settings¶
These settings are also configurable using the WebUI.
AW_PATH_LOG
Define the path where full job-logs are saved. Default:
${HOME}/.local/share/ansible-webui/
AW_PATH_RUN
Base directory for Ansible-Runner runtime files. Default:
/tmp/ansible-webui/
AW_PATH_PLAY
Path to the Ansible base/playbook directory. Default: current working directory (when executing ansible-webui)
AW_RUN_TIMEOUT
Timeout for the execution of a playbook in seconds. Default: 3.600 (1h) You might want to lower this value to a sane value for your use-cases.
AW_SESSION_TIMEOUT
Timeout for WebUI sessions in seconds. Default: 43.200 (12h)
AW_SSH_KNOWN_HOSTS
Define the path to the known-hosts file that should be used. You can use
${AW_PATH_PLAY}
to reference paths relative to your playbook base-directory!Default: None - fallback to user defaults
Default in docker:
${AW_PATH_PLAY}/known_hosts
AW_TIMEZONE
Override the timezone used. Default is the system timezone. Fallback value is
UTC
if all others are invalid.
Advanced Settings¶
Normal users will not have to use these.
AW_SERVE_STATIC
If defined - the built-in static-file serving is disabled. Use this if in production and a proxy like nginx is in front of the Ansible-WebUI webservice.
Path to serve:
/static/ => ${PATH_VENV}/lib/python${PY_VERSION}/site-packages/ansible-webui/aw/static/
AW_DB_MIGRATE
Define to disable automatic database schema-upgrades. After upgrading the module you might have to run the upgrade manually:
# if running non-release version python3 -m ansibleguy-webui.manage makemigrations python3 -m ansibleguy-webui.manage makemigrations aw # all python3 -m ansibleguy-webui.manage migrate
AW_ENV
Used in development. If unset or value is neither ‘dev’ nor ‘staging’ the webservice will be in production mode. ‘staging’ mode is close to production behavior.
AW_DEBUG
Enable debug output.
This debug mode SHOULD ONLY BE ENABLED TEMPORARILY! It could possibly open attack vectors.
AW_DOCKER
Used to notify the software that it is running inside a docker container. Needed for listen port.
Usage¶
Environmental variables can be set before/when starting Ansible-WebUI.
With basic setup:
export AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa
export AW_PROXY=1
python3 -m ansibleguy-webui
# OR
AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa python3 -m ansibleguy-webui
When using Docker:
docker run -d --name ansible-webui --env AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa --env AW_PROXY=1 ...
When running as Systemd service:
# add inside the '[Service]' area of the service-config-file
EnvironmentFile=/etc/ansible-webui/env.txt
# add variables to the file
echo 'AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa' >> /etc/ansible-webui/env.txt
echo 'AW_PROXY=1' >> /etc/ansible-webui/env.txt
# make sure the access is limited so your secret(s) are safe
chown root /etc/ansible-webui/env.txt
chmod 600 /etc/ansible-webui/env.txt