Configuring a CI/CD pipeline for Ansible AWX

As part of my bachelor thesis on network automation, I researched how to implement a CI/CD pipeline in Ansible AWX using GitLab. The result is a simple pipeline that detects changes to a specific playbook stored in GitLab and automatically triggers the corresponding playbook on Ansible AWX via a local GitLab runner.

Install and configure tower-cli

The first step is to install tower-cli, which we’ll use to interact with Ansible AWX. I installed it on a separate VM running Ubuntu 22.04. This VM will also act as my local GitLab runner.

# Install required packages
sudo apt install python3-pip
pip install ansible-tower-cli

# Ensure pip-installed binaries are in your PATH
export PATH=$PATH:/home/$USER/.local/bin  

# Configure tower-cli to connect to your AWX instance
tower-cli config username <your-awx-username>
tower-cli config password <your-awx-password>
tower-cli config host https://<your-awx-host>:<port>/
tower-cli config verify_ssl false

# Verify the connection by listing available job templates
tower-cli job_template list

Install and configure a local GitLab runner

The next step is to set up GitLab Runner on the Ubuntu 22.04 VM. This runner will handle the CI/CD jobs defined in your GitLab project.

# Add the official GitLab Runner repository
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash

# Install GitLab Runner
sudo apt install gitlab-runner

To finish the setup, head over to your GitLab project and go to Settings > CI/CD > Runners, then click “New project runner”. You’ll get a registration token and instructions there. Just follow the steps to complete the runner registration.

Create GitLab CI/CD file

The last step is to add a .gitlab-ci.yml file to your project’s repository. The example below shows how to detect changes to a specific playbook and run it on the Ansible AWX VM.

stages:
  - awx-job-execution

awx-job-execution:
  stage: awx-job-execution
  when: on_success
  only:
    changes:
      - <your-playbook-file.yml>  # Replace with the playbook file you want to monitor for changes
  tags:
    - <your-runner-tag>           # Replace with the tag assigned to your GitLab Runner (e.g., 'ansible')
  script:
    - tower-cli job launch --job-template=<your-job-template-ID> -v  # Replace with your AWX Job Template ID