Scope
The aim of this project is to use Ansible role to export AWX Tower logs on disk.
Introduction
Accessing log files isn’t always easy. Searching for errors across multiple log files, for workflows for example, or nested playbooks can be a difficult task.
The proposed role extracts logs between two dates, or between two id executions, and saves them to disk.
The role saves in parallel with the ansible execution log, the json file with each job’s description, name, parameters and all execution-related information.
Download
The role is freely distributed from Github: https://github.com/nax71/awx_log_keeper
Parameters
The variables used are described in the playbooks/vars/awx_logs_keeper_vars.yml
as follows:
---
log_path_root: "/foo/bar/awx_logs"
awx:
tower_base_url: "https://awx.prod.mytest.ch"
tower_username: "{{ awx_username }}"
tower_password: "{{ awx_password }}"
job_id_interval:
start: 2
end: 5
date_interval:
start: "2022-10-20T10:00:00"
end: "2022-10-20T13:00:00"
log_pat_root
: Is the path where the logs will be savedawx
section is used for awx credentials and web sevrver addressjob_id_interval
- instruct the playbook to get logs got all jobs from
job_id_interval.start
andjob_id_interval.end
. date_interval
- instruct the playbook to get logs got all jobs between
date_interval.start
date anddate_interval.end
date.
date_interval.start
must be lower thandate_interval.end
.job_id_interval.start
must be lower thanjob_id_interval.end
.- Values of
job_id_interval
anddate_interval
are not mutual exclusive, but at least one ofdate_interval
orjob_id-interval
must be given.
The playbook will test first if date_interval
make sense, then it gets all job_id
between these two dates. At the end it will add the job_id_interval
, and get all logs for the obtained job_id
list.
The output is written in log_path_root/date_of_job_execution/job_id
.
Two files are produced :
output_<job_id>_<DDMMYYY_HHMISS>.log
is the ansible output of the log.<job_id>_<DDMMYYY_HHMISS>.json
is the json description of the job.
Example:
# Execute the playbook by modifying the default value of log_path_root
$> ansible-playbook playbooks/awx_logs_keeper_vars.yml -e "log_path_root=/tmp/awx_logs" --vault-password-file playbooks/vars/vault-pass
....
TASK [awx_get_one_log : Out the logfile path] **********************************************************************************************************
ok: [localhost] => {
"msg": "Write Log for job id 324299 to /tmp/awx_logs/20-10-2022/324299"
}
....
$> cd /tmp/awx_logs/20-10-2022/324299
$> ls
324299_20102022_111602.json output_324299_20102022_111602.log
Note:
In the example the --vault-password-file playbooks/vars/vault-pass
is given to shaddow the Ansible Tower access credentials.
......
gather_facts: true
vars_files:
- vars/secret.yml
- vars/awx_logs_keeper_vars.yml
...
Shadowed parameters are:
* `awx_password`
* `awx_password`
Final thoughts
The log_keeper role can be scheduled on a daily basis, to give access to the previous day’s execution logs.
This makes error investigation much easier, especially for complex playbooks.