Configure the Ansible Tower LAM
The Ansible Tower LAM sends notifications from Red Hat Ansible Tower to Moogsoft Onprem.
You can install a basic Ansible Tower integration in the UI. See Ansible Tower for integration steps.
Before you begin
The Ansible Tower LAM has been validated with Ansible Tower v3.0 and 3.1. Before you set up the LAM, ensure you have met the following requirements:
You have an Ansible Tower account with administrator privileges.
Ansible Tower can make requests to external endpoints over port 443.
Configure the LAM
Edit the configuration file to control the behavior of the Ansible Tower LAM. You can find the file at $MOOGSOFT_HOME/config/ansibletower_lam.conf
.
The Ansible Tower LAM is a REST-based LAM as it provides an HTTP endpoint for data ingestion. Note that only the generic REST LAM properties in ansibletower_lam.conf
apply to integrating with Ansible Tower; see the LAM and Integration Reference for a full description of all properties.
Configure the connection properties for the REST connection:
address: Address on the Moogsoft Onprem server that listens for REST messages. Defaults to all interfaces.
port: Port on the Moogsoft Onprem server that listens for REST messages. Defaults to 8888.
Configure authentication:
authentication_type: Type of authentication used by the LAM. Defaults to none.
basic_auth_static: Username and password used for Basic Auth Static authentication.
authentication_cache: Whether to cache the username and password for the current connection when the authentication type is Basic.
Configure the LAM behavior:
accept_all_json: Allows the LAM to read and process all forms of JSON.
lists_contain_multiple_events: Whether Moogsoft Onprem interprets a JSON list as multiple events.
num_threads: Number of worker threads to use for processing events.
rest_response_mode: When to send a REST response. See the LAM and Integration Reference for the options.
rpc_response_timeout: Number of seconds to wait for a REST response.
event_ack_mode: When Moogfarmd acknowledges events from the Ansible Tower LAM during the event processing pipeline.
Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:
use_ssl: Whether to use SSL certification.
path_to_ssl_files: Path to the directory that contains the SSL certificates.
ssl_key_filename: The SSL server key file.
ssl_cert_filename: The SSL root CA file.
use_client_certificates: Whether to use SSL client certification.
client_ca_filename: The SSL client CA file.
auth_token or encrypted_auth_token: Authentication token in the request body.
header_auth_token or encrypted_header_auth_token: Authentication token in the request header.
ssl_protocol: Sets the allowed SSL protocols.
Optionally configure the LAM identification and capture logging details:
name: Maps to
$Laminstancename
, so that theagent
field indicates events Moogsoft Onprem ingests from this LAM.capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.
Optionally configure the LAM identification and capture logging details:
name: Maps to
$Laminstancename
, so that theagent
field indicates events Moogsoft Onprem ingests from this LAM.capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.
Optionally configure severity conversions. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.
Optionally configure the process logging details:
configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.
Example
An example Ansible Tower configuration is as follows:
monitor: { name : "Ansible Tower Lam", class : "CRestMonitor", port : 8888, address : "0.0.0.0", use_ssl : false, #path_to_ssl_files : "config", #ssl_key_filename : "server.key", #ssl_cert_filename : "server.pem", #use_client_certificates : false, #client_ca_filename : "ca.crt", #auth_token : "my_secret", #encrypted_auth_token : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj", #header_auth_token : "my_secret", #encrypted_header_auth_token : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj", #ssl_protocols : [ "TLSv1.2" ], authentication_type : "none", authentication_cache : true, accept_all_json : false, lists_contain_multiple_events : true, num_threads : 5, rest_response_mode : "on_receipt", rpc_response_timeout : 20, event_ack_mode : "queued_for_processing" }, agent: { name : "Ansible Tower", capture_log : "$MOOGSOFT_HOME/log/data-capture/ansibletower_lam.log" }, log_config: { configuration_file : "$MOOGSOFT_HOME/config/logging/ansibletower_lam_log.json" },
Configure for High Availability
Configure the Ansible Tower LAM for high availability if required. See High Availability Overview for details.
Configure LAMbot processing
The Ansible Tower LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.
See LAMbot Configuration for more information. An example Ansible Tower LAM filter configuration is shown below.
filter: { presend: "AnsibleTowerLam.js", modules: [ "CommonUtils.js" ] }
Start and stop the LAM
Restart the Ansible Tower LAM to activate any changes you make to the configuration file or LAMbot.
The LAM service name is ansibletowerlamd
.
See Control Moogsoft Onprem Processes for the commands to start, stop and restart the LAM.
You can use a GET request to check the status of the Ansible Tower LAM. See "Check the LAM Status" in Configure the REST LAM for further information and examples.
Configure Ansible Tower
After you have the Ansible Tower LAM running and listening for incoming requests, you can configure Ansible Tower. See "Configure Ansible Tower" in Ansible Tower.