Ansible Tower Provisioning Callbacks

One of Tower’s big selling points is the RESTful API. This allows systems to request certain templates to run against themselves from Tower. I leverage this on workstations with a systemd service and timer. Each workstation waits a predetermined time after boot and then does an API call to Tower. Tower then runs the workstation provision template against the system that requested it.

To enable callbacks, just check “Allow Provisioning Callbacks.” Tower then gives you the key and URL.

tower-callback

Tower has some pre-built scripts for a callback, or you can just use curl.

curl --data "host_config_key=d13a7b6e08e84c7d8f412b9754400a00"https://tower.example.com/api/v1/job_templates/26/callback/ -k

This has many benefits beyond just physical host provisioning. This allows systems to “check in” without using Ansible pull. And if the callback came from a host that isn’t in your inventory, it will fail in Tower. This adds some security so not just any random system can do a callback.