Get up to 50% off on CKA, CKAD, CKS, KCNA, KCSA exams and courses!

Multi-Level Approvals in Ansible Automation Controller: A Workaround

Multi-Level Approvals in Ansible Automation Controller: A Workaround

Ansible Automation Controller streamlines IT tasks through automation. A key component of this power lies in workflows . These workflows allow you to orchestrate a sequence of disparate job templates, essentially chaining them together for intricate deployments. Workflows even boast approval nodes, enabling users to pause the process and grant permission before continuing. But what if your scenario demands more nuanced control over these approvals?

The Roadblock with the Approval Nodes

While approval nodes are undeniably helpful, they fall short when it comes to multi-level functionality. You can assign approval roles to multiple users or teams, but here’s the catch: everyone with access can approve any request. This becomes problematic when your deployment process necessitates a sequential approval process with designated teams handling specific stages.

Imagine a scenario where a deployment requires a development team’s approval for initial testing , followed by an operations team’s sign-off for finalization .

The built-in approval nodes wouldn’t differentiate who approves which step, potentially causing delays or confusion. For example, I have added both Team-A and Team-B as approvers. But you can see both team members ( john and lina ) can approve any nodes in the workflow.

The Preferred Path: External ITSM Integration

For robust multi-level approvals, the best practice is to leverage your existing IT Service Management (ITSM) system. Popular ITSM solutions like ServiceNow or BMC Remedy often have built-in approval workflows. These workflows integrate seamlessly with Ansible Automation Controller through plugins or APIs. This approach offers several advantages:

  • Granular Control: You can define intricate approval processes with specific teams responsible for each stage.
  • Enhanced Auditability: ITSM systems provide a clear audit trail for approvals, ensuring accountability and compliance.
  • Streamlined Change Management: Integration with your existing ITSM system fosters a cohesive change management process.

A Workaround for Internal Workflows (Use with Caution) in Ansible automation controller

If integrating with an ITSM isn’t an option, here’s a workaround within the Automation Controller (remember, this is not an official recommendation):

Crafting Separate Approval Workflows

Design two independent workflows, each containing only an approval node.

Step 1: Assign Team-A as approvers for the first workflow.

Nodes in “WF 101-TeamA-Approve”
Team-B as approvers for “WF 101-TeamA-Approve”
Step 2: Assign `Team-B` as approvers for the second workflow.
Nodes in “WF 102-TeamB-Approve”
Team-B as approvers in “WF 102-TeamB-Approve”

Chaining Workflows into Your Main Workflow

Insert these “Approval-only” workflows sequentially within your main workflow. This establishes a multi-step approval process. You can select the Node Type as “Workflow Job Template” when you add the node for this.

The Benefit

Team-A only sees the approval for their designated step, and Team-B only sees theirs. Approvals progress sequentially, guaranteeing the correct teams authorize each stage.

Visualizing the Workaround

Imagine a main workflow with four nodes and combine the sub -workflows for the approvals.

Main workflow with “WF 101-TeamA-Approve” and “WF 102-TeamB-Approve” as nodes.
1. Node 1: WF Data Test 101 (a dummy task) 2. Node 2: WF 101-TeamA-Approve (approval for `Team-A` ) 3. Node 3: WF 102-TeamB-Approve (approval for `Team-B` ) 4. Node 4: WF Data Test 102 (a dummy task)

By inserting the “Approval-only” workflows ( WF 101-TeamA-Approve and WF 102-TeamB-Approve ) between Nodes 1 and 4, you create a sequential approval process.

The beauty of this workaround lies in its isolation.

  • Team-A only receives notifications and has approval rights for the “ WF 101-TeamA-Approve ” node.
  • Similarly, Team-B solely interacts with the “ WF 102-TeamB-Approve ” node.
  • This ensures a sequential approval process where each team approves their designated step before the workflow progresses to the next team and ultimately, the remaining tasks in the main workflow.

Conclusion: Prioritizing Best Practices

Ansible Automation Controller excels at automation, and its built-in approval nodes offer basic workflow control. However, for true multi-level approvals, leveraging your existing ITSM system is the gold standard. This approach provides superior control, and auditability, and streamlines your change management process.

We welcome your feedback in the comments below! Have you encountered similar multi-level approval challenges? How did you approach them?

Tags :
Share :

Related Posts

How To Pass Environment Variables to Ansible Navigator

How To Pass Environment Variables to Ansible Navigator

ansible-navigator is the new command line utility (CLI) introduced in Ansible Automation Platform 2, for running and developing Ansible automation …

Ansible Collections [LIVE]

Ansible Collection is a great way of getting content contributions from various Ansible Developers. We will learn what is Ansible Collection and how …

Installing Ansible Automation Platform with AWS RDS and SSL Encryption

Installing Ansible Automation Platform with AWS RDS and SSL Encryption

In today’s rapidly evolving IT landscape, automation is the key to streamlining operations and achieving efficiency. Red Hat® Ansible® Automation …

Customizing Ansible: Creating Execution Environment Images

Customizing Ansible: Creating Execution Environment Images

In the ever-evolving landscape of IT and DevOps, automation plays a pivotal role in streamlining workflows and ensuring efficiency. Ansible, a …

Introducing the Event-Driven Ansible & Demo

Introducing the Event-Driven Ansible & Demo

In AnsibleFest 2022, Red Hat announced an exciting new developer preview for Event-Driven Ansible. Event-Driven Ansible is a new way to enhance and …

Why ChatGPT is Not Ideal for Generating Ansible Playbooks

Why ChatGPT is Not Ideal for Generating Ansible Playbooks

Ansible is a popular automation tool used in IT operations and DevOps to manage infrastructure and automate repetitive tasks. It is designed to be …