Site icon techbeatly

Multi-Level Approvals in Ansible Automation Controller: A Workaround

Gineesh Madapparambath

Ansible Automation Controller streamlines IT tasks through automation. A key component of this power lies in workflows. These workflows allow you to orchestrate a sequence of disparate job templates, essentially chaining them together for intricate deployments. Workflows even boast approval nodes, enabling users to pause the process and grant permission before continuing. But what if your scenario demands more nuanced control over these approvals?

The Roadblock with the Approval Nodes

While approval nodes are undeniably helpful, they fall short when it comes to multi-level functionality. You can assign approval roles to multiple users or teams, but here’s the catch: everyone with access can approve any request. This becomes problematic when your deployment process necessitates a sequential approval process with designated teams handling specific stages.

Imagine a scenario where a deployment requires a development team’s approval for initial testing, followed by an operations team’s sign-off for finalization.

The built-in approval nodes wouldn’t differentiate who approves which step, potentially causing delays or confusion. For example, I have added both Team-A and Team-B as approvers. But you can see both team members (john and lina) can approve any nodes in the workflow.

The Preferred Path: External ITSM Integration

For robust multi-level approvals, the best practice is to leverage your existing IT Service Management (ITSM) system. Popular ITSM solutions like ServiceNow or BMC Remedy often have built-in approval workflows. These workflows integrate seamlessly with Ansible Automation Controller through plugins or APIs. This approach offers several advantages:

A Workaround for Internal Workflows (Use with Caution) in Ansible automation controller

If integrating with an ITSM isn’t an option, here’s a workaround within the Automation Controller (remember, this is not an official recommendation):

Crafting Separate Approval Workflows

Design two independent workflows, each containing only an approval node.

Step 1: Assign Team-A as approvers for the first workflow.

Nodes in “WF 101-TeamA-Approve”
Team-B as approvers for “WF 101-TeamA-Approve”

Step 2: Assign Team-B as approvers for the second workflow.

Nodes in “WF 102-TeamB-Approve”
Team-B as approvers in “WF 102-TeamB-Approve”

Chaining Workflows into Your Main Workflow

Insert these “Approval-only” workflows sequentially within your main workflow. This establishes a multi-step approval process. You can select the Node Type as “Workflow Job Template” when you add the node for this.

The Benefit

Team-A only sees the approval for their designated step, and Team-B only sees theirs. Approvals progress sequentially, guaranteeing the correct teams authorize each stage.

Visualizing the Workaround

Imagine a main workflow with four nodes and combine the sub -workflows for the approvals.

Main workflow with “WF 101-TeamA-Approve” and “WF 102-TeamB-Approve” as nodes.
  1. Node 1: WF Data Test 101 (a dummy task)
  2. Node 2: WF 101-TeamA-Approve (approval for Team-A)
  3. Node 3: WF 102-TeamB-Approve (approval for Team-B)
  4. Node 4: WF Data Test 102 (a dummy task)

By inserting the “Approval-only” workflows (WF 101-TeamA-Approve and WF 102-TeamB-Approve) between Nodes 1 and 4, you create a sequential approval process.

The beauty of this workaround lies in its isolation.

Conclusion: Prioritizing Best Practices

Ansible Automation Controller excels at automation, and its built-in approval nodes offer basic workflow control. However, for true multi-level approvals, leveraging your existing ITSM system is the gold standard. This approach provides superior control, and auditability, and streamlines your change management process.

We welcome your feedback in the comments below! Have you encountered similar multi-level approval challenges? How did you approach them?

Exit mobile version