Infrastructure at your Service

Joël Cattin

Managing Ansible with AWX – Part II – Organizations, Users and Teams

By January 17, 2022 Ansible, DevOps No Comments

In the 1st post of this serie, I demonstrate how easy it is to install AWX on a local Minikube Kubernetes cluster.
Now that the installation is done and the access to the web console is working, let’s find out what kind of objects should be created to best manage Ansible playbooks deployments using AWX.

AWX Command Line Interface

Obviously all objects can be managed from the web console. But did you know that AWX also provides a CLI ?
Generally speaking, I’m quite a fan of Command Line Interfaces. So as first step here, let’s see how we can install this one.
On RHEL OS Family, you can use yum or dnf to install it. On all other platforms, it can be installed via pip :

[email protected]:~$ pip3 install --user

Using cached (92 kB)
Requirement already satisfied: PyYAML in /usr/lib/python3/dist-packages (from awxkit==3.8.5) (5.3.1)
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from awxkit==3.8.5) (2.22.0)
Building wheels for collected packages: awxkit
Building wheel for awxkit ( ... done
Created wheel for awxkit: filename=awxkit-3.8.5-py3-none-any.whl size=110710 sha256=a93595b0d1511a1d14e9f3d4f37861aab0c6cb6d61c65944efd85b25ba0c2bb6
Stored in directory: /home/joc/.cache/pip/wheels/5b/2d/3a/b7e56c0c48d65ee4c9708c7d6f5ac36ddbd10477e28c1b0b4b
Successfully built awxkit
Installing collected packages: awxkit
Successfully installed awxkit-3.8.5
[email protected]:~$

[email protected]:~$ awx --version
[email protected]:~$


Once AWX CLI is installed, the first thing to do is to login to the AWX instance. For that, ask kubectl to tell you the port number on which the service is exposed :

[email protected]:~$ kubectl get svc -l ""
NAME              TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)       AGE
awx-joc-postgres  ClusterIP  None            <none>       5432/TCP      23d
awx-joc-service   NodePort  <none>       80:32283/TCP  23d
[email protected]:~$


The awx login command generates a personal access token. Run it by specifying the IP of the AWX server, the port returned by kubectl, the username and the password :

[email protected]:~$ TOWER_HOST= \
              TOWER_USERNAME=admin \
              TOWER_PASSWORD=LbcA6yarpcRcnDMeBTJvZnJ8hf7wXXxa \
              awx login
"token": "gQbq6qFBoAIxKPp1BMILiN8l3amCR1"
[email protected]:~$


You can use the token to avoid having to specify the username and password for each awx command :

[email protected]:~$ export TOWER_TOKEN=gQbq6qFBoAIxKPp1BMILiN8l3amCR1
[email protected]:~$ awx config
  "base_url": "",
  "token": "gQbq6qFBoAIxKPp1BMILiN8l3amCR1",
  "use_sessions": false,
  "credentials": {
      "default": {
          "username": "admin",
          "password": "LbcA6yarpcRcnDMeBTJvZnJ8hf7wXXxa"
[email protected]:~$


By default, the output is displayed in JSON format. You can change it using the -f option. For instance :

[email protected]:~$ awx config -f human
key          value
============ ==========================================================
token        gQbq6qFBoAIxKPp1BMILiN8l3amCR1
use_sessions 0
credentials  {"default": {"username": "admin", "password": "LbcA6yarpcRcnDMeBTJvZnJ8hf7wXXxa"}}
[email protected]:~$


We are now ready to manage AWX with both the GUI or the CLI.

Objects hierarchy

The following diagram describes the AWX objects hierarchy :

As the title of this post indicates, we will first focus on organizations, teams and users only.


An organization is the highest level in the AWX object hierarchy. Nothing surprising. To create an organization, click on the Organizations icon from the left navigation bar :

A default organization already exists. Click on the Add button to create a new one :


The only mandatory property is the name. Choose an elegant one, add a description if you want and click on Save. Other fields can stay empty for now :

From the CLI :

[email protected]:~$ awx organizations create --name "dbi services3" --description "A Great Place to Work company" -f human
id name          
== ============= 
3  dbi services3 
[email protected]:~$ 

[email protected]:~$ awx organizations list -f human
id name         
== ============ 
3  dbi services 
1  Default      
[email protected]:~$



Now that we have an organization, we need some users. To create them, click on the Users icon from the left navigation bar :

The only user that exists at the moment is the admin. Click on the Add button to add a new one :

Fill out the usual fields, select your organization and click on Save :

From the CLI :

[email protected]:~$ awx users create --username "joc" --first_name "Joël" --last_name "Cattin" --email "[email protected]" --password "mypassword" --organization "dbi services"



Obviously, a team is a group of users. By using teams, you will be able to manage and delegate responsibilities across the organization.
To create them, click on the Teams icon from the left navigation bar :

And then on Add :

Fill out the fields, select your organization and click on Save :

To add a user to the team, click on the Access tab and then on Add :

Select Users as resource type and click on Next :

Choose the users you want to add to the team and click on Next :

Select the role you want to grant to the user and click on Save :

From the CLI :

[email protected]:~$ awx teams create --name "PostgreSQL" --description "Team deploying PostgreSQL environments" --organization "dbi services"

[email protected]:~$ awx users grant --team "PostgreSQL" --role "member" joc --organization "dbi services"


That’s all for this post. We have now an organization, some teams and some users. Everything can be managed from the AWX GUI or the CLI.
Stay tuned for the 3rd part of this serie !

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Joël Cattin
Joël Cattin

Senior Consultant