AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

AWX Modernization: Ansible Jewel Proxy Layer for Authentication and Routing

By Luca Berton · Published 2024-01-01 · Category: installation

Ansible Jewel provides centralized auth and proxy routing for AWX services. Learn about this AWX modernization milestone.

Introduction

The AWX project has reached a significant milestone in its modernization effort with the announcement of Ansible Jewel — a centralized authentication, authorization, and proxy layer for Ansible services. This article covers what Jewel is, how it fits into the AWX architecture, and what it means for the future of open-source Ansible automation.

See also: What Is AWX? Complete Guide to Ansible AWX (Open-Source Tower Alternative)

What Is Ansible Jewel?

Ansible Jewel is a proxy layer that sits between users and Ansible services. It provides: • Centralized authentication: Single point of authentication for all Ansible services • Authorization: Unified access control across AWX and pluggable services • Traffic routing: Intelligent routing of requests to the appropriate Ansible service • Service discovery: Connects AWX (job scheduling and execution) with other Ansible components

┌─────────────┐     ┌──────────────┐     ┌─────────────┐
│   User /     │────▶│   Ansible    │────▶│     AWX     │
│   API Client │     │    Jewel     │     │  (Jobs/EE)  │
└─────────────┘     │   (Proxy)    │     └─────────────┘
                    │              │     ┌─────────────┐
                    │  - Auth      │────▶│  Pluggable  │
                    │  - AuthZ     │     │  Services   │
                    │  - Routing   │     └─────────────┘
                    └──────────────┘

Why AWX Modernization Matters

The AWX modernization effort aims to transform AWX from a monolithic application into a modular, pluggable platform. Key goals include: Separation of concerns: Authentication, job execution, and UI are decoupled Pluggable architecture: Third-party services can integrate via Jewel Scalability: Individual components can scale independently Security: Centralized auth reduces attack surface and simplifies auditing

See also: AAP 2.6 vs 2.5 Architecture: Complete Platform Comparison (2026)

How Jewel Works

Request Flow

User sends a request (API call, web UI action) Jewel intercepts the request Jewel authenticates the user (LDAP, SAML, OIDC, local) Jewel checks authorization policies Jewel routes the request to the appropriate backend service Response flows back through Jewel to the user

Integration with AWX

Jewel connects specifically with AWX for: • Job scheduling: Routing job launch requests to AWX's task engine • Execution environments: Managing which EE handles each job • Inventory management: Proxying inventory operations • Credential management: Centralizing credential access

Getting Started

The Ansible Jewel source code is available in the ansible/jewel repository. A quickstart guide is available in the Ansible Community Forum.

Basic Setup

# Clone the Jewel repository
git clone https://github.com/ansible/jewel.git
cd jewel

# Follow the quickstart guide for local development
# See: https://forum.ansible.com for detailed instructions

See also: Exploring the Marvel of Taj Mahal India — A Journey with Luca Berton

What This Means for AWX Users

Current AWX Users

No immediate action required: AWX continues to work as before • Future migrations: As Jewel matures, AWX will integrate it as the default auth layer • Testing opportunity: Early adopters can test Jewel alongside existing AWX installations

AAP Users

• Ansible Jewel is part of the open-source AWX ecosystem • Ansible Automation Platform (AAP) has its own gateway and authentication layer • Concepts from Jewel may influence future AAP architecture

Contributors

• The Jewel project welcomes contributions • Join the AWX discussion in the Ansible Community Forum • Review the source code and submit PRs

FAQ

Is Ansible Jewel a replacement for AWX?

No. Jewel is a complement to AWX. It handles authentication, authorization, and routing, while AWX continues to handle job scheduling and execution.

Does Jewel replace the AAP Gateway?

Jewel is the open-source counterpart to similar concepts in AAP. It is designed for the AWX community and may share architectural patterns with AAP's gateway.

Can I use Jewel in production today?

Jewel is still in active development. Check the repository and forum for the latest status on production readiness.

What authentication methods does Jewel support?

Jewel supports centralized authentication and can be configured for various methods. Check the project documentation for the full list of supported authentication backends.

Conclusion

Ansible Jewel represents a major step forward in the AWX modernization journey. By providing a centralized proxy layer for authentication, authorization, and routing, Jewel enables a more modular and scalable architecture for Ansible automation services.

Related Articles

AWX Complete GuideWhat is Ansible AWXAWX TUI Terminal InterfaceAnsible Automation Platform 2.6

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home