In Part-1 of the "Using Ansible with vRA" series, I covered the procedure for deploying a TurnKey Ansible Appliance. In this blog, I will walk you through installing and configuring Ansible Tower or AWX on the appliance.
AWX Ansible Tower is Redhat Ansible’s open-source version of the Ansible Automation Platform (Ansible Tower). It can be installed on a compatible Linux Operating System.
You will need to perform the following steps:
Install Kubernetes on the Ansible Appliance VM
Download Kustomize
Deploy AWX Operator and AWX
Before you proceed, it is essential to know that the Ansible VM needs access to the Internet for the next set of procedures. If your Ansible appliance was deployed onto an internal network, you could choose to configure a proxy or multi-home the appliance for access to the external network. Check out my blog, Multi-homing Turnkey Ansible Appliance, for a walkthrough.
As a best practice with any Linux system, check for updates and upgrade the packages, if any.
This can be done by issuing the following command:
$ apt update && apt upgrade -yInstall Kubernetes on the Ansible Appliance
Ansible AWX execution environment is a set of containers, hence you wil need a Kubernetes installation to manage these containers. We will be installing K3S, which is a lightweight version of Kubernetes from SUSE (project Rancher) - https://k3s.io/
Installing Kustomize
AWX has a Kubernetes operator to manage its lifecycle. The AWX Operator relies on Kustomize to deploy and manage the AWX instance, so installing Kustomize is a prerequisite.
Kustomize can be installed using the binary available from:
If you’ve noticed, the binary was downloaded to /the root directory. And root is not usually a location that a binary corresponding to command is stored in Linux. Linux will use the environment variable PATH to locate directories with binaries.
Run the following command to find list of directories with binaries.
$ echo $PATHUse the following command to move the binary to /usr/local/bin, the default directory for all user-installed binaries.
$ mv /root/kustomize /usr/local/bin. # moves the file to /usr/locan/bin$ which kustomize # finds the current location of the binary corresponding to the command
There are no other steps to install Kustomize. We have downloaded the binary and moved it to /usr/local/bin
Deploy AWX Operator and AWX
You can install the AWX operator using the YAML template available at:
Create a new YAML with the name “kustomization.yaml”
Replace the <tag> references with the version number from the release page.
Now kick off the AWX deployment by applying the template using the following command syntax:
$ kubectl apply -k <directory where the kustomization.yaml is located>
Run the following command to see all resources deployed under the awx namespace and wait for them to be Ready.
$ kubectl get all -n awx
Tip: To delete a Kustomize build run “kubectl delete -k ./awx-operator”
The next step is to expose the AWX web service via a non-standard node port. This is done by creating an AWX YAML template exposing a node port. Once done, add the yaml to the resource section of Kustomization.yaml.
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: core-awx
spec:
service_type: nodeport
Run a “kubectl apply -k ./awx-operator/” to push the changes to the existing Kustomize build.
Once done, a new service is created with a random nodePort assigned.
Run “kubect get svc -n awx” to see all the services within the namespace.
In this case, a random nodePort 31503 has been assigned to the service.
Run the following command to review the logs and the PLAY RECAP to check the unreachable and failed counts. If the count is 0, then we are all good. Else, you may need to redeploy.
$ kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager -n awx | grep -A 1 'PLAY RECAP'
If deployed successfully, you should be able to access AWX instance at the following URL:
http://<fqdn of the host>:<nodeport>/ (In our case, it is http://coreansible:31503/).
At this point, we do not know the login credentials. The default username is “admin,” and the credentials are stored as secrets.
Run the command ‘kubectl get secret -n awx’ to list all the secrets in the namespace. Then, run the following command to echo the password text:
$ kubectl get secret -n awx core-awx-admin-password -o jsonpath="{.data.password}" | base64 --decode; echo
Reference:
You should now be able to log in to the AWX Web Interface: [http://<fqdn of the host>:<nodeport>]
Comments