Si të instaloni Ansible AWX me Docker në CentOS 7


Ansible AWX është versioni OpenSource i kullës ansible. AWX ofron një ndërfaqe përdoruesi të bazuar në ueb, API REST dhe motor detyrash të ndërtuara në krye të Ansible. Është projekti në rrjedhën e sipërme për Tower, një derivat tregtar i AWX.

Në këtë tutorial, unë do t'ju tregoj se si të instaloni dhe konfiguroni AWX duke përdorur Docker.

Do të përdor 3 serverë me instalim minimal centos 7 dhe SELinux në modalitetin lejues.

  • 192.168.1.25 Serveri AWX
  • 192.168.1.21 klient1
  • 192.168.1.22 klient2

Kërkesat e sistemit për serverin AWX

  • Të paktën 4 GB memorie.
  • Të paktën 2 bërthama CPU.
  • Të paktën 20 GB hapësirë.
  • Runing Docker, Openshift ose Kubernetes.

Kontrolloni konfigurimin e SELinux.

sestatus

Rezultati:

[ ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[ ~]#

Çaktivizo murin e zjarrit.

[ installer]# systemctl stop firewalld
[ installer]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[ installer]#

Shtimi i hyrjeve të hostit në /etc/hosts

[ ~]# cat /etc/hosts
192.168.1.25 awx.sunil.cc awx
192.168.1.21 client1.sunil.cc client1
192.168.1.22 client2.sunil.cc client2
[ ~]#

Aktivizo epel repo.

[ ~]# yum install -y epel-release

Instaloni paketat.

[ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 ansible git python-devel python-pip python-docker-py vim-enhanced

Konfiguro depozitën e qëndrueshme të docker ce.

[ ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Instalimi i dokerit.

[ ~]# yum install docker-ce -y

Filloni shërbimin docker.

[ ~]# systemctl start docker

Aktivizo shërbimin docker.

[ ~]# systemctl enable docker

Klonimi i repos AWX.

[ ~]# git clone https://github.com/ansible/awx.git
[ ~]# cd awx/
[ awx]# git clone https://github.com/ansible/awx-logos.git
[ awx]# pwd
/root/awx
[ awx]#

Shkoni në direktorinë e instaluesit brenda /root/awx.

[ awx]# cd installer/

Ndryshoni parametrat e mëposhtëm në inventar.

[ awx]# vim inventory
postgres_data_dir=/var/lib/pgdocker
awx_official=true
awx_alternate_dns_servers="4.2.2.1,4.2.2.2"
project_data_dir=/var/lib/awx/projects

Konfigurimi juaj duhet të duket kështu.

[ installer]# cat inventory |grep -v "#"
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"

[all:vars]

dockerhub_base=ansible
dockerhub_version=latest
rabbitmq_version=3.6.14


awx_secret_key=awxsecret



postgres_data_dir=/var/lib/pgdocker
host_port=80


docker_compose_dir=/var/lib/awx



pg_username=awx
pg_password=awxpass
pg_database=awx
pg_port=5432


awx_official=true


awx_alternate_dns_servers="4.2.2.1,4.2.2.2"

project_data_dir=/var/lib/awx/projects
[ installer]#

Tani vendoset AWX përmes Docker.

[ installer]# ansible-playbook -i inventory install.yml -vv

Kjo do të marrë pak kohë në varësi të konfigurimit të serverit.

Për të kontrolluar vendosjen e ansible play për AWX ekzekutoni komandën e mëposhtme.

[ installer]# docker container ls
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                                NAMES
318c7c95dcbb        ansible/awx_task:latest   "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       8052/tcp                             awx_task
642c2f272e31        ansible/awx_web:latest    "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       0.0.0.0:80->8052/tcp                 awx_web
641b42ab536f        memcached:alpine          "docker-entrypoint.s."   18 minutes ago      Up 18 minutes       11211/tcp                            memcached
b333012d90ac        rabbitmq:3                "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       4369/tcp, 5671-5672/tcp, 25672/tcp   rabbitmq
ada52935513a        postgres:9.6              "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       5432/tcp                             postgres
[ installer]#

AWX është gati dhe mund të aksesohet nga shfletuesi.

emri i përdoruesit është \admin\ dhe fjalëkalimi është \password\.

Konfiguro hyrjen pa fjalëkalim nga serveri AWX

Krijo një përdorues në të 3 hostet. Ndiqni hapat e mëposhtëm në të 3 serverët.

[ ~]# useradd ansible
[ ~]# useradd ansible
[ ~]# useradd ansible

Gjenerimi i çelësit ssh:

[ ~]# su - ansible
[ ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:j30gyTVQxcWIocdKMbVieZvfJzGkCjXhjtc5qu+fE8o 
The key's randomart image is:
+---[RSA 2048]----+
|        +o==.+.  |
|         O.oo .  |
|        * @   .  |
|       + @ * +   |
|        S * = o  |
|         B =.o o |
|        ..=.o.o .|
|         .E... o |
|        .oo.o.   |
+----[SHA256]-----+
[ ~]$

Shtimi i hyrjes sudoers në të 3 serverët si hyrje e fundit në skedar.

[ ~]# visudo
ansible ALL=(ALL) NOPASSWD: ALL

Kopjoni përmbajtjen e id_rsa.pub në çelësat e autorizuar në të 3 serverët.

[ .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ .ssh]$ pwd
/home/ansible/.ssh
[ ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ ~]$chmod 600 .ssh/authorized_keys

klienti 1

[ ~]# su - ansible
[ ~]$ ls
[ ~]$ mkdir .ssh
[ ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ ~]$ chmod 700 .ssh
[ ~]$ chmod 600 .ssh/authorized_keys

klient2

[ ~]# su - ansible
[ ~]$ ls
[ ~]$ mkdir .ssh
[ ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ ~]$ chmod 700 .ssh
[ ~]$ chmod 600 .ssh/authorized_keys

Verifikimi i hyrjes pa çelës:

[ .ssh]$ ssh client1
The authenticity of host 'client1 (192.168.1.21)' can't be established.
ECDSA key fingerprint is SHA256:TUQNYdF4nxofGwFO7/z+Y5dUETVEI0xPQL4n1cUcoCI.
ECDSA key fingerprint is MD5:5d:73:1f:64:0e:03:ac:a7:7b:33:76:08:6d:09:90:26.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client1,192.168.1.21' (ECDSA) to the list of known hosts.
Last login: Sun Mar  4 13:39:33 2018
[ ~]$ exit
logout
Connection to client1 closed.
[ .ssh]$
[ .ssh]$ ssh client2
The authenticity of host 'client2 (192.168.1.22)' can't be established.
ECDSA key fingerprint is SHA256:7JoWzteeQBwzc4Q3GGN+Oa4keUPMca/jtqv7gmmEZxg.
ECDSA key fingerprint is MD5:85:77:3a:a3:07:31:d4:c1:41:ed:30:db:74:b4:ce:67.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client2,192.168.1.22' (ECDSA) to the list of known hosts.
Last login: Sun Mar  4 13:51:27 2018
[ ~]$ exit
logout
Connection to client2 closed.
[ .ssh]$ 

Tani klikoni në këtë ikonë dhe shkoni te kredencialet -> shtoni

Zgjidhni një organizatë dhe plotësoni emrin e përdoruesit dhe përshkrimin.

Këtu emri i përdoruesit është \ansible\

Zgjidhni makinën sipas llojit kredencial dhe plotësoni detajet.

Merr çelësin privat nga serveri AWX.

[ .ssh]$ pwd
/home/ansible/.ssh
[ .ssh]$ cat id_rsa
id_rsa      id_rsa.pub
[ .ssh]$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1
htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK
0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZ
Ybng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8
f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrz
sitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfca
DTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAj
Z43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa
0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pu
sxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3
NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v
1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQ
UnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl5
5xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1
GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+L
Gi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZ
N4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik
+F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Sht
l90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/
v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hw
vAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0Cj
XgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5
tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl
Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT
t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==
-----END RSA PRIVATE KEY-----
[ .ssh]$

Çelësi privat (shembull).

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1
htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK
0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZ
Ybng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8
f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrz
sitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfca
DTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAj
Z43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa
0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pu
sxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3
NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v
1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQ
UnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl5
5xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1
GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+L
Gi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZ
N4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik
+F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Sht
l90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/
v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hw
vAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0Cj
XgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5
tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl
Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT
t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==
-----END RSA PRIVATE KEY-----

Kopjoni çelësin privat nën çelësin privat ssh dhe klikoni mbi ruajtjen.

Klikoni mbi Inventarët dhe klikoni mbi Shtoni inventarin.

Plotësoni detajet në përputhje me rrethanat.

Klikoni mbi hostet -> shtoni host.

Shtoni detajet e mëposhtme:

Shtoni detajet e mëposhtme për klientin2.

Testoni lidhjen përmes AWX.

Zgjidhni të dy hostet dhe klikoni në komandat e ekzekutimit.

Zgjidhni ping dhe detaje të tjera dhe klikoni në Launch.

Kjo është ajo për këtë tutorial. Unë do t'ju tregoj në udhëzuesin tjetër se si të instaloni AWX përmes rpm dhe gjithashtu si të ekzekutoni librat e luajtjes, duke bërë thirrje API në mësime të mëtejshme.

Referenca

  • https://github.com/ansible/awx/blob/devel/INSTALL.md
  • http://docs.ansible.com/ansible-tower/latest/html/quickstart/index.html