V předchozím tutoriálu jsem vám ukázal, jak nasadit Ansible AWX prostřednictvím dockeru. Mezitím jsem našel dva projekty, které vytvářejí rpm balíčky pro AWX. V tomto tutoriálu vám tedy ukážu, jak nainstalovat Ansible AWX ze souborů RPM na CentOS 7. Ansible AWX je OpenSource verze softwaru Ansible Tower.
Budu používat 3 servery s minimální instalací CentOS 7 a SELinux v permisivním režimu.
- 192.168.1.25 Server AWX
- 192.168.1.21 klient1
- 192.168.1.22 klient2
Minimální systémové požadavky pro server AWX
- Alespoň 4 GB paměti
- Alespoň 2 jádra procesoru
- Alespoň 20 GB místa
- Spuštění Dockeru, Openshift nebo Kubernetes
Zkontrolujte konfiguraci SELinux.
[[email protected] ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 [[email protected] ~]#
Přidejte položky hostitele do
/etc/hosts
[[email protected] ~]# cat /etc/hosts 192.168.1.25 awx.sunil.cc awx 192.168.1.21 client1.sunil.cc client1 192.168.1.22 client2.sunil.cc client2 [[email protected] ~]#
Přidejte pravidla brány firewall
[[email protected] ~]# systemctl enable firewalld Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service. Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service. [[email protected] ~]# systemctl start firewalld [[email protected] ~]# firewall-cmd --add-service=http --permanent;firewall-cmd --add-service=https --permanent success success [[email protected] ~]# systemctl restart firewalld [[email protected] ~]#
Povolte úložiště CentOS EPEL.
[[email protected] ~]# yum install -y epel-release
Pro instalaci AWX potřebujeme postgresql 9.6.
Povolit postgreSQL repo.
[[email protected] ~]# yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
Instalace postgreSQL.
[[email protected] ~]# yum install postgresql96-server -y
Instalace dalších potřebných otáček.
[[email protected] ~]# yum install -y rabbitmq-server wget memcached nginx ansible
Instalace Ansible AWX
Přidání úložiště AWX.
[[email protected] ~]# wget -O /etc/yum.repos.d/awx-rpm.repo https://copr.fedorainfracloud.org/coprs/mrmeee/awx/repo/epel-7/mrmeee-awx-epel-7.repo
Instalace rpm
[[email protected] ~]# yum install -y awx
Inicializace databáze
[[email protected] ~]# /usr/pgsql-9.6/bin/postgresql96-setup initdb Initializing database ... OK [[email protected] ~]#
Spuštění služby Rabbitmq
[[email protected] ~]# systemctl start rabbitmq-server [[email protected] ~]# systemctl enable rabbitmq-server Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service. [[email protected] ~]#
Spuštění služby PostgreSQL
[[email protected] ~]# systemctl enable postgresql-9.6 Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql-9.6.service to /usr/lib/systemd/system/postgresql-9.6.service. [[email protected] ~]# systemctl start postgresql-9.6
Spouštění služby Memcached
[[email protected] ~]# systemctl enable memcached Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. [[email protected] ~]# systemctl start memcached
Vytvoření uživatele Postgres
[[email protected] ~]# sudo -u postgres createuser -S awx could not change directory to "/root": Permission denied [[email protected] ~]#
ignorujte chybu
Vytvoření databáze
[[email protected] ~]# sudo -u postgres createdb -O awx awx could not change directory to "/root": Permission denied [[email protected] ~]#
ignorujte chybu
Import dat do databáze
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage migrate
Inicializace konfigurace pro AWX
[[email protected] ~]# echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', '[email protected]', 'password')" | sudo -u awx /opt/awx/bin/awx-manage shell
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage create_preload_data
Default organization added.
Demo Credential, Inventory, and Job Template added.
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage provision_instance --hostname=$(hostname)
Successfully registered instance awx.sunil.cc
(changed: True)
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage register_queue --queuename=tower --hostnames=$(hostname)
Creating instance group tower
Added instance awx.sunil.cc to tower
(changed: True)
[[email protected] ~]#
Nakonfigurujte Nginx
Vezměte zálohu nginx.conf
[[email protected] ~]# cd /etc/nginx/ [[email protected] nginx]# pwd /etc/nginx [[email protected] nginx]# cp nginx.conf nginx.conf.bkp
Nahraďte soubor nginx conf
[[email protected] nginx]# wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/sunilsankar/awx-build/master/nginx.conf
Povolte a spusťte službu nginx
[[email protected] ~]# systemctl start nginx [[email protected] ~]# systemctl enable nginx
Spusťte služby awx
[[email protected] ~]# systemctl start awx-cbreceiver [[email protected] ~]# systemctl start awx-celery-beat [[email protected] ~]# systemctl start awx-celery-worker [[email protected] ~]# systemctl start awx-channels-worker [[email protected] ~]# systemctl start awx-daphne [[email protected] ~]# systemctl start awx-web
Ujistěte se, že je služba spuštěna během restartu
[[email protected] ~]# systemctl enable awx-cbreceiver Created symlink from /etc/systemd/system/multi-user.target.wants/awx-cbreceiver.service to /usr/lib/systemd/system/awx-cbreceiver.service. [[email protected] ~]# systemctl enable awx-celery-beat Created symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-beat.service to /usr/lib/systemd/system/awx-celery-beat.service. [[email protected] ~]# systemctl enable awx-celery-worker Created symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-worker.service to /usr/lib/systemd/system/awx-celery-worker.service. [[email protected] ~]# systemctl enable awx-channels-worker Created symlink from /etc/systemd/system/multi-user.target.wants/awx-channels-worker.service to /usr/lib/systemd/system/awx-channels-worker.service. [[email protected] ~]# systemctl enable awx-daphne Created symlink from /etc/systemd/system/multi-user.target.wants/awx-daphne.service to /usr/lib/systemd/system/awx-daphne.service. [[email protected] ~]# systemctl enable awx-web Created symlink from /etc/systemd/system/multi-user.target.wants/awx-web.service to /usr/lib/systemd/system/awx-web.service. [[email protected] ~]#
Konfigurace přihlášení bez hesla ze serveru AWX
Vytvořte uživatele na všech 3 hostitelích.
Zde v tomto tutoriálu vytvářím uživatele ansible na všech 3 serverech.
[[email protected] ~]# useradd ansible [[email protected] ~]# useradd ansible [[email protected] ~]# useradd ansible
Generování ssh klíče na serveru awx
[[email protected] nginx]# su - ansible [[email protected] ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ansible/.ssh/id_rsa): Created directory '/home/ansible/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ansible/.ssh/id_rsa. Your public key has been saved in /home/ansible/.ssh/id_rsa.pub. The key fingerprint is: SHA256:RW/dhTsxcyGicleRI0LpLm+LyhAVinm0xktapodc8gY [email protected] The key's randomart image is: +---[RSA 2048]----+ | . . ..o. +ooo| | = o . +.oo+*.o| | E @ . ..oo.+ o*.| |. # o oo.. o | | = * S . | | o . . . | | . o | | o .o | | o..... | +----[SHA256]-----+ [[email protected] ~]$
Přidání položky sudoers na všech 3 serverech jako poslední položka do souboru
[[email protected] nginx]# visudo ansible ALL=(ALL) NOPASSWD: ALL
Zkopírujte obsah id_rsa.pub do author_keys na všech 3 serverech
[[email protected] .ssh]$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected] [[email protected] .ssh]$ [[email protected] .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected] [[email protected] .ssh]$ chmod 600 authorized_keys
Klient1
[[email protected] ~]# su - ansible [[email protected] ~]$ mkdir .ssh [[email protected] ~]$ chmod 700 .ssh [[email protected] ~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected] [[email protected] ~]$ chmod 600 .ssh/authorized_keys
Klient2
[[email protected] ~]# su - ansible [[email protected] ~]$ mkdir .ssh [[email protected] ~]$ chmod 700 .ssh [[email protected] ~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected] [[email protected] ~]$ chmod 600 .ssh/authorized_keys
Zkontrolujte přihlášení bez hesla ze serveru AWX.
[[email protected] ~]$ ssh client1 Last login: Sun Mar 11 13:14:06 2018 from 192.168.1.25 [[email protected] ~]$ exit logout Connection to client1 closed. [[email protected] ~]$ ssh client2 Last login: Sun Mar 11 12:50:14 2018 from 192.168.1.25 [[email protected] ~]$
Ověřte přihlášení:
Přihlašovací údaje jsou:
Uživatelské jméno:„admin "
Heslo:"heslo "
V dalším tutoriálu ukážeme, jak přidat playbook a spustit úlohu.