发表 admin at 2025年2月28日

类别

未分类

标签

如何在 CentOS 7 上使用 Docker 安装 Ansible AWX

在此页

AWX 服务器的系统要求
从 AWX 服务器配置无密码登录
参考资料

Ansible AWX 是 ansible tower 的开源版本。 AWX 提供基于 Web 的用户界面、REST API 和构建在 Ansible 之上的任务引擎。它是AWX商业衍生品Tower的上游项目。

在本教程中，我将向您展示如何使用 Docker 安装和配置 AWX。

我将在 permissive 模式下使用 3 台带有 centos 7 最小安装和 SELinux 的服务器。

192.168.1.25 AWX 服务器
192.168.1.21 客户端1
192.168.1.22 客户端 2

AWX 服务器的系统要求

至少 4GB 内存。
至少 2 个 CPU 内核。
至少 20GB 的空间。
运行 Docker、Openshift 或 Kubernetes。

检查 SELinux 配置。

sestatus

结果：

[ ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[ ~]#

禁用防火墙。

[ installer]# systemctl stop firewalld
[ installer]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[ installer]#

在 /etc/hosts 中添加主机条目

[ ~]# cat /etc/hosts
192.168.1.25 awx.sunil.cc awx
192.168.1.21 client1.sunil.cc client1
192.168.1.22 client2.sunil.cc client2
[ ~]#

启用 epel 回购。

[ ~]# yum install -y epel-release

安装软件包。

[ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 ansible git python-devel python-pip python-docker-py vim-enhanced

配置 docker ce 稳定存储库。

[ ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

安装泊坞窗。

[ ~]# yum install docker-ce -y

启动泊坞窗服务。

[ ~]# systemctl start docker

启用泊坞窗服务。

[ ~]# systemctl enable docker

克隆 AWX 存储库。

[ ~]# git clone https://github.com/ansible/awx.git
[ ~]# cd awx/
[ awx]# git clone https://github.com/ansible/awx-logos.git
[ awx]# pwd
/root/awx
[ awx]#

进入 /root/awx 中的安装程序目录。

[ awx]# cd installer/

编辑清单中的以下参数。

[ awx]# vim inventory
postgres_data_dir=/var/lib/pgdocker
awx_official=true
awx_alternate_dns_servers="4.2.2.1,4.2.2.2"
project_data_dir=/var/lib/awx/projects

您的配置应如下所示。

[ installer]# cat inventory |grep -v "#"
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"

[all:vars]

dockerhub_base=ansible
dockerhub_version=latest
rabbitmq_version=3.6.14


awx_secret_key=awxsecret



postgres_data_dir=/var/lib/pgdocker
host_port=80


docker_compose_dir=/var/lib/awx



pg_username=awx
pg_password=awxpass
pg_database=awx
pg_port=5432


awx_official=true


awx_alternate_dns_servers="4.2.2.1,4.2.2.2"

project_data_dir=/var/lib/awx/projects
[ installer]#

现在通过 Docker 部署 AWX。

[ installer]# ansible-playbook -i inventory install.yml -vv

这将需要一段时间，具体取决于服务器的配置。

要检查 AWX 的 ansible play 部署，请运行以下命令。

[ installer]# docker container ls
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                                NAMES
318c7c95dcbb        ansible/awx_task:latest   "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       8052/tcp                             awx_task
642c2f272e31        ansible/awx_web:latest    "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       0.0.0.0:80->8052/tcp                 awx_web
641b42ab536f        memcached:alpine          "docker-entrypoint.s."   18 minutes ago      Up 18 minutes       11211/tcp                            memcached
b333012d90ac        rabbitmq:3                "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       4369/tcp, 5671-5672/tcp, 25672/tcp   rabbitmq
ada52935513a        postgres:9.6              "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       5432/tcp                             postgres
[ installer]#

AWX 已准备就绪，可以从浏览器访问。

用户名为\admin\，密码为\password\。

从 AWX 服务器配置无密码登录

在所有 3 台主机上创建一个用户。在所有 3 台服务器上执行以下步骤。

[ ~]# useradd ansible
[ ~]# useradd ansible
[ ~]# useradd ansible

生成ssh密钥：

[ ~]# su - ansible
[ ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:j30gyTVQxcWIocdKMbVieZvfJzGkCjXhjtc5qu+fE8o 
The key's randomart image is:
+---[RSA 2048]----+
|        +o==.+.  |
|         O.oo .  |
|        * @   .  |
|       + @ * +   |
|        S * = o  |
|         B =.o o |
|        ..=.o.o .|
|         .E... o |
|        .oo.o.   |
+----[SHA256]-----+
[ ~]$

在所有 3 个服务器上添加 sudoers 条目作为文件的最后一个条目。

[ ~]# visudo
ansible ALL=(ALL) NOPASSWD: ALL

将 id_rsa.pub 的内容复制到所有 3 个服务器上的 authorized_keys。

[ .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ .ssh]$ pwd
/home/ansible/.ssh
[ ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ ~]$chmod 600 .ssh/authorized_keys

客户1

[ ~]# su - ansible
[ ~]$ ls
[ ~]$ mkdir .ssh
[ ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ ~]$ chmod 700 .ssh
[ ~]$ chmod 600 .ssh/authorized_keys

客户2

[ ~]# su - ansible
[ ~]$ ls
[ ~]$ mkdir .ssh
[ ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf 
[ ~]$ chmod 700 .ssh
[ ~]$ chmod 600 .ssh/authorized_keys

验证无密钥登录：

[ .ssh]$ ssh client1
The authenticity of host 'client1 (192.168.1.21)' can't be established.
ECDSA key fingerprint is SHA256:TUQNYdF4nxofGwFO7/z+Y5dUETVEI0xPQL4n1cUcoCI.
ECDSA key fingerprint is MD5:5d:73:1f:64:0e:03:ac:a7:7b:33:76:08:6d:09:90:26.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client1,192.168.1.21' (ECDSA) to the list of known hosts.
Last login: Sun Mar  4 13:39:33 2018
[ ~]$ exit
logout
Connection to client1 closed.
[ .ssh]$
[ .ssh]$ ssh client2
The authenticity of host 'client2 (192.168.1.22)' can't be established.
ECDSA key fingerprint is SHA256:7JoWzteeQBwzc4Q3GGN+Oa4keUPMca/jtqv7gmmEZxg.
ECDSA key fingerprint is MD5:85:77:3a:a3:07:31:d4:c1:41:ed:30:db:74:b4:ce:67.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client2,192.168.1.22' (ECDSA) to the list of known hosts.
Last login: Sun Mar  4 13:51:27 2018
[ ~]$ exit
logout
Connection to client2 closed.
[ .ssh]$

现在单击此图标并转到凭据 - >添加

选择一个组织并填写用户名和描述。

这里的用户名是“ansible”

在凭证类型下选择机器并填写详细信息。

从 AWX 服务器获取私钥。

[ .ssh]$ pwd
/home/ansible/.ssh
[ .ssh]$ cat id_rsa
id_rsa      id_rsa.pub
[ .ssh]$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1
htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK
0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZ
Ybng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8
f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrz
sitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfca
DTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAj
Z43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa
0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pu
sxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3
NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v
1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQ
UnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl5
5xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1
GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+L
Gi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZ
N4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik
+F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Sht
l90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/
v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hw
vAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0Cj
XgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5
tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl
Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT
t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==
-----END RSA PRIVATE KEY-----
[ .ssh]$

私钥（示例）。

复制ssh私钥下的私钥，点击保存。