Created: 6/10/2021
I’ve been pretty frustrated that the AWX community moved to Kubernetes deployments. I wanted to try to find the simplest solution to get this up and running.
I can’t vouch for the security of this setup yet. It is a work in progress, and I will update it as I learn more.
Running containers for years, I find Kubernetes very interesting. However, I’m stepping into this very slowly and carefully.
I chose to configure the PostgreSQL database as a deb package instead of a container. I will probably convert this later on as I get more comfortable with the setup (baby steps, you know).
This is a living document. I’m going to clean up the grammar, expand a bit on each subject, and work on providing better documentation.
Assumptions:
- Due to aliasing in bash and the snap command, I chose to document executing this as the root user. I would recommend using sudo in front of the commands instead.
- # represents a root prompt (your logged in as root, eg sudo -u -i).
- user$ represents a non-privileged user – eg sudo -u user -i
Item | Value | Notes |
Operating System | Ubuntu 20.04.2 | Fresh install, all filesystems formatted XFS Packages up to date |
Kubernetes | microk8s | snap install microk8s –classic |
OS IP | 192.168.0.65 | Internal IP of host |
K8s namespace | Default | Using the default namespace – for now |
HA Cluster | No | Single node microk8s cluster |
AWX Runner | 0.10.0 | https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml Mapping is under image_version |
AWX Version | 19.2.0 | Install with AWX Runner |
PostgreSQL | 12 | Not containerized, fresh install |
Nginx | Reverse Proxy | Proxy to the AWX Container Port (NodePort) |
Install Ubuntu 20.04
- I can’t vouch for ext4, but I know this configuration works with XFS. I would highly recommend using this filesystem.
- Note the ufw (firewall) section below. It needs to be enabled in order for this to work correctly. Make sure you enable ssh – or you may just lock yourself out of your system.
Install Postgresql 12
Install the postgresql packages
# sudo apt install postgresql postgresql-contrib
# pg_ctlcluster 12 main start
Create the postgresql user to connect as, set the password, and grant permissions to the database
# su - postgres
postgres$ psql
postgres=# CREATE USER ums1 WITH PASSWORD 'super-secret';
postgres=# GRANT ALL PRIVILEGES ON DATABASE ums1 TO ums1 ;
Configure Postgres to listen on all IP’s
# vi /etc/postgresql/12/main/postgresql.conf
Change
#listen_addresses = 'localhost'
To
listen_addresses = '*'
Set up authentication to postgres
# vi /etc/postgresql/12/main/pg_hba.conf
host all all 0.0.0.0/0 md5
Restart the postgres service
# systemctl restart postgresql
Install Microk8s
Install the microk8s software
# sudo snap install microk8s --classic
# sudo ufw allow ssh
# sudo ufw allow in on cni0
# sudo ufw allow out on cni0
# sudo ufw default allow routed
# sudo ufw enable ufw
# sudo microk8s start
# sudo microk8s status --wait-ready
Make things easier
- Add to bashrc
# alias kubectl="microk8s kubectl"
or
# snap alias microk8s.kubectl kubectl
and while we are at it - add bash completion
# source <(microk8s.kubectl completion bash)
Deploy AWX Operator
Login to github f https://raw.githubusercontent.com/ansible/awx-operator/ and find the current release. At the time of this writing 0.10.0 is current
TODO: mapping
# kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.10.0/deploy/awx-operator.yaml
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
clusterrole.rbac.authorization.k8s.io/awx-operator created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator created
serviceaccount/awx-operator created
deployment.apps/awx-operator created
List out the POD’s
# kubectl get pods
NAME READY STATUS RESTARTS AGE
awx-operator-5dd757f594-qtw95 0/1 ContainerCreating 0 4m37s
Create a file. I called it ums1-awx1.unbuffered.lan.yml
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: ums-awx1 # or some other name
spec:
service_type: nodeport
ingress_type: ingress
hostname: ums-awx1.unbuffered.lan
---
apiVersion: v1
kind: Secret
metadata:
name: ums1-postgres-configuration
namespace: default
stringData:
host: "192.168.0.65"
port: "5432"
database: ums1
username: ums1
password: super-secret
sslmode: prefer
type: unmanaged
type: Opaque
# kubectl apply -f ums1-awx1.unbuffered.lan.yml
awx.awx.ansible.com/ums-awx1 created
secret/ums1-postgres-configuration configured
Check the status
# kubectl get awx
NAME AGE
ums1 93s
Look at the details of the running pods:
# kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
NAME READY STATUS RESTARTS AGE
ums1-6bf679c645-zqskm 4/4 Running 0 2m34s
List the containers in the pod
# kubectl describe pod/ums1-6bf679c645-zqskm -n default
Connect to the pod
# kubectl exec --stdin --tty ums1-6bf679c645-zqskm -c ums1-web -- /bin/bash
Your in the container now
bash-4.4$ awx-manage check_db
Database Version: PostgreSQL 12.7 (Ubuntu 12.7-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, 64-bit
List the service port
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 33m
awx-operator-metrics ClusterIP 10.152.183.243 <none> 8383/TCP,8686/TCP 28m
ums1-service NodePort 10.152.183.193 <none> 80:30791/TCP 26m
See if the AWX API is responding
# curl -q http://10.152.183.193:80/api/v2/ping -L
{"ha":false,"version":"19.2.0","active_node":"ums1-6bf679c645-zqskm","install_uuid":"5158b1b3-0822-491e-adba-6b609c3c498c","instances":[{"node":"ums1-6bf679c645-zqskm","uuid":"00000000-0000-0000-0000-000000000000","heartbeat":"2021-06-11T01:27:47.501319Z","capacity":0,"version":"19.2.0"}],"instance_groups":[{"name":"tower","capacity":0,"instances":[]}]}
Install Nginx proxy
Install the software.
# apt install nginx
Add the following to /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://10.152.183.193:80/;
}
}
Restart nginx (and enable it)
# systemctl restart nginx
# systemctl enable nginx
Get the admin password for awx
# kubectl get secret ums1-admin-password -o jsonpath="{.data.password}" | base64 --decode
Connect to AWX for the first time
http://192.168.0.65
Login with the username “Admin” and the password from the step above.
Data Migration
Todo
Upgrading
Todo