Install AWX 19.2.0 on Ubuntu 20.04

Created: 6/10/2021

I’ve been pretty frustrated that the AWX community moved to Kubernetes deployments. I wanted to try to find the simplest solution to get this up and running.

I can’t vouch for the security of this setup yet. It is a work in progress, and I will update it as I learn more.

Running containers for years, I find Kubernetes very interesting. However, I’m stepping into this very slowly and carefully.

I chose to configure the PostgreSQL database as a deb package instead of a container. I will probably convert this later on as I get more comfortable with the setup (baby steps, you know).

This is a living document. I’m going to clean up the grammar, expand a bit on each subject, and work on providing better documentation.

Assumptions:

  • Due to aliasing in bash and the snap command, I chose to document executing this as the root user. I would recommend using sudo in front of the commands instead.
  • # represents a root prompt (your logged in as root, eg sudo -u -i).
  • user$ represents a non-privileged user – eg sudo -u user -i
ItemValueNotes
Operating SystemUbuntu 20.04.2Fresh install, all filesystems formatted XFS
Packages up to date
Kubernetesmicrok8ssnap install microk8s –classic
OS IP192.168.0.65Internal IP of host
K8s namespaceDefaultUsing the default namespace – for now
HA ClusterNoSingle node microk8s cluster
AWX Runner0.10.0https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml
Mapping is under image_version
AWX Version19.2.0Install with AWX Runner
PostgreSQL12Not containerized, fresh install
NginxReverse ProxyProxy to the AWX Container Port (NodePort)
Overview

Install Ubuntu 20.04

  • I can’t vouch for ext4, but I know this configuration works with XFS. I would highly recommend using this filesystem.
  • Note the ufw (firewall) section below. It needs to be enabled in order for this to work correctly. Make sure you enable ssh – or you may just lock yourself out of your system.

Install Postgresql 12

Install the postgresql packages

# sudo apt install postgresql postgresql-contrib
# pg_ctlcluster 12 main start

Create the postgresql user to connect as, set the password, and grant permissions to the database

# su - postgres
postgres$ psql
postgres=# CREATE USER ums1 WITH PASSWORD 'super-secret';
postgres=# GRANT ALL PRIVILEGES ON DATABASE ums1 TO ums1 ;

Configure Postgres to listen on all IP’s

# vi /etc/postgresql/12/main/postgresql.conf
Change
#listen_addresses = 'localhost'
To

listen_addresses = '*'

Set up authentication to postgres

# vi /etc/postgresql/12/main/pg_hba.conf

host    all             all             0.0.0.0/0               md5

Restart the postgres service

# systemctl restart postgresql

Install Microk8s

Install the microk8s software

# sudo snap install microk8s --classic 
# sudo ufw allow ssh
# sudo ufw allow in on cni0 
# sudo ufw allow out on cni0
# sudo ufw default allow routed
# sudo ufw enable ufw
# sudo microk8s start
# sudo microk8s status --wait-ready

Make things easier

  • Add to bashrc
# alias kubectl="microk8s kubectl"
or
# snap alias microk8s.kubectl kubectl
and while we are at it - add bash completion
# source <(microk8s.kubectl completion bash)

Deploy AWX Operator

Login to github f https://raw.githubusercontent.com/ansible/awx-operator/ and find the current release. At the time of this writing 0.10.0 is current

TODO: mapping

# kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.10.0/deploy/awx-operator.yaml
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
clusterrole.rbac.authorization.k8s.io/awx-operator created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator created
serviceaccount/awx-operator created
deployment.apps/awx-operator created

List out the POD’s

# kubectl get pods
NAME                            READY   STATUS              RESTARTS   AGE
awx-operator-5dd757f594-qtw95   0/1     ContainerCreating   0          4m37s

Create a file. I called it ums1-awx1.unbuffered.lan.yml

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: ums-awx1  # or some other name
spec:
  service_type: nodeport
  ingress_type: ingress
  hostname: ums-awx1.unbuffered.lan

---
apiVersion: v1
kind: Secret
metadata:
  name: ums1-postgres-configuration
  namespace: default
stringData:
  host: "192.168.0.65"
  port: "5432"
  database: ums1
  username: ums1
  password: super-secret
  sslmode: prefer
  type: unmanaged
type: Opaque
# kubectl apply -f ums1-awx1.unbuffered.lan.yml 
awx.awx.ansible.com/ums-awx1 created
secret/ums1-postgres-configuration configured

Check the status

# kubectl get awx
NAME              AGE
ums1              93s

Look at the details of the running pods:

# kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
NAME                    READY   STATUS    RESTARTS   AGE
ums1-6bf679c645-zqskm   4/4     Running   0          2m34s

List the containers in the pod

# kubectl describe pod/ums1-6bf679c645-zqskm  -n default

Connect to the pod

# kubectl exec --stdin --tty ums1-6bf679c645-zqskm -c ums1-web -- /bin/bash
Your in the container now
bash-4.4$ awx-manage check_db
Database Version: PostgreSQL 12.7 (Ubuntu 12.7-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, 64-bit

List the service port

# kubectl get svc 
NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
kubernetes             ClusterIP   10.152.183.1     <none>        443/TCP             33m
awx-operator-metrics   ClusterIP   10.152.183.243   <none>        8383/TCP,8686/TCP   28m
ums1-service           NodePort    10.152.183.193   <none>        80:30791/TCP        26m

See if the AWX API is responding

# curl -q http://10.152.183.193:80/api/v2/ping -L
{"ha":false,"version":"19.2.0","active_node":"ums1-6bf679c645-zqskm","install_uuid":"5158b1b3-0822-491e-adba-6b609c3c498c","instances":[{"node":"ums1-6bf679c645-zqskm","uuid":"00000000-0000-0000-0000-000000000000","heartbeat":"2021-06-11T01:27:47.501319Z","capacity":0,"version":"19.2.0"}],"instance_groups":[{"name":"tower","capacity":0,"instances":[]}]}

Install Nginx proxy

Install the software.

# apt install nginx

Add the following to /etc/nginx/sites-enabled/default

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        location / {
                proxy_http_version 1.1;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://10.152.183.193:80/;
        }
}

Restart nginx (and enable it)

# systemctl restart nginx
# systemctl enable nginx

Get the admin password for awx

# kubectl get secret ums1-admin-password -o jsonpath="{.data.password}" | base64 --decode

Connect to AWX for the first time

http://192.168.0.65

Login with the username “Admin” and the password from the step above.

Data Migration

Todo

Upgrading

Todo

Leave a Reply

Your email address will not be published. Required fields are marked *