In this article you’re going to learn from the ground up how to install and configure an AWX with Docker on RHEL/CentOS 8.
1. Introduction
Ansible AWX is the freely available open source project. You can use Ansible AWX in a lab, development, or other POC environment and with caution in production as well. It was the foundation on which Ansible Tower was created. Ansible AWX is a development branch of the code that goes through minimal testing and quality checks. There are some drawbacks to enterprise deployment, namely the lack of signed images for enterprise use, the lack of true versioning for upgrades, and the lack of support. AWX is a web-based solution that makes Ansible more convenient for IT teams to use. It is designed as a hub for all automation tasks. It has a fantastic browser REST API and allows you to control access, manage inventory graphically or sync with a variety of cloud sources, log all your jobs, and integrate well with Lightweight Directory Access Protocol (LDAP).
Ansible Tower is a commercial version based on Red Hat’s AWX. Ansible AWX and Ansible Tower both have similar features. Ansible plans to continue to expand the product lifecycle of Ansible AWX to more closely align with Ansible Tower releases. The biggest advantage of AWX over Ansible Tower is that you can use all enterprise features for an unlimited number of nodes. One of the main differences between AWX and Ansible Tower is a different logo for the products.
2. Install Docker
Note:
considering I am working in Testlab, I will be doing the linux administration directly with root privilege
2.1 Install EPEL repository
dnf install epel-release -y
dns update -y
2.2 Install required packages and configure python3 path
dnf install git gcc gcc-c++ ansible nodejs gettext device-mapper-persistent-data lvm2 bzip2 python3-pip -y
alternatives --set python /usr/bin/python3
2.3 Docker install
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf install docker-ce -y
2.4 Start the Docker service and make it persistent even when system reboot
systemctl start docker
systemctl enable docker
2.5 Verify that Docker is running
[root@centos2 martin]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-04-27 16:46:44 CEST; 10s ago
Docs: https://docs.docker.com
Main PID: 9754 (dockerd)
Tasks: 8
Memory: 30.8M
CGroup: /system.slice/docker.service
└─9754 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Apr 27 16:46:43 centos2 dockerd[9754]: time="2022-04-27T16:46:43.700769388+02:00" level=warning msg="Your kernel does not support cgroup blkio weight"
Apr 27 16:46:43 centos2 dockerd[9754]: time="2022-04-27T16:46:43.700781330+02:00" level=warning msg="Your kernel does not support cgroup blkio weight_device"
Apr 27 16:46:43 centos2 dockerd[9754]: time="2022-04-27T16:46:43.700882322+02:00" level=info msg="Loading containers: start."
Apr 27 16:46:44 centos2 dockerd[9754]: time="2022-04-27T16:46:44.234532348+02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Apr 27 16:46:44 centos2 dockerd[9754]: time="2022-04-27T16:46:44.296030769+02:00" level=info msg="Firewalld: interface docker0 already part of docker zone, returning"
Apr 27 16:46:44 centos2 dockerd[9754]: time="2022-04-27T16:46:44.359506234+02:00" level=info msg="Loading containers: done."
Apr 27 16:46:44 centos2 dockerd[9754]: time="2022-04-27T16:46:44.373020791+02:00" level=info msg="Docker daemon" commit=87a90dc graphdriver(s)=overlay2 version=20.10.14
Apr 27 16:46:44 centos2 dockerd[9754]: time="2022-04-27T16:46:44.373099463+02:00" level=info msg="Daemon has completed initialization"
Apr 27 16:46:44 centos2 systemd[1]: Started Docker Application Container Engine.
Apr 27 16:46:44 centos2 dockerd[9754]: time="2022-04-27T16:46:44.386782220+02:00" level=info msg="API listen on /var/run/docker.sock"
[root@centos2 martin]#
2.6 Install Docker-Composite
pip3 install docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
3. Download Ansible AWX
3.1 Download Ansible AWX from Git Hub repository
cd ~
git clone -b 17.1.0 https://github.com/ansible/awx.git
Note:
Starting in version 18.0 of AWX, the recommended installation method is via AWX Operator. As the AWX Operator installation method requires a Kubernetes Cluster, I will install the 17.1.0 Version which supports Docker.
3.2 Generate secret key which you will use later in the inventory and save it
openssl rand -base64 30
Example:
[root@centos2 ~]# openssl rand -base64 30
H7Lol8lFwZSgnXAVBk4ybjtC96EGT5tvpOTqkH39
4. Install Ansible AWX
4.1 Edit and modify variables in awx/installer/inventory
admin_password=password
pg_password=awxpass
secret_key=H7Lol8lFwZSgnXAVBk4ybjtC96EGT5tvpOTqkH39
awx_alternate_dns_servers="8.8.8.8,8.8.4.4"
postgres_data_dir="/var/lib/pgdocker"
docker_compose_dir="/var/lib/awx/awxcompose"
project_data_dir=/var/lib/awx/projects
4.2 Create directory for postgres
mkdir /var/lib/pgdocker
4.3 Install AWX
ansible-playbook -i ~/awx/installer/inventory ~/awx/installer/install.yml -v
Example output:
TASK [local_docker : Update CA trust in awx_web container] **********************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "cmd": ["docker", "exec", "awx_web", "/usr/bin/update-ca-trust"], "delta": "0:00:00.454900", "end": "2022-04-27 18:07:02.898039", "rc": 0, "start": "2022-04-27 18:07:02.443139", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
TASK [local_docker : Update CA trust in awx_task container] *********************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "cmd": ["docker", "exec", "awx_task", "/usr/bin/update-ca-trust"], "delta": "0:00:00.426620", "end": "2022-04-27 18:07:03.535570", "rc": 0, "start": "2022-04-27 18:07:03.108950", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
TASK [local_docker : Wait for launch script to create user] *********************************************************************************************************************************************************************************
ok: [localhost -> localhost] => {"changed": false, "elapsed": 10, "match_groupdict": {}, "match_groups": [], "path": null, "port": null, "search_regex": null, "state": "started"}
TASK [local_docker : Create Preload data] ***************************************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "cmd": ["docker", "exec", "awx_task", "bash", "-c", "/usr/bin/awx-manage create_preload_data"], "delta": "0:00:02.867263", "end": "2022-04-27 18:07:19.284459", "rc": 0, "start": "2022-04-27 18:07:16.417196", "stderr": "", "stderr_lines": [], "stdout": "Default organization added.\nDemo Credential, Inventory, and Job Template added.\n(changed: True)", "stdout_lines": ["Default organization added.", "Demo Credential, Inventory, and Job Template added.", "(changed: True)"]}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
localhost : ok=21 changed=8 unreachable=0 failed=0 skipped=73 rescued=0 ignored=1
Verify if the AWX container is running
[root@centos2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c0562abc79b8 ansible/awx:17.1.0 "/usr/bin/tini -- /u…" 41 minutes ago Up 2 minutes 8052/tcp awx_task
a6c2c87729a1 ansible/awx:17.1.0 "/usr/bin/tini -- /b…" 42 minutes ago Up 2 minutes 0.0.0.0:80->8052/tcp, :::80->8052/tcp awx_web
3b2982f10b89 postgres:12 "docker-entrypoint.s…" 42 minutes ago Up 2 minutes 5432/tcp awx_postgres
649e05ae34d9 redis "docker-entrypoint.s…" 42 minutes ago Up 2 minutes 6379/tcp awx_redis
[root@centos2 ~]#
4.4 Add Firewall rules
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
5. Log in to AWX GUI
5.1 Login with admin credentials and password configured in inventory file
5.3 Test connection
Conclusion
At this point we have running Ansible AWX and can now administer and manage Ansible projects easily using the AWX web interface.