Ansible AWX Deployment Using k3s

In this toturial we shall demonstrate all the steps to deploy Ansible AWX on RHEL 8.x servers using k3s. Ansible AWX is the community version of Ansible Tower, where system administrators will be able to handle Ansible using the GUI interface.

Disable Firewalld. (This is recommended by K3s).

# sudo systemctl disable firewalld –now

AWX is supported and can only be run as a containerized application using Docker images deployed to either an OpenShift cluster, a Kubernetes cluster, or docker-compose. We shall use K3s Kubernetes setup to run AWX on CentOS 8 / Rocky Linux 8.

Put SELinux in permissive mode

# setenforce 0

# sed -i ‘s/^SELINUX=.*/SELINUX=permissive/g’ /etc/selinux/config

# cat /etc/selinux/config | grep SELINUX=

Install k3s

# curl -sfL | sudo bash –

# chmod 644 /etc/rancher/k3s/k3s.yaml

Check k3s service to confirm it is running and working

# systemctl status k3s.service

As root user do a validation on use of kubectl Kubernetes management tool:

# kubectl get nodes

This Kubernetes Operator has to be deployed for the management of one or more AWX instances in any namespace.

Install git and make tools

# sudo yum -y install git make

Clone operator deployment code

# git clone

Create namespace where operator will be deployed. I’ll name mine awx

# export NAMESPACE=awx

# kubectl create ns ${NAMESPACE}

Set current context to value set in NAMESPACE variable

# kubectl config set-context –current –namespace=$NAMESPACE

Switch to awx-operator directory

# cd awx-operator/

Save the latest version from AWX Operator releases as RELEASE_TAG variable then checkout to the branch using git.

# yum -y install jq

# RELEASE_TAG=`curl -s | grep tag_name | cut -d ‘”‘ -f 4`


Deploy AWX Operator into your cluster

# git checkout $RELEASE_TAG

# export NAMESPACE=awx

# make deploy

Wait a few minutes and awx-operator should be running

# kubectl get pods -n awx

Now that we have the operator pod running we are ready to initiate installation of Ansible AWX on CentOS 8 / Rocky Linux 8. But first we’ll need to create a PVC for public and static web data.

Create a file named public-static-pvc.yaml

# vi public-static-pvc.yaml

Input below contents in the file:

apiVersion: v1

kind: PersistentVolumeClaim


name: public-static-data-pvc



– ReadWriteOnce

storageClassName: local-path



storage: 5Gi

Apply configuration manifest:

# kubectl apply -f public-static-pvc.yaml -n awx

PVC won’t be bound until the pod that uses it is created.

# kubectl get pvc -n awx

Create AWX deployment file

# vi awx-instance-deployment.yml

Paste below contents to the file created.


kind: AWX


name: awx


service_type: nodeport

projects_persistence: true

projects_storage_access_mode: ReadWriteOnce

web_extra_volume_mounts: |

– name: static-data

mountPath: /var/lib/projects

extra_volumes: |

– name: static-data


claimName: public-static-data-pvc

Install AWX on CentOS 8 / Rocky Linux 8

# kubectl apply -f awx-instance-deployment.yml -n awx

After few minutes check pods creation status

# watch kubectl get pods -l “” -n awx

Extra PVCs are created automatically

# kubectl  get pvc

Fixing the error “mkdir: cannot create directory ‘/var/lib/postgresql/data’: Permission denied”

If you see the error message from postgres pod logs

# kubectl logs awx-postgres-0

mkdir: cannot create directory ‘/var/lib/postgresql/data’: Permission denied

It means the Postgres pod cannot write to the persistent volume directory inside/var/lib/rancher/k3s/storage/:

# ls -lh /var/lib/rancher/k3s/storage/ | grep awx-postgres-0

total 0

drwx——. 3 root root 18 Aug  3 14:04 pvc-8110b494-d9ed-450a-94c0-b9dfd2bd73f7_default_postgres-awx-postgres-0

Try setting the directory mode to 777

# chmod -R 777  /var/lib/rancher/k3s/storage/*

# kubectl delete pods -l “” -n awx

pod “awx-75698588d6-x79g2” deleted

pod “awx-postgres-0” deleted

The Postgres container pod should come up in few seconds:

# kubectl get pods -n awx

Get the AWX Web service port

# kubectl get service -n awx

From the output we can confirm service node port is 30080.

To have access to AWX web console, point your browser to your Ansible’s AWX server IP


You should be welcomed to a Login page well illustrated below.

The login username is admin

Obtain admin user password by decoding the secret with the password value:

# kubectl -n awx get secret awx-admin-password -o jsonpath=”{.data.password}” | base64 –decode

Better output format:

# kubectl -n awx get secret awx-admin-password -o go-template='{{range $k,$v := .data}}{{printf “%s: ” $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{“\n”}}{{end}}’

Login with the admin username and decoded password from above commands