In this toturial we shall demonstrate all the steps to deploy Ansible AWX on RHEL 8.x servers using k3s. Ansible AWX is the community version of Ansible Tower, where system administrators will be able to handle Ansible using the GUI interface.
Disable Firewalld. (This is recommended by K3s).
# sudo systemctl disable firewalld –now
AWX is supported and can only be run as a containerized application using Docker images deployed to either an OpenShift cluster, a Kubernetes cluster, or docker-compose. We shall use K3s Kubernetes setup to run AWX on CentOS 8 / Rocky Linux 8.
Put SELinux in permissive mode
# setenforce 0
# sed -i ‘s/^SELINUX=.*/SELINUX=permissive/g’ /etc/selinux/config
# cat /etc/selinux/config | grep SELINUX=
Install k3s
# curl -sfL https://get.k3s.io | sudo bash –
# chmod 644 /etc/rancher/k3s/k3s.yaml
Check k3s service to confirm it is running and working
# systemctl status k3s.service
As root user do a validation on use of kubectl Kubernetes management tool:
# kubectl get nodes
This Kubernetes Operator has to be deployed for the management of one or more AWX instances in any namespace.
Install git and make tools
# sudo yum -y install git make
Clone operator deployment code
# git clone https://github.com/ansible/awx-operator.git
Create namespace where operator will be deployed. I’ll name mine awx
# export NAMESPACE=awx
# kubectl create ns ${NAMESPACE}
Set current context to value set in NAMESPACE variable
# kubectl config set-context –current –namespace=$NAMESPACE
Switch to awx-operator directory
# cd awx-operator/
Save the latest version from AWX Operator releases as RELEASE_TAG variable then checkout to the branch using git.
# yum -y install jq
# RELEASE_TAG=`curl -s https://api.github.com/repos/ansible/awx-operator/releases/latest | grep tag_name | cut -d ‘”‘ -f 4`
# echo $RELEASE_TAG
Deploy AWX Operator into your cluster
# git checkout $RELEASE_TAG
# export NAMESPACE=awx
# make deploy
Wait a few minutes and awx-operator should be running
# kubectl get pods -n awx
Now that we have the operator pod running we are ready to initiate installation of Ansible AWX on CentOS 8 / Rocky Linux 8. But first we’ll need to create a PVC for public and static web data.
Create a file named public-static-pvc.yaml
# vi public-static-pvc.yaml
Input below contents in the file:
—
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: public-static-data-pvc
spec:
accessModes:
– ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 5Gi
Apply configuration manifest:
# kubectl apply -f public-static-pvc.yaml -n awx
PVC won’t be bound until the pod that uses it is created.
# kubectl get pvc -n awx
Create AWX deployment file
# vi awx-instance-deployment.yml
Paste below contents to the file created.
—
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:
service_type: nodeport
projects_persistence: true
projects_storage_access_mode: ReadWriteOnce
web_extra_volume_mounts: |
– name: static-data
mountPath: /var/lib/projects
extra_volumes: |
– name: static-data
persistentVolumeClaim:
claimName: public-static-data-pvc
Install AWX on CentOS 8 / Rocky Linux 8
# kubectl apply -f awx-instance-deployment.yml -n awx
After few minutes check pods creation status
# watch kubectl get pods -l “app.kubernetes.io/managed-by=awx-operator” -n awx
Extra PVCs are created automatically
# kubectl get pvc
Fixing the error “mkdir: cannot create directory ‘/var/lib/postgresql/data’: Permission denied”
If you see the error message from postgres pod logs
# kubectl logs awx-postgres-0
mkdir: cannot create directory ‘/var/lib/postgresql/data’: Permission denied
It means the Postgres pod cannot write to the persistent volume directory inside/var/lib/rancher/k3s/storage/:
# ls -lh /var/lib/rancher/k3s/storage/ | grep awx-postgres-0
total 0
drwx——. 3 root root 18 Aug 3 14:04 pvc-8110b494-d9ed-450a-94c0-b9dfd2bd73f7_default_postgres-awx-postgres-0
Try setting the directory mode to 777
# chmod -R 777 /var/lib/rancher/k3s/storage/*
# kubectl delete pods -l “app.kubernetes.io/managed-by=awx-operator” -n awx
pod “awx-75698588d6-x79g2” deleted
pod “awx-postgres-0” deleted
The Postgres container pod should come up in few seconds:
# kubectl get pods -n awx
Get the AWX Web service port
# kubectl get service -n awx
From the output we can confirm service node port is 30080.
To have access to AWX web console, point your browser to your Ansible’s AWX server IP
http://your-server-ip-address:30080
You should be welcomed to a Login page well illustrated below.
The login username is admin
Obtain admin user password by decoding the secret with the password value:
# kubectl -n awx get secret awx-admin-password -o jsonpath=”{.data.password}” | base64 –decode
Better output format:
# kubectl -n awx get secret awx-admin-password -o go-template='{{range $k,$v := .data}}{{printf “%s: ” $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{“\n”}}{{end}}’
Login with the admin username and decoded password from above commands