{"id":1865,"date":"2022-12-24T08:41:04","date_gmt":"2022-12-24T05:41:04","guid":{"rendered":"http:\/\/opensource.sa\/?p=1865"},"modified":"2025-11-26T00:26:45","modified_gmt":"2025-11-25T21:26:45","slug":"ansible-awx-deployment-using-k3s","status":"publish","type":"post","link":"http:\/\/opensource.sa\/?p=1865","title":{"rendered":"Ansible AWX Deployment Using k3s"},"content":{"rendered":"

In this toturial we shall demonstrate all the steps to deploy Ansible AWX on RHEL 8.x servers using k3s. Ansible AWX is the community version of Ansible Tower, where system administrators will be able to handle Ansible using the GUI interface.<\/p>\n

Disable Firewalld. (This is recommended by K3s).<\/strong><\/p>\n

# sudo systemctl disable firewalld –now<\/p>\n

AWX is supported and can only be run as a containerized application using Docker images deployed to either an OpenShift cluster, a Kubernetes cluster, or docker-compose. We shall use K3s Kubernetes setup to run AWX on CentOS 8 \/ Rocky Linux 8.<\/p>\n

Put SELinux in permissive mode<\/strong><\/p>\n

# setenforce 0<\/p>\n

# sed -i ‘s\/^SELINUX=.*\/SELINUX=permissive\/g’ \/etc\/selinux\/config<\/p>\n

# cat \/etc\/selinux\/config | grep SELINUX=<\/p>\n

Install k3s<\/strong><\/p>\n

# curl -sfL https:\/\/get.k3s.io | sudo bash –<\/p>\n

# chmod 644 \/etc\/rancher\/k3s\/k3s.yaml<\/p>\n

Check k3s service to confirm it is running and working<\/strong><\/p>\n

# systemctl status k3s.service<\/p>\n

As root user do a validation on use of kubectl Kubernetes management tool:<\/strong><\/p>\n

# kubectl get nodes<\/p>\n

This Kubernetes Operator has to be deployed for the management of one or more AWX instances in any namespace.<\/p>\n

Install git and make tools<\/strong><\/p>\n

# sudo yum -y install git make<\/p>\n

Clone operator deployment code<\/strong><\/p>\n

# git clone https:\/\/github.com\/ansible\/awx-operator.git<\/p>\n

Create namespace where operator will be deployed. I\u2019ll name mine\u00a0awx<\/strong><\/p>\n

# export NAMESPACE=awx<\/p>\n

# kubectl create ns ${NAMESPACE}<\/p>\n

Set current context to value set in\u00a0NAMESPACE<\/em> variable<\/strong><\/p>\n

# kubectl config set-context –current –namespace=$NAMESPACE<\/p>\n

Switch to\u00a0awx-operator<\/em> directory<\/strong><\/p>\n

# cd awx-operator\/<\/p>\n

Save the latest version from\u00a0AWX Operator releases<\/a>\u00a0as\u00a0RELEASE_TAG<\/em>\u00a0variable then checkout to the branch using git.<\/strong><\/p>\n

# yum -y install jq<\/p>\n

# RELEASE_TAG=`curl -s https:\/\/api.github.com\/repos\/ansible\/awx-operator\/releases\/latest | grep tag_name | cut -d ‘”‘ -f 4`<\/p>\n

# echo $RELEASE_TAG<\/p>\n

Deploy AWX Operator into your cluster<\/strong><\/p>\n

# git checkout $RELEASE_TAG<\/p>\n

# export NAMESPACE=awx<\/p>\n

# make deploy<\/p>\n

Wait a few minutes and\u00a0awx-operator<\/em> should be running<\/strong><\/p>\n

# kubectl get pods -n awx<\/p>\n

Now that we have the operator pod running we are ready to initiate installation of Ansible AWX on CentOS 8 \/ Rocky Linux 8. But first we\u2019ll need to create a PVC for public and static web data.<\/p>\n

Create a file named\u00a0public-static-pvc.yaml<\/strong><\/p>\n

# vi public-static-pvc.yaml<\/p>\n

Input below contents in the file:<\/strong><\/p>\n

—<\/p>\n

apiVersion: v1<\/p>\n

kind: PersistentVolumeClaim<\/p>\n

metadata:<\/p>\n

name: public-static-data-pvc<\/p>\n

spec:<\/p>\n

accessModes:<\/p>\n

– ReadWriteOnce<\/p>\n

storageClassName: local-path<\/p>\n

resources:<\/p>\n

requests:<\/p>\n

storage: 5Gi<\/strong><\/p><\/blockquote>\n

Apply configuration manifest:<\/strong><\/p>\n

# kubectl apply -f public-static-pvc.yaml -n awx<\/p>\n

PVC won\u2019t be bound until the pod that uses it is created.<\/strong><\/p>\n

# kubectl get pvc -n awx<\/p>\n

Create AWX deployment file<\/strong><\/p>\n

# vi awx-instance-deployment.yml<\/p>\n

Paste below contents to the file created.<\/p>\n

—<\/p>\n

apiVersion: awx.ansible.com\/v1beta1<\/p>\n

kind: AWX<\/p>\n

metadata:<\/p>\n

name: awx<\/em><\/p>\n

spec:<\/p>\n

service_type: nodeport<\/p>\n

projects_persistence: true<\/p>\n

projects_storage_access_mode: ReadWriteOnce<\/p>\n

web_extra_volume_mounts: |<\/p>\n

– name: static-data<\/p>\n

mountPath: \/var\/lib\/projects<\/p>\n

extra_volumes: |<\/p>\n

– name: static-data<\/p>\n

persistentVolumeClaim:<\/p>\n

claimName: public-static-data-pvc<\/p><\/blockquote>\n

Install AWX on CentOS 8 \/ Rocky Linux 8<\/strong><\/p>\n

# kubectl apply -f awx-instance-deployment.yml -n awx<\/p>\n

After few minutes check pods creation status<\/strong><\/p>\n

# watch kubectl get pods -l “app.kubernetes.io\/managed-by=awx-operator” -n awx<\/strong><\/p>\n

Extra PVCs are created automatically<\/strong><\/p>\n

# kubectl\u00a0 get pvc<\/p>\n

Fixing the error \u201cmkdir: cannot create directory \u2018\/var\/lib\/postgresql\/data\u2019: Permission denied\u201d<\/p>\n

If you see the error message from postgres pod logs<\/strong><\/p>\n

# kubectl logs awx-postgres-0<\/p>\n

mkdir: cannot create directory \u2018\/var\/lib\/postgresql\/data\u2019: Permission denied<\/p><\/blockquote>\n

It means the Postgres pod cannot write to the persistent volume directory inside\/var\/lib\/rancher\/k3s\/storage\/<\/strong>:<\/p>\n

# ls -lh \/var\/lib\/rancher\/k3s\/storage\/ | grep awx-postgres-0<\/p>\n

total 0<\/p>\n

drwx——. 3 root root 18 Aug\u00a0 3 14:04 pvc-8110b494-d9ed-450a-94c0-b9dfd2bd73f7_default_postgres-awx-postgres-0<\/p>\n

Try setting the directory mode to\u00a0777<\/strong><\/p>\n

# chmod -R 777\u00a0 \/var\/lib\/rancher\/k3s\/storage\/*<\/p>\n

# kubectl delete pods -l “app.kubernetes.io\/managed-by=awx-operator” -n awx<\/p>\n

pod “awx-75698588d6-x79g2” deleted<\/p>\n

pod “awx-postgres-0” deleted<\/p>\n

The Postgres container pod should come up in few seconds:<\/p><\/blockquote>\n

# kubectl get pods -n awx<\/p>\n

Get the AWX Web service port<\/strong><\/p>\n

# kubectl get service -n awx<\/p>\n

From the output we can confirm service node port is\u00a030080<\/strong>.<\/p>\n

To have access to AWX web console, point your browser to your Ansible\u2019s AWX server IP<\/strong><\/p>\n

http:\/\/your-server-ip-address:30080<\/p>\n

You should be welcomed to a Login page well illustrated below.<\/p>\n

The login username is\u00a0admin<\/strong><\/p>\n

Obtain admin user\u00a0password\u00a0by decoding the secret with the password value:<\/strong><\/p>\n

# kubectl -n awx get secret awx-admin-password -o jsonpath=”{.data.password}” | base64 –decode<\/p>\n

Better output format:<\/strong><\/p>\n

# kubectl -n awx get secret awx-admin-password -o go-template='{{range $k,$v := .data}}{{printf “%s: ” $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{“\\n”}}{{end}}’<\/p>\n

Login with the\u00a0admin<\/em>\u00a0username and\u00a0decoded password<\/em> from above commands<\/p>\n