Install Ansible AWX on CentOS 7 With Nginx Proxy and Let's Encrypt | ComputingFo...
source link: https://computingforgeeks.com/install-ansible-awx-on-centos-7-fedora-with-nginx-reverse-proxy-letsencrypt/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Welcome to our guide on How to Install Ansible AWX on CentOS 7 / Fedora with Nginx Reverse Proxy and Let’s Encrypt SSL Certificate. This installation will have http to https redirection configured on Nginx.
What is AWX?
AWX is the upstream project from which the Red Hat Ansible Tower which provides a web-based user interface, REST API, and task engine built on top of Ansible. It is the upstream project for Tower, a commercial derivative of AWX. This is an open source community project, sponsored by Red Hat, that enables users to better control their Ansible project use in IT environments. The AWX source code is available under the Apache License 2.0.
Install Ansible AWX on CentOS 7 / Fedora with Nginx Reverse Proxy and Letsencrypt
Now that you have the basics, let’s dive into the installation steps for AWX on CentOS 7 and Fedora operating systems. I assume you already have an installed and updated CentOS or Fedora Server. Note that epel is necessary for this installation, you can install epel by running:
sudo yum -y install epel-release
Install basic dependencies:
Some packages are required ad dependencies by AWX. These can be installed by running the following command on your terminal.
sudo yum -y install git gcc gcc-c++ lvm2 bzip2 gettext nodejs yum-utils device-mapper-persistent-data ansible python-pip vim
Install Docker CE:
We had earlier covered the installation of Docker community edition on various Linux distributions. This guide is available at the link:
How to install Docker CE on Ubuntu / Debian / Fedora / Arch / CentOS
Install docker python module:
AWX require docker python module. This is installed using pip,
$ sudo pip install -U docker docker-compose $ pip show docker Name: docker Version: 4.0.2 Summary: A Python library for the Docker Engine API. Home-page: https://github.com/docker/docker-py Author: None Author-email: None License: Apache License 2.0 Location: /usr/lib/python3.7/site-packages Requires: six, websocket-client, requests Required-by: docker-compose
Clone AWX from git
The next step is to clone AWX from git.
$ git clone --depth 50 https://github.com/ansible/awx.git Cloning into 'awx'... remote: Counting objects: 8886, done. remote: Compressing objects: 100% (4351/4351), done. remote: Total 8886 (delta 5573), reused 6866 (delta 4368), pack-reused 0 Receiving objects: 100% (8886/8886), 9.24 MiB | 871.00 KiB/s, done. Resolving deltas: 100% (5573/5573), done.
Change to installer directory
Since you need to execute ansible playbooks under installer directory, first navigate to this directory.
cd awx/installer/
Check the inventory file, you can customize as you want:
$ vim inventory
Generate admin password
$ pwgen 15
Generate AWX secret key
$ pwgen -N 1 -s 30 pXc5pYYCECKK5dHEXqV5jawgvkZToK
Modify inventory file with obtained values above:
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"
[all:vars]
dockerhub_base=ansible
awx_task_hostname=awx
awx_web_hostname=awxweb
postgres_data_dir=/tmp/pgdocker
host_port=80
host_port_ssl=443
docker_compose_dir=/tmp/awxcompose
pg_username=awx
pg_password=awxpass
pg_database=awx
pg_port=5432
rabbitmq_password=awxpass
rabbitmq_erlang_cookie=cookiemonster
admin_user=admin
admin_password=password
create_preload_data=True
secret_key=awxsecretExecute playbook
Run ansible-playbook command followed by option -i which tells it the inventory file to use. The name of the playbook file is install.yml.
$ sudo ansible-playbook -i inventory install.yml
If you get an error ImportError: “No module named ‘requests.packages.urllib3’, run:
sudo pip install requests urllib3 pyOpenSSL --force --upgrade
After some time, the deployment should be complete. You can then check created docker containers and their status using the docker ps command.
5 containers have been created specifically for AWX. These are
- Memcached container
- AWX_task container
- AWS web container
- Rabbitmq container
- PostgreSQL container
To manage these containers, use either docker-compose or use docker native commands. The web portal is accessible via host-ip:8000 or port 80 if you didn’t change it. You will get a welcome dashboard similar to one below.
Enter the username and password that you specified in the inventory file. Once you authenticate, you’ll get to AWX administration dashboard,
Configure Nginx Reverse proxy
If you would like to configure Nginx reverse proxy for AWX with http to https redirection, follow next steps. The first thing you have to do is generate SSL certificate for AWX using certbot-auto tool.
Generate Letsencrypt SSL certificate
wget https://dl.eff.org/certbot-auto chmod +x certbot-auto sudo mv certbot-auto /usr/local/bin sudo chmod a+x /usr/local/bin/certbot-auto sudo /usr/local/bin/certbot-auto certonly --standalone \ -d awx.example.com -d www.awx.example.com \ --preferred-challenges http --agree-tos -n -m [email protected] \ --keep-until-expiring
Once you get ssl certificate, modify below configuration snippet to use with nginx.
$ sudo cat /etc/nginx/conf.d/awx.conf
server
{
listen 443 ssl http2;
server_name awx.example.com www.awx.example.com;
location /
{
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://192.168.x.x:8000/;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/awx.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/awx.example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/awx.access.log;
error_log /var/log/nginx/awx.error.log;
}
server {
listen 80;
server_name awx.example.com www.awx.example.com;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^ https://$server_name$request_uri? permanent;
}Replace example.com with your real domain or subdomain name and put the correct location of SSL certificate. Then finally confirm that nginx configuration is Ok and restart nginx.
$ nginx -t $ sudo systemctl restart nginx
Wrapping Up.
You now have a running AWX which you use to administer network devices with Ansible. Hope this guide on Install Ansible AWX on CentOS 7 / Fedora with Nginx Reverse Proxy and Letsencrypt was helpful. The next steps are exploring how AWX dashboard is organized and the basics of using it.
Similar:
How To Install and Configure Ansible on RHEL 8 / CentOS 8
How To Install Ansible AWX on Ubuntu 18.04 / Debian 10
How To Install and Configure Ansible Tower on CentOS / RHEL 7
Install Apache Tomcat On Ubuntu 18.04 / CentOS 7 With Ansible
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK