欢迎光临
我们一直在努力

如何在CentOS 7上安装Ansible AWX

如何在CentOS 7上安装Ansible AWX

之前的教程中 ,我向您展示了如何通过docker部署Ansible AWX。 同时,我发现了两个为AWX构建rpm包的项目。 因此,在本教程中,我将向您展示如何在CentOS 7上从RPM文件安装Ansible AWX。Ansible AWX是Ansible Tower软件的开源版本。

我将在宽松模式下使用3台服务器, CentOS 7最低安装和SELinux。

  • 192.168.1.25 AWX服务器
  • 192.168.1.21 client1
  • 192.168.1.22 client2

AWX服务器的最低系统要求

  • 至少4GB的内存
  • 至少2个cpu核心
  • 至少20GB的空间
  • 运行Docker,Openshift或Kubernetes

检查SELinux配置。

[[email protected] ~]# sestatusSELinux status:                 enabledSELinuxfs mount:                /sys/fs/selinuxSELinux root directory:         /etc/selinuxLoaded policy name:             targetedCurrent mode:                   permissiveMode from config file:          permissivePolicy MLS status:              enabledPolicy deny_unknown status:     allowedMax kernel policy version:      28[[email protected] ~]#

添加主机条目

/etc/hosts
[[email protected] ~]# cat /etc/hosts192.168.1.25    awx.sunil.cc awx192.168.1.21    client1.sunil.cc client1192.168.1.22    client2.sunil.cc client2[[email protected] ~]#

添加防火墙规则

[[email protected] ~]# systemctl enable firewalldCreated symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.[[email protected] ~]# systemctl start firewalld[[email protected] ~]# firewall-cmd --add-service=http --permanent;firewall-cmd --add-service=https --permanentsuccesssuccess[[email protected] ~]# systemctl restart firewalld[[email protected] ~]#

启用CentOS EPEL存储库。

[[email protected] ~]# yum install -y epel-release

我们需要postgresql 9.6来安装AWX。

启用postgreSQL回购。

[[email protected] ~]# yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

安装postgreSQL。

[[email protected] ~]# yum install postgresql96-server -y

安装其他必要的RPM。

[[email protected] ~]# yum install -y rabbitmq-server wget memcached nginx ansible

安装Ansible AWX

添加AWX回购。

[[email protected] ~]# wget -O /etc/yum.repos.d/awx-rpm.repo https://copr.fedorainfracloud.org/coprs/mrmeee/awx/repo/epel-7/mrmeee-awx-epel-7.repo

安装rpm

[[email protected] ~]# yum install -y awx

初始化数据库

[[email protected] ~]# /usr/pgsql-9.6/bin/postgresql96-setup initdbInitializing database ... OK[[email protected] ~]#

开始Rabbitmq服务

[[email protected] ~]# systemctl start rabbitmq-server[[email protected] ~]# systemctl enable rabbitmq-serverCreated symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.[[email protected] ~]#

启动PostgreSQL服务

[[email protected] ~]# systemctl enable postgresql-9.6Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql-9.6.service to /usr/lib/systemd/system/postgresql-9.6.service.[[email protected] ~]# systemctl start postgresql-9.6

启动Memcached服务

[[email protected] ~]# systemctl enable memcachedCreated symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.[[email protected] ~]# systemctl start memcached

创建Postgres用户

[[email protected] ~]# sudo -u postgres createuser -S awxcould not change directory to "/root": Permission denied[[email protected] ~]#

忽略错误

创建数据库

[[email protected] ~]# sudo -u postgres createdb -O awx awxcould not change directory to "/root": Permission denied[[email protected] ~]#

忽略错误

将数据导入数据库

[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage migrate

初始化AWX的配置

[[email protected] ~]# echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', '[email protected]', 'password')" | sudo -u awx /opt/awx/bin/awx-manage shell[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage create_preload_dataDefault organization added.Demo Credential, Inventory, and Job Template added.[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage provision_instance --hostname=$(hostname)Successfully registered instance awx.sunil.cc(changed: True)[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage register_queue --queuename=tower --hostnames=$(hostname)Creating instance group towerAdded instance awx.sunil.cc to tower(changed: True)[[email protected] ~]#

配置Nginx

采取nginx.conf的备份

[[email protected] ~]# cd /etc/nginx/[[email protected] nginx]# pwd/etc/nginx[[email protected] nginx]# cp nginx.conf nginx.conf.bkp

替换nginx conf文件

[[email protected] nginx]# wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/sunilsankar/awx-build/master/nginx.conf

启用并启动nginx服务

[[email protected] ~]# systemctl start nginx[[email protected] ~]# systemctl enable nginx

启动awx服务

[[email protected] ~]# systemctl start awx-cbreceiver[[email protected] ~]# systemctl start awx-celery-beat[[email protected] ~]# systemctl start awx-celery-worker[[email protected] ~]# systemctl start awx-channels-worker[[email protected] ~]# systemctl start awx-daphne[[email protected] ~]# systemctl start awx-web

确保服务在重启过程中启动

[[email protected] ~]# systemctl enable awx-cbreceiverCreated symlink from /etc/systemd/system/multi-user.target.wants/awx-cbreceiver.service to /usr/lib/systemd/system/awx-cbreceiver.service.[[email protected] ~]# systemctl enable awx-celery-beatCreated symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-beat.service to /usr/lib/systemd/system/awx-celery-beat.service.[[email protected] ~]# systemctl enable awx-celery-workerCreated symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-worker.service to /usr/lib/systemd/system/awx-celery-worker.service.[[email protected] ~]# systemctl enable awx-channels-workerCreated symlink from /etc/systemd/system/multi-user.target.wants/awx-channels-worker.service to /usr/lib/systemd/system/awx-channels-worker.service.[[email protected] ~]# systemctl enable awx-daphneCreated symlink from /etc/systemd/system/multi-user.target.wants/awx-daphne.service to /usr/lib/systemd/system/awx-daphne.service.[[email protected] ~]# systemctl enable awx-webCreated symlink from /etc/systemd/system/multi-user.target.wants/awx-web.service to /usr/lib/systemd/system/awx-web.service.[[email protected] ~]#

从AWX服务器配置无密码登录

在所有3台主机上创建一个用户。

在本教程中,我将在所有3台服务器上创建一个用户。

[[email protected] ~]# useradd ansible[[email protected] ~]# useradd ansible[[email protected] ~]# useradd ansible

在awx服务器中生成ssh密钥

[[email protected] nginx]# su - ansible[[email protected] ~]$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/ansible/.ssh/id_rsa):Created directory '/home/ansible/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/ansible/.ssh/id_rsa.Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.The key fingerprint is:SHA256:RW/dhTsxcyGicleRI0LpLm+LyhAVinm0xktapodc8gY [email protected].sunil.ccThe key's randomart image is:+---[RSA 2048]----+|   . .  ..o. +ooo||  = o .  +.oo+*.o|| E @ . ..oo.+ o*.||. # o   oo..  o  || = *    S      . ||  o .  . .       ||   .    o        ||    o   .o       ||     o.....      |+----[SHA256]-----+[[email protected] ~]$

在所有3台服务器上添加sudoers条目作为该文件的最后一个条目

[[email protected] nginx]# visudoansible ALL=(ALL) NOPASSWD: ALL

将所有3台服务器上的id_rsa.pub的内容复制到authorized_keys

[[email protected] .ssh]$ cat id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected].sunil.cc[[email protected] .ssh]$[[email protected] .ssh]$ cat authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected].sunil.cc[[email protected] .ssh]$ chmod 600 authorized_keys

客户端1

[[email protected] ~]# su - ansible[[email protected] ~]$ mkdir .ssh[[email protected] ~]$ chmod 700 .ssh[[email protected] ~]$ cat .ssh/authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected].sunil.cc[[email protected] ~]$ chmod 600 .ssh/authorized_keys

客户端2

[[email protected] ~]# su - ansible[[email protected] ~]$ mkdir .ssh[[email protected] ~]$ chmod 700 .ssh[[email protected] ~]$ cat .ssh/authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected].sunil.cc[[email protected] ~]$ chmod 600 .ssh/authorized_keys

检查来自AWX服务器的无密码登录。

[[email protected] ~]$ ssh client1Last login: Sun Mar 11 13:14:06 2018 from 192.168.1.25[[email protected] ~]$ exitlogoutConnection to client1 closed.[[email protected] ~]$ ssh client2Last login: Sun Mar 11 12:50:14 2018 from 192.168.1.25[[email protected] ~]$

验证登录:

Ansible AWX登录

登录详细信息是:

用户名:“ admin
密码:“ 密码

Ansible AWX仪表板

在接下来的教程中将展示如何添加剧本并运行作业。

参考

赞(0) 打赏
未经允许不得转载:老赵部落 » 如何在CentOS 7上安装Ansible AWX

评论 抢沙发