欢迎光临
我们一直在努力

如何在CentOS 7上安装带有Docker的Ansible AWX

如何在CentOS 7上安装带有Docker的Ansible AWX

Ansible AWX是开放源码塔的开源版本。 AWX提供基于Web的用户界面,REST API和构建在Ansible之上的任务引擎。 它是AWX的商业衍生品Tower的上游项目。

在本教程中,我将向您展示如何使用Docker安装和配置AWX。

我将使用带有centos 7的3台服务器,最低安装和SELinux处于宽容模式。

  • 192.168.1.25 AWX服务器
  • 192.168.1.21 client1
  • 192.168.1.22 client2

AWX服务器的系统要求

  • 至少4GB的内存。
  • 至少2个cpu核心。
  • 至少20GB的空间。
  • 运行Docker,Openshift或Kubernetes。

检查SELinux配置。

sestatus

结果:

[[email protected] ~]# sestatusSELinux status:                 enabledSELinuxfs mount:                /sys/fs/selinuxSELinux root directory:         /etc/selinuxLoaded policy name:             targetedCurrent mode:                   permissiveMode from config file:          permissivePolicy MLS status:              enabledPolicy deny_unknown status:     allowedMax kernel policy version:      28[[email protected] ~]#

禁用firewalld。

[[email protected] installer]# systemctl stop firewalld[[email protected] installer]# systemctl disable firewalldRemoved symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.[[email protected] installer]#

/ etc / hosts中添加主机条目

[[email protected] ~]# cat /etc/hosts192.168.1.25 awx.sunil.cc awx192.168.1.21 client1.sunil.cc client1192.168.1.22 client2.sunil.cc client2[[email protected] ~]#

启用epel回购。

[[email protected] ~]# yum install -y epel-release

安装软件包。

[[email protected] ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 ansible git python-devel python-pip python-docker-py vim-enhanced

配置docker ce stable库。

[[email protected] ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

安装docker。

[[email protected] ~]# yum install docker-ce -y

开始码头服务。

[[email protected] ~]# systemctl start docker

启用docker服务。

[[email protected] ~]# systemctl enable docker

克隆AWX回购。

[[email protected] ~]# git clone https://github.com/ansible/awx.git[[email protected] ~]# cd awx/[[email protected] awx]# git clone https://github.com/ansible/awx-logos.git[[email protected] awx]# pwd/root/awx[[email protected] awx]#

进入/ root / awx中的安装程序目录。

[[email protected] awx]# cd installer/

在清单中编辑以下参数。

[[email protected] awx]# vim inventorypostgres_data_dir=/var/lib/pgdockerawx_official=trueawx_alternate_dns_servers="4.2.2.1,4.2.2.1"project_data_dir=/var/lib/awx/projects

你的配置应该看起来像这样。

[[email protected] installer]# cat inventory |grep -v "#"localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"[all:vars]dockerhub_base=ansibledockerhub_version=latestrabbitmq_version=3.6.14awx_secret_key=awxsecretpostgres_data_dir=/var/lib/pgdockerhost_port=80docker_compose_dir=/var/lib/awxpg_username=awxpg_password=awxpasspg_database=awxpg_port=5432awx_official=trueawx_alternate_dns_servers="4.2.2.1,4.2.2.2"project_data_dir=/var/lib/awx/projects[[email protected] installer]#

现在通过Docker部署AWX。

[[email protected] installer]# ansible-playbook -i inventory install.yml -vv

这将需要一段时间,取决于服务器的配置。

要检查适用于AWX的部署,请运行以下命令。

[[email protected] installer]# docker container lsCONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                                NAMES318c7c95dcbb        ansible/awx_task:latest   "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       8052/tcp                             awx_task642c2f272e31        ansible/awx_web:latest    "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       0.0.0.0:80->8052/tcp                 awx_web641b42ab536f        memcached:alpine          "docker-entrypoint.s."   18 minutes ago      Up 18 minutes       11211/tcp                            memcachedb333012d90ac        rabbitmq:3                "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       4369/tcp, 5671-5672/tcp, 25672/tcp   rabbitmqada52935513a        postgres:9.6              "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       5432/tcp                             postgres[[email protected] installer]#

AWX已准备就绪,可以通过浏览器访问。

AWX登录

用户名是“admin”,密码是“password”。

从AWX服务器配置无密码登录

在所有3台主机上创建一个用户。 在所有3台服务器上按照以下步骤操作。

[[email protected] ~]# useradd ansible[[email protected] ~]# useradd ansible[[email protected] ~]# useradd ansible

生成ssh密钥:

[[email protected] ~]# su - ansible[[email protected] ~]$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/ansible/.ssh/id_rsa):Created directory '/home/ansible/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/ansible/.ssh/id_rsa.Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.The key fingerprint is:SHA256:j30gyTVQxcWIocdKMbVieZvfJzGkCjXhjtc5qu+fE8o [email protected].sunil.ccThe key's randomart image is:+---[RSA 2048]----+|        +o==.+.  ||         O.oo .  ||        * @   .  ||       + @ * +   ||        S * = o  ||         B =.o o ||        ..=.o.o .||         .E... o ||        .oo.o.   |+----[SHA256]-----+[[email protected] ~]$

在所有3台服务器上添加sudoers条目作为该文件的最后一个条目。

[[email protected] ~]# visudoansible ALL=(ALL) NOPASSWD: ALL

将所有3台服务器上的id_rsa.pub的内容复制到authorized_keys。

[[email protected] .ssh]$ cat id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected].sunil.cc[[email protected] .ssh]$ pwd/home/ansible/.ssh[[email protected] ~]$ cat .ssh/authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected].sunil.cc[[email protected] ~]$chmod 600 .ssh/authorized_keys

客户端1

[[email protected] ~]# su - ansible[[email protected] ~]$ ls[[email protected] ~]$ mkdir .ssh[[email protected] ~]$ cat .ssh/authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected].sunil.cc[[email protected] ~]$ chmod 700 .ssh[[email protected] ~]$ chmod 600 .ssh/authorized_keys

客户端2

[[email protected] ~]# su - ansible[[email protected] ~]$ ls[[email protected] ~]$ mkdir .ssh[[email protected] ~]$ cat .ssh/authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected].sunil.cc[[email protected] ~]$ chmod 700 .ssh[[email protected] ~]$ chmod 600 .ssh/authorized_keys

验证无钥匙登录:

[[email protected] .ssh]$ ssh client1The authenticity of host 'client1 (192.168.1.21)' can't be established.ECDSA key fingerprint is SHA256:TUQNYdF4nxofGwFO7/z+Y5dUETVEI0xPQL4n1cUcoCI.ECDSA key fingerprint is MD5:5d:73:1f:64:0e:03:ac:a7:7b:33:76:08:6d:09:90:26.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'client1,192.168.1.21' (ECDSA) to the list of known hosts.Last login: Sun Mar  4 13:39:33 2018[[email protected] ~]$ exitlogoutConnection to client1 closed.[[email protected] .ssh]$[[email protected] .ssh]$ ssh client2The authenticity of host 'client2 (192.168.1.22)' can't be established.ECDSA key fingerprint is SHA256:7JoWzteeQBwzc4Q3GGN+Oa4keUPMca/jtqv7gmmEZxg.ECDSA key fingerprint is MD5:85:77:3a:a3:07:31:d4:c1:41:ed:30:db:74:b4:ce:67.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'client2,192.168.1.22' (ECDSA) to the list of known hosts.Last login: Sun Mar  4 13:51:27 2018[[email protected] ~]$ exitlogoutConnection to client2 closed.[[email protected] .ssh]$ 

现在点击此图标并转到凭据 – >添加

添加凭证

添加按钮

选择一个组织并填写用户名和描述。

这里的用户名是“ansible”

Ansible用户

在凭证类型下选择“机器”并填写详细信息。

凭据类型

从AWX服务器获取私钥。

[[email protected] .ssh]$ pwd/home/ansible/.ssh[[email protected] .ssh]$ cat id_rsaid_rsa      id_rsa.pub[[email protected] .ssh]$ cat id_rsa-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZYbng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrzsitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfcaDTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAjZ43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pusxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQUnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl55xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+LGi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZN4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik+F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Shtl90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hwvAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0CjXgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSlQimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCTt9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==-----END RSA PRIVATE KEY-----[[email protected] .ssh]$

私钥(例子)。

-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZYbng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrzsitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfcaDTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAjZ43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pusxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQUnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl55xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+LGi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZN4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik+F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Shtl90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hwvAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0CjXgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSlQimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCTt9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==-----END RSA PRIVATE KEY-----

复制ssh私钥下的私钥并点击保存。

Sek键

点击库存,然后点击添加库存。

添加库存

相应地填写细节。

填写库存详细信息

点击主机 – >添加主机。

添加主机

添加以下详细信息:

主机细节

为client2添加以下详细信息。

客户端2的详细信息

通过AWX测试连接。

选择两个主机并单击运行命令。

选择ping和其他细节,然后单击启动。

这就是这个教程。 我将在下一个教程中向您展示如何通过rpm安装AWX,以及如何运行剧本,在进一步的教程中进行API调用。

参考

赞(0) 打赏
未经允许不得转载:老赵部落 » 如何在CentOS 7上安装带有Docker的Ansible AWX

评论 抢沙发