Difference between revisions of "Install AWX on K3S"
Jump to navigation
Jump to search
| Line 36: | Line 36: | ||
kubectl get pods --all-namespaces | kubectl get pods --all-namespaces | ||
| − | + | # install kustomize | |
| − | + | cd /usr/local/sbin/ | |
| + | curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash | ||
=Deploy AWX= | =Deploy AWX= | ||
| − | = | + | <pre> |
| − | + | export NAMESPACE=awx | |
| − | + | kubectl create namespace $NAMESPACE | |
| − | + | kubectl config set-context --namespace=$NAMESPACE --current | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | = | + | cd ; mkdir git ; cd git |
| − | + | git clone https://github.com/ansible/awx-operator.git -b 0.16.0 | |
| + | cd awx-operator/ | ||
| + | make deploy | ||
| + | # cd ~/git/awx-operator/config/manager && /usr/local/sbin/kustomize edit set image controller=quay.io/ansible/awx-operator:0.16.0 | ||
| + | # cd ~/git/awx-operator && /usr/local/sbin/kustomize build config/default | kubectl apply -f - | ||
| − | + | kubectl get pods -n $NAMESPACE | |
| − | + | NAME READY STATUS RESTARTS AGE | |
| − | + | awx-operator-controller-manager-6795f9f5f5-xq4nt 2/2 Running 0 6m1s | |
| − | |||
| − | + | cd ~/git/ | |
| − | + | vim awx-instance.yml | |
| + | ------ | ||
--- | --- | ||
apiVersion: awx.ansible.com/v1beta1 | apiVersion: awx.ansible.com/v1beta1 | ||
| Line 68: | Line 68: | ||
ingress_type: Ingress | ingress_type: Ingress | ||
route_tls_termination_mechanism: edge | route_tls_termination_mechanism: edge | ||
| − | hostname: | + | hostname: tower.domain.com |
| − | + | ------ | |
| + | kubectl apply -f awx-instance.yml | ||
| − | + | kubectl get all | |
| + | kubectl logs -f deployment.apps/awx-operator-controller-manager -c awx-manager | ||
| + | kubectl get events -w | ||
| − | + | kubectl get deployment | |
| − | + | NAME READY UP-TO-DATE AVAILABLE AGE | |
| + | awx-operator-controller-manager 1/1 1 1 30m | ||
| + | awx 1/1 1 1 19m | ||
| − | + | kubectl get ingress | |
| + | NAME CLASS HOSTS ADDRESS PORTS AGE | ||
| + | awx-ingress <none> tower.domain.com 10.112.8.203 80 19m | ||
| − | + | kubectl get svc | |
| − | < | + | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
| − | + | awx-operator-controller-manager-metrics-service ClusterIP 10.43.225.102 <none> 8443/TCP 33m | |
| − | + | awx-postgres ClusterIP None <none> 5432/TCP 23m | |
| + | awx-service ClusterIP 10.43.155.232 <none> 80/TCP 22m | ||
</pre> | </pre> | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
=Fetch the secret and test the login= | =Fetch the secret and test the login= | ||
| Line 154: | Line 146: | ||
</pre> | </pre> | ||
| − | + | ||
| − | + | ||
==Pull Galaxy deps in projects by requirement files== | ==Pull Galaxy deps in projects by requirement files== | ||
Revision as of 09:11, 15 February 2022
Since version 18, AWX, the comunity edition of ansible tower gets deployed by a kubernetes operator.
This makes it easier to install and maintain the installation, but not all of us are familiar with kubernetes and operators.
So I share a short step by step guide on how to setup ansible awx in a "semi professional" way on a single k3s kubernetes node.
Contents
1 VM Setup
1.1 VM requirements
Just setup a CentOS8 minimal VM with the following requirements
- OS: centos8 minimal
- CPU: 2
- MEM: 8GB (6 GB may work as well)
- DISK: 40G (7GB used on a fresh setup)
1.2 Prepare OS
dnf -y upgrade dnf -y install setroubleshoot-server curl lsof wget
sed -i '/swap/d' /etc/fstab swapoff -a
firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --zone=public --add-masquerade --permanent firewall-cmd --reload reboot
2 Setup K3S
curl -sfL https://get.k3s.io | sh
cat /etc/systemd/system/k3s.service systemctl status k3s
kubectl get nodes # all pods in running state? fine! kubectl get pods --all-namespaces
# install kustomize cd /usr/local/sbin/ curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
3 Deploy AWX
export NAMESPACE=awx kubectl create namespace $NAMESPACE kubectl config set-context --namespace=$NAMESPACE --current cd ; mkdir git ; cd git git clone https://github.com/ansible/awx-operator.git -b 0.16.0 cd awx-operator/ make deploy # cd ~/git/awx-operator/config/manager && /usr/local/sbin/kustomize edit set image controller=quay.io/ansible/awx-operator:0.16.0 # cd ~/git/awx-operator && /usr/local/sbin/kustomize build config/default | kubectl apply -f - kubectl get pods -n $NAMESPACE NAME READY STATUS RESTARTS AGE awx-operator-controller-manager-6795f9f5f5-xq4nt 2/2 Running 0 6m1s cd ~/git/ vim awx-instance.yml ------ --- apiVersion: awx.ansible.com/v1beta1 kind: AWX metadata: name: awx spec: ingress_type: Ingress route_tls_termination_mechanism: edge hostname: tower.domain.com ------ kubectl apply -f awx-instance.yml kubectl get all kubectl logs -f deployment.apps/awx-operator-controller-manager -c awx-manager kubectl get events -w kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE awx-operator-controller-manager 1/1 1 1 30m awx 1/1 1 1 19m kubectl get ingress NAME CLASS HOSTS ADDRESS PORTS AGE awx-ingress <none> tower.domain.com 10.112.8.203 80 19m kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE awx-operator-controller-manager-metrics-service ClusterIP 10.43.225.102 <none> 8443/TCP 33m awx-postgres ClusterIP None <none> 5432/TCP 23m awx-service ClusterIP 10.43.155.232 <none> 80/TCP 22m
4 Fetch the secret and test the login
kubectl get secret awx-admin-password -o jsonpath='{.data.password}' | base64 --decode
firefox https://fqdn.domain.com
- user: admin
5 Links
- https://rancher.com/docs/k3s/latest/en/quick-start/
- https://rancher.com/docs/k3s/latest/en/backup-restore/
- https://github.com/ansible/awx-operator
6 Debug Notes
6.1 Open Node Port for direct access
PORT=$(kubectl describe svc awx-service | grep NodePort: | awk '{print $3}' | tr 'A-Z' 'a-z')
echo PORT=$PORT
firewall-cmd --zone=public --add-port=$PORT
6.2 Disable SELinux
setenforce 0 > /var/log/audit/audit.log # do some bad things sealert -a /var/log/audit/audit.log
6.3 Traefik Config
- https://levelup.gitconnected.com/a-guide-to-k3s-ingress-using-traefik-with-nodeport-6eb29add0b4b
kubectl -n kube-system edit cm traefik
6.4 Jump into container for debugging
# get pods kubectl get pods # get containers inside of pods kubectl describe <pod-name>
kubectl exec --stdin --tty <pod-name> -c <container-name> -- /bin/bash
7 Notes
7.1 Backup Restore
- Remind, Creds get not exported
pip install ansible-tower-cli awx-cli config host http://<new-awx-host.example.com> awx-cli login admin awx-cli user list # If the test is successful, the user will be displayed # export awx-cli receive --all > assets.json # import awx-cli send assets.json
7.2 Pull Galaxy deps in projects by requirement files
