Installation d'AWX

Introduction

Cet article décrit l'installation de AWX. AWX est la version Open-Source d’Ansible Automation Platform plus connue sous le nom d’Ansible Tower.

Prérequis

• Serveur Rocky 9 - Voir Installation et configuration de Rocky Linux
• • 2 CPU
• • 4Gb de RAM
• IPV6 (si pas activé)

  sudo sed -i "s|ipv6.disable=1|ipv6.disable=0|" /etc/default/grub
  sudo grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline
  CONNECTION=`nmcli connection show | grep ethernet | awk '{print $1}'`
  sudo nmcli connection modify $CONNECTION ipv6.method link-local
  sudo reboot

• Packages

  sudo dnf install git curl -y

• Firewall

  sudo systemctl stop firewalld
  sudo systemctl disable firewalld

• Dossiers

  sudo mkdir -p /data/postgres-15
  sudo mkdir /data/projects
  sudo chown 1000:0 /data/projects

Installer K3S

sudo curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.29.6+k3s2 sh -s - --write-kubeconfig-mode 644

[INFO]  Using v1.29.6+k3s2 as release
...
Complete!
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3s

Vérification

Soyez patient

Patientez quelques secondes avant de vérifier. No resources found sera retourné par la commande ci-dessous si vous l'exécutez trop vite.

kubectl get pods -A

NAMESPACE     NAME                                     READY   STATUS      RESTARTS   AGE
kube-system   coredns-6799fbcd5-msb7g                  1/1     Running     0          52s
kube-system   helm-install-traefik-crd-xfdb7           0/1     Completed   0          52s
kube-system   helm-install-traefik-pkrp7               0/1     Completed   1          52s
kube-system   local-path-provisioner-6f5d79df6-jq22j   1/1     Running     0          52s
kube-system   metrics-server-54fd9b65b-sxnwh           1/1     Running     0          52s
kube-system   svclb-traefik-a47cb06b-q25xb             2/2     Running     0          42s
kube-system   traefik-7d5f6474df-vxp5r                 1/1     Running     0          42s

AWX-operator

mkdir ~/awx-inst

Installation

cd ~/awx-inst
git clone https://github.com/kurokobo/awx-on-k3s.git
cd awx-on-k3s
kubectl apply -k operator

Vérification

kubectl get pods -n awx

NAME                                               READY   STATUS    RESTARTS   AGE
awx-operator-controller-manager-745b55d94b-2crr5   2/2     Running   0          28s

Configuration AWX

cat << EOF > ~/awx-inst/awx-on-k3s/base/awx.yaml
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
spec:
  # These parameters are designed for use with:
  # - AWX Operator: 2.19.1
  #   https://github.com/ansible/awx-operator/blob/2.19.1/README.md

  admin_user: admin
  admin_password_secret: awx-admin-password

  ingress_type: ingress
  ingress_hosts:
    - hostname: SERVER_FQDN
      tls_secret: awx-secret-tls

  postgres_configuration_secret: awx-postgres-configuration

  postgres_data_volume_init: true
  postgres_storage_class: awx-postgres-volume
  postgres_storage_requirements:
    requests:
      storage: 8Gi

  projects_persistence: true
  projects_existing_claim: awx-projects-claim

  web_replicas: 1
  task_replicas: 1

  web_resource_requirements: {}
  task_resource_requirements: {}
  ee_resource_requirements: {}
  init_container_resource_requirements: {}
  postgres_resource_requirements: {}
  redis_resource_requirements: {}
  rsyslog_resource_requirements: {}

  # Uncomment to reveal "censored" logs
  #no_log: false
EOF

Configure hostname

sed -i "s|SERVER_FQDN|$HOSTNAME|" ~/awx-inst/awx-on-k3s/base/awx.yaml

kustomization

cat << EOF > ~/awx-inst/awx-on-k3s/base/kustomization.yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: awx

generatorOptions:
  disableNameSuffixHash: true

secretGenerator:
  - name: awx-secret-tls
    type: kubernetes.io/tls
    files:
      - tls.crt
      - tls.key

  - name: awx-postgres-configuration
    type: Opaque
    literals:
      - host=awx-postgres-15
      - port=5432
      - database=awx
      - username=awx
      - password=Ansible123!
      - type=managed

  - name: awx-admin-password
    type: Opaque
    literals:
      - password=Ansible123!

  # If you want to specify SECRET_KEY for your AWX manually, uncomment following lines and change the value.
  # Refer AAC documentation for detail about SECRET_KEY.
  # https://docs.ansible.com/automation-controller/latest/html/administration/secret_handling.html
  #- name: awx-secret-key
  #  type: Opaque
  #  literals:
  #    - secret_key=MySuperSecureSecretKey123!

resources:
  - pv.yaml
  - pvc.yaml
  - awx.yaml
EOF

Certificats

Si vous avez votre propre certificat, vous pouvez procéder comme décrit ci-dessous pour les inclure dans le pod AWX. Dans cet exemple j'utilise mes certificats gmolab.net. Sinon vous pouvez garder ceux par défaut.

wget http://intranet.gmotech.net/certs/gmolab.net.crt -O ~/awx-inst/awx-on-k3s/base/tls.crt
wget http://intranet.gmotech.net/certs/gmolab.net.key -O ~/awx-inst/awx-on-k3s/base/tls.key

Appliquer la configuration

cd ~/awx-inst/awx-on-k3s
kubectl apply -k base

Vérification

kubectl -n awx get pods

NAME                                               READY   STATUS      RESTARTS   AGE
awx-migration-24.6.1-cnpml                         0/1     Completed   0          2m37s
awx-operator-controller-manager-745b55d94b-gf6mr   2/2     Running     0          4m45s
awx-postgres-15-0                                  1/1     Running     0          3m15s
awx-task-cd95d5986-hxwf2                           4/4     Running     0          2m56s
awx-web-7f9cff4968-kjm5r                           3/3     Running     0          2m57s

Voir les logs

kubectl -n awx logs -f deployments/awx-operator-controller-manager

Attention

L'installation peut prendre jusqu'à 5min.

Vous pouvez accéder à la platforme AWX:

• URL: https://<votre_serveur_awx>
• User: admin
• Pass: Ansible123! (à modifier au plus vite)

Sources

• AWX
• Kurokobo/awx

---

Version	Date	Change	Auteur
1.0	24.05.2025	Création	GMo