Ansible AWX adalah versi OpenSource dari menara yang memungkinkan. AWX menyediakan antarmuka pengguna berbasis web, REST API, dan mesin tugas yang dibangun di atas Ansible. Ini adalah proyek hulu untuk Tower, turunan komersial AWX.
Dalam tutorial ini, saya akan menunjukkan cara menginstal dan mengkonfigurasi AWX menggunakan Docker.
Saya akan menggunakan 3 server dengan instalasi minimal centos 7 dan SELinux dalam mode permisif.
- Server AWX 192.168.1.25
- 192.168.1.21 klien1
- 192.168.1.22 klien2
Persyaratan Sistem untuk Server AWX
- Memori minimal 4 GB.
- Setidaknya 2 inti cpu.
- Minimal 20 GB ruang.
- Menjalankan Docker, Openshift, atau Kubernetes.
Periksa konfigurasi SELinux.
sestatus
Hasil:
[[email protected] ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 [[email protected] ~]#
Nonaktifkan firewalld.
[[email protected] installer]# systemctl stop firewalld [[email protected] installer]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [[email protected] installer]#
Menambahkan entri host di /etc/hosts
[[email protected] ~]# cat /etc/hosts 192.168.1.25 awx.sunil.cc awx 192.168.1.21 client1.sunil.cc client1 192.168.1.22 client2.sunil.cc client2 [[email protected] ~]#
Aktifkan repo epel.
[[email protected] ~]# yum install -y epel-release
Instal paket.
[[email protected] ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 ansible git python-devel python-pip python-docker-py vim-enhanced
Konfigurasikan repositori docker ce stable.
[[email protected] ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Memasang buruh pelabuhan.
[[email protected] ~]# yum install docker-ce -y
Mulai layanan buruh pelabuhan.
[[email protected] ~]# systemctl start docker
Aktifkan layanan buruh pelabuhan.
[[email protected] ~]# systemctl enable docker
Mengkloning repo AWX.
[[email protected] ~]# git clone https://github.com/ansible/awx.git [[email protected] ~]# cd awx/ [[email protected] awx]# git clone https://github.com/ansible/awx-logos.git [[email protected] awx]# pwd /root/awx [[email protected] awx]#
Masuk ke direktori penginstal di dalam /root/awx.
[[email protected] awx]# cd installer/
Edit parameter berikut dalam inventaris.
[[email protected] awx]# vim inventory postgres_data_dir=/var/lib/pgdocker awx_official=true awx_alternate_dns_servers="4.2.2.1,4.2.2.2" project_data_dir=/var/lib/awx/projects
Konfigurasi Anda akan terlihat seperti ini.
[[email protected] installer]# cat inventory |grep -v "#" localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python" [all:vars] dockerhub_base=ansible dockerhub_version=latest rabbitmq_version=3.6.14 awx_secret_key=awxsecret postgres_data_dir=/var/lib/pgdocker host_port=80 docker_compose_dir=/var/lib/awx pg_username=awx pg_password=awxpass pg_database=awx pg_port=5432 awx_official=true awx_alternate_dns_servers="4.2.2.1,4.2.2.2" project_data_dir=/var/lib/awx/projects [[email protected] installer]#
Sekarang menerapkan AWX melalui Docker.
[[email protected] installer]# ansible-playbook -i inventory install.yml -vv
Ini akan memakan waktu cukup lama tergantung pada konfigurasi server.
Untuk memeriksa penerapan permainan yang memungkinkan untuk AWX, jalankan perintah di bawah ini.
[[email protected] installer]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 318c7c95dcbb ansible/awx_task:latest "/tini -- /bin/sh -c." 12 minutes ago Up 12 minutes 8052/tcp awx_task 642c2f272e31 ansible/awx_web:latest "/tini -- /bin/sh -c." 12 minutes ago Up 12 minutes 0.0.0.0:80->8052/tcp awx_web 641b42ab536f memcached:alpine "docker-entrypoint.s." 18 minutes ago Up 18 minutes 11211/tcp memcached b333012d90ac rabbitmq:3 "docker-entrypoint.s." 19 minutes ago Up 19 minutes 4369/tcp, 5671-5672/tcp, 25672/tcp rabbitmq ada52935513a postgres:9.6 "docker-entrypoint.s." 19 minutes ago Up 19 minutes 5432/tcp postgres [[email protected] installer]#
AWX sudah siap dan dapat diakses dari browser.
nama pengguna adalah "admin" dan kata sandinya adalah "kata sandi".
Konfigurasikan login tanpa kata sandi dari server AWX
Buat pengguna di semua 3 host. Ikuti langkah-langkah di bawah ini di ketiga server.
[[email protected] ~]# useradd ansible [[email protected] ~]# useradd ansible [[email protected] ~]# useradd ansible
Membuat kunci ssh:
[[email protected] ~]# su - ansible [[email protected] ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ansible/.ssh/id_rsa): Created directory '/home/ansible/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ansible/.ssh/id_rsa. Your public key has been saved in /home/ansible/.ssh/id_rsa.pub. The key fingerprint is: SHA256:j30gyTVQxcWIocdKMbVieZvfJzGkCjXhjtc5qu+fE8o [email protected] The key's randomart image is: +---[RSA 2048]----+ | +o==.+. | | O.oo . | | * @ . | | + @ * + | | S * = o | | B =.o o | | ..=.o.o .| | .E... o | | .oo.o. | +----[SHA256]-----+ [[email protected] ~]$
Menambahkan entri sudoers di ketiga server sebagai entri terakhir ke file.
[[email protected] ~]# visudo ansible ALL=(ALL) NOPASSWD: ALL
Salin konten id_rsa.pub ke otor_keys di semua 3 server.
[[email protected] .ssh]$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected] [[email protected] .ssh]$ pwd /home/ansible/.ssh [[email protected] ~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected] [[email protected] ~]$chmod 600 .ssh/authorized_keys
klien1
[[email protected] ~]# su - ansible [[email protected] ~]$ ls [[email protected] ~]$ mkdir .ssh [[email protected] ~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected] [[email protected] ~]$ chmod 700 .ssh [[email protected] ~]$ chmod 600 .ssh/authorized_keys
klien2
[[email protected] ~]# su - ansible [[email protected] ~]$ ls [[email protected] ~]$ mkdir .ssh [[email protected] ~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected] [[email protected] ~]$ chmod 700 .ssh [[email protected] ~]$ chmod 600 .ssh/authorized_keys
Memvalidasi login tanpa kunci:
[[email protected]x .ssh]$ ssh client1 The authenticity of host 'client1 (192.168.1.21)' can't be established. ECDSA key fingerprint is SHA256:TUQNYdF4nxofGwFO7/z+Y5dUETVEI0xPQL4n1cUcoCI. ECDSA key fingerprint is MD5:5d:73:1f:64:0e:03:ac:a7:7b:33:76:08:6d:09:90:26. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'client1,192.168.1.21' (ECDSA) to the list of known hosts. Last login: Sun Mar 4 13:39:33 2018 [[email protected] ~]$ exit logout Connection to client1 closed. [[email protected] .ssh]$ [[email protected] .ssh]$ ssh client2 The authenticity of host 'client2 (192.168.1.22)' can't be established. ECDSA key fingerprint is SHA256:7JoWzteeQBwzc4Q3GGN+Oa4keUPMca/jtqv7gmmEZxg. ECDSA key fingerprint is MD5:85:77:3a:a3:07:31:d4:c1:41:ed:30:db:74:b4:ce:67. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'client2,192.168.1.22' (ECDSA) to the list of known hosts. Last login: Sun Mar 4 13:51:27 2018 [[email protected] ~]$ exit logout Connection to client2 closed. [[email protected] .ssh]$
Sekarang klik ikon ini dan buka kredensial -> tambahkan
Pilih organisasi dan isi nama pengguna dan deskripsi.
Di sini nama pengguna "mungkin"
Pilih 'mesin' di bawah jenis kredensial dan isi detailnya.
Dapatkan kunci pribadi dari server AWX.
[[email protected] .ssh]$ pwd /home/ansible/.ssh [[email protected] .ssh]$ cat id_rsa id_rsa id_rsa.pub [[email protected] .ssh]$ cat id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1 htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK 0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZ Ybng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8 f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrz sitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfca DTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAj Z43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa 0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pu sxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3 NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v 1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQ UnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl5 5xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1 GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+L Gi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZ N4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik +F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Sht l90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/ v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hw vAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0Cj XgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5 tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA== -----END RSA PRIVATE KEY----- [[email protected] .ssh]$
Kunci pribadi (contoh).
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1 htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK 0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZ Ybng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8 f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrz sitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfca DTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAj Z43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa 0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pu sxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3 NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v 1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQ UnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl5 5xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1 GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+L Gi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZ N4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik +F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Sht l90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/ v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hw vAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0Cj XgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5 tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA== -----END RSA PRIVATE KEY-----
Salin kunci pribadi di bawah kunci pribadi ssh dan klik simpan.
Klik Inventori dan klik tambahkan inventaris.
Isi detail yang sesuai.
Klik pada host -> tambahkan host.
Tambahkan detail di bawah ini:
Tambahkan detail di bawah ini untuk client2.
Uji konektivitas melalui AWX.
Pilih kedua host dan klik menjalankan perintah.
Pilih ping dan detail lainnya, lalu klik Luncurkan.
Itu saja untuk tutorial ini. Saya akan menunjukkan kepada Anda di tutorial berikutnya cara menginstal AWX melalui rpm dan juga cara menjalankan playbook, melakukan panggilan API di tutorial lebih lanjut.
Memantau dan Mendeteksi File yang Dimodifikasi menggunakan Tripwire di CentOS 7
Cara Menginstal Alternatif Turtl Server Evernote di CentOS 7