Red Hat has provided two GUI tools for centralized management of remote nodes using Ansible.
- Ansible Tower
- AWX
Ansible Tower is a web-based interface and REST API endpoint for Ansible. It provides centralized logging and auditing, role-based access control and push-button deployment.
AWX is an automation utility based on Ansible Tower that provides a web graphical interface, REST API as well as a task engine that allows users to manage their Ansible projects. In other words we can AWX is an open source version of Anisble Tower. With AWX, you can perform a number of tasks including inventory management, workflow automation, job scheduling, managing credentials and reporting to mention just a few.
One advantage with AWX is that you get to leverage all the enterprise features that ship with Ansible Tower for an unlimited number of nodes. In other words, the 10-node limit doesn’t apply to AWX. Additionally, AWX is ideal for lab or development environments. It’s however not considered an ideal tool for production environments compared to Ansible Tower.
AWX needs a containerized environment to function. A couple of options that support AWX include Kubernetes, OpenShift and Docker Compose. In this guide, however, we are going to use Docker compose because it’s quite easy to set up and is resource friendly.
Requirements for Ansible AWX
Before we get started, ensure that the CentOS 8 node has the following:
- 4 GB of RAM
- 3.4 GHz CPU with 2 Cores
- 20 GB of Hard disk space
- CentOS 8 needs to be running Openshift, Docker or Kubernetes
- Ansible needs to be already installed
With all the requirements fulfilled, let’s get the ball rolling!
Step 1) Install EPEL on CentOS 8
Begin by installing EPEL on CentOS 8 node because it provides some of the quintessential packages required by AWX. Therefore, log in as root user to your CentOS 8 node and run the command:
[root@awx-ansible ~]# dnf install epel-release -y
Step 2) Install additional packages and dependencies
Additionally, we need to take an extra step and install essential packages that will be required as we get along with the installation of AWX:
[root@awx-ansible ~]# dnf install git gcc gcc-c++ nodejs gettext device-mapper-persistent-data lvm2 bzip2 python3-pip
Sample Output
Step 3) Install Docker CE on CentOS 8
RedHat / CentOS no longer supports the direct installation of docker, so if you run dnf install docker-ce, you are going to run into an error. To install docker on CentOS 8, we need to append the Docker repository to the system using the dnf config-manager tool.
[root@awx-ansible ~]# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
The next step is to install Docker, run the command:
[root@awx-ansible ~]# dnf install docker-ce-3:18.09.1-3.el7
Now, run the following command to know what exact version of docker we have installed.
[root@awx-ansible ~]# rpm -qa | grep docker or [root@awx-ansible ~]# docker --version
Now, proceed to start and enable docker using the commands
[root@awx-ansible ~]# systemctl start docker [root@awx-ansible ~]# systemctl enable --now docker.service
With docker installed, we can now proceed to install Docker compose.
Note: Run the following command to set python command to use python 3 because in CentOS 8 and RHEL8, python 3 is installed as dependency when we install ansible
[root@awx-ansible ~]# alternatives --set python /usr/bin/python3
Step 4) Install Docker-Compose on CentOS 8
For the installation of docker-compose, we will use the pip command. Pip is python’s package manager that allows you to install python packages.
To install, we are going to use pip3 since the system is running using python3
[root@awx-ansible ~]# pip3 install docker-compose
Great! we can now proceed to install AWX.
Step 5) Install Ansible AWX
To install AWX, first clone the Git repo as shown:
[root@awx-ansible ~]# git clone https://github.com/ansible/awx.git
Next, navigate to the awx/installer directory and locate the inventory file. We need to adjust a few parameters:
Note: Don not forget to set the default python interpreter to python3
[root@awx-ansible ~]# cd awx/installer/ [root@awx-ansible installer]# vi inventory localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python3" postgres_data_dir=/var/lib/pgdocker awx_official=true project_data_dir=/var/lib/awx/projects awx_alternate_dns_servers="4.2.2.1,4.2.2.2"
Equally crucial is the need to configure the Admin & Postgres password
pg_admin_password=postgrespass@123 admin_password=Linuxtechi@123
Thereafter, be sure to generate a cryptographic key for encryption of the inventory file
[root@awx-ansible ~]# openssl rand -base64 30
Copy the secret key and append it to the secret_key entry as follows in the inventory file,
secret_key=SGYsSWciI5yRDQeZuEm5wW98pQeJMG+ACABPsGfC
Save and exit the inventory file.
To confirm and print out the changes made, run the command:
[root@awx-ansible installer]# grep -v '^#' inventory | grep -v '^$'
To install AWX run the Ansible command:
[root@awx-ansible installer]# ansible-playbook -i inventory install.yml
This takes about 4-5 minutes for docker to run the necessary containers and build containers, so relax and enjoy your cup of tea! The output below will be a confirmation that all went perfectly well.
After the installation is done, you can check the containers which are launched via docker-compose
[root@awx-ansible installer]# docker ps
In Case OS firewall is enabled and running, then allow the http port (80) and https (443) using following commands,
[root@awx-ansible installer]# firewall-cmd --zone=public --add-masquerade --permanent [root@awx-ansible installer]# firewall-cmd --permanent --add-service=http [root@awx-ansible installer]# firewall-cmd --permanent --add-service=https [root@awx-ansible installer]# firewall-cmd --reload
Step 5) Accessing AWX GUI Portal
To access AWX web console, open your browser and type in your Ansible’s AWX server IP and hit ENTER.
http://awx-server-ip-address
Provide the username and password for Admin and hit ENTER. This will thereafter display AWX’s dashboard as shown:
And that’s how you install AWX with docker-compose on a CentOS 8 server.
Read Also : How to Run and Schedule Ansible Playbook Using AWX GUI
Thanks much! One caveat I found is the installer wants ‘python’ in the PATH, which doesn’t exist in CentOS8. To fix that I had to make a symbolic link from /bin/python –> /bin/python3.
Thanks much! ln -s /usr/bin/python3 /usr/bin/python on my rh8.1
Hello i have a problem with a message
fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “”, “msg”: “Error starting project 404 Client Error: Not Found (\”b’manifest for ansible/awx_web:9.1.1 not found’\”)”}
can you help me, to fix it?
I had an issue when running this as well. I was failing when deploying the container for awx_web. The version being installed was 9.1.1. As a workaround, I manually downloaded 9.0.1 and ran the install script for that version. Then I followed the upgrade path to 9.1.1.
Hello i have a problem with a message :
fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “”, “msg”: “Error starting project 500 Server Error: Internal Server Error (\”b’Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)’\”)”}
can you help me, to fix it?
I’ve got a proxy in my configuration
You need to enable proxy settings in your docker configuration. Proxy settings defined in inventory file are for AWS not the docker.
You should be able to define proxy for docker by following these instructions: https://docs.docker.com/config/daemon/systemd/
I followed the instructions but not via root but via sudo. Everything went well but it seems awx_web is not responding. Connections are closed on port 8052 and connection on port 80 timeout.
Did the ansible playbook run successfully and also did you open ports in the firewall. Did the containers started after Ansible playbook execution ?
I have the same issue
Containers started, firewall ports enabled, no issues with installation
In the end, the issue was firewalld – it did not allow for some reason communication between containers, once I’ve disabled firewalld, everything was fine.
You need to enable masquerading on the active zone:
firewall-cmd –zone=public –add-masquerade –permanent
firewall-cmd –reload
Informative, Thanks for sharing this huge collection. Good Job. Keep going on.
Hi there,
Is there a procedure to upgrade the setup to a newer version somehow?
Or should I just re-run the installation playbook?
// Tobias
Hi,
Try to Clone the AWX git repo and re-run the installation playbook.
Hey man, nice tutorial, thanks. Could you post how to enable ipv6 on awx conteiners ? I am in a big trouble with that.
Is anyone getting this error?
TASK [local_docker : Start the containers] ***********************************************************
fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “latest: Pulling from library/redis\nDigest: sha256:157a95b41b0dca8c308a33489dfdb28019e033110320414b4b16fad7d28c0f9f\nStatus: Downloaded newer image for redis:latest\nalpine: Pulling from library/memcached\nDigest: sha256:4194d5286561f9cf4c26c977c48ad469bb3f4a674134be4c5de6d407d8239620\nStatus: Downloaded newer image for memcached:alpine\n10: Pulling from library/postgres\nDigest: sha256:14daf738e3619f221bdd29fee02d3951016d6ed09c86d0287bdc34364f5539c1\nStatus: Downloaded newer image for postgres:10\n”, “msg”: “Error starting project 404 Client Error: Not Found (\”b’manifest for ansible/awx_web:11.2.0 not found’\”)”}
I have been following the tutorial and am on the latest version of Centos 8.1.1911 (4.18.0-147.8.1.el8_1.x86_64)
I’m getting this error
TASK [local_docker : Start the containers] **************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “”, “msg”: “Error starting project 404 Client Error: Not Found (\”b\”pull access denied for ansible/awx, repository does not exist or may require ‘docker login’\”\”)”}
when cloning a build (Step 5 in this article)
use the -b switch (to specify the build version)
git clone -b 11.2.0 https://github.com/ansible/awx.git
it solves the issue!
taken from here is a problem for everyone.)
https://github.com/ansible/awx/issues/7246
I successfully configured & launched the AWX web UI. But when i try to login it says, Invalid username and/or password. Please try again.
When i verify the logs by docker logs -f awx_web , i could see the below errors,
2020-06-22 15:54:02,971 WARNING awx.api.generics Login failed for user admin from 172.18.0.1
2020-06-22 15:54:03,213 WARNING django.request Unauthorized: /api/login/
2020-06-22 15:54:03,213 WARNING django.request Unauthorized: /api/login/
Any help would be grateful.
on this step ( ansible-playbook -i inventory install.yml ) the system is not having ansible-playbook )
ansible-playbook is not in my server. i have not missed anything, what i am missing?
Hi Jen,
There could be two reasons for that, either you have not cloned awx git repo or you might be running the command from wrong directory.
Super notes, thanks for sharing. If anyone wants to know how to “configure SSL on Ansible AWX” using a self signed certificate then this should help you. This wasn’t documented propertly anywhere!
SSL on Ansible AWX
These steps worked seamlessly for us as of July 2020 version of AWX on Centos 8 server.
cd into the directory for your awx/inventory file
In my environment this was in /opt/awx/ so…
cd /opt/awx/installer
edit your “inventory” file and uncomment following 3 lines and add in the 4 line (change the directory path to the location where you will be storing your server.crt and server.key files)
host_port=80
host_port_ssl=443
ssl_certificate=/opt/awx/certs/server.crt
ssl_certificate_key=/opt/awx/certs/server.key
cd into /opt/awx/
mkdir certs/
cd into certs/
Run the following command to create your self-signed certificate.
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt -subj “/C=GB/ST=UK/L=London/O=OrganisationName/OU=Product Engineering/CN=awx.local/[email protected]”
From the directory which contains your awx/installer/inventory file run the following to update your configuation
ansible-playbook -i inventory install.yml
Then test your connection and hopefully SSL will now work for you! 🙂
Hope this helps you. If so please comment and let me know.
Sel
Pradeep,
I had same issue, I don’t think you are installing Ansible locally at all anywhere. ansible-playbook command isn’t found, not even in pip. I went the route of pip3 install ansible and then ran the command.
i have this error after run the command [ # ansible-playbook -i inventory install.yml]
fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “15.0.0: Pulling from ansible/awx\n”, “msg”: “Error starting project unauthorized: authentication required”}
Great tutorial.
My requirement is I need to setup AWX auto scalable and HA. Is there any automation like terraform, cloudformation or ansible to deploy latest version of AWX on AWS.
Please help
I am getting below errors:
TASK [local_docker : Start the containers] **************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “latest: Pulling from library/redis\n”, “msg”: “Error starting project error pulling image configuration: Get ‘https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/08/08502081bff61084d64fc76f0f90ea39b89935cd071d9e12c5374ae191ff53c0/data?verify=1624536303-%2FTjVbrf5Qzo7XaF3Ar6xaJjkCCo%3D’: dial tcp 104.18.125.25:443: i/o timeout”}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
localhost : ok=15 changed=4 unreachable=0 failed=1 skipped=97 rescued=0 ignored=0