How to Install Ansible AWX with Docker-Compose on CentOS 8

Red Hat has provided two GUI tools for centralized management of remote nodes using Ansible.

  • Ansible Tower
  • AWX

Ansible Tower is a web-based interface and REST API endpoint for Ansible. It provides centralized logging and auditing, role-based access control and push-button deployment.

AWX is an automation utility based on Ansible Tower that provides a web graphical interface, REST API as well as a task engine that allows users to manage their Ansible projects. In other words we can AWX is an open source version of Anisble Tower. With AWX, you can perform a number of tasks including inventory management, workflow automation, job scheduling, managing credentials and reporting to mention just a few.

One advantage with AWX is that you get to leverage all the enterprise features that ship with Ansible Tower for an unlimited number of nodes. In other words, the 10-node limit doesn’t apply to AWX. Additionally, AWX is ideal for lab or development environments. It’s however not considered an ideal tool for production environments compared to Ansible Tower.

AWX needs a containerized environment to function. A couple of options that support AWX include Kubernetes, OpenShift and Docker Compose. In this guide, however, we are going to use Docker compose because it’s quite easy to set up and is resource friendly.

Requirements for Ansible AWX

Before we get started, ensure that the CentOS 8 node has the following:

  • 4 GB of RAM
  • 3.4 GHz CPU with 2 Cores
  • 20 GB of Hard disk space
  • CentOS 8 needs to be running Openshift, Docker or Kubernetes
  • Ansible needs to be already installed

With all the requirements fulfilled, let’s get the ball rolling!

Step 1) Install EPEL on CentOS 8

Begin by installing  EPEL on CentOS 8 node because it provides some of the quintessential packages required by AWX. Therefore, log in as root user to your CentOS 8 node and run the command:

[[email protected] ~]# dnf install epel-release -y

Step 2) Install additional packages and dependencies

Additionally, we need to take an extra step and install essential packages that will be required as we get along with the installation of AWX:

[[email protected] ~]# dnf install git gcc gcc-c++ nodejs gettext device-mapper-persistent-data lvm2 bzip2 python3-pip

Sample Output

Install-packages-for-awx-centos8

Step 3) Install Docker CE on CentOS 8

RedHat / CentOS no longer supports the direct installation of docker, so if you run dnf install docker-ce, you are going to run into an error. To install docker on CentOS 8, we need to append the Docker repository to the system using the dnf config-manager tool.

[[email protected] ~]# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

The next step is to install Docker, run the command:

[[email protected] ~]# dnf install docker-ce-3:18.09.1-3.el7

Install-docker-ce-centos8

Now, run the following command to know what exact version of docker we have installed.

[[email protected] ~]# rpm -qa | grep docker
or
[[email protected] ~]# docker --version

Now, proceed to start and enable docker using the commands

[[email protected] ~]# systemctl start docker
[[email protected] ~]# systemctl enable --now docker.service

With docker installed, we can now proceed to install Docker compose.

Note: Run the following command to set python command to use python 3 because in CentOS 8 and RHEL8, python 3 is installed as dependency when we install ansible

[[email protected] ~]# alternatives --set python /usr/bin/python3

Step 4) Install Docker-Compose on CentOS 8

For the installation of docker-compose, we will use the pip command. Pip is python’s package manager that allows you to install python packages.

To install, we are going to use pip3 since the system is running using python3

[[email protected] ~]# pip3 install docker-compose

pip3-docker-compose-install

Great! we can now proceed to install AWX.

Step 5) Install Ansible AWX

To install AWX, first clone the Git repo as shown:

[[email protected] ~]# git clone https://github.com/ansible/awx.git

Git-Clone-AWX-CentOS8

Next, navigate to the  awx/installer directory and locate the inventory file. We need to adjust a few parameters:

Note: Don not forget to set the default python interpreter to python3

[[email protected] ~]# cd awx/installer/
[[email protected] installer]# vi inventory

localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python3"
postgres_data_dir=/var/lib/pgdocker
awx_official=true
project_data_dir=/var/lib/awx/projects
awx_alternate_dns_servers="4.2.2.1,4.2.2.2"

Equally crucial is the need to configure the Admin & Postgres password

[email protected]
[email protected]

Thereafter, be sure to  generate a cryptographic key for encryption of the inventory file

[[email protected] ~]# openssl rand -base64 30

Secret-key-openssl-centos8

Copy the secret key and append it to the secret_key entry as follows in the inventory file,

secret_key=SGYsSWciI5yRDQeZuEm5wW98pQeJMG+ACABPsGfC

Save and exit the inventory file.

To confirm and print out the changes made, run the command:

[[email protected] installer]# grep -v '^#' inventory | grep -v '^$'

Inventory-file-ansible-awx-centos8

To install AWX run the Ansible command:

[[email protected] installer]# ansible-playbook -i inventory install.yml

ansible-playbook-awx-1

This takes about 4-5 minutes for docker to run the necessary containers and build containers,  so relax and enjoy your cup of tea! The output below will be a confirmation that all went perfectly well.

ansible-playbook-awx-2

After the installation is done, you can check the containers which are launched via docker-compose

[[email protected] installer]# docker ps

docker-containers-awx-centos8

In Case OS firewall is enabled and running, then allow the http port (80) and https (443) using following commands,

[[email protected] installer]# firewall-cmd --zone=public --add-masquerade --permanent
[[email protected] installer]# firewall-cmd --permanent --add-service=http
[[email protected] installer]# firewall-cmd --permanent --add-service=https
[[email protected] installer]# firewall-cmd --reload

Step 5) Accessing AWX GUI Portal

To access AWX web console, open your browser and type in your Ansible’s AWX server IP and hit ENTER.

http://awx-server-ip-address

Ansible-AWX-Login-Page

Provide the username and password for Admin and hit ENTER. This will thereafter display AWX’s dashboard as shown:

Ansible-AWX-Dashboard-CentOS8

And that’s how you install AWX with docker-compose on a CentOS 8 server.

Read Also : How to Run and Schedule Ansible Playbook Using AWX GUI

25 Responses

  1. Rye says:

    Thanks much! One caveat I found is the installer wants ‘python’ in the PATH, which doesn’t exist in CentOS8. To fix that I had to make a symbolic link from /bin/python –> /bin/python3.

  2. Maccu says:

    Thanks much! ln -s /usr/bin/python3 /usr/bin/python on my rh8.1

  3. mraz says:

    Hello i have a problem with a message
    fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “”, “msg”: “Error starting project 404 Client Error: Not Found (\”b’manifest for ansible/awx_web:9.1.1 not found’\”)”}

    can you help me, to fix it?

  4. Steve says:

    I had an issue when running this as well. I was failing when deploying the container for awx_web. The version being installed was 9.1.1. As a workaround, I manually downloaded 9.0.1 and ran the install script for that version. Then I followed the upgrade path to 9.1.1.

  5. BOUCHET says:

    Hello i have a problem with a message :

    fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “”, “msg”: “Error starting project 500 Server Error: Internal Server Error (\”b’Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)’\”)”}

    can you help me, to fix it?

  6. TyGp says:

    I followed the instructions but not via root but via sudo. Everything went well but it seems awx_web is not responding. Connections are closed on port 8052 and connection on port 80 timeout.

  7. DavidJ says:

    You need to enable masquerading on the active zone:

    firewall-cmd –zone=public –add-masquerade –permanent
    firewall-cmd –reload

  8. Serena Martin says:

    Informative, Thanks for sharing this huge collection. Good Job. Keep going on.

  9. Tobias Lindberg says:

    Hi there,
    Is there a procedure to upgrade the setup to a newer version somehow?
    Or should I just re-run the installation playbook?
    // Tobias

  10. Wairisson says:

    Hey man, nice tutorial, thanks. Could you post how to enable ipv6 on awx conteiners ? I am in a big trouble with that.

  11. guy says:

    Is anyone getting this error?

    TASK [local_docker : Start the containers] ***********************************************************
    fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “latest: Pulling from library/redis\nDigest: sha256:157a95b41b0dca8c308a33489dfdb28019e033110320414b4b16fad7d28c0f9f\nStatus: Downloaded newer image for redis:latest\nalpine: Pulling from library/memcached\nDigest: sha256:4194d5286561f9cf4c26c977c48ad469bb3f4a674134be4c5de6d407d8239620\nStatus: Downloaded newer image for memcached:alpine\n10: Pulling from library/postgres\nDigest: sha256:14daf738e3619f221bdd29fee02d3951016d6ed09c86d0287bdc34364f5539c1\nStatus: Downloaded newer image for postgres:10\n”, “msg”: “Error starting project 404 Client Error: Not Found (\”b’manifest for ansible/awx_web:11.2.0 not found’\”)”}

    I have been following the tutorial and am on the latest version of Centos 8.1.1911 (4.18.0-147.8.1.el8_1.x86_64)

  12. Bob says:

    I’m getting this error

    TASK [local_docker : Start the containers] **************************************************************************************************************************************************
    fatal: [localhost]: FAILED! => {“changed”: false, “errors”: [], “module_stderr”: “”, “module_stdout”: “”, “msg”: “Error starting project 404 Client Error: Not Found (\”b\”pull access denied for ansible/awx, repository does not exist or may require ‘docker login’\”\”)”}

  13. Roy says:

    I successfully configured & launched the AWX web UI. But when i try to login it says, Invalid username and/or password. Please try again.

    When i verify the logs by docker logs -f awx_web , i could see the below errors,

    2020-06-22 15:54:02,971 WARNING awx.api.generics Login failed for user admin from 172.18.0.1
    2020-06-22 15:54:03,213 WARNING django.request Unauthorized: /api/login/
    2020-06-22 15:54:03,213 WARNING django.request Unauthorized: /api/login/

    Any help would be grateful.

  14. jen says:

    on this step ( ansible-playbook -i inventory install.yml ) the system is not having ansible-playbook )
    ansible-playbook is not in my server. i have not missed anything, what i am missing?

    • Pradeep Kumar says:

      Hi Jen,

      There could be two reasons for that, either you have not cloned awx git repo or you might be running the command from wrong directory.

  15. Sel says:

    Super notes, thanks for sharing. If anyone wants to know how to “configure SSL on Ansible AWX” using a self signed certificate then this should help you. This wasn’t documented propertly anywhere!

    SSL on Ansible AWX

    These steps worked seamlessly for us as of July 2020 version of AWX on Centos 8 server.

    cd into the directory for your awx/inventory file
    In my environment this was in /opt/awx/ so…

    cd /opt/awx/installer

    edit your “inventory” file and uncomment following 3 lines and add in the 4 line (change the directory path to the location where you will be storing your server.crt and server.key files)

    host_port=80
    host_port_ssl=443
    ssl_certificate=/opt/awx/certs/server.crt
    ssl_certificate_key=/opt/awx/certs/server.key

    cd into /opt/awx/
    mkdir certs/
    cd into certs/

    Run the following command to create your self-signed certificate.

    openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt -subj “/C=GB/ST=UK/L=London/O=OrganisationName/OU=Product Engineering/CN=awx.local/[email protected]

    From the directory which contains your awx/installer/inventory file run the following to update your configuation

    ansible-playbook -i inventory install.yml

    Then test your connection and hopefully SSL will now work for you! 🙂

    Hope this helps you. If so please comment and let me know.

    Sel

  16. Drew says:

    Pradeep,

    I had same issue, I don’t think you are installing Ansible locally at all anywhere. ansible-playbook command isn’t found, not even in pip. I went the route of pip3 install ansible and then ran the command.

Leave a Reply to Rye Cancel reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest