How to Install Ansible AWX on CentOS 7

In the previous tutorial, I showed you how to deploy Ansible AWX via docker. In the meantime, I've found two projects that build rpm packages for AWX.

How to Add Security Questions to Windows 10 Local User Accounts
How to Install WordPress with EasyEngine on Ubuntu 18.04 and Debian
How to Encrypt USB Drive on Ubuntu 18.04 LTS

In the previous tutorial, I showed you how to deploy Ansible AWX via docker. In the meantime, I’ve found two projects that build rpm packages for AWX. So in this tutorial, I will show you how to install Ansible AWX from RPM  files on CentOS 7. Ansible AWX is the OpenSource version of the Ansible Tower software.

I will be using 3 servers with CentOS 7 minimal installation and SELinux in permissive mode.

  • ۱۹۲٫۱۶۸٫۱٫۲۵ AWX Server
  • ۱۹۲٫۱۶۸٫۱٫۲۱ client1
  • ۱۹۲٫۱۶۸٫۱٫۲۲ client2

Minimum System Requirements for AWX Server

  • At least 4GB of memory
  • At least 2 cpu cores
  • At least 20GB of space
  • Running Docker, Openshift, or Kubernetes

Check the SELinux configuration.

[[email protected] ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[[email protected] ~]#

Add the host entries in

/etc/hosts
[[email protected] ~]# cat /etc/hosts
۱۹۲٫۱۶۸٫۱٫۲۵ awx.sunil.cc awx
۱۹۲٫۱۶۸٫۱٫۲۱ client1.sunil.cc client1
۱۹۲٫۱۶۸٫۱٫۲۲ client2.sunil.cc client2
[[email protected] ~]#

Add the firewall rules

[[email protected] ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# firewall-cmd --add-service=http --permanent;firewall-cmd --add-service=https --permanent
success
success
[[email protected] ~]# systemctl restart firewalld
[[email protected] ~]#

Enable CentOS EPEL repository.

[[email protected] ~]# yum install -y epel-release

We need postgresql 9.6 for AWX installation.

Enable postgreSQL repo.

[[email protected] ~]# yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

Installing postgreSQL.

[[email protected] ~]# yum install postgresql96-server -y

Installing the other necessary rpms.

[[email protected] ~]# yum install -y rabbitmq-server wget memcached nginx ansible

Installing Ansible AWX

Adding the AWX repo.

[[email protected] ~]# wget -O /etc/yum.repos.d/awx-rpm.repo https://copr.fedorainfracloud.org/coprs/mrmeee/awx/repo/epel-7/mrmeee-awx-epel-7.repo

Installing the rpm

[[email protected] ~]# yum install -y awx

Intializing the database

[[email protected] ~]# /usr/pgsql-9.6/bin/postgresql96-setup initdb
Initializing database ... OK

[[email protected] ~]#

Starting the Rabbitmq Service

[[email protected] ~]# systemctl start rabbitmq-server
[[email protected] ~]# systemctl enable rabbitmq-server
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[[email protected] ~]#

Starting PostgreSQL Service

[[email protected] ~]# systemctl enable postgresql-9.6
Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql-9.6.service to /usr/lib/systemd/system/postgresql-9.6.service.
[[email protected] ~]# systemctl start postgresql-9.6

Starting Memcached Service

[[email protected] ~]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[[email protected] ~]# systemctl start memcached

Creating Postgres user

[[email protected] ~]# sudo -u postgres createuser -S awx
could not change directory to "/root": Permission denied
[[email protected] ~]#

ignore the error

Creating the database

[[email protected] ~]# sudo -u postgres createdb -O awx awx
could not change directory to "/root": Permission denied
[[email protected] ~]#

ignore the error

Importing the data into Database

[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage migrate

Initializing the configuration for AWX

[[email protected] ~]# echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', '[email protected]', 'password')" | sudo -u awx /opt/awx/bin/awx-manage shell
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage create_preload_data
Default organization added.
Demo Credential, Inventory, and Job Template added.
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage provision_instance --hostname=$(hostname)
Successfully registered instance awx.sunil.cc
(changed: True)
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage register_queue --queuename=tower --hostnames=$(hostname)
Creating instance group tower
Added instance awx.sunil.cc to tower
(changed: True)
[[email protected] ~]#

Configure Nginx

Take the backup of nginx.conf

[[email protected] ~]# cd /etc/nginx/
[[email protected] nginx]# pwd
/etc/nginx
[[email protected] nginx]# cp nginx.conf nginx.conf.bkp

Replace the nginx conf file

[[email protected] nginx]# wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/sunilsankar/awx-build/master/nginx.conf

Enable and start nginx service

[[email protected] ~]# systemctl start nginx
[[email protected] ~]# systemctl enable nginx

Start the awx services

[[email protected] ~]# systemctl start awx-cbreceiver
[[email protected] ~]# systemctl start awx-celery-beat
[[email protected] ~]# systemctl start awx-celery-worker
[[email protected] ~]# systemctl start awx-channels-worker
[[email protected] ~]# systemctl start awx-daphne
[[email protected] ~]# systemctl start awx-web

Make sure the service is started during restart

[[email protected] ~]# systemctl enable awx-cbreceiver
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-cbreceiver.service to /usr/lib/systemd/system/awx-cbreceiver.service.
[[email protected] ~]# systemctl enable awx-celery-beat
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-beat.service to /usr/lib/systemd/system/awx-celery-beat.service.
[[email protected] ~]# systemctl enable awx-celery-worker
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-worker.service to /usr/lib/systemd/system/awx-celery-worker.service.
[[email protected] ~]# systemctl enable awx-channels-worker
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-channels-worker.service to /usr/lib/systemd/system/awx-channels-worker.service.
[[email protected] ~]# systemctl enable awx-daphne
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-daphne.service to /usr/lib/systemd/system/awx-daphne.service.
[[email protected] ~]# systemctl enable awx-web
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-web.service to /usr/lib/systemd/system/awx-web.service.
[[email protected] ~]#

Configure passwordless login from AWX server

Create a user on all the 3 hosts.

Here in this tutorial, I am creating a user ansible on all the 3 servers.

[[email protected] ~]# useradd ansible
[[email protected] ~]# useradd ansible
[[email protected] ~]# useradd ansible

Generating ssh key in awx server

[[email protected] nginx]# su - ansible
[[email protected] ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RW/dhTsxcyGicleRI0LpLm+LyhAVinm0xktapodc8gY [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| . . ..o. +ooo|
| = o . +.oo+*.o|
| E @ . ..oo.+ o*.|
|. # o oo.. o |
| = * S . |
| o . . . |
| . o |
| o .o |
| o..... |
+----[SHA256]-----+
[[email protected] ~]$

Adding the sudoers entry on all 3 servers as a last entry to the file

[[email protected] nginx]# visudo
ansible ALL=(ALL) NOPASSWD: ALL

Copy the content of id_rsa.pub to authorized_keys on all the 3 servers

[[email protected] .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] .ssh]$
[[email protected] .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] .ssh]$ chmod 600 authorized_keys

Client1

[[email protected] ~]# su - ansible
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] ~]$ chmod 600 .ssh/authorized_keys

Client2

[[email protected] ~]# su - ansible
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] ~]$ chmod 600 .ssh/authorized_keys

Check the passwordless login from AWX server.

[[email protected] ~]$ ssh client1
Last login: Sun Mar 11 13:14:06 2018 from 192.168.1.25
[[email protected] ~]$ exit
logout
Connection to client1 closed.
[[email protected] ~]$ ssh client2
Last login: Sun Mar 11 12:50:14 2018 from 192.168.1.25
[[email protected] ~]$

Validate the Login:

Ansible AWX Login

The Login details are:

Username: “admin
Password: “password

Ansible AWX dashboard

In the next tutorial will show how to add a playbook and run the job.

Reference

Share this page: