Ansible

Docker를 이용하여 CentOS7에 Ansible AWX설치

NWSV 2020. 4. 16. 21:27

이번 시간에는 도커를 이용하여 AWX설치 및 수정 방법을 알아보겠습니다.

 

사용할 서버

  • 192.168.137.10  AWX Server (CentOS7)
  • 192.168.137.11  client1 (CentOS7)

 

AWX 사양

  • 최소 4GB 메모리
  • 최소 2core CPU
  • 20GB 디스크 용량

 

AWX 설치

0. selinux 종료

sed -i 's|SELINUX=enforcing|SELINUX=disabled|g' /etc/selinux/config
reboot
sestatus (selinux 설정 확인)

 

1. Install EPEL

yum install epel-release -y

 

2. Install additional packages and dependencies

yum install git gcc gcc-c++ nodejs gettext device-mapper-persistent-data lvm2 bzip2 python3-pip yum-utils ansible nodejs python-pip -y

 

3. Install Docker-CE

yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo -y
yum install docker-ce -y
systemctl start docker && systemctl enable docker
alternatives --set python /usr/bin/python3

 

4. Install Docker-Compose

pip3 install docker-compose

 

5. Install AWX

git clone https://github.com/ansible/awx.git

 

6. Conconfigure AWX

cd awx/installer/
vi inventory

* DB 저장 위치 변경:

AWX는 내부적으로 Postgre SQL을 DB로 사용합니다. 해당 DB가 컨테이너로 구동되기 때문에 내부에 저장할 수 없으므로 설치하는 서버의 로컬 디스크 어딘가에 저장하게 됩니다.

(postgres_data_dir=/var/lib/pgdocker)

<Note: Don not forget to set the default python interpreter to python3>

localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python3"
postgres_data_dir=/var/lib/pgdocker
awx_official=true
awx_alternate_dns_servers="4.2.2.1,4.2.2.2"
project_data_dir=/var/lib/awx/projects
grep -v '^#' inventory | grep -v '^$'
ansible-playbook -i inventory install.yml

 

7. AWX 설치 완료

<초기 ID: admin, PW: password>

 

AWX 서버에서 비밀번호 없는 로그인 구성

0. /etc/hosts에 내용 추가하기

[root@awx ~]# cat /etc/hosts
192.168.1.25 awx.example.com awx
192.168.1.21 client1.example.com client1

 

1. 2개의 호스트에서 사용자 만들기

[root@awx ~]# useradd ansible
[root@client1 ~]# useradd ansible

 

2. 2개의 호스트에 sudoers 추가하기

[root@awx ~]# visudo
ansible ALL=(ALL) NOPASSWD: ALL

 

3. SSH Key 생성하기

[root@awx ~]# su - ansible
[ansible@awx ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
*****************************************************************
The key's randomart image is:
+---[RSA 2048]----+
|        +o==.+.  |
|         O.oo .  |
     *********
|        ..=.o.o .|
|         .E... o |
|        .oo.o.   |
+----[SHA256]-----+
[ansible@awx ~]$
  • private key의 위치 /home/ansible/.ssh/id_rsa
  • public key의 위치 /home/ansible/.ssh/id_rsa.pub

 

4. 공개키(id_rsa.pub) authorized_keys에 붙여넣기

[ansible@awx .ssh]$ pwd
/home/ansible/.ssh
[ansible@awx .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Qmuz ***~~ <- 복사하기

[ansible@awx ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Qmz *** <- 붙여넣기

[ansible@awx ~]$chmod 600 .ssh/authorized_keys
[root@client1 ~]# su - ansible
[ansible@client1 ~]$ mkdir .ssh
[ansible@client1 ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Qmuz *** <- 붙여넣기

[ansible@client1 ~]$ chmod 700 .ssh
[ansible@client1 ~]$ chmod 600 .ssh/authorized_keys

 

5. key 없이 로그인 테스트

[ansible@awx .ssh]$ ssh client1
The authenticity of host 'client1 (192.168.1.21)' can't be established.
ECDSA key fingerprint is SHA256:TUQNYdF4nxofGwFO7/z+Y5dUETVEI0xPQL4n1cUcoCI.
ECDSA key fingerprint is MD5:5d:73:1f:64:0e:03:ac:a7:7b:33:76:08:6d:09:90:26.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client1,192.168.1.21' (ECDSA) to the list of known hosts.
Last login: Sun Mar  4 13:39:33 2018

[ansible@client1 ~]$ exit
logout
Connection to client1 closed.

 

 

AWX 설정

1. credentials 설정

Credentials -> '+' 추가 클릭

  • NAME: 임의의 Credential 이름
  • CREDENTIAL TYPE: Machine
  • USERNAME: 접속 계정(위에서 ansible 만들었음)
  • SSH PRIVATE KEY: ansible계정의 private키 (cat /home/ansible/.ssh/id_rsa)
[ansible@awx .ssh]$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1
htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK
********
tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl
Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT
t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==
-----END RSA PRIVATE KEY-----

<Credentials 추가>

 

2. Inventories 설정

Inventories -> '+' 추가 클릭

  • NAME: 임의의 Inventory 이름
  • VARIABLES: ansible_connection: ssh, ansible_port: 22222 (만약 22번 ssh포트를 사용하지 않고 다른 포트를 사용할 경우 해당 포트 번호 작성)

<Inventories 추가>
<다른 SSH포트번호 사용할 경우>

 

3. Hosts 추가

Inventor 생성 후 Hosts 클릭 -> '+' 클릭

  • HOST NAME: Ping 받을 서버 이름
  • VARIABLES: ansible_host: [ ping 받을 서버 IP ]

<Host 추가>

 

4. AWX를 통한 연결 테스트: run commands

'HOSTS' 클릭 -> 위에서 만든 Host 체크 -> 'RUN COMMANDS' 클릭

  • MODULE: ping
  • MACHINE CREDENTIAL: ansible

<AWX를 통한 연결 테스트 성공>