External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-11 01:57:35 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'awx_installer' into devel

Browse Source 
* awx_installer:
  Adds docker installation steps (#15)
  Call out eval for setting up the minishift environment
  Support official image builds with awx logos
  Add support for standalone docker install
  First iteration on INSTALL
  Adds edge terminated route
  Ignore Pycharm droppings
  Force reauth docker registry login in installer
  Reduce the size of the production container image
  Initial awx installer
This commit is contained in:
Matthew Jones 2017-09-06 16:25:55 -04:00
commit 4127aad3d4
No known key found for this signature in database
GPG Key ID: 76A4C17A97590C1C
25 changed files with 1244 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -115,3 +115,5 @@ awx/lib/.deps_built
awx/lib/site-packages
venv/*
use_dev_supervisor.txt
.idea/*

425
INSTALL.md
View File

@ -1,2 +1,423 @@
Installing AWX
==============
# Installing AWX
This document provides a guide for intalling AWX.
## Table of contents
- [Getting started](#getting-started)
- [Clone the repo](#clone-the-repo)
- [AWX branding](#awx-branding)
- [Prerequisites](#prerequisites)
- [Installing gettext](#installing-gettext)
- [AWX Tunables](#awx-tunables)
- [Choose a deployment platform](#choose-a-deployment-platform)
- [OpenShift](#openshift)
- [Prerequisites](#prerequisites)
- [Deploying to Minishift](#deploying-to-minishift)
- [Pre-build steps](#pre-build-steps)
- [PostgreSQL](#postgresql)
- [Start the build](#start-the-build)
- [Post build](#post-build)
- [Accessing AWX](#accessing-awx)
- [Docker](#Docker)
- [Prerequisites](#prerequisites-1)
- [Pre-build steps](#pre-build-steps-1)
- [Deploying to a remote host](#deploying-to-a-remote-host)
- [Inventory variables](#inventory-variables)
- [Docker registry](#docker-registry)
- [PostgreSQL](#postgresql-1)
- [Start the build](#start-the-build-1)
- [Post build](#post-build-1)
- [Accessing AWX](#accessing-awx-1)
## Getting started
### Clone the repo
If you have not already done so, you will need to clone, or create a local copy, of the [AWX repo](https://github.com/ansible/awx). For more on how to clone the repo, view [git clone help](https://git-scm.com/docs/git-clone).
Once you have a local copy, run commands within the root of the project tree.
### AWX branding
You can optionally install the AWX branding assets from the [awx-logos repo](https://github.com/ansible/awx-logos). Prior to installing, please review and agree to the [trademark guidelines](https://github.com/ansible/awx-logos/blob/master/TRADEMARKS.md).
To install the assets, clone the awx-logos repo into the root of your local AWX clone. The `awx-logos` directory should be next to the `awx` directory. As you progress through the installation steps, you'll be setting variables in the [inventory](./installer/inventory) file. To include the assets in the build, set `awx_official=true`.
### Prerequisites
Before you can run a deployment, you'll need the following installed in your local environment:
- [Ansible](http://docs.ansible.com/ansible/latest/intro_installation.html)
- gettext package for your platform (See [Installing gettext](#installing-gettext))
- [Docker](https://docs.docker.com/engine/installation/)
- [docker-py](https://github.com/docker/docker-py) Python module
- [Node 6.x LTS version](https://nodejs.org/en/download/)
- [NPM 3.x LTS](https://docs.npmjs.com/)
#### Installing gettext
On Fedora / CentOS / RHEL:
```bash
$ yum install gettext
```
On macOS:
```bash
$ brew install gettext
$ brew link gettext --force
```
### AWX Tunables
**TODO** add tunable bits
### Choose a deployment platform
We currently support running AWX as a containerized application using Docker images deployed to either an OpenShift cluster, or a standalone Docker daemon. The remainder of this document will walk you through the process of building the images, and deploying them to either platform.
The [installer](./installer) directory contains an [inventory](./installer/inventory) file, and a playbook, [install.yml](./installer/install.yml). You'll begin by setting variables in the inventory file according to the platform you wish to use, and then you'll start the image build and deployment process by running the playbook.
In the sections below, you'll find deployment details and instructions for each platform. To deploy to Docker, view the [Docker section](#docker), and for OpenShift, view the [OpenShift section](#openshift).
## OpenShift
### Prerequisites
To complete a deployment to OpenShift, you will obviously need access to an OpenShift cluster. For demo and testing purposes, you can use [Minishift](https://github.com/minishift/minishift) to create a single node cluster running inside a virtual machine.
You will also need to have the `oc` command in your PATH. The `install.yml` playbook will call out to `oc` when logging into, and creating objects on the cluster.
#### Deploying to Minishift
Install Minishift by following the [installation guide](https://docs.openshift.org/latest/minishift/getting-started/installing.html).
The Minishift VM contains a Docker daemon, which you can use to build the AWX images. This is generally the approach you should take, and we recommend doing so. To use this instance, run the following command to setup your environment:
```bash
# Set DOCKER environment variable to point to the Minishift VM
$ eval $(minishift docker-env)
```
**Note**
> If you choose to not use the Docker instance running inside the VM, and build the images externally, you will have to enable the OpenShift cluster to access the images. This involves pushing the images to an external Docker registry, and granting the cluster access to it, or exposing the internal registry, and pushing the images into it.
### Pre-build steps
Before starting the build process, review the [inventory](./installer/inventory) file, and uncomment and provide values for the following variables found in the `[all:vars]` section:
*openshift_host*
> IP address or hostname of the OpenShift cluster. If you're using Minishift, this will be the value returned by `minishift ip`.
*awx_openshift_project*
> Name of the OpenShift project that will be created, and used as the namespace for the AWX app. Defaults to *awx*.
*awx_node_port*
> The web server port running inside the AWX pod. Defaults to *30083*.
*openshift_user*
> Username of the OpenShift user that will create the project, and deploy the application. Defaults to *developer*.
*docker_registry*
> IP address and port, or URL, for accessing a registry that the OpenShift cluster can access. Defaults to *172.30.1.1:5000*, the internal registry delivered with Minishift.
*docker_registry_repository*
> Namespace to use when pushing and pulling images to and from the registry. Generally this will match the project name. It defaults to *awx*.
*docker_registry_username*
> Username of the user that will push images to the registry. Will generally match the *openshift_user* value. Defaults to *developer*.
#### PostgreSQL
AWX requires access to a PostgreSQL database, and by default, one will be created and deployed in a container. In this scenario, the database is ephemeral, and all data persisted to it will be lost when the container stops running.
If you wish to use an external database, in the inventory file, set the value of `pg_hostname`, and update `pg_username`, `pg_password`, `pg_database`, and `pg_port` with the connection information.
### Start the build
To start the build, you will pass two *extra* variables on the command line. The first is *openshift_password*, which is the password for the *openshift_user*, and the second is *docker_registry_password*, which is the password associated with *docker_registry_username*.
If you're using the OpenShift internal registry, then you'll pass an access token for the *docker_registry_password* value, rather than a password. The `oc whoami -t` command will generate the required token, as long as you're logged into the cluster via `oc cluster login`.
To start the build and deployment, run the following:
```bash
# Start the build and deployment
$ ansible-playbook -i inventory install.yml -e openshift_password=developer -e docker_registry_password=$(oc whoami -t)
```
### Post build
After the playbook run completes, check the status of the deployment by running `oc get pods`:
```bash
# View the running pods
$ oc get pods
NAME READY STATUS RESTARTS AGE
awx-3886581826-5mv0l 4/4 Running 0 8s
postgresql-1-l85fh 1/1 Running 0 20m
```
In the above example, the name of the AWX pod is `awx-3886581826-5mv0l`. Before accessing the AWX web interface, setup tasks and database migrations need to complete. These tasks are running in the `awx_task` container inside the AWX pod. To monitor their status, tail the container's STDOUT by running the following command, replacing the AWX pod name with the pod name from your environment:
```bash
# Follow the awx_task log output
$ oc logs -f awx-3886581826-5mv0l -c awx-celery
```
You will see the following indicating that database migrations are running:
```bash
Using /etc/ansible/ansible.cfg as config file
127.0.0.1 | SUCCESS => {
"changed": false,
"db": "awx"
}
Operations to perform:
Synchronize unmigrated apps: solo, api, staticfiles, messages, channels, django_extensions, ui, rest_framework, polymorphic
Apply all migrations: sso, taggit, sessions, djcelery, sites, kombu_transport_django, social_auth, contenttypes, auth, conf, main
Synchronizing apps without migrations:
Creating tables...
Running deferred SQL...
Installing custom SQL...
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying taggit.0001_initial... OK
Applying taggit.0002_auto_20150616_2121... OK
...
```
When you see output similar to the following, you'll know that database migrations have completed, and you can access the web interface:
```bash
Python 2.7.5 (default, Nov 6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> <User: admin>
>>> Default organization added.
Demo Credential, Inventory, and Job Template added.
Successfully registered instance awx-3886581826-5mv0l
(changed: True)
Creating instance group tower
Added instance awx-3886581826-5mv0l to tower
```
Once database migrations complete, the web interface will be accessible.
### Accessing AWX
The AWX web interface is running in the AWX pod, behind the `awx-web-svc` service. To view the service, and its port value, run the following command:
```bash
# View available services
$ oc get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
awx-web-svc 172.30.111.74 <nodes> 8052:30083/TCP 37m
postgresql 172.30.102.9 <none> 5432/TCP 38m
```
The deployment process creates a route, `awx-web-svc`, to expose the service. How the ingres is actually created will vary depending on your environment, and how the cluster is configured. You can view the route, and the external IP address and hostname assigned to it, by running the following command:
```bash
# View available routes
$ oc get routes
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
awx-web-svc awx-web-svc-awx.192.168.64.2.nip.io awx-web-svc http edge/Allow None
```
The above example is taken from a Minishift instance. From a web browser, use `https` to access the `HOST/PORT` value from your environment. Using the above example, the URL to access the server would be [https://awx-web-svc-awx.192.168.64.2.nip.io](https://awx-web-svc-awx.192.168.64.2.nip.io).
Once you access the AWX server, you will be prompted with a login dialog. The default administrator username is `admin`, and the password is `password`.
## Docker
### Prerequisites
You will need the following installed on the host where AWX will be deployed:
- [Docker](https://docs.docker.com/engine/installation/)
- [docker-py](https://github.com/docker/docker-py) Python module
### Pre-build steps
#### Deploying to a remote host
By default, the delivered [inventory](./installer/inventory) file will deploy AWX to the local host. It is possible; however, to deploy to a remote host. The [install.yml](./installer/install.yml) playbook can be used to build images on the local host, and ship the built images to, and run deployment tasks on, a remote host. To do this, modify the *inventory* file, by commenting out `localhost`, and adding the remote host.
For example, suppose you wish to build images locally on your CI/CD host, and deploy them to a remote host named *awx-server*. To do this, add *awx-server* to the *inventory* file, and comment out or remove `localhost`, as demonstrated by the following:
```yaml
# localhost ansible_connection=local
awx-server
[all:vars]
...
```
In the above example, image build tasks will be delegated to `localhost`, which is typically where the clone of the AWX project exists. Built images will be archived, copied to remote host, and imported into the remote Docker image cache. Tasks to start the AWX containers will then execute on the remote host.
**Note**
> You may also want to set additional variables to control how Ansible connects to the host. For more information about this, view [Behavioral Inventory Parameters](http://docs.ansible.com/ansible/latest/intro_inventory.html#id12).
> As mentioned above, in Prerequisites](#prerequisites-1), the prerequisites are required on the remote host.
#### Inventory variables
Before starting the build process, review the [inventory](./installer/inventory) file, and uncomment and provide values for the following variables found in the `[all:vars]` section:
*postgres_data_dir*
> If you're using the default PostgreSQL container (see [PostgreSQL](#postgresql-1) below), provide a path that can be mounted to the container, and where the database can be persisted.
*host_port*
> Proide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *80*.
#### Docker registry
If you wish to tag and push built images to a Docker registry, set the following variables in the inventory file:
*docker_registry*
> IP address and port, or URL, for accessing a registry.
*docker_registry_repository*
> Namespace to use when pushing and pulling images to and from the registry. Defaults to *awx*.
*docker_registry_username*
> Username of the user that will push images to the registry. Defaults to *developer*.
#### PostgreSQL
AWX requires access to a PostgreSQL database, and by default, one will be created and deployed in a container, and data will be persisted to a host volume. In this scenario, you must set the value of `postgres_data_dir` to a path that can be mounted to the container. When the container is stopped, the database files will still exist in the specified path.
If you wish to use an external database, in the inventory file, set the value of `pg_hostname`, and update `pg_username`, `pg_password`, `pg_database`, and `pg_port` with the connection information.
### Start the build
If you are not pushing images to a Docker registry, start the build by running the following:
```bash
# Set the working director to installer
$ cd installer
# Run the Ansible playbook
$ ansible-playbook -i inventory install.yml
```
If you're pushing built images to a repository, then use the `-e` option to pass the registry password as follows, replacing *password* with the password of the username assigned to `docker_registry_username`:
```bash
# Set the working directory to installer
$ cd installer
# Run the Ansible playbook
$ ansible-playbook -i inventory -e docker_registry_password=password install.yml
```
### Post build
After the playbook run completes, Docker will report up to 5 running containers. If you chose to use an existing PostgresSQL database, then it will report 4. You can view the running containers using the `docker ps` command, as follows:
```bash
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e240ed8209cd awx_task:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 8052/tcp awx_task
1cfd02601690 awx_web:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 0.0.0.0:80->8052/tcp awx_web
55a552142bcd memcached:alpine "docker-entrypoint..." 2 minutes ago Up 2 minutes 11211/tcp memcached
84011c072aad rabbitmq:3 "docker-entrypoint..." 2 minutes ago Up 2 minutes 4369/tcp, 5671-5672/tcp, 25672/tcp rabbitmq
97e196120ab3 postgres:9.6 "docker-entrypoint..." 2 minutes ago Up 2 minutes 5432/tcp postgres
```
Immediately after the containers start, the *awx_task* container will perform required setup tasks, including database migrations. These tasks need to complete before the web interface can be accessed. To monitor the progress, you can follow the container's STDOUT by running the following:
```bash
# Tail the the awx_task log
$ docker logs -f awx_task
```
You will see output similar to the following:
```bash
Using /etc/ansible/ansible.cfg as config file
127.0.0.1 | SUCCESS => {
"changed": false,
"db": "awx"
}
Operations to perform:
Synchronize unmigrated apps: solo, api, staticfiles, messages, channels, django_extensions, ui, rest_framework, polymorphic
Apply all migrations: sso, taggit, sessions, djcelery, sites, kombu_transport_django, social_auth, contenttypes, auth, conf, main
Synchronizing apps without migrations:
Creating tables...
Running deferred SQL...
Installing custom SQL...
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying taggit.0001_initial... OK
Applying taggit.0002_auto_20150616_2121... OK
Applying main.0001_initial... OK
...
```
Once migrations complete, you will see the following log output, indicating that migrations have completed:
```bash
Python 2.7.5 (default, Nov 6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> <User: admin>
>>> Default organization added.
Demo Credential, Inventory, and Job Template added.
Successfully registered instance awx
(changed: True)
Creating instance group tower
Added instance awx to tower
(changed: True)
...
```
### Accessing AWX
The AWX web server is accessible on the deployment host, using the *host_port* value set in the *inventory* file. The default URL is [http://localhost](http://localhost).
You will prompted with a login dialog. The default administrator username is `admin`, and the password is `password`.

6
Makefile
View File

@ -608,9 +608,3 @@ psql-container:
VERSION:
echo $(VERSION_TARGET) > $@
production-openshift-image: sdist
cat installer/openshift/Dockerfile | sed "s/{{ version }}/$(VERSION_TARGET)/g" | sed "s/{{ tar }}/$(SDIST_TAR_FILE)/g" > ./Dockerfile.production
cp installer/openshift/Dockerfile.celery ./Dockerfile.celery.production
docker build -t awx_web -f ./Dockerfile.production .
docker build -t awx_task -f ./Dockerfile.celery.production .

15
installer/check_vars/tasks/check_docker.yml Normal file
View File

@ -0,0 +1,15 @@
# check_docker.yml
---
- name: postgres_data_dir should be defined
assert:
that:
- postgres_data_dir is defined and postgres_data_dir != ''
msg: "Set the value of 'postgres_data_dir' in the inventory file."
when: pg_hostname is not defined or pg_hostname == ''
- name: host_port should be defined
assert:
that:
- host_port is defined and host_port != ''
msg: "Set the value of 'host_port' in the inventory file."

49
installer/check_vars/tasks/check_openshift.yml Normal file
View File

@ -0,0 +1,49 @@
# check_openshift.yml
---
- name: awx_openshift_project should be defined
assert:
that:
- awx_openshift_project is defined and awx_openshift_project != ''
msg: "Set the value of 'awx_openshift_project' in the inventory file."
- name: openshift_user should be defined
assert:
that:
- openshift_user is defined and openshift_user != ''
msg: "Set the value of 'openshift_user' in the inventory file."
- name: openshift_password should be defined
assert:
that:
- openshift_password is defined and openshift_password != ''
msg: "Set the value of 'openshift_password' in the inventory file."
- name: awx_node_port should be defined
assert:
that:
- awx_node_port is defined and awx_node_port != ''
msg: "Set the value of 'awx_node_port' in the inventory file."
- name: docker_registry should be defined
assert:
that:
- docker_registry is defined and docker_registry != ''
msg: "Set the value of 'docker_registry' in the inventory file."
- name: docker_registry_repository should be defined
assert:
that:
- docker_registry_repository is defined and docker_registry_repository != ''
msg: "Set the value of 'docker_registry_repository' in the inventory file."
- name: docker_registry_username should be defined
assert:
that:
- docker_registry_username is defined and docker_registry_username != ''
msg: "Set the value of 'docker_registry_username' in the inventory file."
- name: docker_registry_password should be defined
assert:
that:
- docker_registry_password is defined and docker_registry_password != ''
msg: "Set the value of 'docker_registry_password' in the inventory file."

9
installer/check_vars/tasks/main.yml Normal file
View File

@ -0,0 +1,9 @@
# main.yml
---
- include: check_openshift.yml
when: openshift_host is defined and openshift_host != ''
- include: check_docker.yml
when: openshift_host is not defined or openshift_host == ''

0
installer/openshift/launch_awx.sh → installer/image_build/files/launch_awx.sh
View File

0
installer/openshift/launch_awx_task.sh → installer/image_build/files/launch_awx_task.sh
View File

2
installer/openshift/nginx.conf → installer/image_build/files/nginx.conf
View File

@ -1,4 +1,4 @@
user awx;
#user awx;
worker_processes 1;

37
installer/openshift/settings.py → installer/image_build/files/settings.py
View File

@ -2,6 +2,13 @@
import os
def get_secret():
if os.path.exists("/etc/tower/SECRET_KEY"):
return file('/etc/tower/SECRET_KEY', 'rb').read().strip()
return os.getenv("SECRET_KEY", "privateawx"),
ADMINS = ()
STATIC_ROOT = '/var/lib/awx/public/static'
@ -10,14 +17,25 @@ PROJECTS_ROOT = '/var/lib/awx/projects'
JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
SECRET_KEY = file('/etc/tower/SECRET_KEY', 'rb').read().strip()
SECRET_KEY = get_secret()
ALLOWED_HOSTS = ['*']
INTERNAL_API_URL = 'http://127.0.0.1:80'
INTERNAL_API_URL = 'http://awxweb:8052'
AWX_TASK_ENV['HOME'] = '/var/lib/awx'
# Container environments don't like chroots
AWX_PROOT_ENABLED = False
CLUSTER_HOST_ID = "awx"
SYSTEM_UUID = '00000000-0000-0000-0000-000000000000'
CELERY_QUEUES += (Queue(CLUSTER_HOST_ID, Exchange(CLUSTER_HOST_ID), routing_key=CLUSTER_HOST_ID),)
CELERY_ROUTES['awx.main.tasks.cluster_node_heartbeat'] = {'queue': CLUSTER_HOST_ID, 'routing_key': CLUSTER_HOST_ID}
CELERY_ROUTES['awx.main.tasks.purge_old_stdout_files'] = {'queue': CLUSTER_HOST_ID, 'routing_key': CLUSTER_HOST_ID}
###############################################################################
# EMAIL SETTINGS
###############################################################################
@ -32,6 +50,12 @@ EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_USE_TLS = False
LOGGING['handlers']['console'] = {
'()': 'logging.StreamHandler',
'level': 'DEBUG',
'formatter': 'simple',
}
LOGGING['loggers']['django.request']['handlers'] = ['console']
LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
LOGGING['loggers']['awx']['handlers'] = ['console']
@ -39,11 +63,18 @@ LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['co
LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console']
LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console']
LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console']
LOGGING['loggers']['awx.main.commands.run_fact_cache_receiver']['handlers'] = ['console']
LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
LOGGING['loggers']['social']['handlers'] = ['console']
LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['fact_receiver'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}
DATABASES = {
'default': {

0
installer/openshift/supervisor.conf → installer/image_build/files/supervisor.conf
View File

0
installer/openshift/supervisor_task.conf → installer/image_build/files/supervisor_task.conf
View File

166
installer/image_build/tasks/main.yml Normal file
View File

@ -0,0 +1,166 @@
---
- name: Get Version from checkout if not provided
shell: "git describe --long | sed 's/\\-g.*//' | sed 's/\\-/\\./'"
delegate_to: localhost
register: awx_version_command
when: awx_version is not defined
- name: Set global version if not provided
set_fact:
awx_version: "{{ awx_version_command.stdout }}"
when: awx_version is not defined
- name: Verify awx-logos directory exists for official install
stat:
path: "../../awx-logos"
delegate_to: localhost
register: logosdir
failed_when: logosdir.stat.isdir is not defined or not logosdir.stat.isdir
when: awx_official
- name: Copy logos for inclusion in sdist
synchronize:
src: "../../awx-logos/awx/ui/client/assets"
dest: "../awx/ui/client/"
delegate_to: localhost
when: awx_official
- name: Set sdist file name
set_fact:
awx_sdist_file: "awx-{{ awx_version }}.tar.gz"
- name: AWX Distribution
debug:
msg: "{{ awx_sdist_file }}"
- name: Stat distribution file
stat:
path: "../dist/{{ awx_sdist_file }}"
delegate_to: localhost
register: sdist
- name: Clean distribution
shell: make clean
args:
chdir: ..
ignore_errors: yes
when: not sdist.stat.exists
delegate_to: localhost
- name: Build AWX distribution
shell: make sdist
args:
chdir: ..
creates: "./dist/{{ awx_sdist_file }}"
delegate_to: localhost
- name: Set docker build base path
set_fact:
docker_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/docker-image"
- name: Set awx_web image name
set_fact:
awx_web_image: "{{ awx_web_image|default('awx_web') }}"
- name: Set awx_task image name
set_fact:
awx_task_image: "{{ awx_task_image|default('awx_task') }}"
- name: Ensure directory exists
file:
path: "{{ docker_base_path }}"
state: directory
delegate_to: localhost
- name: Stage sdist
copy:
src: "../dist/{{ awx_sdist_file }}"
dest: "{{ docker_base_path }}/{{ awx_sdist_file }}"
delegate_to: localhost
- name: Template web Dockerfile
template:
src: Dockerfile.j2
dest: "{{ docker_base_path }}/Dockerfile"
delegate_to: localhost
- name: Template task Dockerfile
template:
src: Dockerfile.task.j2
dest: "{{ docker_base_path }}/Dockerfile.task"
delegate_to: localhost
- name: Stage launch_awx
copy:
src: launch_awx.sh
dest: "{{ docker_base_path }}/launch_awx.sh"
mode: '0700'
delegate_to: localhost
- name: Stage launch_awx_task
copy:
src: launch_awx_task.sh
dest: "{{ docker_base_path }}/launch_awx_task.sh"
mode: '0700'
delegate_to: localhost
- name: Stage nginx.conf
copy:
src: nginx.conf
dest: "{{ docker_base_path }}/nginx.conf"
delegate_to: localhost
- name: Stage supervisor.conf
copy:
src: supervisor.conf
dest: "{{ docker_base_path }}/supervisor.conf"
delegate_to: localhost
- name: Stage supervisor_task.conf
copy:
src: supervisor_task.conf
dest: "{{ docker_base_path }}/supervisor_task.conf"
delegate_to: localhost
- name: Stage settings.py
copy:
src: settings.py
dest: "{{ docker_base_path }}/settings.py"
delegate_to: localhost
- name: Stage requirements
copy:
src: ../requirements/
dest: "{{ docker_base_path }}/requirements"
delegate_to: localhost
- name: Stage Makefile
copy:
src: ../Makefile
dest: "{{ docker_base_path }}/Makefile"
delegate_to: localhost
- name: Build base web image
docker_image:
path: "{{ docker_base_path }}"
dockerfile: Dockerfile
name: "{{ awx_web_image }}"
tag: "{{ awx_version }}"
delegate_to: localhost
- name: Build base task image
docker_image:
path: "{{ docker_base_path }}"
dockerfile: Dockerfile.task
name: "{{ awx_task_image }}"
tag: "{{ awx_version }}"
pull: no
delegate_to: localhost
- name: Clean docker base directory
file:
path: "{{ docker_base_path }}"
state: absent
when: cleanup_docker_base|default(True)
delegate_to: localhost

60
installer/image_build/templates/Dockerfile.j2 Normal file
View File

@ -0,0 +1,60 @@
FROM centos:7
# Do we need this?
#RUN locale-gen en_US.UTF-8
#ENV LANG en_US.UTF-8
#ENV LANGUAGE en_US:en
#ENV LC_ALL en_US.UTF-8
USER root
# Init System
ADD https://github.com/krallin/tini/releases/download/v0.14.0/tini /tini
RUN chmod +x /tini
ADD Makefile /tmp/Makefile
RUN mkdir /tmp/requirements
ADD requirements/requirements_ansible.txt \
requirements/requirements_ansible_uninstall.txt \
requirements/requirements_ansible_git.txt \
requirements/requirements.txt \
requirements/requirements_tower_uninstall.txt \
requirements/requirements_git.txt \
/tmp/requirements/
# OS Dependencies
WORKDIR /tmp
RUN mkdir -p /var/lib/awx/public/static
RUN chgrp -Rf root /var/lib/awx && chmod -Rf g+w /var/lib/awx
RUN yum -y install epel-release && \
yum -y localinstall http://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm && \
yum -y update && \
yum -y install ansible git curl python-psycopg2 python-pip python-setuptools libselinux-python setools-libs yum-utils sudo acl make postgresql-devel nginx python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel bubblewrap gcc-c++ python-devel && \
pip install virtualenv supervisor && \
VENV_BASE=/var/lib/awx/venv make requirements_ansible && \
VENV_BASE=/var/lib/awx/venv make requirements_awx && \
yum -y remove gcc postgresql-devel libxml2-devel libxslt-devel cyrus-sasl-devel openldap-devel xmlsec1-devel krb5-devel xmlsec1-openssl-devel libtool-ltdl-devel gcc-c++ python-devel && \
yum -y clean all && \
rm -rf /root/.cache
RUN mkdir -p /var/log/tower
RUN mkdir -p /etc/tower
RUN echo "awxsecret" > /etc/tower/SECRET_KEY
COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
RUN OFFICIAL=yes pip install /tmp/{{ awx_sdist_file }}
RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version
ADD nginx.conf /etc/nginx/nginx.conf
ADD supervisor.conf /supervisor.conf
ADD supervisor_task.conf /supervisor_task.conf
ADD launch_awx.sh /usr/bin/launch_awx.sh
ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh
RUN chmod +rx /usr/bin/launch_awx.sh && chmod +rx /usr/bin/launch_awx_task.sh
ADD settings.py /etc/tower/settings.py
RUN chmod g+w /etc/passwd
RUN chmod -R 777 /var/log/nginx && chmod -R 777 /var/lib/nginx
USER 1000
EXPOSE 8052
WORKDIR /var/lib/awx
ENTRYPOINT ["/tini", "--"]
CMD /usr/bin/launch_awx.sh

2
installer/openshift/Dockerfile.celery → installer/image_build/templates/Dockerfile.task.j2
View File

@ -1,4 +1,4 @@
FROM awx_web
FROM {{ awx_web_image }}:{{ awx_version }}
USER 0
RUN sudo yum -y remove nginx
USER 1000

10
installer/install.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Build and deploy AWX
hosts: all
gather_facts: false
roles:
- { role: check_vars }
- { role: image_build }
- { role: openshift, when: "openshift_host is defined" }
- { role: local_docker, when: "openshift_host is not defined" }

38
installer/inventory Normal file
View File

@ -0,0 +1,38 @@
localhost ansible_connection=local
[all:vars]
# Build AWX with official logos
# Requires cloning awx-logos repo into the project root.
# Review the trademark guidelines at https://github.com/ansible/awx-logos/blob/master/TRADEMARKS.md
awx_official=false
# Openshift Install
# Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t)
#
# openshift_host=127.0.0.1:8443
# awx_openshift_project=awx
# openshift_user=developer
# awx_node_port=30083
# Standalone Docker Install
postgres_data_dir=/tmp/pgdocker
host_port=80
# Required for Openshift, Optional for Standalone Docker install
# Define if you want the image pushed to a registry. The container definition
# will also use these images
# docker_registry=172.30.1.1:5000
# docker_registry_repository=awx
# docker_registry_username=developer
# Set pg_hostname if you have an external postgres server, otherwise
# a new ephemeral postgres service will be created
# pg_hostname=postgresql
pg_username=awx
pg_password=awxpass
pg_database=awx
pg_port=5432
# AWX Tunables
awx_secret_key=aabbcc

211
installer/local_docker/tasks/main.yml Normal file
View File

@ -0,0 +1,211 @@
---
- name: Export Docker web image if it isnt local and there isnt a registry defined
docker_image:
name: "{{ awx_web_image }}"
tag: "{{ awx_version }}"
archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_web_image }}_{{ awx_version }}.tar"
when: inventory_hostname != "localhost" and docker_registry is not defined
delegate_to: localhost
- name: Export Docker task image if it isnt local and there isnt a registry defined
docker_image:
name: "{{ awx_task_image }}"
tag: "{{ awx_version }}"
archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_task_image }}_{{ awx_version }}.tar"
when: inventory_hostname != "localhost" and docker_registry is not defined
delegate_to: localhost
- name: Authenticate with Docker registry if registry password given
docker_login:
registry: "{{ docker_registry }}"
username: "{{ docker_registry_username }}"
password: "{{ docker_registry_password }}"
reauthorize: yes
when: docker_registry is defined and docker_registry_password is defined
delegate_to: localhost
- name: Set docker base path
set_fact:
docker_deploy_base_path: "{{ awx_base_path|default('/tmp') }}/docker_deploy"
when: ansible_connection != "local" and docker_registry is not defined
- name: Ensure directory exists
file:
path: "{{ docker_deploy_base_path }}"
state: directory
when: ansible_connection != "local" and docker_registry is not defined
- name: Copy web image to docker execution
copy:
src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_web_image }}_{{ awx_version }}.tar"
dest: "{{ docker_deploy_base_path }}/{{ awx_web_image }}_{{ awx_version }}.tar"
when: ansible_connection != "local" and docker_registry is not defined
- name: Copy task image to docker execution
copy:
src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_task_image }}_{{ awx_version }}.tar"
dest: "{{ docker_deploy_base_path }}"
when: ansible_connection != "local" and docker_registry is not defined
- name: Load web image
docker_image:
name: "{{ awx_web_image }}"
tag: "{{ awx_version }}"
load_path: "{{ docker_deploy_base_path }}/{{ awx_web_image }}_{{ awx_version }}.tar"
timeout: 300
when: ansible_connection != "local" and docker_registry is not defined
- name: Load task image
docker_image:
name: "{{ awx_task_image }}"
tag: "{{ awx_version }}"
load_path: "{{ docker_deploy_base_path }}/{{ awx_task_image }}_{{ awx_version }}.tar"
timeout: 300
when: ansible_connection != "local" and docker_registry is not defined
- name: Tag and push web image to registry
docker_image:
name: "{{ awx_web_image }}"
repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}"
tag: "{{ awx_version }}"
push: yes
when: docker_registry is defined
delegate_to: localhost
- name: Tag and push task image to registry
docker_image:
name: "{{ awx_task_image }}"
repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}"
tag: "{{ awx_version }}"
push: yes
when: docker_registry is defined
delegate_to: localhost
- name: Set full image path for Registry
set_fact:
awx_web_docker_actual_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}"
awx_task_docker_actual_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}"
when: docker_registry is defined
- name: Set full image path for local install
set_fact:
awx_web_docker_actual_image: "{{ awx_web_image }}"
awx_task_docker_actual_image: "{{ awx_task_image }}"
when: docker_registry is not defined
## Docker-compose instead?
- name: Activate postgres container
docker_container:
name: postgres
state: started
image: postgres:9.6
volumes:
- "{{ postgres_data_dir }}:/var/lib/postgresql/data"
env:
POSTGRES_USER: "{{ pg_username }}"
POSTGRES_PASSWORD: "{{ pg_password }}"
POSTGRES_DB: "{{ pg_database }}"
when: pg_hostname is not defined or pg_hostname == ''
- name: Activate rabbitmq container
docker_container:
name: rabbitmq
state: started
image: rabbitmq:3
env:
RABBITMQ_DEFAULT_VHOST: "awx"
- name: Activate memcached container
docker_container:
name: memcached
state: started
image: memcached:alpine
- name: Wait for postgres and rabbitmq to activate
pause:
seconds: 15
- name: Set properties without postgres for awx_web
set_fact:
pg_hostname_actual: "{{ pg_hostname }}"
awx_web_container_links:
- rabbitmq
- memcached
when: pg_hostname is defined
- name: Set properties with postgres for awx_web
set_fact:
pg_hostname_actual: postgres
awx_web_container_links:
- rabbitmq
- memcached
- postgres
when: pg_hostname is not defined or pg_hostname == ''
- name: Set properties without postgres for awx_task
set_fact:
pg_hostname_actual: "{{ pg_hostname }}"
awx_task_container_links:
- rabbitmq
- memcached
- awx_web
when: pg_hostname is defined
- name: Set properties with postgres for awx_web
set_fact:
pg_hostname_actual: postgres
awx_task_container_links:
- rabbitmq
- memcached
- awx_web
- postgres
when: pg_hostname is not defined or pg_hostname == ''
- name: Activate AWX Web Container
docker_container:
name: awx_web
state: started
image: "{{ awx_web_docker_actual_image }}:{{ awx_version }}"
user: root
ports:
- "{{ host_port }}:8052"
links: "{{ awx_web_container_links|list }}"
hostname: awxweb
env:
SECRET_KEY: "{{ awx_secret_key }}"
DATABASE_NAME: "{{ pg_database }}"
DATABASE_USER: "{{ pg_username }}"
DATABASE_PASSWORD: "{{ pg_password }}"
DATABASE_PORT: "{{ pg_port }}"
DATABASE_HOST: "{{ pg_hostname_actual }}"
RABBITMQ_USER: "guest"
RABBITMQ_PASSWORD: "guest"
RABBITMQ_HOST: "rabbitmq"
RABBITMQ_PORT: "5672"
RABBITMQ_VHOST: "awx"
MEMCACHED_HOST: "memcached"
MEMCACHED_PORT: "11211"
- name: Activate AWX Task Container
docker_container:
name: awx_task
state: started
image: "{{ awx_task_docker_actual_image }}:{{ awx_version }}"
links: "{{ awx_task_container_links|list }}"
user: root
hostname: awx
env:
SECRET_KEY: "{{ awx_secret_key }}"
DATABASE_NAME: "{{ pg_database }}"
DATABASE_USER: "{{ pg_username }}"
DATABASE_PASSWORD: "{{ pg_password }}"
DATABASE_HOST: "{{ pg_hostname_actual }}"
DATABASE_PORT: "{{ pg_port }}"
RABBITMQ_USER: "guest"
RABBITMQ_PASSWORD: "guest"
RABBITMQ_HOST: "rabbitmq"
RABBITMQ_PORT: "5672"
RABBITMQ_VHOST: "awx"
MEMCACHED_HOST: "memcached"
MEMCACHED_PORT: "11211"

54
installer/openshift/Dockerfile
View File

@ -1,54 +0,0 @@
FROM centos:7
# Do we need this?
#RUN locale-gen en_US.UTF-8
#ENV LANG en_US.UTF-8
#ENV LANGUAGE en_US:en
#ENV LC_ALL en_US.UTF-8
USER root
# Init System
ADD https://github.com/krallin/tini/releases/download/v0.14.0/tini /tini
RUN chmod +x /tini
ADD Makefile /tmp/Makefile
RUN mkdir /tmp/requirements
ADD requirements/requirements_ansible.txt \
requirements/requirements_ansible_uninstall.txt \
requirements/requirements_ansible_git.txt \
requirements/requirements.txt \
requirements/requirements_tower_uninstall.txt \
requirements/requirements_git.txt \
/tmp/requirements/
# OS Dependencies
RUN yum -y install epel-release && yum -y localinstall http://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm && yum -y update && yum -y install ansible git curl python-psycopg2 python-pip python-setuptools libselinux-python setools-libs yum-utils sudo acl make postgresql-devel nginx python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel bubblewrap gcc-c++ python-devel
RUN pip install virtualenv supervisor
WORKDIR /tmp
RUN mkdir -p /var/lib/awx/public/static
RUN mkdir -p /var/log/tower
RUN mkdir -p /etc/tower
RUN echo "awxsecret" > /etc/tower/SECRET_KEY
RUN VENV_BASE=/var/lib/awx/venv make requirements_ansible && VENV_BASE=/var/lib/awx/venv make requirements_awx
COPY dist/awx-{{ version }}.tar.gz /tmp/awx-{{ version }}.tar.gz
RUN OFFICIAL=yes pip install /tmp/awx-{{ version }}.tar.gz
RUN echo "{{ version }}" > /var/lib/awx/.tower_version
ADD installer/openshift/nginx.conf /etc/nginx/nginx.conf
ADD installer/openshift/supervisor.conf /supervisor.conf
ADD installer/openshift/supervisor_task.conf /supervisor_task.conf
ADD installer/openshift/launch_awx.sh /usr/bin/launch_awx.sh
ADD installer/openshift/launch_awx_task.sh /usr/bin/launch_awx_task.sh
ADD installer/openshift/settings.py /etc/tower/settings.py
RUN yum -y remove gcc postgresql-devel libxml2-devel libxslt-devel cyrus-sasl-devel openldap-devel xmlsec1-devel krb5-devel xmlsec1-openssl-devel libtool-ltdl-devel gcc-c++ python-devel && yum -y clean all
RUN rm -rf /root/.cache
RUN chmod g+w /etc/passwd
RUN chgrp -Rf root /var/lib/awx && chmod -Rf g+w /var/lib/awx
RUN chmod -R 777 /var/log/nginx && chmod -R 777 /var/lib/nginx
USER 1000
EXPOSE 8052
WORKDIR /var/lib/awx
ENTRYPOINT ["/tini", "--"]
CMD /usr/bin/launch_awx.sh

76
installer/openshift/config/deployment.yml
View File

@ -1,76 +0,0 @@
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tower
namespace: tower
spec:
replicas: 1
template:
metadata:
labels:
name: tower-web-deploy
service: django
spec:
containers:
- name: tower-web
image: 172.30.1.1:5000/tower/tower_web:latest
ports:
- containerPort: 8052
volumeMounts:
- mountPath: /etc/tower
name: tower-application-config
- name: tower-celery
image: 172.30.1.1:5000/tower/tower_task:latest
volumeMounts:
- mountPath: /etc/tower
name: tower-application-config
env:
- name: DATABASE_USER
value: tower
- name: DATABASE_NAME
value: tower
- name: DATABASE_HOST
value: postgresql
- name: DATABASE_PASSWORD
value: password123
- name: tower-rabbit
image: rabbitmq:3
env:
- name: RABBITMQ_ERLANG_COOKIE
value: secret
- name: RABBITMQ_NODENAME
value: rabbitmq
- name: RABBITMQ_DEFAULT_USER
value: tower
- name: RABBITMQ_DEFAULT_PASS
value: abcdefg
- name: RABBITMQ_DEFAULT_VHOST
value: tower
- name: tower-memcached
image: memcached
volumes:
- name: tower-application-config
configMap:
name: tower-config
items:
- key: tower_settings
path: settings.py
- key: secret_key
path: SECRET_KEY
---
apiVersion: v1
kind: Service
metadata:
name: tower-web-svc
namespace: tower
labels:
name: tower-web-svc
spec:
type: "NodePort"
ports:
- name: http
port: 8052
nodePort: 30083
selector:
name: tower-web-deploy

5
installer/openshift/inventory
View File

@ -1,5 +0,0 @@
[primary]
localhost
[all:children]
primary

114
installer/openshift/tasks/main.yml Normal file
View File

@ -0,0 +1,114 @@
---
- name: Authenticate with OpenShift
shell: "oc login {{ openshift_host }} -u {{ openshift_user }} -p {{ openshift_password }}"
- name: Get Project Detail
shell: "oc get project {{ awx_openshift_project }}"
register: project_details
ignore_errors: yes
- name: Get Postgres Service Detail
shell: "oc describe svc postgresql -n {{ awx_openshift_project }}"
register: postgres_svc_details
ignore_errors: yes
when: "pg_hostname is not defined or pg_hostname == ''"
- name: Create AWX Openshift Project
shell: "oc new-project {{ awx_openshift_project }}"
when: project_details.rc != 0
# This might could/should be optional based on certain circumstances
- name: Mark Openshift User as Admin
shell: "oc adm policy add-role-to-user admin {{ openshift_user }} -n {{ awx_openshift_project }}"
- name: Get docker registry password from oc if needed
block:
- name: Set docker registry password
shell: oc whoami -t
register: docker_registry_password_shell
- name: Set docker registry password
set_fact:
docker_registry_password: "{{ docker_registry_password_shell.stdout }}"
when: docker_registry_password is not defined
- name: Authenticate with Docker registry
docker_login:
registry: "{{ docker_registry }}"
username: "{{ docker_registry_username }}"
password: "{{ docker_registry_password }}"
reauthorize: yes
when: docker_registry is defined and docker_registry_password is defined
delegate_to: localhost
- name: Wait for Openshift
pause:
seconds: 30
- name: Tag and push web image to registry
docker_image:
name: "{{ awx_web_image }}"
repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}"
tag: "{{ awx_version }}"
push: yes
when: docker_registry is defined
delegate_to: localhost
- name: Wait for openshift
pause:
seconds: 10
- name: Tag and push task image to registry
docker_image:
name: "{{ awx_task_image }}"
repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}"
tag: "{{ awx_version }}"
push: yes
when: docker_registry is defined
delegate_to: localhost
- name: Deploy and Activate Postgres
shell: "oc new-app --template=postgresql-persistent -e MEMORY_LIMIT={{ pg_memory_limit|default('512') }}Mi -e NAMESPACE=openshift -e DATABASE_SERVICE_NAME=postgresql -e POSTGRESQL_USER={{ pg_username }} -e POSTGRESQL_PASSWORD={{ pg_password }} -e POSTGRESQL_DATABASE={{ pg_database }} -e VOLUME_CAPACITY={{ pg_volume_capacity|default('1')}}Gi -e POSTGRESQL_VERSION=9.5 -n {{ awx_openshift_project }}"
when: (pg_hostname is not defined or pg_hostname == '') and (postgres_svc_details is defined and postgres_svc_details.rc != 0)
register: openshift_pg_activate
- name: Wait for Postgres to activate
pause:
seconds: 15
when: openshift_pg_activate|changed
- name: Set full web image path
set_fact:
awx_web_openshift_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}:{{ awx_version }}"
when: awx_web_openshift_image is not defined
- name: Set full task image path
set_fact:
awx_task_openshift_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}:{{ awx_version }}"
when: awx_task_openshift_image is not defined
- name: Set openshift base path
set_fact:
openshift_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/awx-config"
- name: Ensure directory exists
file:
path: "{{ openshift_base_path }}"
state: directory
- name: Template Openshift AWX Config
template:
src: configmap.yml.j2
dest: "{{ openshift_base_path }}/configmap.yml"
mode: '0600'
- name: Template Openshift AWX Deployment
template:
src: deployment.yml.j2
dest: "{{ openshift_base_path }}/deployment.yml"
mode: '0600'
- name: Apply Configmap
shell: "oc apply -f {{ openshift_base_path }}/configmap.yml"
- name: Apply Deployment
shell: "oc apply -f {{ openshift_base_path }}/deployment.yml"

29
installer/openshift/config/configmap.yml → installer/openshift/templates/configmap.yml.j2
View File

@ -1,11 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: tower-config
namespace: tower
name: awx-config
namespace: {{ awx_openshift_project }}
data:
secret_key: AAABBBCCC
tower_settings: |
secret_key: {{ awx_secret_key }}
awx_settings: |
import os
import socket
ADMINS = ()
@ -35,6 +35,13 @@ data:
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_USE_TLS = False
LOGGING['handlers']['console'] = {
'()': 'logging.StreamHandler',
'level': 'DEBUG',
'formatter': 'simple',
}
LOGGING['loggers']['django.request']['handlers'] = ['console']
LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
LOGGING['loggers']['awx']['handlers'] = ['console']
@ -59,19 +66,19 @@ data:
'default': {
'ATOMIC_REQUESTS': True,
'ENGINE': 'transaction_hooks.backends.postgresql_psycopg2',
'NAME': "tower",
'USER': "tower",
'PASSWORD': "password123",
'HOST': "postgresql",
'PORT': "5432",
'NAME': "{{ pg_database }}",
'USER': "{{ pg_username }}",
'PASSWORD': "{{ pg_password }}",
'HOST': "{{ pg_hostname|default('postgresql') }}",
'PORT': "{{ pg_port }}",
}
}
BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format(
"tower",
"awx",
"abcdefg",
"localhost",
"5672",
"tower")
"awx")
CHANNEL_LAYERS = {
'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer',
'ROUTING': 'awx.main.routing.channel_routing',

93
installer/openshift/templates/deployment.yml.j2 Normal file
View File

@ -0,0 +1,93 @@
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: awx
namespace: {{ awx_openshift_project }}
spec:
replicas: 1
template:
metadata:
labels:
name: awx-web-deploy
service: django
spec:
containers:
- name: awx-web
image: {{ awx_web_openshift_image }}
ports:
- containerPort: 8052
volumeMounts:
- mountPath: /etc/tower
name: awx-application-config
- name: awx-celery
image: {{ awx_task_openshift_image }}
volumeMounts:
- mountPath: /etc/tower
name: awx-application-config
env:
- name: DATABASE_USER
value: {{ pg_username }}
- name: DATABASE_NAME
value: {{ pg_database }}
- name: DATABASE_HOST
value: {{ pg_hostname|default('postgresql') }}
- name: DATABASE_PASSWORD
value: {{ pg_password }}
- name: awx-rabbit
image: rabbitmq:3
env:
- name: RABBITMQ_ERLANG_COOKIE
value: secretb
- name: RABBITMQ_NODENAME
value: rabbitmq
- name: RABBITMQ_DEFAULT_USER
value: awx
- name: RABBITMQ_DEFAULT_PASS
value: abcdefg
- name: RABBITMQ_DEFAULT_VHOST
value: awx
- name: awx-memcached
image: memcached
volumes:
- name: awx-application-config
configMap:
name: awx-config
items:
- key: awx_settings
path: settings.py
- key: secret_key
path: SECRET_KEY
---
apiVersion: v1
kind: Service
metadata:
name: awx-web-svc
namespace: {{ awx_openshift_project }}
labels:
name: awx-web-svc
spec:
type: "NodePort"
ports:
- name: http
port: 8052
nodePort: {{ awx_node_port }}
selector:
name: awx-web-deploy
---
apiVersion: v1
kind: Route
metadata:
name: awx-web-svc
namespace: {{ awx_openshift_project }}
spec:
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: awx-web-svc
weight: 100
wildcardPolicy: None

5
installer/openshift/tower_setup_conf.yml
View File

@ -1,5 +0,0 @@
admin_password: password
database: internal
pg_password: CJUWsyKHp5P9AZZqC8Rgk7qFnVVFAPBCJbkzr3bb
primary_machine: localhost
redis_password: xrQ5uWpfH8ELWyKzfkS8UCRVAjaFruKQq3EvR4a6