AWX構築
仕事でRed Hat Ansible Automation Platform (AAP) を使うことになったので調べたところ、
AWXというOSS版がある
らしいので構築してみました。
こちらのインストールガイド
を見るとKubernetesでAWX Operator
を使うのが推奨ということで、
ラズパイクラスタで構築してみました。
環境
ラズパイクラスタは以下の構成です。
# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s1 Ready control-plane,etcd,master 85d v1.27.10+rke2r1 192.168.0.51 <none> Ubuntu 22.04.4 LTS 5.15.0-1049-raspi containerd://1.7.11-k3s2
k8s2 Ready worker 85d v1.27.10+rke2r1 192.168.0.52 <none> Ubuntu 22.04.4 LTS 5.15.0-1049-raspi containerd://1.7.11-k3s2
k8s3 Ready worker 85d v1.27.10+rke2r1 192.168.0.53 <none> Ubuntu 22.04.4 LTS 5.15.0-1049-raspi containerd://1.7.11-k3s2
追加でIngressとLocal Path Provisionerをインストールしています。
AWX Operator インストール
helmでインストール します。
# helm repo add awx-operator https://ansible.github.io/awx-operator/
"awx-operator" has been added to your repositories
# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "awx-operator" chart repository
Update Complete. ⎈Happy Helming!⎈
# helm search repo awx-operator
NAME CHART VERSION APP VERSION DESCRIPTION
awx-operator/awx-operator 2.16.1 2.16.1 A Helm chart for the AWX Operator
# helm install -n awx --create-namespace my-awx-operator awx-operator/awx-operator
NAME: my-awx-operator
LAST DEPLOYED: Wed May 15 18:46:00 2024
NAMESPACE: awx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWX Operator installed with Helm Chart version 2.16.1
問題なく起動しました。
# kubectl get pod -n awx
NAME READY STATUS RESTARTS AGE
awx-operator-controller-manager-865f65685d-85kzv 2/2 Running 0 2m10s
AWXインストール
AWXのインストールは こちら を参考に進めます。
せっかく(?)なのでhttpsにします。
let’s Encryptの証明書でSecretを作成します。
# kubectl create secret tls my-tls --key /etc/letsencrypt/live/tsuchinokometal.com/privkey.pem --cert /etc/letsencrypt/live/tsuchinokometal.com/fullchain.pem -n awx --dry-run=client -o yaml > my-tls.yaml
# kubectl apply -f my-tls.yaml
secret/my-tls created
デプロイのためのマニフェストは以下のようにしてみました。
詳細はこちら
をご確認ください。
awx-demo.yml
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-demo
namespace: awx
spec:
service_type: ClusterIP
ingress_type: ingress
hostname: awx.tsuchinokometal.com
ingress_tls_secret: my-tls
postgres_storage_class: local-path
ingressと先ほどデプロイしたsecretでhttpsアクセスをします。
あとPV作る手間を省くためにLocal Path Provisionerを使います。
kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/ansible/awx-operator/config/default?ref=2.16.1
# Add this extra line:
- awx-demo.yml
こちらはドキュメント通り。
ではデプロイします。
# kubectl apply -k .
Warning: resource namespaces/awx is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
namespace/awx configured
Warning: resource customresourcedefinitions/awxbackups.awx.ansible.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com configured
Warning: resource customresourcedefinitions/awxmeshingresses.awx.ansible.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/awxmeshingresses.awx.ansible.com configured
Warning: resource customresourcedefinitions/awxrestores.awx.ansible.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com configured
Warning: resource customresourcedefinitions/awxs.awx.ansible.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com configured
Warning: resource serviceaccounts/awx-operator-controller-manager is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
serviceaccount/awx-operator-controller-manager configured
Warning: resource roles/awx-operator-awx-manager-role is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
role.rbac.authorization.k8s.io/awx-operator-awx-manager-role configured
Warning: resource roles/awx-operator-leader-election-role is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
role.rbac.authorization.k8s.io/awx-operator-leader-election-role configured
clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role created
Warning: resource rolebindings/awx-operator-awx-manager-rolebinding is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
rolebinding.rbac.authorization.k8s.io/awx-operator-awx-manager-rolebinding configured
Warning: resource rolebindings/awx-operator-leader-election-rolebinding is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding configured
clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding created
Warning: resource configmaps/awx-operator-awx-manager-config is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
configmap/awx-operator-awx-manager-config configured
Warning: resource services/awx-operator-controller-manager-metrics-service is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
service/awx-operator-controller-manager-metrics-service configured
Warning: resource deployments/awx-operator-controller-manager is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
deployment.apps/awx-operator-controller-manager configured
awx.awx.ansible.com/awx-demo created
そこそこ時間かかると思います。
完了すると以下のようになると思います。
# kubectl get pod,svc,ingress -n awx
NAME READY STATUS RESTARTS AGE
pod/awx-demo-migration-24.3.1-m274p 0/1 Completed 0 31m
pod/awx-demo-postgres-15-0 1/1 Running 0 34m
pod/awx-demo-task-544988b669-9p4f9 4/4 Running 0 32m
pod/awx-demo-web-56d7847b56-qxgjc 3/3 Running 0 33m
pod/awx-operator-controller-manager-596ff9867-kv6mr 2/2 Running 0 36m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/awx-demo-postgres-15 ClusterIP None <none> 5432/TCP 34m
service/awx-demo-service ClusterIP 10.43.151.154 <none> 80/TCP 33m
service/awx-operator-controller-manager-metrics-service ClusterIP 10.43.61.214 <none> 8443/TCP 39m
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/awx-demo-ingress <none> awx.tsuchinokometal.com 192.168.0.52,192.168.0.53 80, 443 33m
ingressで指定したhostsを名前解決できるように、hostsファイルを編集してください。
うまくいけば以下のような画面が表示されます。
初期パスワードを設定していない場合、secretでadminのパスワードを確認してください。
# kubectl get secret awx-demo-admin-password -n awx -o jsonpath="{.data.password}" | base64 --decode ; echo
Lr6Rj2awkQQNWG1ldhZbPVC1hqxZbKbr
ログインできました。
バージョンは24.3.1でした。
