How to Install Ansible AWX on CentOS 7

In the previous tutorial, I showed you how to deploy Ansible AWX via docker. In the meantime, I've found two projects that build rpm packages for AWX. So in this tutorial, I will show you how to install Ansible AWX from RPM  files on CentOS 7. Ansible AWX is the OpenSource version of the Ansible Tower software.

I will be using 3 servers with CentOS 7 minimal installation and SELinux in permissive mode.

  • 192.168.1.25 AWX Server
  • 192.168.1.21 client1
  • 192.168.1.22 client2

Minimum System Requirements for AWX Server

  • At least 4GB of memory
  • At least 2 cpu cores
  • At least 20GB of space
  • Running Docker, Openshift, or Kubernetes

Check the SELinux configuration.

[[email protected] ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[[email protected] ~]#

Add the host entries in

/etc/hosts
[[email protected] ~]# cat /etc/hosts
192.168.1.25    awx.sunil.cc awx
192.168.1.21    client1.sunil.cc client1
192.168.1.22    client2.sunil.cc client2
[[email protected] ~]#

Add the firewall rules

[[email protected] ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# firewall-cmd --add-service=http --permanent;firewall-cmd --add-service=https --permanent
success
success
[[email protected] ~]# systemctl restart firewalld
[[email protected] ~]#

Enable CentOS EPEL repository.

[[email protected] ~]# yum install -y epel-release

We need postgresql 9.6 for AWX installation.

Enable postgreSQL repo.

[[email protected] ~]# yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

Installing postgreSQL.

[[email protected] ~]# yum install postgresql96-server -y

Installing the other necessary rpms.

[[email protected] ~]# yum install -y rabbitmq-server wget memcached nginx ansible

Installing Ansible AWX

Adding the AWX repo.

[[email protected] ~]# wget -O /etc/yum.repos.d/awx-rpm.repo https://copr.fedorainfracloud.org/coprs/mrmeee/awx/repo/epel-7/mrmeee-awx-epel-7.repo

Installing the rpm

[[email protected] ~]# yum install -y awx

Intializing the database

[[email protected] ~]# /usr/pgsql-9.6/bin/postgresql96-setup initdb
Initializing database ... OK

[[email protected] ~]#

Starting the Rabbitmq Service

[[email protected] ~]# systemctl start rabbitmq-server
[[email protected] ~]# systemctl enable rabbitmq-server
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[[email protected] ~]#

Starting PostgreSQL Service

[[email protected] ~]# systemctl enable postgresql-9.6
Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql-9.6.service to /usr/lib/systemd/system/postgresql-9.6.service.
[[email protected] ~]# systemctl start postgresql-9.6

Starting Memcached Service

[[email protected] ~]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[[email protected] ~]# systemctl start memcached

Creating Postgres user

[[email protected] ~]# sudo -u postgres createuser -S awx
could not change directory to "/root": Permission denied
[[email protected] ~]#

ignore the error

Creating the database

[[email protected] ~]# sudo -u postgres createdb -O awx awx
could not change directory to "/root": Permission denied
[[email protected] ~]#

ignore the error

Importing the data into Database

[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage migrate

Initializing the configuration for AWX

[[email protected] ~]# echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', '[email protected]', 'password')" | sudo -u awx /opt/awx/bin/awx-manage shell
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage create_preload_data
Default organization added.
Demo Credential, Inventory, and Job Template added.
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage provision_instance --hostname=$(hostname)
Successfully registered instance awx.sunil.cc
(changed: True)
[[email protected] ~]# sudo -u awx /opt/awx/bin/awx-manage register_queue --queuename=tower --hostnames=$(hostname)
Creating instance group tower
Added instance awx.sunil.cc to tower
(changed: True)
[[email protected] ~]#

Configure Nginx

Take the backup of nginx.conf

[[email protected] ~]# cd /etc/nginx/
[[email protected] nginx]# pwd
/etc/nginx
[[email protected] nginx]# cp nginx.conf nginx.conf.bkp

Replace the nginx conf file

[[email protected] nginx]# wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/sunilsankar/awx-build/master/nginx.conf

Enable and start nginx service

[[email protected] ~]# systemctl start nginx
[[email protected] ~]# systemctl enable nginx

Start the awx services

[[email protected] ~]# systemctl start awx-cbreceiver
[[email protected] ~]# systemctl start awx-celery-beat
[[email protected] ~]# systemctl start awx-celery-worker
[[email protected] ~]# systemctl start awx-channels-worker
[[email protected] ~]# systemctl start awx-daphne
[[email protected] ~]# systemctl start awx-web

Make sure the service is started during restart

[[email protected] ~]# systemctl enable awx-cbreceiver
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-cbreceiver.service to /usr/lib/systemd/system/awx-cbreceiver.service.
[[email protected] ~]# systemctl enable awx-celery-beat
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-beat.service to /usr/lib/systemd/system/awx-celery-beat.service.
[[email protected] ~]# systemctl enable awx-celery-worker
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-celery-worker.service to /usr/lib/systemd/system/awx-celery-worker.service.
[[email protected] ~]# systemctl enable awx-channels-worker
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-channels-worker.service to /usr/lib/systemd/system/awx-channels-worker.service.
[[email protected] ~]# systemctl enable awx-daphne
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-daphne.service to /usr/lib/systemd/system/awx-daphne.service.
[[email protected] ~]# systemctl enable awx-web
Created symlink from /etc/systemd/system/multi-user.target.wants/awx-web.service to /usr/lib/systemd/system/awx-web.service.
[[email protected] ~]#

Configure passwordless login from AWX server

Create a user on all the 3 hosts.

Here in this tutorial, I am creating a user ansible on all the 3 servers.

[[email protected] ~]# useradd ansible
[[email protected] ~]# useradd ansible
[[email protected] ~]# useradd ansible

Generating ssh key in awx server

[[email protected] nginx]# su - ansible
[[email protected] ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RW/dhTsxcyGicleRI0LpLm+LyhAVinm0xktapodc8gY [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|   . .  ..o. +ooo|
|  = o .  +.oo+*.o|
| E @ . ..oo.+ o*.|
|. # o   oo..  o  |
| = *    S      . |
|  o .  . .       |
|   .    o        |
|    o   .o       |
|     o.....      |
+----[SHA256]-----+
[[email protected] ~]$

Adding the sudoers entry on all 3 servers as a last entry to the file

[[email protected] nginx]# visudo
ansible ALL=(ALL) NOPASSWD: ALL

Copy the content of id_rsa.pub to authorized_keys on all the 3 servers

[[email protected] .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] .ssh]$
[[email protected] .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] .ssh]$ chmod 600 authorized_keys

Client1

[[email protected] ~]# su - ansible
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] ~]$ chmod 600 .ssh/authorized_keys

Client2

[[email protected] ~]# su - ansible
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStB8JGsVsSLppwYWdnEPLE4xwFqRDn7xE/d3hjBQ6A0JGm1t+GtHB3GPIEjANFTnxQwHpR+cRttbL3mlQvpIYqCZOMZds9XA7VI5qgs0aSGUU8cNYKjmmrMpJa9sB4WVtj3M4u2fEXt9FKKCtjMMpOfiQxIkEhYZ+2GoAX5sHXan7TPcgwb5r7WW6j43aaPc6g9XWN63nonQz6KeMSFZ/y0o2HJMh1FEkktZw6A1HVfn+JNWoQb1glyqGjO1ync+Sok8yXpqakEEWpXNQSQYs4eBEwfkKql5EuolQMIbF9VYhpEcR9LfbMvYdq/RPKWN3mmRMWfPZ2dTZl515XBdV [email protected]
[[email protected] ~]$ chmod 600 .ssh/authorized_keys

Check the passwordless login from AWX server.

[[email protected] ~]$ ssh client1
Last login: Sun Mar 11 13:14:06 2018 from 192.168.1.25
[[email protected] ~]$ exit
logout
Connection to client1 closed.
[[email protected] ~]$ ssh client2
Last login: Sun Mar 11 12:50:14 2018 from 192.168.1.25
[[email protected] ~]$

Validate the Login:

Ansible AWX Login

The Login details are:

Username: "admin"
Password: "password"

Ansible AWX dashboard

In the next tutorial will show how to add a playbook and run the job.

Reference

Share this page:

Suggested articles

23 Comment(s)

Add comment

Comments

From: Tomas at: 2018-04-06 11:17:44

With this line you have basically created a new root account called ansible:

ansible ALL=(ALL) NOPASSWD: ALL

Is this necessary to run Ansible?

From: iron_michael86 at: 2018-04-06 18:20:39

This is just a example , you can use any user with root access

Regards

Sunil

From: Pedro C at: 2018-04-09 19:04:41

FYI you may get a "502 bad gateway" error. Fix is: https://stackoverflow.com/questions/23948527/13-permission-denied-while-connecting-to-upstreamnginx

From: Deano at: 2018-07-07 13:23:54

Thanks it was SELinux

setsebool -P httpd_can_network_connect 1

 

From: Josh H at: 2018-07-10 19:38:51

Yeah it would be nice if OP included that in their blog post. I hit this problem as well. 

From: Josef at: 2018-05-04 06:35:08

Thanks, everything is working but I had to disable httpd

systemctl stop httpd.service

systemctl disable httpd.service

 

From: The login does not work at: 2018-05-08 22:16:50

I tried to login using admin and password credentials but they don't work.

From: Sampath at: 2018-05-11 12:12:58

What is the correct username and password to login awx console...?

From: Paul at: 2018-05-22 18:27:17

Check your sestatus; rerun AWX setup, then reboot.

From: prashant at: 2018-05-29 17:25:05

run this command again 

echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', '[email protected]', 'password')" | sudo -u awx /opt/awx/bin/awx-manage shell

From: Randy P at: 2018-05-14 22:00:22

I'm getting the error 502 bad gateway.  the install was done on centos 7 minimal and httpd service was never installed.  If I put the original nginx.conf file back, it works fine.  Any ideas?

From: Allan at: 2018-07-23 14:19:57

I got the same error, I had to reboot the system which fixed the issue.

From: Mikey at: 2018-05-23 15:59:34

Please provide a link to "the next tutorial" which shows us how to add a playbook and run the job.

 

From: salder at: 2018-05-30 15:42:36

First, nice work.  Thank you for putting all of this together.  Though my being a SysAdmin, and thus lazy by definition.  Might I offer a few changes for consideration?

Installing the packages seperately just extends things.  Install all of the packages at the same time, where it makes sense. (ie. yum -y install postgresql96-server rabbitmq-server wget memcached nginx ansible) This allows for fewer steps and inturn less chance of the fat-fingers.

Second, less steps.  All of the steps where you are enabling and starting services in two commands, can be done in one step.  The worse case of this being the awx services.  (systemctl start --now awx-cbreceiver awx-celery-beat awx-celery-worker awx-channels-worker awx-daphne awx-web)  Any errors or issues are still apparent, but again, less chance for screw-ups to happen.

Last, it is a better option to leave the default sudoers file alone.  Your additions should be placed in a purposefully named file in /etc/sudoers.d.  Which can then be written as a single line of commands and scrapped into the terminal for use.  (ie. echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible_user && chmod 600 /etc/sudoers.d/ansible_user)

From: Vathsa at: 2018-06-14 15:13:44

Please do not use the following repo as indicated in the documentation for installing awx https://copr.fedorainfracloud.org/coprs/mrmeee/awx/repo/epel-7/mrmeee-awx-epel-7.repo .

The build on that repo has failed and when you use it you will run into multiple issues like SCM clones not working and others. Please use the following repo instaed "https://copr.fedorainfracloud.org/coprs/mrmeee/awx-dev/repo/epel-7/mrmeee-awx-dev-epel-7.repo".

From: Catarina at: 2018-06-15 00:10:29

Hi, 

Can I make a environment with two nodes running Ansible managed by just one AWX? One to manage a network and other to manage another network?

How can I do that?

From: rajesh S at: 2018-06-22 06:42:20

Can we update the awx version.

From: Dhinesh at: 2018-06-27 13:56:40

Great Work ! My installation works perfect, I was trying to make inventory sync with AWS Credentials but I am error as " ERROR! No inventory was parsed, please check your configuration and options." My config file ansible.cfg I tried to modify the inventory parameter "#unparsed_is_failed = true". But the issue still exists . I am confused my why awx unable pick the inventory setup ?

From: Dimitri at: 2018-06-29 16:22:58

The follow-on tutorial on how to add a playbook and run a job would be extremely useful.

From: Madhu Raghav at: 2018-07-09 19:06:55

My UI is not opening, i see ginx is started and awx web service is started. I dnt seee any access log coming in 

From: vaibhav at: 2018-07-25 10:17:28

 you can use either httpd or nginx as both runs at port 80.

From: Dimitri at: 2018-07-25 21:23:39

My installation works, bit I have two issues:

- like a previous poster, I'm trying to make inventory sync with both Satellte (Spacewalk) and Vcenter. And like the previous poster, I also get " ERROR! No inventory was parsed, please check your configuration and options.".  My config files seem correct.

- when I run a job, status remains on "Running".  I have to refresh the browser to see the output of the run (whether successful, or not).

From: Hai at: 2018-07-31 09:45:44

Thanks for tutorial!

Can you continue share create playbook and execute it with Ansible AWX