How to install Ansible AWX with Docker on CentOS 7

Ansible AWX is the OpenSource version of ansible tower. AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is the upstream project for Tower, a commercial derivative of AWX.

In this tutorial, I will show you how to install and configure AWX using Docker.

I will be using 3 servers with centos 7 minimal installation and SELinux in permissive mode.

  • 192.168.1.25 AWX Server
  • 192.168.1.21 client1
  • 192.168.1.22 client2

System Requirements for AWX Server

  • At least 4GB of memory.
  • At least 2 cpu cores.
  • At least 20GB of space.
  • Running Docker, Openshift, or Kubernetes.

Check the SELinux configuration.

sestatus

Result:

[[email protected] ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[[email protected] ~]#

Disable firewalld.

[[email protected] installer]# systemctl stop firewalld
[[email protected] installer]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[[email protected] installer]#

Adding the host entries in /etc/hosts

[[email protected] ~]# cat /etc/hosts
192.168.1.25 awx.sunil.cc awx
192.168.1.21 client1.sunil.cc client1
192.168.1.22 client2.sunil.cc client2
[[email protected] ~]#

Enable epel repo.

[[email protected] ~]# yum install -y epel-release

Install the packages.

[[email protected] ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 ansible git python-devel python-pip python-docker-py vim-enhanced

Configure docker ce stable repository.

[[email protected] ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Installing docker.

[[email protected] ~]# yum install docker-ce -y

Start docker service.

[[email protected] ~]# systemctl start docker

Enable docker service.

[[email protected] ~]# systemctl enable docker

Cloning the AWX repo.

[[email protected] ~]# git clone https://github.com/ansible/awx.git
[[email protected] ~]# cd awx/
[[email protected] awx]# git clone https://github.com/ansible/awx-logos.git
[[email protected] awx]# pwd
/root/awx
[[email protected] awx]#

Go into the installer directory within /root/awx.

[[email protected] awx]# cd installer/

Edit the following parameters in inventory.

[[email protected] awx]# vim inventory
postgres_data_dir=/var/lib/pgdocker
awx_official=true
awx_alternate_dns_servers="4.2.2.1,4.2.2.2"
project_data_dir=/var/lib/awx/projects

Your configuration should look like this.

[[email protected] installer]# cat inventory |grep -v "#"
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"

[all:vars]

dockerhub_base=ansible
dockerhub_version=latest
rabbitmq_version=3.6.14


awx_secret_key=awxsecret



postgres_data_dir=/var/lib/pgdocker
host_port=80


docker_compose_dir=/var/lib/awx



pg_username=awx
pg_password=awxpass
pg_database=awx
pg_port=5432


awx_official=true


awx_alternate_dns_servers="4.2.2.1,4.2.2.2"

project_data_dir=/var/lib/awx/projects
[[email protected] installer]#

Now deploying AWX via Docker.

[[email protected] installer]# ansible-playbook -i inventory install.yml -vv

This will take a while depending upon the configuration of the server.

To check the deployment of ansible play for AWX run the below command.

[[email protected] installer]# docker container ls
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                                NAMES
318c7c95dcbb        ansible/awx_task:latest   "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       8052/tcp                             awx_task
642c2f272e31        ansible/awx_web:latest    "/tini -- /bin/sh -c."   12 minutes ago      Up 12 minutes       0.0.0.0:80->8052/tcp                 awx_web
641b42ab536f        memcached:alpine          "docker-entrypoint.s."   18 minutes ago      Up 18 minutes       11211/tcp                            memcached
b333012d90ac        rabbitmq:3                "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       4369/tcp, 5671-5672/tcp, 25672/tcp   rabbitmq
ada52935513a        postgres:9.6              "docker-entrypoint.s."   19 minutes ago      Up 19 minutes       5432/tcp                             postgres
[[email protected] installer]#

AWX is ready and can be accessed from the browser.

AWX Login

username is "admin" and the password is "password".

Configure passwordless login from AWX server

Create a user on all 3 hosts. Follow the steps below on all 3 servers.

[[email protected] ~]# useradd ansible
[[email protected] ~]# useradd ansible
[[email protected] ~]# useradd ansible

Generating ssh key:

[[email protected] ~]# su - ansible
[[email protected] ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:j30gyTVQxcWIocdKMbVieZvfJzGkCjXhjtc5qu+fE8o [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|        +o==.+.  |
|         O.oo .  |
|        * @   .  |
|       + @ * +   |
|        S * = o  |
|         B =.o o |
|        ..=.o.o .|
|         .E... o |
|        .oo.o.   |
+----[SHA256]-----+
[[email protected] ~]$

Adding the sudoers entry on all 3 servers as a last entry to the file.

[[email protected] ~]# visudo
ansible ALL=(ALL) NOPASSWD: ALL

Copy the content of id_rsa.pub to authorized_keys on all the 3 servers.

[[email protected] .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected]
[[email protected] .ssh]$ pwd
/home/ansible/.ssh
[[email protected] ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected]
[[email protected] ~]$chmod 600 .ssh/authorized_keys

client1

[[email protected] ~]# su - ansible
[[email protected] ~]$ ls
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected]
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ chmod 600 .ssh/authorized_keys

client2

[[email protected] ~]# su - ansible
[[email protected] ~]$ ls
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4QmuzjVnGUnT1o6xGXD3DCDPUMiTf0xUkOU4kYrkpxHYZ1nWG1MBNGWChyWobnTKYDh4c80+ftSyPHAdeV6KOwADOu6MXvMXHMK3EDe4jn+R0ZArQTEF2qKSBgve23wQu5IoqdWjvBoIEGqxw3LkYbdGxZ5dqKlP5ePkRKal4TncV+tlhueDaKz8QfvXgz+y2jc3HMWAH6a7UYsDKutDttmDDVUwfMcvoS9j2VYOUHkTCenx/2Y3296ULmWCREW9e6fTXLmOowIBDAar01CThmAzYCnBDNAFOsolh9dL1CKwLCvOyK1UBgJlfrzdGI/+fS7aFiaqhXpt6hI4xndJf [email protected]
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ chmod 600 .ssh/authorized_keys

Validating the keyless login:

[[email protected] .ssh]$ ssh client1
The authenticity of host 'client1 (192.168.1.21)' can't be established.
ECDSA key fingerprint is SHA256:TUQNYdF4nxofGwFO7/z+Y5dUETVEI0xPQL4n1cUcoCI.
ECDSA key fingerprint is MD5:5d:73:1f:64:0e:03:ac:a7:7b:33:76:08:6d:09:90:26.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client1,192.168.1.21' (ECDSA) to the list of known hosts.
Last login: Sun Mar  4 13:39:33 2018
[[email protected] ~]$ exit
logout
Connection to client1 closed.
[[email protected] .ssh]$
[[email protected] .ssh]$ ssh client2
The authenticity of host 'client2 (192.168.1.22)' can't be established.
ECDSA key fingerprint is SHA256:7JoWzteeQBwzc4Q3GGN+Oa4keUPMca/jtqv7gmmEZxg.
ECDSA key fingerprint is MD5:85:77:3a:a3:07:31:d4:c1:41:ed:30:db:74:b4:ce:67.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client2,192.168.1.22' (ECDSA) to the list of known hosts.
Last login: Sun Mar  4 13:51:27 2018
[[email protected] ~]$ exit
logout
Connection to client2 closed.
[[email protected] .ssh]$ 

Now click on this icon and go to credentials -> add

Add Credentials

Add button

Choose an organization and fill in the username and description.

Here the username is "ansible"

Ansible user

Choose 'machine' under credential type and fill the details.

Credential type

Get the private key from AWX server.

[[email protected] .ssh]$ pwd
/home/ansible/.ssh
[[email protected] .ssh]$ cat id_rsa
id_rsa      id_rsa.pub
[[email protected] .ssh]$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1
htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK
0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZ
Ybng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8
f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrz
sitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfca
DTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAj
Z43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa
0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pu
sxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3
NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v
1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQ
UnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl5
5xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1
GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+L
Gi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZ
N4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik
+F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Sht
l90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/
v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hw
vAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0Cj
XgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5
tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl
Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT
t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==
-----END RSA PRIVATE KEY-----
[[email protected] .ssh]$

Private key (example).

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuEJrs41ZxlJ09aOsRlw9wwgz1DIk39MVJDlOJGK5KcR2GdZ1
htTATRlgoclqG50ymA4eHPNPn7UsjxwHXleijsAAzrujF7zFxzCtxA3uI5/kdGQK
0ExBdqikgYL3tt8ELuSKKnVo7waCBBqscNy5GG3RsWeXaipT+Xj5ESmpeE53FfrZ
Ybng2is/EH714M/sto3NxzFgB+mu1GLAyrrQ7bZgw1VMHzHL6EvY9lWDlB5Ewnp8
f9mN9velC5lgkRFvXun01y5jqMCAQwGq9NQk4ZgM2ApwQzQBTrKJYfXS9QisCwrz
sitVAYCZX683RiP/n0u2hYmqoV6beoSOMZ3SXwIDAQABAoIBAQCcfiUU6S9fJfca
DTmqxHrcIyJJzZDN3GvvSRBaDNLwa2BWz3Mf4Z+1m6Ebp4IME/W9ePgQZIGyxeAj
Z43Gja2Nifrlmi2JYpWjeG+MvLwN26XfSHx6rtlGmzKkoIQc98qIvSevqepGYAOa
0sC0VnKKEfNvtei+jVam4hy/e9/oQWHV8c/yueLWpCx2pWOy5m7WVLdwNQSK+8pu
sxHLFTNCSC9wddBN80FVxhJQ7L4D2DzcprhcfUz6Uz7Ju7v8MtSksirDnaGliWJ3
NvxhntJYKvgQ30pvBr//y0lYnAB+O0jJhOpHlgD2hNSlI8sgUxmVyl+gC9Dhnq+v
1uKm3CThAoGBAOx+YIGGT/ymqJ53k8Dj4keKctI4+E3p/7Tr2jEyRff177VUjITQ
UnrRTw1W+XSE5cszitVYbv0WUwTJoSSrKaRaVG7iORaqcv0LkG8gnlcrcifRXSl5
5xMsPCw0adwtoyhrHQLbENntMl+iQw2JbE6fvldvNe2kPdL3B2T7Jw1RAoGBAMd1
GvsOHLaKtTD0me+wgGnql0GIp90elE7rQ1p6VMxZkE68b+0jX9xHAt2zxocR84+L
Gi6uAZvBqnwmH48c7Do6/oulrJXH2OcT6S8+F/kM7PWNT0Z0J0MW/+npVoPwSihZ
N4/uanR47L0YYVlTRgxmakSUZnitrEz754V+YjivAoGBAM1qtC6tWHrO0/XZTbik
+F5FrphVLbCXiSlAF6TV0xqfP5gUmX2faZUOi4i9vC3uZZ9L5NKNXtJseq3U6Sht
l90PLPmnfAjpArozOkCcZ4y1yxE09KPbI9BugtGusSizZ13rNCbP22I/eprA2Vc/
v5jHflB547DIEX9WXNDkqjYRAoGACD3ag40tuo04t3Ej+zd71uSOo3KWHRjqX+hw
vAhaAKeiwt4ecdoIV/3HLIoFJgej3MaOqmceQeVaug6JN0ympjFR20tZOkcru0Cj
XgRe0Tergun34J1kEe2dXXj6zjDbn5cwKI5db7qfbaDYROyf9Fs3AOZw5YOnnva5
tlZmkJkCgYB0tuVLQSOWsqjTAgkw7tDIMOds9o8dpGJTvXxcs2qWJIDQPQWxHVSl
Qimh5DFBkrNDAYKKC386KaZOEKwG7G1YuGbh1+ns3piscJaBi2lPaeA1Y/QA6pCT
t9Hbdzre5x0gDbKSHOk+QLJkVdfQX9jamRE6W0k0pXVF6ur8N5zfxA==
-----END RSA PRIVATE KEY-----

Copy the private key under ssh private key and click on save.

Sek key

Click on Inventories and click on add inventory.

Add inventory

Fill the details accordingly.

Fill inventory details

Click on hosts -> add host.

Add host

Add the below details:

Host details

Add the below details for client2.

Details for client 2

Test the connectivity via AWX.

Select both the hosts and click on run commands.

Choose ping and other details and click on Launch.

That's it for this tutorial. I will show you in the next tutorial how to install AWX via rpm and also how to run playbooks, doing API calls in further tutorials.

Reference

Share this page:

Suggested articles

9 Comment(s)

Add comment

Comments

From: Tom at: 2018-03-19 18:31:40

This line: awx_alternate_dns_servers="4.2.2.1,4.2.2.1" in the "Edit the following parameters in inventory." section is wrong. The 2nd IP should be .2

From: till at: 2018-03-20 08:04:19

Thank you for the hint. I've corrected that in the tutorial.

From: steve johnson at: 2018-03-20 13:24:49

Nice article .

From: Ron HD at: 2018-03-20 16:32:54

Why the requirement to disable the firewall? That's a non-starter for me.

From: Jobling at: 2018-05-15 07:41:06

+1 for the same doubt.

From: adam at: 2018-05-21 15:58:49

crazy-town.  Docker can't run with SELinux enabled.  SELinux is NOT a firewall.  If you want a firewall then manage IP tables on your box or work with an external device (even another server) to be the route to your host.  

From: David Trigo at: 2018-04-03 14:32:19

After installation, it's necessary to wait until containers are updated.

docker logs -f awx_task

From: koko at: 2018-04-18 11:48:33

Hi,

It's want to user root user. What's wrong ?

#######

Identity added: /tmp/awx_15_oXU0eR/credential_2 (/tmp/awx_15_oXU0eR/credential_2) ansible 2.5.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] Using /etc/ansible/ansible.cfg as config file Parsed /tmp/awx_15_oXU0eR/tmptGLInl inventory source with script plugin META: ran handlers Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py <192.168.122.21> ESTABLISH SSH CONNECTION FOR USER: root <192.168.122.21> SSH: EXEC ssh -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 192.168.122.21 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"'' Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py <192.168.122.22> ESTABLISH SSH CONNECTION FOR USER: root <192.168.122.22> SSH: EXEC ssh -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 192.168.122.22 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"'' <192.168.122.21> (255, '', 'Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\\r\\n') client1 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\\r\\n", "unreachable": true } client2 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\\r\\n", "unreachable": true }

 

From: koko at: 2018-04-19 12:12:30

It's Ok ,

It was ansible user