AWX is originally designed to run in a Kubernetes environment only. This code allows you to install and use AWX only using Docker without K8S. Ideas from awx, awx-operator and awx-ee code.
Main branch is compatible with AWX version 23.7.0. Use git tag with desired version.
This code can also be used as an Ansible collection and installed from Ansible Galaxy:
ansible-galaxy collection install fitbeard.awxor desired version
ansible-galaxy collection install fitbeard.awx:23.7.0- Ansible
- Working hostname resolution mechanism
(DNS records, Docker's
extra_hostsvalues,/etc/hosts)
Befor installation please read about AWX in general, AWX node types (control, hybrid, hop, execution), execution nodes and receptor. These are beyond the scope of this guide.
Demo secrets, certs, keys are for test purpose ONLY. Please do not use for production.
This is not necessary as this demo contains all needed secrets. This is an example of how to create secret data for production.
mkdir secrets
cd secretsopenssl genrsa -out awx_receptor_signing_private_key 4096
openssl rsa -in awx_receptor_signing_private_key -out awx_receptor_signing_public_key -outform PEM -pubout
openssl genrsa -out awx_mesh_ca_key 4096
openssl req -x509 -new -nodes -key awx_mesh_ca_key -subj "CN=AWX Demo Receptor Root CA" -sha256 -days 3650 -out awx_mesh_ca_crtopenssl req -x509 -newkey rsa:4096 -keyout awx_web_cert_key -out awx_web_cert_crt -sha256 -days 365
openssl rsa -in awx_web_cert_key -out awx_web_cert_keyopenssl genrsa -out awx_receptor_signing_private_key 4096
openssl rsa -in awx_receptor_signing_private_key -out awx_receptor_signing_public_key -outform PEM -puboutRepeat for every node in cluster
docker pull quay.io/ansible/receptor:latest
export receptor_hostname=awx-1.demo.io
docker run --rm -v $PWD:/tmp --env-file <(env | grep receptor_hostname) quay.io/ansible/receptor:latest receptor --cert-makereq bits=2048 commonname=$receptor_hostname dnsname=$receptor_hostname nodeid=$receptor_hostname outreq=/tmp/$receptor_hostname.req outkey=/tmp/$receptor_hostname.key
docker run --rm -v $PWD:/tmp --env-file <(env | grep receptor_hostname) quay.io/ansible/receptor:latest receptor --cert-signreq req=/tmp/$receptor_hostname.req cacert=/tmp/awx_mesh_ca_crt cakey=/tmp/awx_mesh_ca_key notbefore=$(date --iso-8601=seconds) notafter=$(date --date="+2 years" --iso-8601=seconds) outcert=/tmp/$receptor_hostname.crt verify=yesCreate custom Docker image for execution nodes and for management nodes (if awx_node_role_type variable is set to hybrid).
Or use quay.io/tadas/awx-without-k8s-ee:latest image which is based on the same Dockerfile.
Before actually running playbook, take a look at the role defaults, demo/inventory-auto-peers and demo/host_vars|group_vars and make changes accordingly.
cd ../demo
ansible-playbook -i inventory-auto-peers demo.yml --diffAnsible will do it automatically but in case you need re-add it again.
Repeat for every execution node in cluster
This can be done in Web UI or by using awx-manage CLI (partially):
docker exec -ti awx-task bash
awx-manage provision_instance --hostname=awx-receptor-1.demo.io --node_type=execution
Before actually running playbook, take a look at the role defaults, demo/inventory-manual-peers and demo/host_vars|group_vars and make changes accordingly.
cd ../demo
ansible-playbook -i inventory-manual-peers demo.yml --diff
cd demo
ansible-playbook -i inventory-auto-peers demo.yml --diff -e awx_tasks=upgradecd demo
ansible -i inventory-auto-peers all -a "docker rmi awx_img_id"You'll need to make sure that you have pre-commit
setup and installed in your environment by running these commands:
pre-commit install --hook-type commit-msg