1. playbook-samples
These are test playbooks tested on Ansible/AWX.
1.1. Test Environment
- CentOS 7.5
- Python 3.6.6
- Ansible 2.8.2
- Docker version 18.09.7
- Docker-Compose 1.24.1
- Node v10.16.0 / NPM 6.9.0
- AWX 6.0.0.0
2. Install
Install awx with docker compose
https://github.com/ansible/awx/blob/devel/INSTALL.md#docker-compose
2.1. Prerequisites
- python
yum install zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel -y
yum -y install patch gcc make git
git clone https://github.com/yyuu/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bash_profile
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(pyenv init -)"' >> ~/.bash_profile
echo 'test -r ~/.bashrc && . ~/.bashrc' >> ~/.bash_profile
. ~/.bash_profile
pyenv install 3.6.6
pyenv global 3.6.6
python -V # 3.6.6
- ansible
pip install ansible
pip install --upgrade pip
- docker
https://docs.docker.com/install/linux/docker-ce/centos/
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io -y
systemctl enable docker
systemctl start docker
docker -v
Docker version 18.09.7, build 2d0083d
- docker-py
pip install docker
pip install docker-compose
- Node 10.x / NPM 6.x
https://github.com/nodesource/distributions/blob/master/README.md
curl -sL https://rpm.nodesource.com/setup_10.x | sudo bash -
yum install -y nodejs
- Docker-Compose
curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
2.2. AWX
https://github.com/ansible/awx/blob/devel/INSTALL.md#docker-or-docker-compose
- modify inventory
git clone https://github.com/ansible/awx
cd awx/installer
vi inventory
postgres_data_dir=/var/lib/awx/pgdocker
docker_compose_dir=/var/lib/awx/awxcompose
project_data_dir=/var/lib/awx/projects
- install
ansible-playbook -i inventory install.yml
cd /var/lib/awx/awxcompose/
docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------
awx_memcached_1 docker-entrypoint.sh memcached Up 11211/tcp
awx_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
awx_rabbitmq_1 docker-entrypoint.sh /bin/ ... Up 15671/tcp, 15672/tcp, 25672/tcp, 4369/tcp, 5671/tcp, 5672/tcp
awx_task_1 /tini -- /bin/sh -c /usr/b ... Up 8052/tcp
awx_web_1 /tini -- /bin/sh -c /usr/b ... Up 0.0.0.0:80->8052/tcp
3. Setting
3.1. AUTHENTICATION
GOOGLE OAUTH2 CALLBACK URL:
GOOGLE OAUTH2 KEY: <your key>
GOOGLE OAUTH2 SECRET: <your secret>
GOOGLE OAUTH2 WHITELISTED DOMAINS: <your domain>
3.2. SYSTEM
BASE URL OF THE TOWER HOST: https://<fqdn>
ENABLE ADMINISTRATOR ALERTS: OFF
ALL USERS VISIBLE TO ORGANIZATION ADMINS: ON
ORGANIZATION ADMINS CAN MANAGE USERS AND TEAMS: ON
IDLE TIME FORCE LOG OUT: 1800
MAXIMUM NUMBER OF SIMULTANEOUT LOGGED IN SETTIONS: -1
ENABLE HTTP BASIC AUTH: ON
ALLOW EXTERNAL USERS TO CREATE OAUTH2 TOKES: OFF
REMOTE HOST HEADERS: REMOTE_ADDR, REMOTE_HOST, HTTP_X_FORWARDED_FOR
3.3. LDAP Authentication
LDAP SERVER URI : ldap://<ip address or hostname>:389
LDAP BIND DN: CN=Administrator,CN=Users,DC=x,DC=kodamap,DC=net
LDAP BIND PASSWORD:
LDAP USER DN TEMPLATE: <>
LDAP GROUP TYPE: ActiveDirectoryGroupType
LDAP REQUIRE GROUP: CN=Tower Users,CN=Users,DC=x,DC=kodamap,DC=net
LDAP DENY GROUP] <>
LDAP USER SEARCH:
[
"OU=Test,DC=x,DC=kodamap,DC=net",
"SCOPE_SUBTREE",
"(sAMAccountName=%(user)s)"
]
LDAP GROUP SEARCH:
[
"DC=x,DC=kodamap,DC=net",
"SCOPE_SUBTREE",
"(objectClass=group)"
]
LDAP USER ATTRIBUTE MAP
{
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
LDAP GROUP TYPE PARAMETERS
{}
4. Setting up a Windows Host
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
- ansible
pip install "pywinrm>=0.3.0"
- WinRM setup (Tested with Windows Server 2012R2, 2016)
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
verify
winrm enumerate winrm/config/Listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 172.25.5.11, ::1, fe80::6db0:a8dd:1276:da54%12
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint = 1f742be3bf238379120763469879aed5148929db
ListeningOn = 127.0.0.1, 172.25.5.11, ::1, fe80::6db0:a8dd:1276:da54%12
5. playbook sample
5.1. create domain user ( extra vars )
---
# user infomain
user: foo
firstname: xxx
surname: zzz
group: Tower Users
domain: x.kodamap.net
maildomain: kodamap.net
path: OU=Test,DC=x,DC=kodamap,DC=net
profilepath: \\profilesrv\Users\%UserName%
company: boo
# notificaton setting
smtp_server: x.x.x.x
smtp_port: 25
sender: foo@kodamap.net
recipient: foo@kodamap.net
# ansible config
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
You may get an error below:
AttributeError: 'ShellModule' object has no attribute 'ECHO'
-> Disable "Enable Previlige escalation"
5.2. create gsuite user ( extra vars )
---
user: foo
givenname: foo
familyname: kodamap
maildomain: kodamap.net
groupkey: group1@kodamap.net
smtp_server: x.x.x.x.x
smtp_port: 25
sender: foo@kodamap.net
recipient: foo@kodamap.net