Nick Pratley

How To Deploy Ansible AWX on Ubuntu With MicroK8s

NickNick
[et_pb_section admin_label=”section”] [et_pb_row admin_label=”row”] [et_pb_column type=”4_4″][et_pb_text admin_label=”Text”]

I recently broke our AWX installation, which meant provisioning workflows ground to a halt! We were hit by a bug running on Docker (https://github.com/ansible/awx/issues/3705) that meant all secret keys had been deleted, rendering the database useless. I could have restored from a VM backup, recovered the files and fixed the compose file — but what better time than now to deploy the latest version using the Ansible Operator on a Kubernetes stack!

I wanted to jot this down as I spent a day with the AWX documentation and struggled to get a working install

In this tutorial, we’ll walk through:

Installing MicroK8s on Ubuntu 20.04

What you’ll need:

Let us dive right in!

  1. Install MicroK8s
    sudo snap install microk8s --classic --channel=1.21
  2. Add your user to the microk8s group, and grant permission to the ~/.kube caching directory
    sudo usermod -a -G microk8s $USER && sudo chown -f -R $USER ~/.kube
  3. Verify the installation was successful
    microk8s status — wait-ready
    Continue when you see microk8s is running
  4. MicroK8s uses a namespaced kubectl command so let us add an alias to make future commands easy
    echo “alias kubectl=’microk8s.kubectl’” >> ~/.bash_aliases && source ~/.bash_aliases
  5. Let’s verify we can run kubectl commands and ensure node status is Ready
    kubectl get nodes

Enabling required MicroK8s Addons

Now that we have a working Kubernetes installation we can proceed with enabling the required add-on services for ingress routing, container storage, and DNS.

I have decided to use Traefik as we should be able to automate SSL certificates easily!

MicroK8s makes this all super simple!

  1. Enable Addons — This will take a few minutes,
    microk8s enable dns storage traefik
  2. Verify all pods are running, we will need the --all-namespaces flag here as these services don’t run in the default namespace
    kubectl get --all-namespaces pods
  3. Verify Storage is ready for use
    kubectl get storageclass

Did I say how simple this was? It’s also what caught me out for a day trying to get the stack working! (It’s *always* DNS)

Deploying the AWX Operator

The AWX Operator creates a CRD (Custom Resource Definition) that extends the Kubernetes API with an object that describes an AWX installation. The operator also deploys a pod that watches for these objects and performs the actual installation of AWX.

Deploying the operator
This will take a few seconds to complete

kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.8.0/deploy/awx-operator.yaml

Verifying the installation
After a few seconds, the installation should be ready for use. You’ll need the name of the operator pod for the next few steps, so let us get that handy!

$ kubectl get pods
NAME READY STATUS RESTARTS AGE
awx-operator-f768499d-65bt7 1/1 Running 0 17h

Once the pod is running, we can move on to deploying AWX

Deploying AWX

In a second terminal, let us start watching the AWX operator logs to monitor the deployment.

kubectl logs -f awx-operator-f768499d-65bt7 remember to use the name from your pod!

We now need a YAML file that describes our AWX installation. You will need to pick a domain name for the AWX web interface and ensure DNS points to your server IP.

$ cat << EOF > awx.yaml
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:
tower_ingress_type: Ingress
tower_hostname: awx.mycompany.com
EOF

We can now deploy AWX!

$ kubectl apply -f awx.yml
awx.awx.ansible.com/awx created

The AWX database migrations will take a few minutes to complete. After a few minutes, the pods should be downloaded, running and ready for use.

$ kubectl get pods
NAME READY STATUS RESTARTS AGE
awx-operator-f768499d-65bt7 1/1 Running 0 17h
awx-postgres-0 1/1 Running 0 17h
awx-b5f6cf4d4-7jftg 4/4 Running 0 17h

Once all 6 pods are running, we should now be able to access AWX. We’ll need to get the admin password first

$ echo Username: Admin$'\n'Password: `kubectl  get secret awx-admin-password -o jsonpath='{.data.password}' | base64 --decode`
Username: Admin
Admin Password: jhnjhjhGThytyuijhgr56789oiuyf

Traefik listens on port 8080 by default, but you should now be able to access AWX using the credentials from above at your URL https://awx.mycompany.com:8080/

Thanks for reading!

Now it is on to the next problem — repairing my playbooks to work on the newer version of AWX!

[/et_pb_text][/et_pb_column] [/et_pb_row] [/et_pb_section]
Nick
Author

Comments 0
There are currently no comments.

Share This