Skip to content

Instantly share code, notes, and snippets.

@JonTheNiceGuy

JonTheNiceGuy/Install_AWX.yml Secret

Last active Oct 24, 2020
Embed
What would you like to do?
Install AWX on CentOS
---
- name: Install Docker
hosts: localhost
become: true
handlers:
- name: Start Docker
systemd:
name: docker
state: started
tasks:
- name: Update all packages
dnf:
name: "*"
state: latest
- name: Add dependency for "yum config-manager"
dnf:
name: yum-utils
state: present
- name: Add the Docker Repo
shell: yum config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
args:
creates: /etc/yum.repos.d/docker-ce.repo
warn: false
- name: Install Docker
dnf:
name:
- docker-ce
- docker-ce-cli
- containerd.io
state: present
notify: Start Docker
- name: Flush Handlers
meta: flush_handlers
- name: Load AWX sources, configure and install
hosts: localhost
become: true
tasks:
- name: Set or Read admin password
set_fact:
admin_password_was_generated: "{{ (admin_password is defined or lookup('env', 'admin_password') != '') | ternary(false, true) }}"
admin_password: "{{ admin_password | default (lookup('env', 'admin_password') | default(lookup('password', 'pw.admin_password chars=ascii_letters,digits length=20'), true) ) }}"
- name: Clone AWX repo to local path
git:
repo: https://github.com/ansible/awx.git
dest: /opt/awx
- name: Get latest AWX tag
shell: |
if [ $(git status -s | wc -l) -gt 0 ]
then
git stash >/dev/null 2>&1
fi
git fetch --tags && git describe --tags $(git rev-list --tags --max-count=1)
if [ $(git stash list | wc -l) -gt 0 ]
then
git stash pop >/dev/null 2>&1
fi
args:
chdir: /opt/awx
register: latest_tag
changed_when: false
- name: Use latest released version of AWX
git:
repo: https://github.com/ansible/awx.git
dest: /opt/awx
version: "{{ latest_tag.stdout }}"
- name: Set or Read admin password
set_fact:
admin_password_was_generated: "{{ (admin_password is defined or lookup('env', 'admin_password') != '') | ternary(false, true) }}"
admin_password: "{{ admin_password | default (lookup('env', 'admin_password') | default(lookup('password', 'pw.admin_password chars=ascii_letters,digits length=20'), true) ) }}"
- name: Configure AWX installer
lineinfile:
path: /opt/awx/installer/inventory
regexp: "^#?{{ item.key }}="
line: "{{ item.key }}={{ item.value }}"
loop:
- key: "awx_web_hostname"
value: "{{ ansible_fqdn }}"
- key: "pg_password"
value: "{{ lookup('password', 'pw.pg_password chars=ascii_letters,digits length=20') }}"
- key: "rabbitmq_password"
value: "{{ lookup('password', 'pw.rabbitmq_password chars=ascii_letters,digits length=20') }}"
- key: "rabbitmq_erlang_cookie"
value: "{{ lookup('password', 'pw.rabbitmq_erlang_cookie chars=ascii_letters,digits length=20') }}"
- key: "admin_password"
value: "{{ admin_password }}"
- key: "secret_key"
value: "{{ lookup('password', 'pw.secret_key chars=ascii_letters,digits length=64') }}"
- key: "create_preload_data"
value: "False"
loop_control:
label: "{{ item.key }}"
- name: Run the AWX install.
shell: /usr/local/bin/ansible-playbook -i inventory install.yml
args:
chdir: /opt/awx/installer
- name: Test access to AWX
tower_user:
tower_host: "http://{{ ansible_fqdn }}"
tower_username: admin
tower_password: "{{ admin_password }}"
email: "admin@{{ ansible_fqdn }}"
first_name: "admin"
last_name: ""
password: "{{ admin_password }}"
username: admin
superuser: yes
auditor: no
register: _result
until: _result.failed == false
retries: 240 # retry 240 times
delay: 5 # pause for 5 sec between each try
- name: Output admin password
when: admin_password_was_generated
copy:
dest: /var/log/AWX_Password
content: |
{{ admin_password }}
resource "aws_vpc" "awx" {
cidr_block = "172.16.1.0/24"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "AWX VPC"
}
}
resource "aws_internet_gateway" "gateway" {
vpc_id = aws_vpc.awx.id
tags = {
Name = "AWX Internet Gateway"
}
}
resource "aws_route_table" "awx" {
vpc_id = aws_vpc.awx.id
tags = {
Name = "AWX"
}
}
resource "aws_route" "awx_default" {
route_table_id = aws_route_table.awx.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gateway.id
}
resource "aws_subnet" "awx" {
vpc_id = aws_vpc.awx.id
cidr_block = "172.16.1.0/24"
tags = {
Name = "AWX"
}
}
resource "aws_route_table_association" "awx" {
subnet_id = aws_subnet.awx.id
route_table_id = aws_route_table.awx.id
}
resource "aws_security_group" "awx" {
name = "AWX"
description = "Allow All Egress traffic, and only specific Ingress traffic"
vpc_id = aws_vpc.awx.id
tags = {
Name = "AWX"
}
}
resource "aws_security_group_rule" "egress_any" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.awx.id
description = "Anything to Anywhere"
}
resource "aws_security_group_rule" "ingress_SSH" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.awx.id
description = "SSH"
}
resource "aws_security_group_rule" "ingress_HTTP" {
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.awx.id
description = "HTTP"
}
resource "aws_network_interface" "awx" {
subnet_id = aws_subnet.awx.id
security_groups = [aws_security_group.awx.id]
tags = {
Name = "AWX"
}
}
resource "aws_eip" "AWX" {
depends_on = [aws_instance.AWX]
vpc = true
network_interface = aws_network_interface.awx.id
tags = {
Name = "AWX"
}
}
data "aws_ami" "CentOS8" {
most_recent = true
filter {
name = "name"
values = ["CentOS-8-ec2-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["679593333241"] # AWS
}
resource "aws_key_pair" "AWX" {
key_name = "AWX SSH Key"
public_key = file("./id_rsa.pub")
}
resource "aws_instance" "AWX" {
ami = data.aws_ami.CentOS8.id
instance_type = "t3.micro" # This is the free tier highest spec machine we can define. Realistically, you should be going with t3.medium.
key_name = aws_key_pair.AWX.id
user_data = file("./user-data.sh")
tags = {
Name = "AWX"
}
network_interface {
device_index = 0
network_interface_id = aws_network_interface.AWX.id
}
}
output "AWX_Public_IP" {
value = aws_eip.AWX.public_ip
}
output "CentOS_Default_Username" {
value = "centos"
}
#!/bin/bash
if [ -e "$(which yum)" ]
then
yum install git python3-pip -y
pip3 install ansible docker docker-compose
else
echo "This script only supports CentOS right now."
exit 1
fi
git clone https://gist.github.com/JonTheNiceGuy/024d72f970d6a1c6160a6e9c3e642e07 /tmp/Install_AWX
cd /tmp/Install_AWX
/usr/local/bin/ansible-playbook Install_AWX.yml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.