How to deploy Ansible AWX (Tower) with HTTPS
Short and sweet one this month as I’ve had quite a lot on my plate (buying a new house and made redundant at work due to COVID), so in between looking for jobs I’ve only been able to spin up a quick AWX instance but haven’t had time to dig into the config much as yet. This article is essentially just a quick and simple script to install and spin up an Ansible AWX instance on a CentOS 8 Stream box, and generate a self-signed certificate and strong credentials for secure config management.
I’ll put together a guide for client discovery and some proper automation workflows over the next few months, but for now this is it.
Step 0: Prepare the Environment
For this setup, I’ll be using a CentOS 8 Stream box, as it’s reasonably stable, fairly up to date, and integrates nicely with ansible, and the web admin panel cockpit is what we’ll be doing the monitoring of the containers through. Ubuntu will probably work fine, but the commands for installations and some of the file locations will be different, so keep that in mind if you’re using a different distro.
For starters, we’ll become root
:
|
|
Now we can install all of the dependencies we’ll need for the management of the pod:
|
|
Step 1: Install AWX
We should now be able to connect to our box by heading to https://lan.ip.of.the.box:9090
and there should be a “Containers” option once we’ve logged in which is where the docker containers will show up. Open the terminal to the box and we’ll clone the AWX repo for the latest stable release (at time of writing that is 12.0.0
) then we’ll modify the default settings and run the install.yml
andsible playbook to setup the host:
|
|
That’s it! Easy peasy. AWX will take a little while to configure itself depending on your system spec, but you can just navigate the to page and leave it open and it will present a login screen when the setup is finished. If you’ve got a reverse proxy on your network I’d suggest pointing your DNS A records at the proxy and creating a server conf file to the config to enforce HTTPS rather than using the insecure HTTP that it defaults to.
Like I said in the intro, there’s more to come eventually but for now this should be enough to get started and have a play.