hzbb
文章
64
分类
40
评论
1

K8S部署最新版AWX-Operator

| Ansible 自动化
字数总计 9386 | 阅读时长 23分钟 | 阅读量 12

前言

在云计算与微服务架构主导的现代IT环境中,基础设施即代码(IaC)持续自动化已成为支撑敏捷交付的核心支柱。Ansible 作为开源自动化引擎的代表,凭借其去中心化架构和无代理设计,实现了通过SSH对异构环境的无缝管理。然而,随着企业自动化规模的增长,Ansible Playbook 的编排复杂性、任务调度可视化以及审计追溯的需求日益凸显——这正是 AWX(Ansible Web UI) 的价值所在。

AWX 作为 Ansible 的官方企业级前端,提供了图形化任务调度引擎集中式日志管理REST API集成能力,将命令行工具转化为可协作的自动化平台。而随着容器化技术的普及,Kubernetes 凭借其声明式API、弹性扩缩容和故障自愈能力,成为部署和管理分布式应用的事实标准。

1. 拉取AWX-Operator源码

$ git clone https://github.com/ansible/awx-operator.git

2. 创建PV

我这里使用nfs,需要提前安装好nfs服务

$ vim awx-pv.yml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: awx-pv-10gi
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
    - ReadOnlyMany
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  nfs:
    path: /data/nfsshare
    server: 192.168.253.146
    readOnly: false

$ kubectl apply -f awx-pv.yml

3. 安装编译环境

$ sudo apt install -y make 
# 或
$ sudo yum install -y make

4. 创建AWX容器

$ export NAMESPACE=awx   # 指定命名空间
$ make deploy  # 等待时间比较长

5. 创建web页面

$ vim awx-web.yaml

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx-demo
  namespace: awx
spec:
  service_type: NodePort
  ingress_type: none
  nodeport_port: 30071   # 端口

$ kubectl apply -f awx-web.yaml

6. 查看服务状态

$ kubectl get pods -n awx

NAME                                               READY   STATUS             RESTARTS   AGE
awx-operator-controller-manager-696d5885b9-kkw6j   0/2     ImagePullBackOff   0          6m11s
  • 查看失败原因
$ kubectl describe pod awx-operator-controller-manager-696d5885b9-kkw6j -n awx

Events:
  Type     Reason     Age                     From               Message
  ----     ------     ----                    ----               -------
  Normal   Scheduled  7m44s                   default-scheduler  Successfully assigned awx/awx-operator-controller-manager-696d5885b9-kkw6j to ansible-server
  Warning  Failed     7m28s                   kubelet            Failed to pull image "gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0": rpc error: code = Unknown desc = Error response from daemon: Get "https://gcr.io/v2/": context deadline exceeded
  Warning  Failed     6m56s                   kubelet            Failed to pull image "gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0": rpc error: code = Unknown desc = Error response from daemon: Head "https://gcr.io/v2/kubebuilder/kube-rbac-proxy/manifests/v0.15.0": Get "https://gcr.io/v2/token?scope=repository%3Akubebuilder%2Fkube-rbac-proxy%3Apull&service=gcr.io": dial tcp 142.250.99.82:443: i/o timeout
  Warning  Failed     6m53s (x2 over 7m24s)   kubelet            Failed to pull image "quay.io/ansible/awx-operator:2.19.1-44-ge8f0306": rpc error: code = Unknown desc = Error response from daemon: manifest for quay.io/ansible/awx-operator:2.19.1-44-ge8f0306 not found: manifest unknown: manifest unknown
  Normal   BackOff    6m40s (x2 over 7m23s)   kubelet            Back-off pulling image "quay.io/ansible/awx-operator:2.19.1-44-ge8f0306"
  Warning  Failed     6m40s (x2 over 7m23s)   kubelet            Error: ImagePullBackOff
  Normal   BackOff    6m40s (x2 over 7m23s)   kubelet            Back-off pulling image "gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0"
  Normal   Pulling    6m27s (x3 over 7m43s)   kubelet            Pulling image "gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0"
  Warning  Failed     6m12s (x3 over 7m28s)   kubelet            Error: ErrImagePull
  Normal   Pulling    6m12s (x3 over 7m28s)   kubelet            Pulling image "quay.io/ansible/awx-operator:2.19.1-44-ge8f0306"
  Warning  Failed     6m12s                   kubelet            Failed to pull image "gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0": rpc error: code = Unknown desc = Error response from daemon: Get "https://gcr.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
  Warning  Failed     6m8s (x3 over 7m24s)    kubelet            Error: ErrImagePull
  Warning  Failed     2m30s (x14 over 7m23s)  kubelet            Error: ImagePullBackOff

由于网络原因镜像拉取失败了


7. 更改默认镜像

  • awx-operator
$ kubectl edit deployment awx-operator-controller-manager -n awx

image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
# 改为
image: registry.cn-guangzhou.aliyuncs.com/hzbb/kube-rbac-proxy:v0.15.0
        
image: quay.io/ansible/awx-operator:2.19.1-44-ge8f0306
# 改为
image: registry.cn-guangzhou.aliyuncs.com/hzbb/awx-operator:2.19.1-44-ge8f0306
  • postgres
$ kubectl edit StatefulSet awx-demo-postgres-15 -n awx

image: quay.io/sclorg/postgresql-15-c9s:latest
# 改为
image: registry.cn-guangzhou.aliyuncs.com/hzbb/postgresql-15-c9s:latest

8. 获取默认密码

  • 获取密码

    $ kubectl get secrets -n awx |grep admin
# 结果如下
awx-demo-admin-password      Opaque     1      20m

  • 获取密码

    $ kubectl get secrets -n awx awx-demo-admin-password -o yaml |head -5
# 结果如下
apiVersion: v1
data:
  password: WFhob01oWmJkdzBnU2FwRHd3ekNHbWp0WU03WnRYdTA=
kind: Secret
metadata:

  • 解码

    $ echo WFhob01oWmJkdzBnU2FwRHd3ekNHbWp0WU03WnRYdTA= |base64 -d
# 结果如下
XXhoMhZbdw0gSapDwwzCGmjtYM7ZtXu0

    AWX-web地址:https://[ip]:30071 账号:admin 密码:XXhoMhZbdw0gSapDwwzCGmjtYM7ZtXu0


9. 登录AWX页面

image-20250521173928907


10. 配置执行环境

AWX执行任务的过程中会创建一个容器,由容器来控制客户机执行Playbook,国内可以改成以下镜像

AWX EE (24.6.1)registry.cn-guangzhou.aliyuncs.com/hzbb/awx-ee:24.6.1

AWX EE (latest)registry.cn-guangzhou.aliyuncs.com/hzbb/awx-ee:latest

image-20250612113650087

报错

chmod: changing permissions of '/var/lib/pgsql/data/userdata': Operation not permitted
  • 运行用户没有权限,通过更改用户组来解决
$ chown 26:26 -R /data/nfsshare/data
文章作者: hzbb
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 运维小记
Ansible 自动化 AWX
喜欢就支持一下吧
打赏
微信 微信
支付宝 支付宝