我编写了一个将Ansible AWX安装到AWS的Playbook

我写了一个用于在AWS上安装Ansible AWX的Ansible Playbook。

ansible-centos7 / ansible-awx | GitHub = Ansible在CentOS7上用于AWX的GitHub仓库

操作确认操作系统

已经在以下情况下进行了操作确认。

• CentOS 7 (x86_64) – with Updates HVM

AWS Marketplace: Ubuntu 18.04 LTS – Bionic

VPC的配置

使用CloudFormation设计工具生成的图表

VPC的CloudFormation模板

AWSTemplateFormatVersion: '2010-09-09'

Parameters:
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: t2.micro
    ConstraintDescription: must be a valid EC2 instance type.
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.

Mappings:
  StackConfigs:
    VPC:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
    PublicSubnet:
      AvailabilityZone: "ap-northeast-1a"
      CidrBlock: 10.0.1.0/24
      Name: "10.0.1.0 - ap-northeast-1a"

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !FindInMap [StackConfigs, VPC, CidrBlock]
      EnableDnsSupport: !FindInMap [StackConfigs, VPC, EnableDnsSupport]
      EnableDnsHostnames: !FindInMap [StackConfigs, VPC, EnableDnsHostnames]
      Tags:
      - Key: Name
        Value: !Ref AWS::StackName

  GatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
        Ref: VPC
      InternetGatewayId:
        Ref: InternetGateway

  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !FindInMap [StackConfigs, PublicSubnet, AvailabilityZone]
      CidrBlock: !FindInMap [StackConfigs, PublicSubnet, CidrBlock]
      MapPublicIpOnLaunch: 'true'
      VpcId:
        Ref: VPC
      Tags:
      - Key: Name
        Value: !FindInMap [StackConfigs, PublicSubnet, Name]

  centos7:
    Type: AWS::EC2::Instance
    DependsOn: InternetGateway
    Properties:
      BlockDeviceMappings:
        - DeviceName: /dev/sda1
          Ebs:
            DeleteOnTermination: true
            VolumeType: gp2
      ImageId: ami-045f38c93733dd48d
      InstanceType: !Ref 'InstanceType'
      KeyName: !Ref 'KeyName'
      SecurityGroupIds:
        - !Ref sshSG
        - !Ref httpSG
      SubnetId:
        Ref: PublicSubnet
      Tags:
      - Key: Name
        Value: !Ref AWS::StackName
      - Key: ansible_inventory_group_name
        Value: centos7
      - Key: ansible_user
        Value: centos
      - Key: ansible_port
        Value: 22


  ubuntu18:
    Type: AWS::EC2::Instance
    DependsOn: InternetGateway
    Properties:
      ImageId: ami-09c81ecf1c2b2ef70
      InstanceType: !Ref 'InstanceType'
      KeyName: !Ref 'KeyName'
      SecurityGroupIds:
        - !Ref sshSG
        - !Ref httpSG
      SubnetId:
        Ref: PublicSubnet
      Tags:
      - Key: Name
        Value: !Ref AWS::StackName
      - Key: ansible_inventory_group_name
        Value: ubuntu18
      - Key: ansible_user
        Value: ubuntu
      - Key: ansible_port
        Value: 22


  sshSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: ssh
      GroupDescription: SSH access rule
      SecurityGroupIngress:
      - CidrIp: 0.0.0.0/0
        FromPort: 22
        IpProtocol: tcp
        ToPort: 22
      VpcId:
        Ref: VPC

  httpSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: http
      GroupDescription: http access rule
      SecurityGroupIngress:
      - CidrIp: 0.0.0.0/0
        FromPort: 80
        IpProtocol: tcp
        ToPort: 80
      VpcId:
        Ref: VPC

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: Name
        Value: InternetGateway

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Ref: VPC
      Tags:
      - Key: Name
        Value: public

  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: InternetGateway
    Properties:
      RouteTableId:
        Ref: PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId:
        Ref: InternetGateway

  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId:
        Ref: PublicSubnet
      RouteTableId:
        Ref: PublicRouteTable

Outputs:
  VpcId:
    Value: !Ref VPC

主要功能

从GitHub的公开存储库获取ansible.cfg，并将其覆盖到awx_task容器的”/etc/ansible/ansible.cfg”。如果存储库的网址未设置，则会加载初始设置的ansible.cfg。

使用AWX配置ansible.cfg时，需要使用docker exec命令等编辑容器中的”/etc/ansible/ansible.cfg”文件。

将定制的ansible.cfg放置在GitHub等地方，执行Playbook时只需指定URL，就能省去这个步骤。

• 推奨されるEC2インスタンスのサイズ: t2.medium以上

• インストールされるAWXのバージョン: 9.0.1

• ansible.cfgのGitHub URL: 未設定

https: 未設定

Ansible 变量

#AWX GitHub URL
awx_repo_url: https://github.com/ansible/awx.git

#AWX GitHub branch name or tags to retrieve
#Default is 5.0.0 
awx_repo_version: 5.0.0 

# Costomized ansible.cfg url
ansiblecfg_repo_url:

#ansible.cfg GitHub branch name or tags to retrieve
#Default is master 
ansiblecfg_repo_version: master

# Playbook  working directory
work_dir: /tmp/awx-install

使用方法

# インストールPlaybookを取得する
git clone https://github.com/ansible-centos7/ansible-awx

# ディレクトリを移動する
cd ansible-awx

# 必要なAnsible Galaxy roleをインストールする / 「playbookdir/roles」へインストールされる
ansible-galaxy install -r roles/requirements.yml -p roles/

# Playbookを実行する
ansible-playbook -i "ec2-instance-IPv4-address," -u centos(もしくはubuntu) --private-key /path/to/ec2-pair-key.pem install.yml

# インストールPlaybookを取得する
git clone https://github.com/ansible-centos7/ansible-awx

# ディレクトリを移動する
cd ansible-awx

# 必要なAnsible Galaxy roleをインストールする / 「playbookdir/roles」へインストールされる
ansible-galaxy install -r roles/requirements.yml -p roles/

# Playbookを実行する
ansible-playbook -i "ec2-instance-IPv4-address," -u centos(もしくはubuntu) --private-key /path/to/ec2-pair-key.pem install.yml -e ansiblecfg_repo_url=https://github.com/TomonoriMatsumura/ansible-cfg.git

请参考以下网站

• awx | Ansible Galaxy

Ansible Tower/AWXのアーキテクチャとジョブ実行の仕組み(1) – Qiita